Joker’s Stash Market: Massive Infrastructure Upgrades

Tor browser

Joker’s Stash Marketplace, an infamous dark web platform has taken a bold initiative to expand its offering and upgraded its infrastructure despite the obvious threat from the FBI.

According to the Insikt Group, Joker’s Stash marketplace which is widely known for the offerings of stolen credit cards has expanded its offering to contain a large volume of Personal Identifiable Information (PII). The listings include the contacts and the Social Security Numbers of victims. The online marketplace has also taken an extra step to upgrade its servers and domains. 

The report reveals that the updated record includes sensitive information of the members of the white house cabinet, members of the fortune 500 executives and a number of cardholders from over 35 US states. It was reported that the Joker’s Stash marketplace team has been advertising the newly added Social Security Numbers on Twitter since August 2019, and though there was no report on the validity of the data, a few of the PII put into a brief search were absolutely correct data.

Joker’s Stash has for the past 5 years become one of the active platforms specialized in the sales of stolen credit card details from famous companies including British Airways and Walmart.


Image Source:

On 22 August 2019, they released the first batch of stolen credit cards online. It was estimated that Joker’s Stash uploaded about 3.2 million stolen credit cards suspected to be from the data breach of gas and convenient chain Hy-Vee. Some of these compromised data are primarily advertised on a number of dark web forums such as Omerta, Verified and Club2Crd. Credit card tools on the dark web have generally increased since 2017, and the booming market has led to a number of data breaches in recent times.

Joker’s Stash can now boast of three categories namely: Card, Dump and SSN. The Card and Dump category is said to be related to the stolen credit cards. This card section includes the full details of payment cards such as the card number, CVV and the expiration date.

According to the report, the card section also contains other information made available by cardholders when making an online purchase or payment. As part of the update meant to comfortably accommodate clients, Joker’s Stash provides the Personally Identifiable Information for $5, and this is basically the first name, last name and the date of birth.

The Insikt Group further established that there are about 49 servers and 543 domains linked to the Joker’s Stash though the numbers may be more. According to the report, the domains have been proved of being malicious free. Users are, therefore, free from any phishing or their devices being infected by malware. Joker’s Stash has also ensured a better service to the lower-grade customers according to the report with some of the domains only accessible by the Blockchain DNS browser and extension while others can be accessed with Clearnet.

Joker’s Stash is expected to boost sales with this new development, and their upgrade also means various institutions and individuals should invest in cyber security.
According to the report, the Joker’s Stash group has published their domains on their social media pages on PasteSite, Twitter and Reddit.

Three of their alleged domains are jstash(.)ch, jstash(.)bazar,and stash(.)de. The jstash(.)ch is reported to be operating on an open internet, and largely advertised on the various carding platforms. The jstash(.)bazar is also limited to the Blockchain DNS browser and extension while the jstash(.)de is advertised on Reddit according to the group, and it is currently hosted on the server that was previously hosting jstach(.)ch.


Image Source:

The researchers stated that the expansion of the Joker’s Stash infrastructure to accommodate a large volume of stolen credit cards is an indication that they have a large client base. According to them, the operation of the stolen credit cards sales and the ease of monetization on the platform puts them at a substantial risk.

The cost of the PII and credit cards details makes it more dangerous as criminals can easily afford and put victims at risk of identity theft. The sales of PII such as first and last name, mother’s maiden name, social security number and date of birth does not make victims safe just upon the issuing of a new card by the card issuer, but can go a long way to hunt victims as these information cannot be changed. They therefore recommend that individuals and institutions should continuously monitor their payment card details and PII for any fraudulent activity.

They also recommend that there is a frequent review and auditing of financial transactions and payment cards in addition to the usual security measures put in place by the financial institutions. 

Source: Recorded Future, and

Disclaimer: does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.

Tags: #deep_web_links #Tor_.onion_urls_directories #Deep_Web_Sites_Links #Dark_Web_Links_Hidden_Wiki #Dark_web_directories


Please enter your comment!
Please enter your name here