In the hidden corners of the internet lies a digital black market where stolen data is bought and sold like common goods. One of the most notorious examples of this was feshop—a darknet marketplace that specialized in selling “fullz” (complete sets of stolen personal and financial information). Although it’s no longer operational, many people still search for what products were “best-sellers” on platforms like Feshop. This blog will unpack what those products were, how these operations worked, and why engaging with them is extremely dangerous and illegal.
🔍 What Was Feshop?
Feshop (also referred to as Fe-cc-shop) operated on the darknet and allowed cybercriminals to purchase stolen credit card data and personally identifiable information (PII). It was part of a broader black-market economy where identity theft and financial fraud were rampant.
Users accessed the site using Tor (The Onion Router), and transactions were conducted through cryptocurrencies like Bitcoin to maintain anonymity.
🛑 Warning: This Content is for Awareness Only
Before we dive deeper, let’s be absolutely clear:
Accessing or purchasing from a darknet market like Feshop is illegal and unethical.
This article is purely for educational and cybersecurity awareness purposes, helping people understand how criminals operate and how to protect themselves.
💸 “Best-Selling” Products on Feshop
While we can’t pull live data (since Feshop was taken down), cybersecurity experts and law enforcement reports have identified key product categories that were frequently listed and bought on such platforms:
1. Fullz (Full Information Sets)
-
Name, Date of Birth
-
Social Security Number
-
Credit Card Info (Number, Expiry, CVV)
-
Billing and Residential Addresses
-
Phone Numbers
-
Sometimes, bank logins
These were used for identity theft, opening fraudulent accounts, or tax return fraud.
2. Credit Card Dumps
-
Raw data copied from the magnetic stripe of a card (used for cloning).
-
Often sold in batches sorted by card type (e.g., Visa, MasterCard, Amex).
3. Bank Logins and Online Account Credentials
-
Access to online banking portals.
-
Could include two-factor authentication bypass instructions.
4. Remote Desktop Protocol (RDP) Access
-
RDP logins to compromised systems, often used to conduct fraud while appearing as a legitimate user.
5. Social Media & Email Account Logins
-
Used for phishing, scamming, or further identity theft.
-
Sometimes bundled with access to e-commerce or crypto accounts.
🧠 Why Were These Products Popular?
Cybercriminals gravitated toward data that could be quickly monetized. Fullz, for example, provided all the details needed to:
-
Apply for loans or credit cards
-
File false insurance claims
-
Conduct social engineering attacks
-
Access or drain bank accounts
These “products” offered a high return on investment for criminals—at the expense of real people who suffered financial loss, credit damage, and emotional stress.