Darknet & Cybersecurity Glossary

Definitions of key terms used in Nexus Market darknet research and cybersecurity analysis.

Educational reference for researchers and journalists.

Terms & Definitions

This glossary provides safe, research-oriented definitions for terms commonly encountered in Nexus Market darknet analysis and broader cybersecurity research.

Darknet: A part of the internet that requires specific software (such as Tor) to access. Darknet sites use .onion domains and are not indexed by standard search engines.
Tor (The Onion Router): Free, open-source software that enables anonymous communication by routing internet traffic through a worldwide volunteer network of relays.
Onion Service: A website or service accessible only through the Tor network, identified by a .onion domain address.
Phishing: A social engineering attack where fraudulent websites or messages impersonate legitimate services to steal credentials, cryptocurrency, or personal information.
Typosquatting: Registering domain names that are common misspellings of legitimate websites to redirect users to malicious sites.
Homoglyph Attack: Using visually similar characters from different alphabets (e.g., Cyrillic "а" vs Latin "a") to create deceptive domain names.
Exit Scam: When marketplace operators abruptly shut down the platform and steal all funds held in escrow or user wallets.
Escrow: A system where a third party holds funds during a transaction until both parties fulfill their obligations. On darknet markets, the platform itself typically acts as escrow.
OSINT (Open Source Intelligence): Intelligence gathered from publicly available sources including websites, social media, public records, and news reports.
Threat Intelligence: Evidence-based knowledge about existing or emerging threats to assets, used to inform decisions about security responses.
Cryptocurrency Tracing: The process of analyzing blockchain transactions to identify patterns, trace fund flows, and potentially attribute transactions to specific entities.
Mixing Service (Tumbler): A service that attempts to break the link between cryptocurrency sender and receiver by pooling and redistributing funds.
PGP (Pretty Good Privacy): An encryption program used for signing, encrypting, and decrypting communications. Commonly used on darknet markets for secure messaging.
Seizure Banner: A webpage displayed by law enforcement after taking control of a darknet site, typically showing agency logos and legal notices.
Mirror Site: An alternative URL that provides access to the same content as the primary site. On the darknet, mirrors are frequently impersonated by phishing operations.
Credential Harvesting: The practice of collecting usernames, passwords, and other authentication data, typically through phishing sites or malware.