Inside the Darknet KYC Economy: Q3 2025 OSINT Dataset 6,606 Verified

New Q3 2025 OSINT dataset mapping 6,606 verified listings of KYC bypass kits, synthetic identities, and fraud tools across darknet markets and Telegram.

Evidence-based: each record includes screenshot URL, text excerpt, price, contacts, and SHA-256 hash for reproducible verification.

No TOR required: screenshots are hosted via CDN for safe analyst access behind corporate networks.

Built for compliance teams, threat intelligence analysts, and investigative journalists.

Free preview (200 rows): https://reestrintelligence.gumroad.com/l/200-row-preview
Full dataset (6,606 rows): https://reestrintelligence.gumroad.com/l/core-kyc-fraud-q3-2025

Why this matters now

KYC evasion and synthetic identity fraud underpin a wide range of financial crime: mule onboarding, account takeovers, cross-border scam infrastructure, and abuse of FinTech/crypto rails. The darknet KYC economy lets bad actors buy everything from "fullz" bundles to selfie/ID packages, aged accounts, and bypass plugins tailored to specific onboarding flows.

For risk, compliance, and cyber teams, a curated, verifiable view of this marketplace is the difference between reactive casework and proactive exposure management.

What’s in the dataset

Scope: Q3 2025 collection of darknet and Telegram listings related to KYC bypass and fraud tooling.
Rows: 6,606 verified entries with linked evidence.

Core fields (high level):

proof_id, url, title, text_snippet
category, product_type (e.g., Fullz, Fake IDs, KYC Passes, Aged Accounts, RDP/VPS, “plugins”)
vendor_name, platform (TOR market / forum / Telegram / clearnet)
contacts + contact_type (e.g., Telegram handle, Matrix, Jabber, email)
price, currency, timestamp_utc
screenshot_url (CDN-hosted, no TOR needed), sha256
confidence_score, suspicious flags, optional region/risk hints

Artifacts & packaging:

services.csv — normalized vendor/service profiles
evidence.csv — page-level artifacts (hash, screenshot, price, contact, proof text)
fx_rates.csv — currency conversions for price normalization
screenshots/ — full-page images with timestamps
README.md — documentation, taxonomy, and usage guide

Compliance-friendly design: the dataset keeps a strict evidence trail (hashes + screenshots + snippets) so enterprise teams can audit and reproduce findings without touching TOR.

How we collected and verified

Multi-source acquisition (open & closed sources)

TOR marketplaces & forums — vendor listings and product offers
Telegram channels — direct sales posts and vendor comms
Clearnet OSINT — indexed .onion pages, leaks, and intel reports
Archival sources — Wayback Machine, Ahmia, cached TOR content

Verification workflow

Collection & normalization — unify titles, prices, and contact fields.
Evidence capture — full-page screenshot + SHA-256 for integrity.
Attribution hints — platform, contact handle(s), language/region cues.
Confidence scoring — heuristics + analyst review to reduce noise and duplicates.
Risk labeling — product type taxonomy, “suspicious” flags, and price sanity checks.

We do not facilitate any transactions. This dataset is for research and compliance use only.

Signals & patterns observed (Q3 2025)

While the full analytics are in the dataset, several consistent themes stood out:

Telegram remains a primary sales surface for “faster-than-market” KYC bypass packs and bespoke selfie/ID sets.
Bundles dominate: many listings combine identity data + device/behavioral hints (RDP/VPS, fingerprints) tuned to onboarding flows.
Vendor persistence varies: some sellers cycle handles weekly; others maintain brands across markets, forums, and Telegram with mirrored inventory.
Localized offerings: vendors increasingly advertise country-specific ID sets and “aged accounts” for regional banks/fintechs.
Pricing stratification: premium “bespoke selfie” kits and aged high-limit assets are priced well above fullz commodity packs.

If you’re a compliance or TI lead, these patterns map directly to control gaps (e.g., selfie liveness, device intelligence, geography controls, and vendor recycling).

Example entry (anonymized)

services.csv

Vendor: AlphaDocs
Platform: Telegram
Type: Fake IDs
Risk: 8/10
Region: EU

evidence.csv

SHA-256: 13af…c9b2
Screenshot: /screenshots/alpha_2025-08-01.png
Price: 500 USD
Contact: @alphadocs_support
Proof text: “EU driving licenses — 48h delivery”

Note: The preview contains similar, fully linked examples so you can test pipelines internally before purchasing the full release.

Who should use this dataset (and how)

Compliance & Financial Crime

Screen high-risk vendors and alias networks; enrich alerts & casework with verifiable darknet evidence.
Benchmark exposure to synthetic identity and mule onboarding vectors.

Threat Intelligence

Track vendor clusters across TOR/Telegram; feed detection engineering with real artifacts and price/volume context.
Prioritize control improvements (liveness, device, behavioral).

Investigative Journalists & Researchers

Document schemes with screenshots and persistent hashes; cite verifiable sources.

Data Marketplaces / Resellers

Integrate normalized catalog + evidence into enterprise feeds with provenance intact.

Quick start: repeatable analysis

import pandas as pd

svc = pd.read_csv("services.csv")
ev  = pd.read_csv("evidence.csv")

# Top product types by unique vendors
top_types = (svc.groupby("product_type")["vendor_name"]
               .nunique()
               .sort_values(ascending=False)
               .head(10))

# Median price by product_type (normalized via fx_rates.csv)
prices = (ev[ev["price"].notna()]
            .groupby("product_type")["price_usd"]
            .median()
            .sort_values(ascending=False))

print(top_types)
print(prices.head(10))
`

Replace price_usd with a normalized column from your fx join.

Access, licensing & cadence

Free preview (200 rows): 👉 https://reestrintelligence.gumroad.com/l/200-row-preview
Full dataset (6,606 rows): 👉 https://reestrintelligence.gumroad.com/l/core-kyc-fraud-q3-2025
License: research & compliance use only. No facilitation or engagement with vendors.
Update cadence: Q4 2025 planned with delta and full refresh options.
Custom cuts: region, platform, product type, or integration format on request.

FAQ

Do I need TOR to view evidence? No. Evidence screenshots are served via CDN. The original source URL is included for audit chains.

What about PII and legal considerations? We index claims/vendors for risk research. We do not buy or resell PII. Always consult your legal team before operationalizing datasets.

Can you tailor exports to our taxonomy or SIEM/BI? Yes — CSV/Parquet/JSON, plus mapping to internal schemas.

How do you handle duplicates and fake sellers? We dedupe on vendor/contact/screenshot hash and maintain a confidence score for each entry.

Contact

Email: natalliavasilyeva777@gmail.com
Website: https://reestr.blog
X (Twitter): @reestr_ai
Telegram: @reestr_global

* Evidence-based intelligence for compliance & risk teams.*

Inside the Darknet KYC Economy: Q3 2025 OSINT Dataset (6,606 Verified Listings)