/d/CafeDread icon

/d/CafeDread

5,250 subscribers
   ☕️   🧅 Ⓒⓐⓕⓔ Ⓓⓡⓔⓐⓓ 🧅   ☕️
⭐   Dread's NUMBER ONE SUB   ⭐
      ⭐ 3 YEARS RUNNING!!    ⭐
If your post is pending approval contact us via Mod Mail

☞ Enjoy Playing Poker?

💵 Visit /d/PokerClub ♠️-♥️-♣️-♦️

Is BlackMarket WorldMarket and why are these markets allowed?

by /u/diaree 🍼 · 4 votes · 6 days ago

/u/Redfoot has invited you to the invite-only subdread: /d/BlackMarket!

Besides the fact that this type of low level marketing should be banned, it made me check it out for fun.

Compare the `logo`, layout, captcha setup and everything else of both markets. Fair enough, there is a different reason it is so similar: it is not `coded from scratch`, as everyone claims every single time with their markets, this is some version of Eckmar's. Compare the URL structures, overall layout, features, the JS warning code:

    <script>
        let warningText = 'You have JavaScript enabled, you are putting yourself at risk! Please disable it immediately!'
        let jsWarning = document.getElementById('jswarning');
        let alert = document.createElement('div');
        let span = document.createElement('span');
        alert.classList.add('alert');
        alert.classList.add('alert-danger');
        span.innerText = warningText;
        alert.appendChild(span);
        jsWarning.appendChild(alert);
    </script>

All of that is Eckmar's. The list goes on and on. Eckmar's script is Laravel. Black Market has two cookies, `bm_cook` (customized session cookie name) and `XSRF-TOKEN`, one of the easiest way to identify a Laravel application.

So World Market is basically just a wild guess due to the heartless logo and shit marketing that fits a quick pump and dump scheme these exit scammers use. Might be any of the other scum doing it.

Take Eckmar's, write `DarkMarket` with Arial in Gimp, change a tiny bit of the layout, generate some marketing text as in `Cutting-edge all new market with never seen before features`, use your exit scam money to buy your way up and repeat. That is a `work` of 2 hours.

Why aren't these types of `markets` (some people setting up a script marketing it with money and lies) getting banned? Where are the unique features? Coded from scratch is a blatant lie, why is this and the other `marketing` techniques being tolerated?

/page/marketstandards/

HIGHLIGHTED rejection reason: Minimally or no skinned Script Markets

What is this market if not that? How did they get a subdread? Money? Wow, a shocker!

BlackMarket is basically just an example, I can write similar texts about some other markets, we all know how fucked this scene is.

Use it if you want, I would avoid it at all costs.

Comments (13)
/u/Goatan · 2 votes · 6 days ago · Link

Thank you for taking the time to create a very interesting post. We agree any use of Eckmar's script is an obvious sign of suspicion.

We'd love to get your input on the New Markets Superlist. Maybe create a followup post detailing which /d/newmarkets are using Eckmar's script or Laravel.

/post/6cc274c154af5b2271e6

/u/diaree 📢 🍼 OP · 1 votes · 6 days ago · Link

I don't think fingerprinting Laravel is interesting here. I'd say it is fine to build a market based on a normal framework for a programming language.

Checking the first one I opened, it is Eckmar's too. `MellowMarket`.

Has the usual URL structure (f.e. compare messaging a vendor URL with the one of BlackMarket for example, both /profile/messages?otherParty=vendorname), UUIDs for vendors/products, same JS for the JS warning, `XSRF-Token` and `mellowmarket_session` cookies (the real Laravel default, it is based on the application name in the config, which appears to be MellowMarket then, followed by a `_session'' suffix). All the typical signs of Eckmar's.

Found a conversation about that: /post/26085046ba4568cf685f/#c-c4355b73e4b7499266

They are lying about, just like everyone. They are the best with best security blah blah. It is the same every single time. Avoid that one too.

Edit: Just saw that he is talking about DarkMarket (BlackMarket?) in one of the comments aswell.

/u/diaree 📢 🍼 OP · 1 votes · 6 days ago · Link

I just found more discussion about the market in particular:

/post/3997151c014c2b800740/

/u/dontlaugh raised the same question, how can they have a sub? Not even for that marketing method, markets with a sub have been doing this for years, but the clear match in the rejection criteria. This market is a 2 hour work pump and dump.

/u/diaree 📢 🍼 OP · 1 votes · 6 days ago · Link

/u/Paris

/u/HugBunter

And all the other innocent participants, that for sure don't take a single dime for any favor or anything alike, I'm happy about a statement about these marketing techniques and shit markets. Sure, you can't check every market, you didn't see it, oh thanks for telling us... we know these sentences. Hah what a coincidence foshizzle put World Market in the sidebar right before the exit scam telling everyone to stop the FUD! So unlucky! You can't hide behind that forever.

/u/plkqcs · 1 votes · 6 days ago · Link

[removed]

/u/diaree 📢 🍼 OP · 1 votes · 6 days ago · Link

Let's just look forward to the answer as of why they got a subdread if they clearly fall under the rejection criteria that is even highlighted in the market standards. I'm asking questions.

Yes, I think and heard they are from credible people, but I don't and most likely never will have any evidence for that, so just keep asking questions like these.

Same question for foshizzle, haha what a coincidence, right? The same foshizzle that pinned a manipulated fresh onions site with CP fixed at the top. Haha I didn't see that, whoops shit happens.

Edit: He removed this comment but he said something like if you think the admins are corrupt, just have the balls to say it out loud you pussy.

/u/plkqcs · 1 votes · 6 days ago · Link

Yes. You are a pussy. But at least you're harmless. PS I love foshizzle

/u/capobianco · 1 votes · 6 days ago · Link

/u/redfoot has been a bit of a bumhole lately, not just to you but to a few others.

/u/zedisdead 🍼 · 1 votes · 6 days ago · Link

What about blackpyramid market

/u/Ninja · 1 votes · 6 days ago · Link

another alphabay clone is exactly what people wanted. You can tell if a market is eckmar by the /login request.

/u/AutoModerator M Fuck You · 1 votes · 6 days ago · Link

eckmar's script is racist, call it bob's script please.

This comment was posted automatically by a bot. All AutoModerator settings are configured by individual communities. Contact this community's Moderators to have your post approved if you believe this was in error.

/u/9nyx · 1 votes · 6 days ago · Link

This is super interesting, thanks for sharing your research.

I'm toying with a few project ideas, part of which would be comparing/analyzing onion site code - this kind of intel would be amazingly helpful.

/u/diaree 📢 🍼 OP · 2 votes · 6 days ago · Link

I can go on all day.

A cool trick for identifying Laravel for example is sending an HTTP request to a known route with a different HTTP method (which the route is not registered for). You not only sometimes find applications that have the debug mode enabled with that method - very very nice trick, but the response, which most people don't customize, can be fingerprinted too.

In the case of BlackMarket it is something along the lines of `Whoops, looks like something went wrong.`, which is a default Laravel response in older versions, not sure if still the same in current ones.