Kerberos, Risk, Dont use

[slimsz1]

I have found too far information about their system
including IP's
Locations
Software
Code

I have sent a message to their administrators, they have not replied

The system also has a vulnerability (RCE)

So I suggest not using this market, as its easy for LE to get them

I can provide proofs here

If they dont answer me within 24 hours, i will probably post all findings publicly

Sample:

37.148.213.118
185.130.47.221

PHP/CodeIgniter
Nginx 1.14.0

 

[HEISENBERG]

@Lucifer

 

[xoxo2.0]

hey
clown i guess you just saw this video

and want some attention. the details you provide are extremly basic a noobie can harvest more information then that in an incomplete site. one single sqlmap command or any sniffing tool can get you much more then that.

 

[Lucifer]

This is the IP from our clearnet information website which is neither secret nor has anything to do with our marketplace servers.

If you have no idea what you're talking about, don't post crap anywhere.

We have already answered to you on the market that you are welcome to post anything you find and make a fool of yourself, like this from a backproxy to a Tor descripter.

Rarely laughed so much.

 

[freeTheWeb]

I dug deeper than @slimszi

Allow me to hypothesize here:

Information:
- At least 2 of Kerberos mirrors are exposed (Privex Datacenter in Stockholm, using port 81 lol) (not the ones @slimzi posted)
- AB "welcome" page is hosted in the same data center (probably law enforcement), IPs are NOT far from those of Kerberos (185.130.46.136). "hell", they might be in the same rack even, as that switch is misconfigured.

Hypothesis 1:
- AlphaBay is seized by LE, their server is just a honeypot to catch yall
... if this is true, how the hell Kerberos is running in the same Datacenter "Privex" FOR A YEAR, while being exposed! LE? dumb luck?
- AB and Kerberos are connected somehow and exit scams are more profitable.

Hypothesis 2:
- Both are in the same datacenter, pure luck. (still Kerberos is exposed, SINCE A YEAR)

Fact:
Kerberos mirrors are exposed. hell, I will sell you the IP if you pay enough and guarantee the safety of it's users and their funds.

In any case, safety of users should be every DNM operator #1 priority, and even funny people like @simzi should be taken seriously. double check your logs maybe? laughing off everyones safety is not a joke. (neither exit scams lol)

For users:
- If you are a vendor, make sure your JS is turned off, use only Tails OS when connecting to Kerberos (or generally), ask your customers to encrypt addresses (don't trust market encryption) if you're using windows, get a life!.

- Don't use a wallet, don't deposit much, don't leave a lot in your wallet... you've been warned (This applies to all markets)

For lucifer:
@Lucifer double check your servers, no need to make fun of anyone who is trying to protect themselves and the rest of your users.

suggestion (encoded): block all ICMP & UDP incoming traffic (I know TOR doesn't have UDP, your server still has it), and ask your datacenter to block ICMP on the switch connecting your 2 servers in the rack.

 

[Osmosis Vanderwaal]

Jesus you people scare me. It's like when middle easterners are shouting on a flight. I don't know what you are saying but the tone you use is alarming. I'm only getting my drugs off of Amazon from now on.

 

[godfathe07]

Another fake Extortor Go get a Job, Or start a business