What's going on with DHL?

What's the drama with DHL, I just saw their post about being truthful etc...


Comments


[2 Points] kx_001:

Sourcery and DHL Market vulnerabilities exposed by /u/t0mcheck http://reddit.com/r/DarkNetMarkets/comments/6qzeww/sourcery_and_dhl_market_vulnerabilities_exposed/


[2 Points] Virtix21:

I'm here watching this all unfold, seeing the security of these markets, waiting for them to all be compromised that already happened, nevermind.

/u/t0mcheck supposedly found a, older "mirror" server connected to DHL. https://www.reddit.com/r/DarkNetMarkets/comments/6r2ppi/dhl_ipaddress_leak_is_fake/dl1yogq/

It is not up to date, but does contain member info, and it is a server connected with DHL,

I'll go tinfoil hat, and just say, perhaps that is the real DHL server, while the feds have been running the current one?

A quick portscan through nmap shows a few ports are open. (note some of the discriptions are not right, because of "mis-using" ports)

22/tcp   open     ssh
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
8001/tcp open     vcom-tunnel
8002/tcp open     teradataordbms
8010/tcp open     xmpp    

On port 8001, at the ip of 51.15.57.234,

the DHL login page can be seen. And accounts about a week old can log in with their credentials.

These servers share the same headers

It only takes a very short IPTables command to drop all traffic from the clearnet, and only allow localhost (pretty much the Tor daemon) to stop this, since this hasn't been done, in the hours of this being exposed for this long, seems very suspicious.

Edit: Here is a full portscan (done through tor, duh, (could be missing port blocked by the exit node))

22/tcp   open     ssh
135/tcp  filtered msrpc
136/tcp  filtered profile
137/tcp  filtered netbios-ns
138/tcp  filtered netbios-dgm
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
4023/tcp open     esnm-zoning
4024/tcp open     tnp1-port
4027/tcp open     bxp
4033/tcp open     sanavigator
4034/tcp open     ubxd
8001/tcp open     vcom-tunnel
8002/tcp open     teradataordbms
8010/tcp open     xmpp
8013/tcp open     unknown

Going to keep editing this as I go, port 8002 gives a bland looking login page with the header "STAFF".

Okay, port 8013 has an HTTP server on it, Notice: Undefined index: type in /var/www/btcwitness/from-btchost/index.php on line 13


[0 Points] None:

Some mods protecting it. Some members shillings HARD