BlackOps: The results of their Ego are in! : CafeDread | Torhoo darknet markets

Okay people... let's get a good understanding on the right way to do these things.

Let me first start off by saying that IP leaks do happen occasionally and they are stupidly easy to detect. However proving that it is the market's IP address's backend is a completely different situation. Phishing proxies will relay EXACTLY everything in the request. It is a MITM attack of course where the phishing proxy just overwrites the URL itself. Just because you search up some headers and see it is in the exact way doesn't mean it's from a the main fucking backend. The amount of times I have had to say this over and over and over again. They proxy everything, that is the fucking point. So of course it's going to look like a certain way.

In my view, from what I see here, this is almost 100% a phishing MITM proxy. How do I know? Because I have seen a similar one with the same proxmox situation just a couple weeks ago. If you think you got an IP leak and you fear that the admins won't pay a bug bounty (or will hide it) provide the information to dread staff and we can provide verification so it if falls through we post a message saying we have verified that is it correct.

There are many ways we can double check these things. Generally we just do a request flood maxing out their server's connection lines and see if the backend of the site goes down at the same time. There is also a request structure we can use to uncover if it is a phishing proxy. It's just stupid to assume this is the site's backend when the headers are the same. Like of course they would be. That is the fucking point.

I'll leave this up for 1 hour so people can see this comment and then remove this post.

It’s you again,

Enzyme ( ItsDoxHub - Beelzebum - notrustbutverify - parsed and various other Alts)

The same person who betrayed vendor Topshellnl , threatening to release doxx info after being 'hired' by him. And have been annoyingly threatening us for a while, even after we paid your bug bounty in full. Seems like you can’t stop stabbing anyone in the back.

Look bud, these IPs, have nothing to do with our back-end and we don't use a VM. Good luck with some random proxies though.

Talking to yourself throughout this entire post with all these shitty ALTs of yours, no older than 3 weeks and make some upvotes. -> /post/d5100fa8e09525ede1fa/#c-a2b423a9299d20cdb2

/u/Hugbunter and /u/Paris should ban this account as well, along with all the others. If you need to contact us/me, you know where top find us (not at this IP though ;) )

We paid your bug bounty in full. And why contact us asking what we think about some names. We both know you tried to get paid for your BS and we didn't so now you come up with yet another way to try and tarnish someone's reputation as is your entire M.O. and yet again with bullshit information.

Thanks for using dump.li , seems our ad budget is paying off ;)

TLDR: What you think is us.. isn't us.

-
Team Black Ops


ps.

/u/notrustbutverify 📢 🍼 2 points
18 minutes ago
And since people are covering their lack of knowledge here's the treat by saying "it's a

I also found something :) : http://dumpliwoard5qsrrsroni7bdiishealhky4snigbzfmzcquwo3kml4id onion/i/045387.jpeg

Enzyme here

/u/realitymixer is looking for you. Sounded like you fucked his girl or something /post/d5100fa8e09525ede1fa.

> Enzyme here to serve!

this does not give u extra credibility xd

Well, what information do you provide? You could show toilet paper - you have something more important. Or if you saw something and found nothing else, then you thought it was a jackpot - even if you believe your own words - even if there was something - then why did you decide it was the backend? How can you publish such nonsense based on such a small thing? Do you know how many rotating proxies, how much redirects cost? Do you know how many enticing things they do to get trapped? I look at them, BO fight off attacks that kill others. If you actually got to the backend, then show us how? You didn't find the IP on Google ;) But I suspect you only have beautiful words. I advise you to find something more substantial in the future.

proxmox? wtf, are you serious?

And since people are covering their lack of knowledge here's the treat by saying "it's a phishing link" yeah to the point of using a framework and containers, yeah yeah yeah, next time phishers are going to write in Rust

removed links because someone not happy

writing something as complex and opsec-reliant as a DNM in python is definitely a choice

first of don't scam someone who fucking finds you bugs that is shit. In your case nice and good that you talk here about it if they don't drop a statement or say something about it they should pay you more now as compansation

popcorn.gif

Go outside touch some grass ) Meanwhile i order some #4 white in BO what a troll u are )

other port

SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u6

server_host_key:
fingerprint:4c4M02lROUz1q9YPBG5mzDnaJ07db/E7XPmvFKzl4H8
fingerprint_sha256:e1ce0cd36951394cf5abd60f046e66cc39da274edd6ff13b5cf9af14ace5e07f

213.171.XX.XX:3128
3128
TCP/HTTP
 

HTTP/1.1 501 method 'GET' not available
Connection: close
Cache-Control: max-age=0
Date: Mon, 23 Jun 2025 14:38:04 GMT
Expires: Mon, 23 Jun 2025 14:38:04 GMT
Pragma: no-cache
Server: pve-api-daemon/3.0


213.171.XX.XX:111
111
TCP/PORTMAP
  
program  version  netid    address                 service          owner          
100000   4        tcp6     ::.0.111                portmapper       superuser      
100000   3        tcp6     ::.0.111                portmapper       superuser      
100000   4        udp6     ::.0.111                portmapper       superuser      
100000   3        udp6     ::.0.111                portmapper       superuser      
100000   4        tcp      0.0.0.0.0.111           portmapper       superuser      
100000   3        tcp      0.0.0.0.0.111           portmapper       superuser      
100000   2        tcp      0.0.0.0.0.111           portmapper       superuser      
100000   4        udp      0.0.0.0.0.111           portmapper       superuser      
100000   3        udp      0.0.0.0.0.111           portmapper       superuser      
100000   2        udp      0.0.0.0.0.111           portmapper       superuser      
100000   4        local    /run/rpcbind.sock       portmapper       superuser      
100000   3        local    /run/rpcbind.sock       portmapper       superuser      

213.171.XX.XX:123
123
UDP/NTP
  
Version: 4
Close stratum: 3
Polling Interval: 4
Root Delay: 0.004791259765625
Root Dispersion: 0.0338897705078125
Reference ID: 1566532173
Reference Timestamp: 16992965818733728323