Friday, November 1, 2024
HomeHacksDark Website Leaked its hidden server IP Address that Sells Illegal...

Dark Website Leaked its hidden server IP Address that Sells Illegal Cannabis Drug

Published on

Malware protection

An Illegal Dark website called ElHerbolario that sells Cannabis drug Leaked its secret server IP address online due to poor server configuration made by their server admins.

The Darkweb, invisible web, or hidden web are parts of the World Wide Web whose contents are not indexed by standard search engines for any reason.

- Advertisement - SIEM as a Service

Also Read: Mysterious Deep Web : Secrets from the Dark Side of the Internet

In this case, Leaked original IP Address leads to track the original site owner and seize the server and later Law enforcement will be playing against the owner.

This Drug selling Dark Website is an intermediate seller so that possible rate of doing illegally selling things like this type of Cannabis drug is obvious one.

This Dark Website is highly rated one Even though this belongs is Darkweb site that makes researcher go into a deep investigation.

How Does the Investigation go on – Dark Website

Initially, Researcher starting the investigation by checking the String of  ElHerbolario which is the name of this illegal website.

Later To find the content management system (CMS) for this site, he was checked by applying the “wp-admin” at the end of the URL which is unique to a WordPress site. but the attempt was failed due to the admin of the site ower disabled the wp-admin login form link.

Later Right click on it and click on “Investigate Element” to open the Network tab and reload it.The status is 200. 200 because Riku was sent to when you reload es means that capital was normal. So, it means that a folder called / wp-content / existed.

According to Researcher, So it was confirmed that owner of this site was using WordPress.The reason why we wrote about this folder is that in the same way, the database leaked out due to mistakes in folder permission setting on another drug seller’s site in the past.

In this case, he felt that E and L Seem unnatural, later he found that it means a herbalist in Spanish.so he confirmed that the person who built this server is a person who is related to Spain.

Later investigation revealed that website Server is NGINX and OS use Debian. But IP Address didn’t find in this area.

Last but not least, we do have a deep search Engines to find some mysterious things that we cant get it on google.

So he used one of the deep web Search engine called  Censys and search by using the characteristic word ElHerbolario.

There is “El Herbolario Personal Shop” on the top of the results in Dark Website list. and its shows the IP Address of the website.

Later by checking the  IP address to confirm the original site of the IP, it has been checked with Tor Brower.

Finally,  DDoS attack was found that it is a mirror server to be used when subjected to. In addition, the server uses Blazing fast.

This is famous as a bulletproof server. As you can see there are other uses of Debian and nginx. It is the same as the original server.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Telegram Bot Selling Phishing Tools to Bypass 2FA & Hack Microsoft 365 Accounts

A newly discovered phishing marketplace, ONNX Store, empowers cybercriminals to launch sophisticated attacks against...

Mobile Device Management Vendor Mobile Guardian Hacked

 Mobile Guardian, a leading Mobile Device Management (MDM) vendor, experienced unauthorized access to its...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...