Law enforcers seized the domains hosting RaidForums

During the international operation TOURNIQUET , which was coordinated by Europol, the well-known hacker resource RaidForums, which was mainly used to trade in stolen databases, was closed.

The administrator of RaidForums and two of his accomplices have been arrested, and the site’s infrastructure is now under the control of law enforcement agencies.

The operation was reportedly prepared by the authorities of the United States, Great Britain, Sweden, Germany, Portugal and Romania for more than a year.

The US Department of Justice writes that the site administrator, known by the nickname Omnipotent, was arrested on January 31, 2022 in the UK, and he has already been charged. He was in custody from the time of his arrest until the completion of the extradition proceedings.

Since 21-year-old Portuguese citizen Diogo Santos Coelho was hiding behind the pseudonym Omnipotent, it turns out that he launched RaidForums when he was 14 years old, since the site has been running since 2015.

Law enforcers seized the domains hosting RaidForums:, and

According to statistics from the US Department of Justice, in total, more than 10 billion unique records from hundreds of hacked databases were put up for sale on the marketplace, including those affecting people living in the United States. In turn, Europol reports that RaidForums had more than 500,000 users and was “one of the largest hacker forums in the world.” It is worth adding here that we are talking about English-language resources.

“This marketplace has made a name for itself by selling access to high-profile database leaks owned by various US corporations from various industries. They contained information about millions of credit cards, bank account numbers and routing information, as well as usernames and associated passwords needed to access online accounts, ”says Europol.
It is not yet known how long the investigation took overall, but law enforcement seems to have managed to get a pretty clear picture of the RaidForums hierarchy. The Europol press release notes that the people who supported the work of RaidForums were engaged in administration, money laundering, stolen and uploaded data to the site, and also bought stolen information.

At the same time, Diogo Santos Coelho, mentioned above, allegedly controlled RaidForums from January 1, 2015, that is, from the very beginning, and managed the site with the support of several administrators, organizing a structure to promote the purchase and sale of stolen data. To make a profit, the forum charged users for various membership levels and sold credits that allowed members to gain access to more privileged areas of the site or to stolen data posted on the forum.

Coelho also acted as an intermediary and guarantor between the parties making transactions, undertaking to see that buyers and sellers would honor the agreements.
Bleeping Computer writes that back in February 2022, criminals and security researchers suspected that RaidForums had been taken over by law enforcement, as the site began displaying a login form on every page. When trying to enter the site, it simply showed the login page again, and many suspected that the site was taken over and this was a phishing attack by law enforcement agencies who are trying to get the attackers’ credentials.

On February 27, 2022, the DNS servers of completely changed to and, which only convinced the hackers that they were right. The fact is that in the past these DNS servers were used by other sites seized by the authorities, including and

RaidForums, which appeared back in 2015, has recently become widely known due to ransomware operators who leaked data stolen from victims to the site in order to force them to pay a ransom. For example, this tactic was previously used by Babuk and Lapsus$ operators.
However, earlier, when the resource was not so popular, its community specialized in swatting: a special forces squad was called to the victims’ homes, reporting false bomb threats, hostage-taking, and so on), as well as raiding, which The US Department of Justice describes it as “publishing or sending a huge number of contacts to the online medium that the victim uses to communicate.”
In recent years, the marketplace has been a favorite place for hackers to sell stolen databases or simply share them for free with other forum members.

our channel

  Posted by: @ESPYER

5 social monitoring tools great for OSINT

5 Social Media Monitoring Tools

In this article we’ll talk about the following social monitoring tools:
Hootsuite, Brand24, Mention, Sprout Social, Synthesio.
For each of these we’ll know the main benefits of using it, as well as reason to chose another tool, based on your needs! Here goes 🙂

Read More »
OSINT Investigating questions

OSINT for Businesses: A Guide to Conducting Due Diligence and Intelligence Investigations

In this article, we’ll explore how businesses can use OSINT techniques to gather information and conduct due diligence and intelligence investigations.

Open-source intelligence (OSINT) is the process of gathering information from publicly available sources to support decision-making and informed action.

For businesses, OSINT can be a valuable tool for conducting due diligence and intelligence investigations, providing a wealth of information on potential partners, competitors, and threats.
However, with the increasing use of artificial intelligence (AI) in online investigations, it’s important to know how to gather information while avoiding detection.

Read More »


A Revolutionary API to Check If Your Personal Information is Compromised.
Are you tired of constantly worrying about your personal information being compromised? Well, let me introduce you to ProfileNINJA, a one-of-a-kind API service listed on the RapidAPI marketplace.

ProfileNINJA takes the hassle out of checking if your personal information has been leaked by searching through databases linked to popular social media platforms like Twitter, Facebook, VK, Instagram, Telegram, and LinkedIn.

Read More »

People Data Lookup API

People Data Lookup API on RapidAPI is a service that allows users to search and retrieve information about individuals using phone number, email address, password, or full name. The API offers accurate and updated information that can be used for various purposes such as fraud detection, verification, and customer engagement. The service is accessible through RapidAPI, a platform that connects developers with over 16,000 APIs.

Read More »


With Shodan Exploit, you will have all your calls on your terminal. It also allows you to make detailed searches.
All you have to do without running Shodansploiti is to add shodan api.

Read More »