Law enforcers seized the domains hosting RaidForums

During the international operation TOURNIQUET , which was coordinated by Europol, the well-known hacker resource RaidForums, which was mainly used to trade in stolen databases, was closed.

The administrator of RaidForums and two of his accomplices have been arrested, and the site’s infrastructure is now under the control of law enforcement agencies.

The operation was reportedly prepared by the authorities of the United States, Great Britain, Sweden, Germany, Portugal and Romania for more than a year.

The US Department of Justice writes that the site administrator, known by the nickname Omnipotent, was arrested on January 31, 2022 in the UK, and he has already been charged. He was in custody from the time of his arrest until the completion of the extradition proceedings.

Since 21-year-old Portuguese citizen Diogo Santos Coelho was hiding behind the pseudonym Omnipotent, it turns out that he launched RaidForums when he was 14 years old, since the site has been running since 2015.

Law enforcers seized the domains hosting RaidForums:, and

According to statistics from the US Department of Justice, in total, more than 10 billion unique records from hundreds of hacked databases were put up for sale on the marketplace, including those affecting people living in the United States. In turn, Europol reports that RaidForums had more than 500,000 users and was “one of the largest hacker forums in the world.” It is worth adding here that we are talking about English-language resources.

“This marketplace has made a name for itself by selling access to high-profile database leaks owned by various US corporations from various industries. They contained information about millions of credit cards, bank account numbers and routing information, as well as usernames and associated passwords needed to access online accounts, ”says Europol.
It is not yet known how long the investigation took overall, but law enforcement seems to have managed to get a pretty clear picture of the RaidForums hierarchy. The Europol press release notes that the people who supported the work of RaidForums were engaged in administration, money laundering, stolen and uploaded data to the site, and also bought stolen information.

At the same time, Diogo Santos Coelho, mentioned above, allegedly controlled RaidForums from January 1, 2015, that is, from the very beginning, and managed the site with the support of several administrators, organizing a structure to promote the purchase and sale of stolen data. To make a profit, the forum charged users for various membership levels and sold credits that allowed members to gain access to more privileged areas of the site or to stolen data posted on the forum.

Coelho also acted as an intermediary and guarantor between the parties making transactions, undertaking to see that buyers and sellers would honor the agreements.
Bleeping Computer writes that back in February 2022, criminals and security researchers suspected that RaidForums had been taken over by law enforcement, as the site began displaying a login form on every page. When trying to enter the site, it simply showed the login page again, and many suspected that the site was taken over and this was a phishing attack by law enforcement agencies who are trying to get the attackers’ credentials.

On February 27, 2022, the DNS servers of completely changed to and, which only convinced the hackers that they were right. The fact is that in the past these DNS servers were used by other sites seized by the authorities, including and

RaidForums, which appeared back in 2015, has recently become widely known due to ransomware operators who leaked data stolen from victims to the site in order to force them to pay a ransom. For example, this tactic was previously used by Babuk and Lapsus$ operators.
However, earlier, when the resource was not so popular, its community specialized in swatting: a special forces squad was called to the victims’ homes, reporting false bomb threats, hostage-taking, and so on), as well as raiding, which The US Department of Justice describes it as “publishing or sending a huge number of contacts to the online medium that the victim uses to communicate.”
In recent years, the marketplace has been a favorite place for hackers to sell stolen databases or simply share them for free with other forum members.

our channel

  Posted by: @ESPYER


Unveiling the Power of OSINT: A Guide by Expert Lina

This article provides a comprehensive guide to OSINT (Open Source Intelligence), led by Lina, an expert at ESPYSYS. The guide includes a detailed walkthrough of the IRBIS OSINT tool, real-life case studies, tips for maintaining anonymity, and a special offer for viewers.

Read More »

SpiderFoot: The Ultimate OSINT Tool

SpiderFoot is a powerful open-source intelligence (OSINT) automation tool designed for cybersecurity professionals. It streamlines the process of gathering intelligence from various online sources, making it essential for investigating suspicious activities and managing internet-facing assets.

Read More »

A Simple Solution to Combat Financial Fraud: Phone Lookup

Discover how phone lookup services, like IRBIS, can help businesses identify fake numbers and prevent fraud. With easy API integration, businesses can enhance their security measures and protect their operations. Learn more about the power of phone lookup services in our comprehensive guide.

Read More »