Login
Get a Demo
Become a Partner
SOCRadar® Cyber Intelligence Inc. | What is the RaidForums?
Table Of Content
Home

Resources

Blog
May 13, 2022
3 Mins Read

What is the RaidForums?

RaidForums was launched in 2015 by Diogo Santos Coelho of Portugal, aka Omnipotent. 

Cybercriminals enormously used the RaidForums hacker site to obtain and sell stolen datasets. The forum represented a database sharing and marketplace forum, which caused specific database breaches and leaks and an active market.

Regularly monitor dark web forums with SOCRadar and be instantly notified of malicious activities such as data breaches, exploits, hacking-as-a-service, and leaks!

RaidForums: The Biggest Marketplace for Hackers

The marketplace has been active for seven years, and it is the most practical and fastest online marketplace for hackers to sell stolen data or exchange this data between members of the forum. Stolen data in the forum contained personal and financial information such as bank routing and account numbers, credit cards, login information, and social security numbers. 

The marketplace stocked more than 10 billion databases from hundreds of stolen databases from people residing in the U.S. to sell to hackers. 

Members Become Suspicious on February 27th

Security researchers suspected that RaidForums was seized by law enforcement in February because the site started to show a login part on every page. It was repeatedly redirecting its users to the login page. This led researchers and forum members to believe that the site was seized and that the login prompt was a phishing attempt by law enforcement.

New Update in 2022

The DNS servers for raidforums.com were suddenly changed to the following servers on February 27th, 2022,

As these DNS servers were previously used with other sites seized by law enforcement, including weleakinfo.com and doublevpn.com, researchers believed this added further support that the domain was taken.

Europol’s Role in the Incident of RaidForums Shut Downing

The RaidForums hacker forum has been closed down, and its domain of “raidforums.com,” “Rf.ws,” and “Raid.Lol.” seized by U.S. law enforcement during Operation Tourniquet that coordinated by Europol. Also, the infrastructure of the illegal marketplace is now under the control of law enforcement. Europol says that RaidForums had more than 500,000 members and “was considered one of the world’s biggest hacking forums.”

RaidForum’s administrator Coelho and two of his accomplices have been arrested, and Coelho is facing criminal charges on January 31st in the U.K.

Another exciting piece of info: 

After Russia invaded Ukraine and many threat actors began taking sides, RaidForums announced that they were banning any member known to be associated with Russia.

Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.
Get free access.

Related Articles
SOCRadar® Cyber Intelligence Inc. | 0-Day Exploits for Outlook and Windows, AnyDesk Access Sale, LeadSquared and WeRize Database Leaks
0-Day Exploits for Outlook and Windows, AnyDesk Access Sale, LeadSquared and WeRize Database Leaks
Nis 15, 2024
SOCRadar® Cyber Intelligence Inc. | Top 10 Dark Web Markets
Top 10 Dark Web Markets
Nis 11, 2024
SOCRadar® Cyber Intelligence Inc. | How to Monitor Your Supply Chain’s Dark Web Activities?
How to Monitor Your Supply Chain’s Dark Web Activities?
Nis 10, 2024
SOCRadar® Cyber Intelligence Inc. | Latest Dark Web Sales: Exploits, 0-Days, Financial & Government Data Leaks, DarkVR Service
Latest Dark Web Sales: Exploits, 0-Days, Financial & Government Data Leaks, DarkVR Service
Nis 08, 2024
SOCRadar® Cyber Intelligence Inc. | Dark Web Profile: Mallox Ransomware
Dark Web Profile: Mallox Ransomware
Nis 08, 2024