A DNS Deep Dive into BreachForums Domains
BreachForums, a forum for English-speaking black hat hackers, was taken down by the Federal Bureau of Investigation (FBI) on 21 March 2023.1 That happened shortly after its owner Conor Brian Fitzpatrick was arrested.
But reports say BreachForums is back online, albeit with a new manager—hacking group ShinyHunters and its original administrator Baphomet.2
Threat researcher Dancho Danchev amassed 573 domains believed to belong to BreachForums members. We expanded this list of indicators of compromise (IoCs) to find out just how extensive the members’ operations are.
The WhoisXML API research team, aided by comprehensive threat intelligence, found:
- 12 recently registered domains with the same registrant email addresses as some of the IoCs, one of which turned out to be malicious based on a bulk malware check
- 253 IP addresses to which the domains identified as IoCs resolved, one of which turned out to be malicious based on malware checks
- 3,884 domains that shared the dedicated IP hosts of some of the domains identified as IoCs, 22 of which turned out to be malicious based on a bulk malware check
- 9,588 domains that contained strings akin to some of the IoCs, 30 of which turned out to be malicious based on a bulk malware check
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
-  https://www.bleepingcomputer.com/news/security/breached-hacking-forum-shuts-down-fears-its-not-safe-from-fbi/
-  https://gridinsoft.com/blogs/breachforums-is-back-online-shinyhunters/