PwnedForums, a BreachForums clone that popped up following the FBI’s closure of the breached data marketplace, is back online, reported cybersecurity company Falcon Feeds.
The Cyber Express has verified the domain and found it to be live at the time of publishing this report.
True to its intentions of cashing in on the void created by the BreachForums bust, PwnedForums has used the favicon of BreachedForums.
A favicon is a small, 16×16 pixel icon used on web browsers to represent a website or a web page. “PwnedForums – New Raids teritory (sic),” was the Google snippet for the website.
The Cyber Express took a close look at the domain and found an interesting link.
PwnedForums and the domain details
A search about the details of the domain PwnedForums gave The Cyber Express the following details.
It was registered on March 24, days after BreachForums was taken down after the arrest of its 20-year-old promoter, Conor Brian FitzPatrick.
The domain PwnedForums.com is hosted by Cloudflare under the IP Address 188.114.96.2 and the IP location is USA. The hosting address disclosed was 665 Third Street #207, San Francisco, CA, 94107, US.
Interestingly, this is the same physical address for several domains, including that of erstwhile search engine and publisher advertising platform Technorati, which served as an advertising solution for the thousands of websites in its network.
An SEC disclosure on Technorati listed the same physical address as that of PwnedForums. US technology and services company Synacor acquitted Technorati in 2016 for $3 million.
Like thousands of other websites across the world, PwnedForums too uses the website nameservers jerry.ns.cloudflare.com and laura.ns.cloudflare.com.
Pwnedforums administrator, who goes by the alias Frost, announced on April 4 that the domain will be closed.
BreachForums, closure, and offshoots
Conor Brian FitzPatrick, who had been operating BreachForums using the name ‘pompompurin’, was apprehended by the FBI on March 15.
Following this, a user called Baphomet took over and ensured that the transition process was in progress, although it faced a few challenges.
“The fallout from this arrest could be law enforcement gaining access to information on illicit dealings on the forum,” said a Cyble analysis of the situation.
BreachForums had 336,800 members before its closure, and users were searching for alternative cybercrime forums.
The Telegram Group “Breach Forums”, which came up after the domain went bust, has close to 20,000 subscribers now.
An ex-Anonymous hacker claimed to have set up a BreachForums alternative called kkksecforum, which is currently inaccessible.
Some forums, such as Exploit, saw disgruntled users complaining about the sudden influx of new members.
Pwnedforums, like other new BreachForums alternatives, faced the issue of convincing users that they are not DDoS honeytraps.
Some aspiring members were found publicly posting doxed data, but the pwnedforums admin, Sinistery, reassured users that it is an independent platform, not a federal authorities’ honeypot.
“We have recently become aware of concerns circulating among some members of our community, suggesting that our platform may be a “honeypot” operated by federal authorities,” Sinistery posted on April 1.
“We would like to address these concerns and reassure you that this is not the case.”
Recently, UK law enforcement officials uncovered a network of several thousand cybercriminals involved in DDoS-for-hire schemes, caught attempting to attack a honeypot system set up by law enforcement agencies to lure cybercriminals.
In another incident, German police conducted a raid on FlyHosting, a web hosting company known for providing services to cybercriminals involved in DDoS attacks, malware distribution, and bulletproof hosting.