Listen to this Post
A new dark web forum, “breached[.]live”, claims to be the revival of the notorious BreachForums (V5). Administered by “MrNobody”, the forum surfaced on April 20, 2025, and was promoted via a Telegram channel (breachlou).
Key Findings:
- Domain Registration: Created on 2025-04-20 (Whois records).
- Hosting: US-based IP (3.141.197.202).
- Activity: Minimal, except for an “Imported Threads” section with thousands of posts.
- Admin Panel Exposure: The Admin Control Panel (ACP) is publicly accessible, risking unauthorized access.
- User Base: Only 26 registered members as of now.
🔗 Forum URL: `https://breached[.]live` (Use with caution in a secure environment)
You Should Know: OSINT & Threat Intelligence Commands
1. WHOIS Lookup (Domain Verification)
whois breached.live
Or use curl for quick checks:
curl -s "https://www.whois.com/whois/breached.live" | grep -E "Creation Date|Registrant"
2. IP & Hosting Analysis
nslookup breached.live dig breached.live +short
Check geolocation:
curl ipinfo.io/3.141.197.202
3. Darkweb Monitoring (Tor)
For Tor-based investigations, use:
torsocks curl -s http://breached.live | grep -i "title\|admin"
4. Check for Data Leaks
Search BreachForums-related leaks via Have I Been Pwned (HIBP):
curl -s "https://haveibeenpwned.com/api/v3/breacheddomain/breached.live" -H "hibp-api-key: YOUR_KEY"
5. Admin Panel Exploit Check (Security Audit)
Test if the ACP is open:
curl -I https://breached.live/admin/
If HTTP 200 OK, the panel is exposed.
What Undercode Say
The sudden reappearance of BreachForums V5 raises suspicions:
– Low user activity suggests a honeypot or scam.
– Imported threads may be fabricated content.
– Exposed ACP hints at poor security—possibly intentional for malicious redirection.
Linux/Windows Commands for Threat Analysts
– Monitor Network Traffic (Linux):
tcpdump -i eth0 host 3.141.197.202 -w breached_traffic.pcap
– Check Suspicious Processes (Windows):
Get-Process | Where-Object { $_.Path -like "breached" }
– Extract Metadata from Forum Screenshots:
exiftool screenshot.jpg | grep -i "software\|author"
Prediction
This forum will likely:
1. Gather credentials via fake logins.
2. Spread malware under the guise of leaked data.
3. Disappear abruptly after monetizing stolen data.
Expected Output:
A detailed threat report with actionable intelligence for cybersecurity teams. Stay vigilant—verify before engaging.
🔗 Relevant URL: `https://breached[.]live` (Access at your own risk)
References:
Reported By: Reza Abasi – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
