Ich würde behaupten, dass der Held der Templer, die Führung nach der Übernahme, grundsätzlich verkackt hat…!
Er hat zwar direkt nach Bekanntwerden der Verhaftung, dass Pom-Konto für den Foren-Zugang extrem beschnitten, hat in dem Wirrwarr aber wohl vergessen, dies bei allen Servern und Zugängen zu machen!! Sechs, setzen…würde ich da behaupten. Hinzu kommt die Tatsache, dass Forum noch mindestens sieben Tage lang weiter online zu halten, um nach verdächtigen Logins Ausschau zu halten. Ist das etwa die viel gerühmte OpSec, mit der sich das Forum und die Betreiber immer gebrüstet haben? Wohl eher nicht, ansonsten hätte er nämlich die komplette Infrastruktur sieben Tage vorher abschalten müssen, sowie sämtliche Storages schreddern sollen! Das wäre wohl auch im Sinne des Verhafteten gewesen und vor allem im Sinne sämtlicher User!!
Labels:
2 remote-access
Autonomous System:
2 PONYNET
1 AMARUTU-TECHNOLOGY
1 TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue
Location:
2 Luxembourg
2 Singapore
1 Netherlands
Service Filters
Service Names:
264 HTTP
2 SSH
Ports:
136 443
125 80
2 22
1 888
1 8888
1 10000
Less
Software Vendor:
208 nginx
23 CloudFlare
8 LiteSpeed Technologies
6 PHP
4 OpenResty
1 OpenBSD
Less
Software Product:
208 nginx
23 CloudFlare Load Balancer
12 PHP
8 LiteSpeed Web Server
4 OpenResty
4 PleskLin
1 OpenSSH
1 linux
==================================================
Results: 136 Time: 6.20s
www.breached.vc (185.129.102.37)
80/HTTP
443/HTTP
payments.breached.vc (185.129.102.37)
80/HTTP
443/HTTP
breached.tv (199.188.201.227)
80/HTTP
443/HTTP
www.breached.tv (199.188.201.227)
80/HTTP
443/HTTP
breached.vc (185.129.102.37)
80/HTTP
443/HTTP
www.breached.today (198.251.89.159)
80/HTTP
443/HTTP
breached.today (198.251.89.159)
80/HTTP
443/HTTP
wiki.breached.vc (83.97.20.143)
443/HTTP
cdn.breached.vc (91.215.43.152)
80/HTTP
443/HTTP
c.breached.vc (198.251.89.159)
80/HTTP
443/HTTP
ch.breached.vc (45.139.122.121)
80/HTTP
443/HTTP
raidforums.huahuapr0xy.workers.dev (172.67.223.194)
80/HTTP
443/HTTP
raidforums.huahuapr0xy.workers.dev (104.21.78.163)
80/HTTP
443/HTTP
breach.market (198.251.89.159)
80/HTTP
443/HTTP
www.breached.st (198.251.89.159)
80/HTTP
443/HTTP
www.luidb.net (198.251.89.159)
80/HTTP
443/HTTP
liquidlightning.nz (198.251.89.159)
80/HTTP
443/HTTP
raidforums5.com (198.251.89.159)
80/HTTP
443/HTTP
www.breachedforums.to (198.251.89.159)
80/HTTP
443/HTTP
www.raidforums1.com (198.251.89.159)
80/HTTP
443/HTTP
www.ghostforums.org (198.251.89.159)
80/HTTP
443/HTTP
p0ison.org (198.251.89.159)
80/HTTP
443/HTTP
raidforums1.com (198.251.89.159)
80/HTTP
443/HTTP
www.breachedforums.com (198.251.89.159)
80/HTTP
443/HTTP
www.p0ison.org (198.251.89.159)
80/HTTP
443/HTTP
databreach.to (198.251.89.159)
80/HTTP
443/HTTP
breachbase.pw (198.251.89.159)
80/HTTP
443/HTTP
www.breached.co (198.251.89.159)
80/HTTP
443/HTTP
www.h0rizon.net (198.251.89.159)
80/HTTP
443/HTTP
databases.to (198.251.89.159)
80/HTTP
443/HTTP
www.databases.to (198.251.89.159)
80/HTTP
443/HTTP
www.raidforums1.com (198.251.89.159)
80/HTTP
443/HTTP
www.bf.gl (198.251.89.159)
80/HTTP
443/HTTP
www.raidforums2.com (198.251.89.159)
80/HTTP
443/HTTP
raidforums.co (198.251.89.159)
80/HTTP
443/HTTP
www.breach.is (198.251.89.159)
80/HTTP
443/HTTP
www.databreach.to (198.251.89.159)
80/HTTP
443/HTTP
breached.mu (198.251.89.159)
80/HTTP
443/HTTP
www.raidforums3.com (198.251.89.159)
80/HTTP
443/HTTP
johandegrieck.be (198.251.89.159)
80/HTTP
443/HTTP
www.breach.re (198.251.89.159)
80/HTTP
443/HTTP
breached.cx (198.251.89.159)
80/HTTP
443/HTTP
www.bf.sb (198.251.89.159)
80/HTTP
443/HTTP
www.breachforu.ms (198.251.89.159)
443/HTTP
prankcalling.org (198.251.89.159)
80/HTTP
443/HTTP
bf.hn (198.251.89.159)
80/HTTP
443/HTTP
breachforums.net (198.251.89.159)
80/HTTP
443/HTTP
www.wli.design (198.251.89.159)
80/HTTP
443/HTTP
www.raid-forums.com (198.251.89.159)
443/HTTP
breached.co (198.251.89.159)
80/HTTP
443/HTTP
crack.to (198.251.89.159)
80/HTTP
443/HTTP
king-hack.xyz (198.251.89.159)
80/HTTP
443/HTTP
breached.st (198.251.89.159)
80/HTTP
443/HTTP
breached.cx (198.251.89.159)
80/HTTP
443/HTTP
www.e.rip (198.251.89.159)
80/HTTP
443/HTTP
www.breached.mu (198.251.89.159)
80/HTTP
443/HTTP
45.139.122.121
AMARUTU-TECHNOLOGY (206264) North Holland, Netherlands
22/SSH
80/HTTP
443/HTTP
bf.gl (198.251.89.159)
80/HTTP
443/HTTP
www.breached.is (198.251.89.159)
80/HTTP
443/HTTP
breachedforums.com (198.251.89.159)
80/HTTP
443/HTTP
luidb.net (198.251.89.159)
80/HTTP
443/HTTP
famed.tk (198.251.89.159)
80/HTTP
443/HTTP
www.raidforums.co (198.251.89.159)
80/HTTP
443/HTTP
www.crack.to (198.251.89.159)
80/HTTP
443/HTTP
www.king-hack.xyz (198.251.89.159)
80/HTTP
443/HTTP
breachforums.org (198.251.89.159)
80/HTTP
443/HTTP
www.breach.market (198.251.89.159)
80/HTTP
443/HTTP
www.breachbase.pw (198.251.89.159)
80/HTTP
443/HTTP
www.prankcalling.org (198.251.89.159)
80/HTTP
443/HTTP
breachforum.com (198.251.89.159)
80/HTTP
443/HTTP
breached.is (198.251.89.159)
80/HTTP
443/HTTP
www.bf.hn (198.251.89.159)
80/HTTP
443/HTTP
www.bezahldenherbert.de (198.251.89.159)
80/HTTP
443/HTTP
bezahldenherbert.de (198.251.89.159)
80/HTTP
443/HTTP
Ja, am besten wäre es gewesen, er hätte direkt alles runtergefahren und erst nach einer intensiven Prüfung alles wieder laufen lassen. Das war wohl ein Schnellschuss. Baphomet hat sich wieder gemeldet btw.:
Hello everyone.
Let me first apologize for the abruptness of my announcements, as well as the lateness on this one. I’m trying to be very cautious how active I am, and I’d prefer not to get DPR’d based on my activity atm.
First you can join the new announcement channel here:
https://t.me/OfficialBaphometIn the next day or so an actual group will be made for people to communicate. Right now I’m trying to let the news cycle calm down a bit as it’s only causing more chaos the more I respond to anything. I am working with specific people to provide a more secure and constant way to communicate with me outside of Telegram. As it stands I opened Telegram to an additional 700 messages, and there are just far too many people to respond to.
At the moment feds and researchers are pouring over every single packet that has gone across the internet attempting to find our infrastructure, as well as information about myself. Some things like the Wiki were left up because the infrastructure touches nothing and only wastes time of those trying to understand everything going on in the background. There may still be infrastructure that only Pom had access to that I’m unable to access, but that shouldn’t be anything critical to our users safety. Things like f.sb and a.sc are completely out of my control so do not bother using them. Again, the Breached forum will not be coming back. If it’s back for any reason, you need to assume that is an attempt to target our users and is not safe. I will not suddenly come back online and tell everyone I was just kidding and we will bringing back the forum, so please use your best logic here.
For the time being, I’m going to be more cautious on the updates I push out as each one only enters into the flurry of people who want to speculate and twist the things I’m saying. From now on there is a hard 48 hour limit where if I have not provided an update, specifically one that is PGP signed, then assume the worst has happened. From now into the future, my current local setup will not have any way to access my PGP keys except for very specific, brief timeframes - so for that reason again please only assume that if I am providing the signed message it is me. There are plenty of people impersonating me on Telegram atm, and I’m sure that the psyops against our community is only going to increase in the coming days/weeks.
- Baphomet
Aus dem Baphomet Text:
„Es mag immer noch Infrastruktur geben, zu der nur Pom Zugang hatte und auf die ich nicht zugreifen kann, aber das sollte nichts Kritisches für die Sicherheit unserer Benutzer sein.“
Da könnte sich schon wieder ein Einschätzungsfehler anbahnen?! Es wird schließlich Gründe haben, wieso auf diese Anteile ausschließlich Pom den Zugriff hat…
Mittlerweile könnte man vermuten, dass B. nur Zugriff (mit entsprechenden Berechtigungen) auf das Forum selber und seinen Host hat, das wars. Die Foren-Datenbank (User) und der Storage der vielen Leaks, entzieht sich anscheinend seinem Zugriff. Denn wenn er an die User-DB rankommen würde, wären solche Aussagen, wie oben im Zitat, gar nicht nötig…
Das ist alles recht spekulativ, schwer zu sagen.
Fakt ist: Die Behörden warten nur auf grobe Fehler der Betreiber solcher Projekte. Und die haben alle Zeit der Welt, weil ihnen die Verdächtigen in der Regeln nicht weglaufen.
Kommt auf die knete und die paranoide an 
Hope you all are cozy. Please see my latest update to prove im not being detained by anyone other than myself. We will open up a group here in 12 hours, and I will be online to chat with people. The rules will be simple, don’t do anything that’ll get our Telegram removed or put us generally in a worse situation than already exists. Simple enough? I look forward to talking with you all while I enjoy this nice ocean breeze.
D.h. nichts Neues im Westen, so schnell wird das auch nicht gehen.
Kam heute wieder ein Update. Ich denke mal, die Behörden werden sich mit der Auswertung Zeit lassen, noch haben sie den letzten Betreiber (nach eigenen Angaben) nicht bekommen.
Just a proof of life update, nothing crazy. Making sure to be within my 48h window. I’m going to switch to a more simple proof of life update system as opposed to doing daily updates of telling people im alive so only the substantial updates come through. More to follow.
Soweit ich weiß, sagte Baph, dass er BreachForums nicht lebendig unterstützen wird.
So war ja die Aussage des Helden der Templer. Wieso er nun bestimmte Info-Kanäle öffnet, verstehe ich dabei nicht ganz? Wenn er das macht, weil es noch laufende Transaktionen und Geldflüsse gab, während des Zeitpunkts der Abschaltung…sind diese einfach hinfällig, meiner Meinung nach!
Da zum jetzigen Zeitpunkt doch niemand weiß, welche Daten durch die Behörden überhaupt verwendet werden können, ist das was da momentan durch ihn passiert, eher eine zusätzliche Gefährdung für ihn selber und die betreffenden User!