Who the hell is Tilon Flosk?

mirveal · May 30, 2025, 1:12pm

So I was crawling through some compromise logs—stuff pulled from leaks tied to high-net-worth forums and underground luxury carding sites.

There’s this name that popped up a few times: Tilon Flosk. First time I saw it, I assumed it was an alias or placeholder. But now I’ve seen it at least three times across different datasets. Different breach sources. All tied to high-roller ecosystems—think private jet bookings, crypto hedge funds, and invite-only auction boards.

I tried digging. Nothing comes up. No socials, no professional trail, not even some crap blog or a GitHub deadzone. The guy’s a damn ghost. Which is weird for someone pinging multiple high-profile data leaks.

Anyone else seen this name? Or is this just some dummy entry that got replicated? Would love eyes on this—especially if anyone’s been lurking in financial DBs or darknet fintech stuff lately.

Drop whatever you’ve got. Even a trace.

lamia415 · May 30, 2025, 2:59pm

Broooo “Tilon Flosk” sounds like a name I’d use when I’m high and need to sign up for a stupid SaaS trial.

But like… if he’s in high-roller spaces and still invisible, he’s either super plugged in or… government.

I’ll poke through the De Monne internal booking ledger. We get weird private names there sometimes.

lilith · May 30, 2025, 5:08pm

Okay, so I ran the name through a few corpsec dumps I’ve been indexing since late 2023…

Tilon Flosk shows up in two separate leaked DBs:

A whitelisted client list from LuxVault. The entry was partially redacted, but his alias was tagged next to a wallet that moved over 9M USDT in a single transaction.
The latest leaked DB from Basecoin had a user with that exact full name. The hashed password? > 2. Brutal—looks like more than 14 characters with mixed characters. Unbreakable without serious resources.

Definitely not a fake entry.

Whoever Flosk is, he either has someone cleaning up after him… or he’s living way off the grid.

Do I smell a spear phishing campaign coming on?

lilith · June 11, 2025, 9:43am

Got something on our ghost, Tilon Flosk.

Dug into old art auction leaks—found a photo with GPS data still in the EXIF. Traced it to a villa in Montenegro. Matched it with a leaked guest list from the MedusaSoft fallout—“T. Flosk” was on it.

Went full psycho and found drone footage from a hobbyist forum. One frame: silver Maserati, diplomatic plates, mirrored shades.

TL;DR: Tilon Flosk isn’t fake. He’s protected. Maybe state-protected.

mort1cia · June 12, 2025, 1:12pm

So I went diving through some leftover leaks from the MedusaSoft fallout on the dark web. Found vendor contracts, transaction logs, and some misconfigured S3 buckets.

Turns out, MedusaSoft worked with exactly one caterer—only listed as “Orphic Solutions”. Looked boring at first. Then I traced it.

Orphic Solutions is a shell. On paper, it’s linked to a couple of no-name supermarkets and one coffee shop: Dark And Cold Brew.

But here’s where it goes sideways:

Their infrastructure site is unbreachable.
– 8-layer mesh network with rotating MAC filters
– Directional jamming on sidewalk-facing signals
– Entry points under thermal and LIDAR surveillance
– Staff badges ping a segmented subnet
– Perimeter fencing + completely blurred on every mapping service

And there’s zero logical reason for it.
A coffee shop doesn’t need RF shielding and biometric hallway locks.
Someone funneled serious money to make that place invisible.

This isn’t just an espresso pit stop—it’s a data dead-drop, a relay node, money laundering, or something worse.

We need to get inside!

Anyone fluent in thermal spoofing, directional IR cloaking, or social infiltration?

Let’s talk breach strategy.

spookyboi · June 18, 2025, 8:46am

Tried nudging Orphic Solutions last night—light probe with a botnet I spun off some old routers. Just noise to see if any ports talked back.

I hit only the company infra. Not the café. Not the shell domains.

Two hours later, the coffee house posts on Instagram:

“We’re currently under a massive DDoS attack.”

Cute. But also: weird.

Either their ops are mirrored, or that coffee house is wired directly into the backend.

If Flosk’s using it, he’s not hiding behind the café.

He is the café.

mirveal · August 1, 2025, 3:02pm

BLLLLLLLAAAAAAAAAAAAAAAAAHHHHHH!!!
Still trying to get a foothold.

Everything’s locked down tighter than a launch silo: no open ports outside 443, headers are scrubbed, CSP is a nightmare, and even the error messages are aggressively generic.

I threw a dozen payloads and wordlists at the login—and guess what I got? Nothing. With extra silence.

Either I’m missing something stupid… or this box was built by someone who hates joy.

Still watching. Still probing. Something’s gotta give.

mirveal · August 25, 2025, 12:40pm

So, get this. The local coffee spot down the block put out a “we’re hiring a Barista” sign for a barista gig. Couldn’t resist. I tossed in a resume dressed up like I was the perfect gastronomy master. The whole nine yards!. The real kicker? Let’s just say the document had a little bonus content baked in.

And that is not all. They opened it! their hiring manager’s laptop is going to be brewing more than just chai lattes.

mirveal · October 4, 2025, 8:44am

Update:
Managed to pull an image — supposedly hints at where Tilon’s been meeting people. Dude’s schedule is basically a cipher wrapped in bad poetry.

Also: snagged access to an ancient Android phone that’s somehow still online. (The security on this thing is straight out of 2012 — no encryption, no updates, just Shakespeare.)

Image: