
Dancho Danchev's Blog
2,469 FOLLOWERS
Mind Streams of Information Security Knowledge. Blog by Dancho Danchev, DNS Threat Researcher at WhoisXML API and expert in the field of cybercrime fighting & threat intelligence.
Dancho Danchev's Blog
1M ago
Dear blog readers,
In this post I decided to take a look at the hxxp://ispoof.cc cybercrime enterprise in terms of providing actionable intelligence on its Internet connected infrastructure.
Sample known responding IPs:
116.203.61.96
104.26.14.153
172.67.75.247
104.26.15.153
104.21.60.205
172.67.201.73
172.67.150.241
104.21.0.121
104.21.23.23
172.67.208.110
172.64.205.7
172.64.204.7
Related domains known to have been parked at the same IP (116.203.61.96):
hxxp://ivshare4.xyz
hxxp://spoofsystem.co.uk
hxxp://civi-bi.com
hxxp://ispoof.cc
Sample screenshots:
Stay tuned ..read more
Dancho Danchev's Blog
1M ago
Dear blog readers,
In this post I'll provide some actionable intelligence on the current state of active BitCoin Mixers landscape with the idea to assist everyone on their way to properly attribute a fraudulent or malicious transaction or to dig a little bit deeper inside the infrastructure and financial infrastructure behind these BitCoin Mixers.
Sample known BitCoin Mixer URLs:
hxxp://anonymixer.com
hxxp://bitmixer.online
hxxp://chipmixer.com
hxxp://coinomize.biz
hxxp://coinomize.co
hxxp://coinomize.is
hxxp://cryptomixer.io
hxxp://gingerwallet.io
hxxp://jambler.io
hxxp://jokermix.to
hxxp ..read more
Dancho Danchev's Blog
1M ago
Dear blog readers,
In this post I'll provide some actionable intelligence on the current state of active BitCoin Exchanges landscape with the idea to assist everyone on their way to properly attribute a fraudulent or malicious transaction or to dig a little bit deeper inside the infrastructure and financial infrastructure behind these BitCoin Exchanges.
Sample BitCoin Exchanges URLs:
hxxp://bisq.network
hxxp://blockdx.net
hxxp://boltz.exchange
hxxp://changenow.io
hxxp://coinswap.click
hxxp://crp.is
hxxp://exch.cx
hxxp://exchanger.infinity.taxi
hxxp://exolix.com
hxxp://fixedfloat.com
hxxp://go ..read more
Dancho Danchev's Blog
1M ago
What's the most inspirational thing that drives me as an independent researcher?
It's those rare emails and letters and invitations.
I just came across to this.
Thank you so much for the invitation in the context of keeping up the spirit and driving growth into my research.
Happy 2025.
Yours sincerely,
Dancho Danchev ..read more
Dancho Danchev's Blog
1M ago
Dear blog readers,
An image is worth a thousand words. I've recently started working on a new domain take down project where I'm busy sourcing 419 scam domains and trying to figure out their WHOIS registrar in bulk and then feeding back all the information in a local MySQL database. The best part? I did it and it works.
Here's a link to my similar project ..read more
Dancho Danchev's Blog
1M ago
Dear blog readers,
An image is worth a thousand words. I've recently started working on a new project which I executed and achieved with success. It's basically a malware C&C domains offensive network reconnaissance project where I'm once again feeding back the results into a local MySQL database.
Here's a link to my similar project ..read more
Dancho Danchev's Blog
1M ago
Dear blog readers,
The following is a recently data mined compilation of cybercrime-friendly XMPP/Jabber account IDs which I'm sharing with the idea to assist everyone on their cyber threat actor attribution efforts and to assist U.S Law Enforcement on its way to properly track down monitor and prosecute the individuals behind these campaigns.
Sample cybercrime-friendly XMPP/Jabber ..read more
Dancho Danchev's Blog
1M ago
Dear blog readers,
This is Dancho.
How to use this manual testimony?
- Reference me Dancho Danchev
- My web site (https://ddanchev.blogspot.com)
- My research portfolio as PoC (Proof of Concept) (https://archive.org/details/@ddanchev)
- My email address (dancho.danchev@hush.com; disruptive.individuals@gmail.com)
My key points:
- I have never received anyone's acknowledgment for my achievements or a reward
- I was never approached with any sort of acknowledgment by Facebook on my Koobface Gang research
- I'm publishing my own testimonywith the idea that I'm looking for someone's acknowledgm ..read more
Dancho Danchev's Blog
1M ago
Dear blog readers,
In this post I'll post some recent actionable intelligence on the Koobface botnet's master Leded (Ded Mazai) and Anton Nikolaevich Korotchenko (Антон Николаевич Коротченко) Koobface Botnet Master KrotReal.
Leded primary email address account: mrpinkesq@yahoo.com
Primary domain: hxxp://moblave.com; hxxp://mobpaty.com
Related domain registrations:
hxxp://xmob-erotic.com
hxxp://xerotic-mob.com
hxxp://kinozal3d.com
hxxp://mob-vids.com
hxxp://mob-dating.net
hxxp://mob-dating.com
hxxp://mob-dating.org
hxxp://mobcelebrity.net
hxxp://mobcelebrity.org
hxxp://tube4mob.com
hxxp://mob ..read more
Dancho Danchev's Blog
1M ago
Here we go. It appears that the individuals behind the successful compromise of the Cyberheaven VPN Chrome extensions are currently busy or at least have several other upcoming and in the works campaigns targeting several other vendors of Chrome VPN extensions.
The first example is hxxp://censortracker.pro which apparently aims to target the legitimate (hxxp://censortracker.org).
Relate domains:
hxxp://cyberhavenext.pro - 149.28.124.84
hxxp://api.cyberhaven.pro - 149.248.2.160
Parked at 149.28.124.84:
hxxp://graphqlnetwork.pro
hxxp://yescaptcha.pro
hxxp://iobit.pro
hxxp://videodownloadhelper ..read more