Profiling the iSpoof Cybercrime Enterprise
Dancho Danchev's Blog
by Dancho Danchev
1M ago
Dear blog readers, In this post I decided to take a look at the hxxp://ispoof.cc cybercrime enterprise in terms of providing actionable intelligence on its Internet connected infrastructure. Sample known responding IPs: 116.203.61.96 104.26.14.153 172.67.75.247 104.26.15.153 104.21.60.205 172.67.201.73 172.67.150.241 104.21.0.121 104.21.23.23 172.67.208.110 172.64.205.7 172.64.204.7 Related domains known to have been parked at the same IP (116.203.61.96): hxxp://ivshare4.xyz hxxp://spoofsystem.co.uk hxxp://civi-bi.com hxxp://ispoof.cc Sample screenshots:   Stay tuned ..read more
Visit website
A Peek Inside the Current State of BitCoin Mixers
Dancho Danchev's Blog
by Dancho Danchev
1M ago
Dear blog readers, In this post I'll provide some actionable intelligence on the current state of active BitCoin Mixers landscape with the idea to assist everyone on their way to properly attribute a fraudulent or malicious transaction or to dig a little bit deeper inside the infrastructure and financial infrastructure behind these BitCoin Mixers. Sample known BitCoin Mixer URLs: hxxp://anonymixer.com hxxp://bitmixer.online hxxp://chipmixer.com hxxp://coinomize.biz hxxp://coinomize.co hxxp://coinomize.is hxxp://cryptomixer.io hxxp://gingerwallet.io hxxp://jambler.io hxxp://jokermix.to hxxp ..read more
Visit website
A Peek Inside the Current State of BitCoin Exchanges
Dancho Danchev's Blog
by Dancho Danchev
1M ago
Dear blog readers, In this post I'll provide some actionable intelligence on the current state of active BitCoin Exchanges landscape with the idea to assist everyone on their way to properly attribute a fraudulent or malicious transaction or to dig a little bit deeper inside the infrastructure and financial infrastructure behind these BitCoin Exchanges. Sample BitCoin Exchanges URLs: hxxp://bisq.network hxxp://blockdx.net hxxp://boltz.exchange hxxp://changenow.io hxxp://coinswap.click hxxp://crp.is hxxp://exch.cx hxxp://exchanger.infinity.taxi hxxp://exolix.com hxxp://fixedfloat.com hxxp://go ..read more
Visit website
Happy New Year
Dancho Danchev's Blog
by Dancho Danchev
1M ago
What's the most inspirational thing that drives me as an independent researcher? It's those rare emails and letters and invitations. I just came across to this. Thank you so much for the invitation in the context of keeping up the spirit and driving growth into my research. Happy 2025. Yours sincerely, Dancho Danchev ..read more
Visit website
New Project - 419 Scam Domains WHOIS Registrar Monitoring Project
Dancho Danchev's Blog
by Dancho Danchev
1M ago
Dear blog readers, An image is worth a thousand words. I've recently started working on a new domain take down project where I'm busy sourcing 419 scam domains and trying to figure out their WHOIS registrar in bulk and then feeding back all the information in a local MySQL database. The best part? I did it and it works. Here's a link to my similar project ..read more
Visit website
New Project - Malware C&C Domains Offensive Network Reconnaissance Monitoring Project
Dancho Danchev's Blog
by Dancho Danchev
1M ago
Dear blog readers, An image is worth a thousand words. I've recently started working on a new project which I executed and achieved with success. It's basically a malware C&C domains offensive network reconnaissance project where I'm once again feeding back the results into a local MySQL database. Here's a link to my similar project ..read more
Visit website
Profiling a Currently Active Portfolio of High-Profile Cybercriminal Jabber and XMPP Accounts Including Email Address Accounts - Part Six
Dancho Danchev's Blog
by Dancho Danchev
1M ago
Dear blog readers, The following is a recently data mined compilation of cybercrime-friendly XMPP/Jabber account IDs which I'm sharing with the idea to assist everyone on their cyber threat actor attribution efforts and to assist U.S Law Enforcement on its way to properly track down monitor and prosecute the individuals behind these campaigns. Sample cybercrime-friendly XMPP/Jabber ..read more
Visit website
Dancho Danchev's Testimony on “How Facebook Today's Meta Failed To Protect Its Users and React To The Koobface Botnet And What We Should Do About It?”
Dancho Danchev's Blog
by Dancho Danchev
1M ago
Dear blog readers, This is Dancho. How to use this manual testimony? - Reference me Dancho Danchev - My web site (https://ddanchev.blogspot.com) - My research portfolio as PoC (Proof of Concept) (https://archive.org/details/@ddanchev) - My email address (dancho.danchev@hush.com; disruptive.individuals@gmail.com) My key points: - I have never received anyone's acknowledgment for my achievements or a reward - I was never approached with any sort of acknowledgment by Facebook on my Koobface Gang research - I'm publishing my own testimonywith the idea that I'm looking for someone's acknowledgm ..read more
Visit website
What Are Koobface Botnet Masters Leded (Ded Mazai) and Anton Nikolaevich Korotchenko (Антон Николаевич Коротченко) Koobface Botnet Master KrotReal Up To?
Dancho Danchev's Blog
by Dancho Danchev
1M ago
Dear blog readers, In this post I'll post some recent actionable intelligence on the Koobface botnet's master Leded (Ded Mazai) and Anton Nikolaevich Korotchenko (Антон Николаевич Коротченко) Koobface Botnet Master KrotReal. Leded primary email address account: mrpinkesq@yahoo.com Primary domain: hxxp://moblave.com; hxxp://mobpaty.com Related domain registrations: hxxp://xmob-erotic.com hxxp://xerotic-mob.com hxxp://kinozal3d.com hxxp://mob-vids.com hxxp://mob-dating.net hxxp://mob-dating.com hxxp://mob-dating.org hxxp://mobcelebrity.net hxxp://mobcelebrity.org hxxp://tube4mob.com hxxp://mob ..read more
Visit website
Exposing the Rogue Cyberheaven Compromised Chrome VPN Extensions Ecosystem - An Analysis
Dancho Danchev's Blog
by Dancho Danchev
1M ago
Here we go. It appears that the individuals behind the successful compromise of the Cyberheaven VPN Chrome extensions are currently busy or at least have several other upcoming and in the works campaigns targeting several other vendors of Chrome VPN extensions. The first example is hxxp://censortracker.pro which apparently aims to target the legitimate (hxxp://censortracker.org). Relate domains: hxxp://cyberhavenext.pro - 149.28.124.84 hxxp://api.cyberhaven.pro - 149.248.2.160 Parked at 149.28.124.84: hxxp://graphqlnetwork.pro hxxp://yescaptcha.pro hxxp://iobit.pro hxxp://videodownloadhelper ..read more
Visit website

Follow Dancho Danchev's Blog on FeedSpot

Continue with Google
Continue with Apple
OR