🚨 FBI Watchdog - SEIZURE ESCALATION ALERT 🚨
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: offshore.cx
Triggered By: HTTP (Status code changed to 403)
Time Detected: 2026-03-13 17:40:40 UTC

🔍 HTTP Fingerprint Changes:

  Status: 200 → 403
  x-xss-protection: 1; mode=block → None
  x-content-type-options: nosniff → None
  x-frame-options: SAMEORIGIN → None
  Body hash: c15114f948ad → e478c00442ca (size: 58,704 → 1,483)

I think he is updating the site. the site provides information on different hosts, email, etc to use for privacy

the body hash will do a check for size. i think its something like a 35% change or higher and it will notify

Edit: body_changed = size_ratio > 0.35

⚠️ FBI Watchdog - HTTP Fingerprint Change ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: offshore.cx
Record Type: HTTP Fingerprint Change
Time Detected: 2026-03-13 18:07:31 UTC

Previous Records:

Status: 403
Body: e478c00442ca

New Records:

Status: 403 → 200
Body hash: e478c00442ca → aae643f5235e (size: 1,483 → 58,704)

‼️🇺🇸 A threat actor is allegedly selling a private database of 2+ million users from a U.S.-based social media marketplace.

The data reportedly includes usernames, emails, passwords (bcrypt hashed), and registration dates. The threat actor requires proof of funds before responding.

‼️🇦🇺 A threat actor is allegedly selling the database of Phonebot, an Australian retailer of refurbished and pre-owned electronics founded in 2012 in Melbourne, Victoria, containing 200K+ customer records.

The breached data reportedly includes customer IDs, full names, emails, phone numbers, fax numbers, passwords (MD5 hashed), IP addresses, platform details, two-factor status, Google IDs, reward points, and newsletter/marketing preferences.

‼️ DOJ Press Release
━━━━━━━━━━━━━━━━━━━━━

Adobe Agrees to $150 Million Settlement and Injunction to Resolve Alleged Violations of the Restore Online Shoppers’ Confidence Act

Full Press Release → justice.gov

━━━━━━━━━━━━━━━━━━━━━
🕵️ Dark Web Informer • DOJ Monitor

Thanks

Not Chucky. leakbase[.]lol. But someone is using it as a site.

‼️🇺🇸 A threat actor has allegedly leaked the database of MagicSlides App, a popular AI-powered document and presentation platform, exposing over 2.3 million unique users.

The compromised data reportedly includes emails, phone numbers, payment info, Stripe customer IDs, Telegram IDs, account plans, usage data, organization IDs, workspaces, referral codes, onboarding data, and login attempt records, among other platform metadata.

⚠️ FBI Watchdog - HTTP Fingerprint Change ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: wormgpt.net
Record Type: HTTP Fingerprint Change
Time Detected: 2026-03-14 17:40:03 UTC

Previous Records:

Status: 415
Body: ff332b8fd23c

New Records:

Status: 415 → 200
strict-transport-security: None → max-age=31536000; includeSubDomains
x-frame-options: None → DENY
x-content-type-options: None → nosniff
x-xss-protection: None → 1; mode=block
Body hash: ff332b8fd23c → d9d294408508 (size: 587 → 22,234)

‼️🇮🇳 A threat actor is allegedly selling administrator/root database access to an Indian construction company with $1 billion in revenue, containing over 44 GB of data.

A screenshot shows a database data export tool with multiple schemas available for export.

Price: $1,500.

f i deleted the breachforums fbi watchdog update by mistake. anyways 502 502 502 502 502 502 502 502 502

⚠️ FBI Watchdog - IP Change (ips removed) ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: cockbox.org
Record Type: IP Change (ips removed)
Time Detected: 2026-03-14 19:55:31 UTC

Previous Records:

A: 193.239.85.202
AAAA: 2001:ac8:7d:1e::c0cc:2

New Records:

A: 193.239.85.202 → None
Classification: 1 IP(s) removed

⚠️ FBI Watchdog - IP Change (new ips added) ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: cockbox.org
Record Type: IP Change (new ips added)
Time Detected: 2026-03-14 20:20:56 UTC

Previous Records:

A: 
AAAA: 2001:ac8:7d:1e::c0cc:2

New Records:

A: None → 193.239.85.202
Classification: 1 new IP(s) added

I'm aware of a newly registered BF and LeakBase domain. Not confirmed who owns them.