⚠️ FBI Watchdog - IP Change (new ips added) ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: cockbox.org
Record Type: IP Change (new ips added)
Time Detected: 2026-03-16 15:21:27 UTC

Previous Records:

A: 
AAAA: 2001:ac8:7d:1e::c0cc:2

New Records:

A: None → 193.239.85.202
Classification: 1 new IP(s) added

‼️🇷🇺 A threat actor is allegedly selling the "Kordon" (Кордон) database from the Russian Federal Border Service, claiming it was compromised in September 2023 and contains over 1 billion total records covering 79.5 million unique individuals, including foreign nationals.

The data reportedly includes full names, dates of birth, passport and travel document details, citizenship, entry/exit operations, border crossing dates and checkpoints, transport modes, flight numbers or vehicle plates, and departure/arrival cities. Records span from 2014 to 2023.

Price: $20,000.

⚠️ FBI Watchdog - HTTP Fingerprint Change ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: breachforums.as
Record Type: HTTP Fingerprint Change
Time Detected: 2026-03-16 15:43:52 UTC

Previous Records:

Status: 403
Body: 5b13fb5957b8

New Records:

Status: 403 → 200
Redirect: https://breachforums.as/ → https://breachforums.as/info/download.php
x-content-type-options: nosniff → None
x-powered-by: None → PHP/8.2.29
x-xss-protection: 0 → None
x-frame-options: SAMEORIGIN → None
strict-transport-security: max-age=86400; includeSubDomains → None
Body hash: 5b13fb5957b8 → 3a1c652ed67c (size: 199 → 1,808)

FBI Watchdog 3.0.0: A multi-layered domain monitoring tool that detects law enforcement seizures, DNS changes, HTTP fingerprint shifts, WHOIS record mutations, and IP address changes across clearnet domains and Tor onion sites.

https://github.com/DarkWebInformer/FBI_Watchdog

VirusTotal: https://www.virustotal.com/gui/file/8a5d7e25ca26a2cdf51689045c7bd3df0ca9c7ec7f1521b25c7cac5591f99dca?nocache=1

‼️ New Dark Web Informer Blog Post!

Title: FBI Watchdog Feed

Link: https://darkwebinformer.com/fbi-watchdog-feed/

The FBI Watchdog live feed can be access below for all paid subscribers: https://darkwebinformer.com/fbi-watchdog-feed/

It is currently capped to 10,000 events but will be increased later today.

⚠️ FBI Watchdog - HTTP Fingerprint Change ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: breachforums.as
Record Type: HTTP Fingerprint Change
Time Detected: 2026-03-16 16:30:07 UTC

Previous Records:

Status: 200
Body: 3a1c652ed67c

New Records:

Body hash: 3a1c652ed67c → a78bd6d0217a (size: 1,808 → 3,279)

lul

BreachForums is saying goodbye... again.

Spear it's your time to shine

‼️🇬🇧 A threat actor is auctioning credit card data harvested from a UK-based WordPress shop via native forms, totaling 2,193 cards across three months.

The breakdown includes 771 cards from February, 731 from January, and 691 from December.

Starting bid: $1,000 | Step: $250 | Blitz: $4,000.

‼️ New Dark Web Informer Blog Post!

Title: FreeRDP: The Open-Source RDP Implementation That Powers Linux Remote Desktop

Link: https://darkwebinformer.com/freerdp-the-open-source-rdp-implementation-that-powers-linux-remote-desktop/

I moved the cap of the live feed from 10,000 events to 50,000 events.

Also one note, I removed SOA as a DNS check in the python script, because it was too loud. If you need it added just update this line:

DNS_RECORDS = ["A", "AAAA", "CNAME", "MX", "NS", "TXT"]

Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━

Victim: Gemeente Epe
Domain: epe.nl

Country: 🇳🇱 NL
Date: Mar 14th, 2026

Summary:
On March 14, 2026, Gemeente Epe announced a significant data breach involving approximately 800 gigabytes of data. The attack was executed by professionals using ClickFix phishing to access internal work drives containing sensitive citizen information. Officials have secured the systems and are investigating the full scope of the leak while advising residents to remain vigilant against potential misuse.

Source: https://www.epe.nl/update-datalek-gemeente-epe

🇨🇺 Cuba is currently experiencing a total disconnect of electrical power.

https://radar.cloudflare.com/traffic/cu?dateRange=1d

‼️🌍 A threat actor has allegedly leaked a KYC (Know Your Customer) dataset for free, referred to as "DatasetData dalubhave."

The data reportedly includes full names, emails, phone numbers with country codes (Yemen, Palestine, Turkey, Egypt, etc.), dates of birth, national ID card numbers, passport numbers, driving license numbers, residence permit numbers, and cryptocurrency exchange account IDs (Binance/OKEx).

The threat actor frames the leak as activism, criticizing system administrators for privacy negligence.

🚨 FBI Watchdog - SEIZURE ESCALATION ALERT 🚨
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: maxstresser.com
Triggered By: HTTP (Status code changed to 403)
Time Detected: 2026-03-16 20:39:13 UTC

🔍 HTTP Fingerprint Changes:

  Status: 200 → 403
  Body hash: 3ef12cb69b20 → 91c856d6020f (size: 51,258 → 281)

‼️ DOJ Press Release
━━━━━━━━━━━━━━━━━━━━━

Maryland Man Sentenced for Mailing Threatening Communications to Jewish Institutions and Civil Rights Violations

Full Press Release → justice.gov

━━━━━━━━━━━━━━━━━━━━━
🕵️ Dark Web Informer • DOJ Monitor

I will leave it. Feds are known to seize stresser websites and not announce them.

⚠️ FBI Watchdog - HTTP Fingerprint Change ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: maxstresser.com
Record Type: HTTP Fingerprint Change
Time Detected: 2026-03-16 21:00:46 UTC

Previous Records:

Status: 403
Body: 91c856d6020f

New Records:

Status: 403 → 200
Body hash: 91c856d6020f → 3ef12cb69b20 (size: 281 → 51,258)