⚠️ FBI Watchdog - IP Change (hosting migration) ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: handala-hack.tw
Record Type: IP Change (hosting migration)
Time Detected: 2026-03-31 08:30:53 UTC

Previous Records:

A: 185.178.208.137
AAAA: 

New Records:

A: 185.178.208.137 → 144.31.107.15
Classification: Complete IP replacement - likely hosting migration

⚠️ FBI Watchdog - WHOIS Change ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: handala-hack.tw
Record Type: WHOIS Change
Time Detected: 2026-03-31 08:47:32 UTC

Previous Records:

name_servers: ['ns1 ddos-guard net ns2 ddos-guard net']

New Records:

name_servers: ['ns1 ddos-guard net ns2 ddos-guard net'] → ['a dnspod com c dnspod com']

⚠️ FBI Watchdog - IP Change (ips removed) ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: doxbin.net
Record Type: IP Change (ips removed)
Time Detected: 2026-03-31 08:47:35 UTC

Previous Records:

A: 104.20.41.231, 172.66.155.33
AAAA: 2606:4700:10::6814:29e7, 2606:4700:10::ac42:9b21

New Records:

A: 104.20.41.231, 172.66.155.33 → None
Classification: 2 IP(s) removed

⚠️ FBI Watchdog - DNS Change (NS) ⚠️
🔗 DarkWebInformer.com - Cyber Threat Intelligence

Domain: handala-hack.tw
Record Type: DNS Change (NS)
Time Detected: 2026-03-31 08:48:07 UTC

Previous Records:

ns1.ddos-guard.net.
ns2.ddos-guard.net.

New Records:

a.dnspod.com.
b.dnspod.com.
c.dnspod.com.

‼️🇦🇫 A dataset allegedly containing 284,000 unique users from avc-livestock.com, an Afghan livestock supply chain platform, is being sold on a popular cybercrime forum.

▪️ Records: 284,000
▪️ Data Fields: Phone, email, name, province, district, region, Tazkira number (national ID)
▪️ Details: Includes specialized farmers, agribusiness contacts, and personnel in Kabul, Kandahar, Balkh, and Bamyan provinces
▪️ Price: $300

‼️🇳🇬 A massive breach allegedly from Remita, a major Nigerian payment processing platform, has been leaked on a popular cybercrime forum.

▪️ Total Size: ~3TB of S3 storage
▪️ Data Includes: 800GB+ of KYC documents (IDs, passports, photos, bank statements, electricity bills), MySQL/Postgres databases, logs, docker registries, source codes, government HSM keys, GitKraken to S3 backups
▪️ Source codes, 35,000+ password hashes, and three databases

‼️ New Dark Web Informer Blog Post!

Title: Threat Actor Selling Email Credentials for Israeli Government Agencies, Organizations, and International Targets Including Israel Police, Ministry of Justice, and Quebec Education Board

Link: https://darkwebinformer.com/threat-actor-selling-email-credentials-for-israeli-government-agencies-organizations-and-international-targets-including-israel-police-ministry-of-justice-and-quebec-education-board/

‼️ A threat actor is distributing a combolist containing 9 million TikTok credentials.

‼️ New Dark Web Informer Blog Post!

Title: Threat Actor Auctioning WordPress Admin Access to Spanish E-Commerce Site With REDSYS Payment Gateway and ~1,200 Monthly Card Orders

Link: https://darkwebinformer.com/threat-actor-auctioning-wordpress-admin-access-to-spanish-e-commerce-site-with-redsys-payment-gateway-and-1-200-monthly-card-orders/

‼️ New Dark Web Informer Blog Post!

Title: Alleged Dataset Leak of Canva Exposes 900,000 User Records With Bcrypt Passwords, OAuth Providers, and Design Platform Usage Data

Link: https://darkwebinformer.com/alleged-dataset-leak-of-canva-exposes-900-000-user-records-with-bcrypt-passwords-oauth-providers-and-design-platform-usage-data/

MITRE ATT&CK Explorer

https://darkwebinformer.com/mitre-attck-explorer/

‼️🇩🇪 A dataset allegedly containing 10.5 million users from LSGB, a defunct German gaming and leak forum, has been leaked on a popular cybercrime forum.

▪️ Records: 10,500,000 (10M + 500K new)
▪️ Size: 121 MB (compressed)
▪️ Data Fields: User ID, username, email address, password hash (bcrypt), salt, user group, registration date, last visit, registration IP, last IP, post count, reputation, PM count, signature, birthday, location, website

Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━

Victim: Charité
Domain: charite.de

Country: 🇩🇪 DE
Date: Mar 31st, 2026

Summary:
Un dysfonctionnement technique au sein d'un centre de données de la Charité à Berlin a entraîné une panne informatique affectant trois sites hospitaliers, empêchant la Feuerwehr d'accéder aux cliniques Virchow, Mitte et Steglitz. Bien que la fourniture de soins aux patients reste stable, les services d'urgence ont temporairement désactivé les entrées des urgences centrales par mesure de sécurité, tout en excluant toute hypothèse de cyberattaque. La Charité travaille activement à la résolution de ce problème technique, qui survient dans un contexte de vigilance accrue face aux risques de cybersécurité pour les institutions publiques berlinoises.

Source: https://www.tagesspiegel.de/berlin/itausfall-an-der-berliner-charite-feuerwehr-kann-drei-klinikstandorte-nicht-anfahren-15421749.html

Cyberattack News Alert
━━━━━━━━━━━━━━━━━━━━━━━━━

Victim: Häpo-Reifencenter
Domain: haepo.ch

Country: 🇨🇭 CH
Date: Mar 29th, 2026

Summary:
Le dimanche 29 mars 2026, le groupe de pirates informatiques Pay2Key, lié à l'Iran, a chiffré et paralysé le système informatique de l'entreprise Häpo-Reifencenter, située à Winterthour, à l'aide d'un ransomware. Bien que l'entreprise disposât de sauvegardes, celles-ci ont également été détruites, ce qui entraîne un préjudice quotidien de plusieurs dizaines de milliers de francs et une perte des données comptables actuelles. Häpo a informé la police et alerté son assureur, tandis que la direction n'envisage pour l'instant pas de payer la rançon exigée.

Source: https://www.tagesanzeiger.ch/cyberangriff-in-winterthur-hacker-legen-haepo-reifencenter-lahm-229421108182

💥 Early stages of a Cybercrime Website Leaderboard is now available to Elite subscribers.

A separate Threat Actor Leaderboard is being worked on, but nothing to show for it for now.

https://darkwebinformer.com/cybercrime-website-leaderboard4574474574/

These articles should translate to english now.