Hacker/Cybercrime Community / Script Kiddies / Skids / Skid Hunters / Hacker Forums / Darknet Marketplaces - Skids and manchildren that hunt them

  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account
A new article about King Bob came out recently
The Mass Shooter Ron Soye

Crime Thread '‘I Was a Weird Kid’: Jailhouse Confessions of a Teen Hacker'


Big GIF illustration (won't attach): https://assets.bwbx.io/images/users/iqjWHBFdfxIU/iwxdI.gneeFA/v0/-999x-999.gif (archive)

Noah Urban’s role in the notorious Scattered Spider gang was talking people into unwittingly giving criminals access to sensitive computer systems.

By Margi Murphy
September 19, 2025

Between the money bag and clown emojis, the lmfaos and the loooools, a pixelated...
Reactions:Informative x 4 Like x 1 Thunk-Provoking x 1
 
WitchfyndeGeneral said:
They are closing down for good, as per the message of ShinyHunters.
Click to expand...
Wonder what was meant by "pompompurin was just a front"?

I recall internationally recognised and amazon #1 book seller (technical) Vinny Troia mentioned this:

April 2022 Update: The Identity of Meunier & Pompompurin​

In response to several media inquiries regarding the true identity of the person using the Pompompurin Twitter account: No, I do not believe Meunier is the user of the Twitter user Pompompurin. I believe the name PomPompurin is a meme designed to shift attention away from the real hackers.

As I have said in the past, both in published reports and my book, Hunting Cyber Criminals, (which was #1 on Amazon’s technical bestseller list): I believe Meunier’s M.O. is to use a patsy to take the credit for his hacks. I believe that he, and possibly one other person, are responsible for the actual hacking, while a less intelligent (and most likely underage) hacker takes all the credit, gains the notoriety, and eventually takes the fall for the crimes.

Click to expand...
 
The group responsible for the incredibly notorious infostealing malware known as Lumma Stealer has been doxed, although keep in mind that the dox have yet to be confirmed. The site that hosts the dox has a very interesting opening text in it :story:
1761128302697.png
(https://archive.is/xopxB)
Lumma - Rats
Stealer Lumma
You're a piece of shit
I have the evidence
Money is more important to you than the safety of your clients
You think your cover will protect you, but you're wrong
I know every one of you
I'm your worst nightmare
I know where you live. Lumme is fucked
You'll rot in prison, you bitch
I'll see you in chains, with a bag over your head, completely hopeless
Everyone knows you attack your own people
Dry your breadcrumbs
Fuck Lumme

SUCK MY DICK!
Click to expand...
Note: The Russian expression "dry your crackers" menas be ready to go to jail
1761132440432.png
Lumma - rats, if you're so afraid of being doxed, I'm on Tox and Telegram. See you later, bitches
Click to expand...
1761132497241.png
Don't even try to fuck me over. I'll fuck you twice as hard
Click to expand...
There's even a timer for when the next dox is gonna drop
1761129062311.png
And this writing continues all the way in the dox pages :story:. Take a look at yourself:
1761129183822.png
(https://archive.is/dRDIv)
1761129228050.png1761129251115.png1761129271909.png
Voronin Maxim Evgenievich
You are fucked
Continuing to engage in parasite and pest prevention. Today, we reveal the identity of Daugn0 – Voronin Maxim Evgenievich. Feed this rat poison for fucking with his own people. Write to him in private messages and tell him everything you think about traitors like him.
Or say hello to the cunt in his Telegram group mv_voronin, because he loves anonymity so much. I hope you enjoy being in prison, where EVERYONE will know who you are and what you did!

Die, rat.

Part 1
1761129565656.png
(https://archive.is/n70yI)
Additional information about Daugn0 – Voronina. Masturbate while you still have time before leaving with your bare ass on the bunk.
Wish the rat to rot in prison by calling 79963950027 or writing to one of the emails he used for his work in Russian.
Pasport – 5025914779
SNILS – 16230995970
freelance.ru/catlense
instagram.com/catlense.ru/
maksvoronin2005@gmail.com
max@voronin.xyz
catlense@voronin.xyz
twitter@voronin.xyz
work@voronin.xyz
1win@voronin.xyz
flood@voronin.xyz
bets@voronin.xyz
maksvoronin2005@mail.ru
milk-2017@bk.ru

Part 2
1761129837750.png
(https://archive.is/KSx39)
1761129940276.png
Daniel Francisco Reynoso Rocha
You are fucked
Today's dump on Rat Roch, or Cryptli online. I'm sure Cryptli will like our docx. This post is for everyone who asks for proof of our information. Cryptli is an important member of the Lumma team.

Born on March 12, 2002.

Passport number that he can no longer use to travel – 2715607044
Social security number that he won't need in prison – 16853993429
The house he won't be returning to at 35 Zvezdnaya Street, Kaliningrad, Kaliningrad Oblast
The number his mother will not be able to call – 79114521192

Cryptli wanted to be a big, scary cryptographer, but he was banned from the expo because he is an evil rat. The kid has achieved success ))) All that's left for Cryptli is to shit himself.

part 1
1761130251437.png
(https://archive.is/8exIi)
1761130041104.png1761130060518.png1761130077862.png
Here's some more information about Cryptli. This idiot thought that coding a cryptor was like playing Minecraft. He should have stuck to playing with redstone, the moron. The last thing you did well was the drawing that won you the competition in the third grade at Lyceum No. 10.

Rosselkhozbank: 40817810355210005915
Tinkoff: 40817810500032778636
40817810100134240831
40817978100001631855
42301810200049105255
Sberbank: 40817810420861610105
40817810820861701805
40817810020860977469
Raiffeisenbank: 40817810301101362418

vk.com/id593847406
ok.ru/profile/589056317496
amaya.steam@mail.ru
smokeafterdeath@bk.ru
1caxapok5795@mail.ru
caxapok5795@mail.ru
caxapok5795111@mail.ru
caxapok57951@mail.ru
caxapok5795rus@mail.ru
21caxapok5795@mail.ru
caxapok57953@mail.ru
caxapok57955@mail.ru
caxapok5795777@mail.ru
2caxapok5795@mail.ru
caxapok5794@mail.ru
caxapok57952014@mail.ru
caxapok5795zxc@mail.ru
3caxapok5795@mail.ru
caxapok579501@mail.ru
caxapok579512@mail.ru
caxapok579523@mail.ru
caxapok5795caxapok5795@mail.ru
caxap0k5795@mail.ru
caxap0k5795@list.ru
caxap0k5795@bk.ru
issei5795@mail.ru
Memento666Mori
Amaya
Пришелец-XB0339
Hjxf5795
Trustl1
Trustl1_support
Cryptl1_new
Cryptl1_worker_purple
Cryptl1_manager
Cryptl1k
Cryptl1s
Cryptl1_support
Cryptli

Want a joke? What do Minecraft and your dad have in common? They both produced a shitty seed))).
1761130660522.png
(https://archive.is/I88vs)
1761130368803.png
Thomas Gintautas Budrys AKA Macarev
You are fucked
A bastard of a village slut and an elderly Chukhonets, that's probably why he doesn't dare to fuck with Russians, hoping to find refuge in gay Europe if something goes wrong. And it will go wrong. Start drying your crackers, you idiot, I know everything about you.

Damaged from birth on June 17, 2002.

Do you like living at 35 Zvezdnaya Street, apartment 25, with your boyfriend? I'll get to him too. By the way, who fucks whom in the ass? You him or he you?

Passport: 2722345031
SNILS: 14279737698
INN: 391102960350

Addresses:
238752, Sovetsk, Zhukovskogo Street 8A, apt. 9
Sovetsk, Pyatnitskogo Street 6, entrance 2, 4th floor, apt. 034

Write if you're stuck in one place, I have a lot more material on you.

Part 1
1761130725750.png
(https://archive.is/ChIiA)
1761130603869.png
Thomas, you fat fuck, is it hard to reach the keyboard to reply, is the fat getting in the way? Then I'll say hi to you here.
If anyone wants to congratulate Thomas on joining the Lumma team, write to him here.

tbudris@bk.ru
tbudris@icloud.com
tomasbudris@mail.ru
tbudris@rambler.ru
samohin1978al@bk.com

Maybe you'll find new friends and your dad will stop regretting not pulling out in time.
Stay in touch!

Part 2
1761130933618.png
(https://archive.is/h8ExX)
1761130831888.png

Didn't like my last post? I tried so hard. Never mind, they'll stretch your ass and teach you manners in prison.

What number are you using now? 790055619954 or 79114794203?

Account: 77101406
Tinkoff
Account: 7728142469
Alfa Capital
Passwords:
Paul0207
cncn954
tomasta4ir228
8j4pt0TI

Part 3
1761131054151.png
(https://archive.is/2Ddbb)
1761131116929.png
Roman Viktorovich Posazhennikov
You are fucked
Place and date of birth: Monchegorsk, Murmansk, February 5, 2004. Birth certificate No. 584444
Maybe you should go to church and pray for forgiveness for your sins? Murmansk Region, Monchegorsk, Leningradskaya Embankment 30, 3, 83? Murmansk District, Monchegorsk, Kirov Avenue 19, 2, 77? Kaliningrad Region, Sovetsk, Zarechnaya Street 20 3a? Kaliningrad Region, Sovetsk, Pervomayskaya Street 5, 8? I know everything about you
Do you have your SNILS on hand? You'll need it. Let me remind you – 15977150915

Who should I fuck up next?

Passport: 2724 081870

idromanmamaev
idstmyxa

Suck my dick
1761131266471.png
(https://archive.is/CwUqK)
1761131419846.png1761131471596.png1761131493140.png1761131528440.png
1761131559276.png1761131580041.png1761131609366.png1761131630579.png
1761131693091.png1761131714019.png
Vladislav Vitalievich Morozov
You are fucked
Should I call you?
What's the right number?

79114569549
79097883830
You're a fucking piece of shit

SNILS 15509167367
INN 391102993404
Passport 2722961222

Place of birth Sovetsk, Kaliningrad Oblast
Birth certificate 1PE528729

Are you still doing this on Gromovogo?

Suck my dick

This is only part 1, you faggot
1761131848101.png
(https://archive.is/mhw7D)
1761131910827.png1761131929822.png1761131944285.png
Only a fucking idiot would use their username as their password. Do you like playing games, kid? You'd be better off continuing to play Minecraft, bitch. I'll fuck you and everyone you know. Does your mom know what kind of rat she raised? If you don't understand, I can contact you personally.

You think that's all I have on you?

vladislav.morozov.2002@mail.ru
shinny333@gmx.net
vanis415@yandex.ru
vladislav.morozov.2002@bk.ru
trollryzij@gmail.com
irishka133757@mail.ru
asdfghi12@alice.it
lalka.pedruchkin@mail.ru

Passwords:
51314124
79527906456
79527906456:
89097875329vlad
89097875329vlad!
89097875329vladqwe
89097875329vladqwerty
89097875329vladwasd
asdfghi123
VAnis415

Part 2
1761132093406.png
(https://archive.is/DgQm5)
1761132188749.png1761132199426.png1761132210972.png1761132252977.png1761132268501.png
You're fucked, I'll fucking crush you like a cockroach.

I've only just begun. They've set the clock for the next rat.

40817810020861098172
Sberbank of Russia, Kaliningrad Branch

40817810820861099672
Sberbank of Russia, Kaliningrad Branch

40817810720861530451
Sberbank of Russia PJSC, Kaliningrad Branch

40817810012386002014
VTB Bank (PJSC), St. Petersburg Branch

40817810700074895694
TBank JSC

Владислав Морозов
POLDEADMOON
Vlad Morozov
Random X
Ri4HerZ
Ri4HerZ
aucediaoff
acediaoff
VAnis415
 

BreachForums Resurrects After Yet Another FBI Shutdown​


We’ve often quoted this phrase: “Fighting cybercrime is like pulling weeds: if you don’t completely eradicate them, they’ll grow back, much more vigorous than before,” and it’s more relevant than ever.

After months of silence and the FBI’s seizure of the breachforums.sh domain, the underground cybercrime community is back in the news: BreachForums is back online.

The announcement was made on October 20, 2025, by user and moderator koko , who in an official post announced the reopening of the platform and the relaunch of its infrastructure, promising a safe and responsible reconstruction of the community.

Disclaimer: This report includes screenshots and/or text from publicly available sources. The information provided is for threat intelligence and cybersecurity risk awareness purposes only. Red Hot Cyber condemns any unauthorized access, improper dissemination, or misuse of this data.
1761524649123.png

In the message, koko states that he was a moderator between 2023 and 2024 and that he and the team decided to bring BreachForums back to life.

The post cites technical updates such as full backup restoration, a complete rebuild of the escrow system (after the previous one was compromised by authorities and infiltrators), and new measures for user security and rank management.

The administrator also recommends not using old usernames , encouraging users to create new identities for opsec (operational security) reasons.

1761524677977.png

Koko’s profile post in the old breachForums instance (kindly provided by Mwansa to RHC) https://archive.is/QcFrk

From the roots of Raid Forums to the return of BreachForums

To understand the significance of BreachForums ‘ comeback, it’s necessary to trace its genealogy.
It all started with Raid Forums , a forum born years ago as a meeting point for hackers and cybercriminals, where they exchanged stolen data, exploits, and sensitive information.

Over the years, Raid Forums became an institution in the underground community, but also a valuable observatory for security researchers and law enforcement.

In 2022 , an international operation led to the closure of Raid Forums and the arrest of its founder. From that diaspora, the first incarnation of BreachForums (MKI) was born, presenting itself as its natural successor.

1761524730052.png

Brian Fitzpatrick aka PomPomPurin
The administrator of that version, Brian Fitzpatrick aka PomPomPurin , was arrested in March 2023. The FBI shut down the forum and seized the servers. However, a few months later, one of the former members—known as Baphomet —claimed to have a backup of the platform and launched BreachForums MKII , promising to rebuild it on a more secure basis.

This second instance remained active until June 2024 , when, following a Europol data leak published by IntelBroker (also a member of the ShinyHunters group), the site was seized again.

1761524763392.png

ShinyHunters Announces Second Instance of BreachForums
The associated Telegram channel, Jacuzzi , was also shut down by the authorities, but soon reappeared under the name Jacuzzi 2 , a symbol of an almost legendary resilience in the world of cybercrime.

ShinyHunters and the long shadow of cybercrime

BreachForums has long had ties to ShinyHunters , one of the most notorious hacking groups in recent years, involved in massive breaches of Microsoft, Banco Santander, Ticketmaster, Tokopedia , and other major global companies.

Formed in 2020, ShinyHunters have earned a reputation for the quantity and scope of stolen data, often sold or distributed on BreachForums itself.

Some members have been arrested – such as Sébastien Raoult , who was extradited from Morocco to the United States – but the group, or what remains of it, continues to operate in more decentralized and difficult-to-trace forms.

The return to the clearnet and the new course announced by koko

The reopening announced by koko marks a return to the clearnet , making access to the forum easier and more immediate, without going through the Tor network. This decision, while facilitating participation, also exposes the site to constant monitoring by the authorities.

In her post, koko emphasizes her commitment to making BreachForums “a safe and responsible place.” This statement is at odds with the platform’s long history as a hub for the exchange of stolen credentials, compromised corporate databases, and the personal information of millions of users.

Despite this, the response from the underground community was immediate: many old users have already flocked to the new instance, while messages of enthusiasm and nostalgia for “the return of the old Breach” are circulating on the forum’s Telegram channels.

A weed that never dies

The return of BreachForums demonstrates once again how cybercrime is an extremely resilient ecosystem. Every time a forum is shut down, another emerges, one that’s harder to target, more decentralized, and more operationally sophisticated.

Law enforcement will continue to pursue new administrators, but history teaches us that where there is demand for stolen data, there will always be someone willing to offer it.

BreachForums ‘ new direction presents itself as a technical and ideological rebirth, but it remains to be seen how long it will last before another seizure spells its end. In a landscape where cybersecurity and cybercrime are constantly evolving, this latest resurgence is yet another reminder: the fight against digital crime is never truly over.

https://www.redhotcyber.com/en/post/breachforums-resurrects-after-yet-another-fbi-shutdown/ https://archive.is/Jy1rn


1761525393826.png1761525402834.png1761525410111.png

Over on darkforums a popular alternative to breached mods discuss the return of the form.

https://darkforums.st/Thread-BreachForums-returned-after-FBI-seizure?pid=286302#pid286302

Something i want to mention all the previous return of the site included all old posts and users so they probably do not have the old breached data base
 

Attachments

  • 1761524614043.png
    1761524614043.png
    657.9 KB · Views: 115

French Stealer Ecosystem: The Resurgence Skid Gangs In Cybercrime Space - 0xSeeker​





Introduction and Project Genesis

The speaker, Alexer from GetWatcher (an NDR security solution focused on threat hunting and analysis), introduces the talk on French stealer groups. The project originated in 2024 amid a wave of undocumented cyber attacks targeting French streamers, media, and major companies. These groups were small, discrete, and lacked documentation, making them hard to track but highly dangerous. The goal was to document them, starting with Nova Stealer (not to be confused with other Nova groups) as a representative example. Thanks are given to former intern Nicholas for the initial idea. The presentation covers the stealer malware, the groups, lack of awareness, and the need for close monitoring.
Nova Stealer Overview and Evolution

Nova Stealer is a Go-based malware (e.g., "GS.pike") that evolved from basic, non-obfuscated versions to more sophisticated, obfuscated ones (though still reversible). Key evolutions include:
  • Panel and Interface: Started simple (left screenshot in presentation) and became more complex with better UI for data storage and features.
  • Targeting Shifts: Early versions targeted broad items like "Pron" (a student-professor communication tool), but later focused on cryptocurrency, bank accounts, and personal data.
  • Rebranding and Iterations: The group (likely the same person or small team) frequently rebranded with minor updates, adding obfuscation or new data handling methods. This evolution mirrors broader cybercrime trends, where small groups mature if given time, moving from unsophisticated to more capable threats.
How the Stealer Works

The malware operates as a builder-as-a-service:
  • Acquisition: Users buy a key/token via a selling website, then configure via Telegram or Discord bots.
  • Building and Delivery: Generates an executable (.exe) file, often disguised as fake video streams, game cheats, or online tools targeting individuals (not corporates directly).
  • Exfiltration: Data is sent to the buyer's Discord initially; later versions added collection websites and third-party services like GoFile. Features a "dual hook" where both the buyer and the group receive stolen data.
  • Customization: Later versions (e.g., Light Nova) allow tailored environments for data use, often with fake or low-value info for demos. Similarities were found with open-source stealers on GitHub, suggesting heavy copy-pasting of code, spreading techniques, and infrastructure (e.g., Discord integration).
Group Structure and Mapping

The ecosystem involves multiple interconnected groups and individuals:
  • Mapping: Blue nodes represent individuals (possibly physical persons), pink for groups. Many actors split time across groups.
  • Hierarchy: Often self-disclosed.
    • Developers/Owners: Handle malware evolution, updates, and advertising.
    • Community Managers: Manage Telegram/Discord communities; recreate servers if shut down.
    • Support: Provides user assistance, mainly on Telegram. Groups are small (15-25 years old, often students/university attendees), with recruitment ads noting exam periods or diplomas. One group freaked out on LinkedIn after a report, denying involvement (proven false). Admins take "vacancies" like holidays, sharing identifiable photos (e.g., airport seats).
OSINT Techniques Breakdown

The speaker details OSINT (Open Source Intelligence) methods used to profile and track these groups, leveraging public/self-shared data. Broken down into key sections:
Self-Doxing and Internal Conflicts

  • Groups/admins often dox each other during disputes (e.g., at 3 AM in Telegram chats).
  • Method: Monitor Telegram messages before deletion; log suppressed content for names, addresses, or meetup spots (e.g., "Go to this address to meet this guy").
  • Insights: Revealed hierarchies, personal details, and connections; one resume was found (not shared due to sensitivity).
Shared Language and Recruitment Analysis

  • Analyzed shared slang, language patterns, and recruitment posts (e.g., Nova's form asking about exam periods/diplomas).
  • Method: Cross-reference across groups via ads linking channels; progress from one group to another by following invitations.
  • Insights: Confirmed age range (15-25, students); some groups require buying the stealer to stay, leading to self-reveals (e.g., "I'm part of these other groups").
Personal Sharing and Visual Analysis

  • Admins share personal photos (e.g., airport seats, plane models) during "vacancies."
  • Method: Geotag/timestamp analysis; cross-reference with flight data (e.g., model, seat, time to infer flight; hypothetically access boarding lists via law enforcement for full ID).
  • Insights: Identified travel details; combined with resumes for full profiles.
Forum and Dark Web Digging

  • Tracked sales on forums like XSS, RaidForums (e.g., stolen data from companies via Epsilon group).
  • Method: Search for identical messages across forums; analyze "proofs" provided (e.g., screenshots with Telegram usernames); dig into usernames for aliases/connections.
  • Insights: Linked to scams (e.g., buying Revolut accounts for potential money laundering); discovered drug sales (cocaine via Telegram bot "Walls," tied to arrests in Gabon per French press).
Code and Infrastructure Analysis

  • Retrieved Nova's source code; compared with other GitHub stealers.
  • Method: Check for common techniques (e.g., Discord hooks, exfiltration paths); map shared infrastructure.
  • Insights: Confirmed copy-paste ecosystem; identified similar malwares.
Community Access and Monitoring

  • Channels are often open/public.
  • Method: Start in one group, follow ads to others; no payment needed initially (though sometimes prompted).
  • Insights: Built the full group map; monitored for passwords (rare; mostly game accounts like Roblox, Battle.net for skins/resales).
Additional Activities and Diversification

Beyond stealers, groups engage in:
  • Illegal Content: Selling leaks, managing revenge porn, sextortion.
  • DDoS Services: C2 networks for zombie attacks, advertised in stealer communities.
  • Data Reselling: Via forums (e.g., Epsilon's company data sales); dual hooks enable group access.
  • Broader Crime: Links to drug networks (e.g., "Walls" Telegram for cocaine); Epsilon case study showed forum overlaps proving connections. This shows young cybercriminals diversifying, using cyber tools for offline crimes.
Importance of Monitoring

Small groups pose big risks:
  • Indirect Corporate Threats: Personal devices may hold work data; kids downloading fakes can expose company info.
  • Vulnerabilities: Password reuse between personal/professional; data enters combo lists for larger attacks.
  • Broader Impact: Users (e.g., €4/week buyers) underestimate consequences; actions enable further crimes without realizing illegality/danger. Monitoring covers overlooked spaces; reports on Nova and others provide deeper insights.
Technical Insights and Case Studies

  • Profiling: Combined OSINT for actor links.
  • Epsilon Case: Linked stealer sales to forum scams/drugs via username cross-referencing. Groups need ongoing monitoring despite seeming "dumb" (e.g., leaving tracks).
Q&A Summary

  • Password Monitoring: Rarely steal passwords; focus on game accounts (Roblox, Ubisoft) for skins/resales, or Discord Nitro.
  • Channel Access: Open via ads; chain from one group to another (no initial payment; sometimes prompted to buy/test).
  • Info Sharing with Law Enforcement: Yes, shared due to value; no point in hoarding. No further questions noted.
 
Ahriman said:
Could the leaker do that? it'd breach their NDA with the client... 👀
Click to expand...
It's possible no NDA existed in the first place. It's a common shakedown tactic for "people" to randomly try find vulns in [whatever], then email and extort a payment. Basically it's the blackhat version of bug bounties.
If it isn't obvious already, it's very INDIAN and it's even more common now because the jeets use AI.
 
The FBI has shut down a ransomware forum called RAMP. (Both the clearnet and darknet domains)
The takedown notice.
IMG_9642.webp
Bleeping Computer article: https://www.bleepingcomputer.com/ne...mp-cybercrime-forum-used-by-ransomware-gangs/
Archive: https://archive.ph/JfbYE
For context, RAMP is a cybercriminal forum dedicated to ransomware that was launched in 2021 after the Russian cybercriminal forums Exploit and XSS banned ransomware advertising and recruiting on their sites after the 2021 Colonial Pipeline attack made ransomware a major topic in the news at the time.
 
Seems like Brian Krebs has revealed the identity of Dort (current owner of the Kimwolf botnet) as Jacob Butler.
https://krebsonsecurity.com/2026/02/who-is-the-kimwolf-botmaster-dort/
Archive: https://archive.ph/G4cww

Dort is known as a lolcow in the MC cheating com, mainly due to his massive spergout when he lost a Clash of Code competition to a paster and attempted to swat him on a Discord call but failed to make a Google account.

He has spent a lot of his funds from selling Kimwolf botnet bandwidth to proxy SDKs on delivery apps LOL.
 
Sean Shemmy said:
Seems like Brian Krebs has revealed the identity of Dort (current owner of the Kimwolf botnet) as Jacob Butler.
https://krebsonsecurity.com/2026/02/who-is-the-kimwolf-botmaster-dort/
Archive: https://archive.ph/G4cww

Dort is known as a lolcow in the MC cheating com, mainly due to his massive spergout when he lost a Clash of Code competition to a paster and attempted to swat him on a Discord call but failed to make a Google account.

He has spent a lot of his funds from selling Kimwolf botnet bandwidth to proxy SDKs on delivery apps LOL.
Click to expand...
2 weeks later after Krebs reveals his identity, he got fedded. GGs skids.
https://www.justice.gov/usao-ak/pr/...s-botnets-responsible-record-breaking-attacks
 
Caller "Tiffany" allegedly raided by the feds following the arrest of associate John Daghita ("Lick"):
1774126567550.png

Videos of some of the scam calls:



 
Last edited:
You must log in or register to reply here.
Back
Top Bottom