Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: 09/30/25

Tuesday, September 30, 2025

Intellexa's Cytrox Predator Commercial Spyware Vendor and the Hacker Scene's Underground Connection

From the "there's a high probability that this might be the case" department.

Sample photos:

hxxp://cytrox.com - 2015 - Rotem Farkash - rotem@farkash.net - 972525256070

Related domain registrations:
hxxp://cyarmor.com
hxxp://cytrox.com
hxxp://farkash.net
hxxp://fsgames.co
hxxp://cydefence.com
hxxp://cycept.com
hxxp://cyshield.com
hxxp://cyshield.net
hxxp://cyshield.org
hxxp://inpedio.com
hxxp://cyshield.info

hxxp://cytrox.com - 2017 - CYSHARK DOO SKOPJE -> shahakshalev@gmail.com -> 36707716154

shahakshalev@gmail.com -> Afik castiel -> 2015 -> hxxp://digitalwhisper.co.il -> hxxp://github.com/Sheksa -> Shahak Shalev

2015 - empty0page@gmail.com

Afik Kastiel - hxxp://trythis0ne.com
Nir Adar - hxxp://underwar.co.il - underwar@hotmail.com

Shahak Shalev is a seasoned technology leader with extensive experience in cybersecurity and digital safety. Currently serving as Senior Director of Technology and Engineering for Consumer Privacy at Malwarebytes since August 2023, Shahak is dedicated to innovating solutions for online privacy and identity protection. As Co-Founder and CTO of Cyrus Security since July 2020, Shahak focuses on personal cybersecurity and identity protection. Prior experience includes a role as VP of Technology at Inpedio from 2017 to 2020, specializing in mobile security solutions, and serving as a Cyber Security Expert in the Israel Defence Forces from August 2012 to February 2017.

Cyrus Security -> Malwarebytes

Inpedio

Related photos:

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Bulgaria's Ransomed VC Ransomware Group's IoCs

From a previous post.

hxxp://ransomedtools.online
hxxp://ransom-market.com
hxxp://ransomed.biz
hxxp://preferredloansla.com
hxxp://rinse-right.com
hxxp://rancorpgroup.com
hxxp://rancorpav.com
hxxp://pennywiseretail.com
hxxp://rancorpbr.com
hxxp://ransomed.vc
hxxp://ransomed.biz
hxxp://breached.wiki - 172.232.4.89
hxxp://breached.fun - 162.255.119.114

Dancho Danchev

Satoshi Nakamoto IoCs

A logical question emerges. Who is Satoshi Nakamoto?

And a logical answer as well. Let's do some OSINT research and find out more.

Sample personally identifiable email address account:

satoshin@gmx.com

Related domain registrations:
hxxp://tradebisonapp.com
hxxp://meinemeilenundmehr.com
hxxp://myhypovereinsbank.com

satoshi@anonymousspeech.com

satoshi@vistomail.com -> wwwmichi@gmx.ch

BitCoin address:
1Jhk2DHosaaZx1E4CbnTGcKM7FC88YHYv9

Second BitCoin address:
1DCbY2GYVaAMCBpuBNN5GVg3a47pNK1wdi

Related domain registrations:
hxxp://mt2014.com
hxxp://websecureemail.com
hxxp://thankyou2010.com
hxxp://swingdf.com
hxxp://btctipping.com
hxxp://goalsetting1.com
hxxp://sexfriendsshare.com
hxxp://mytrashmail.com
hxxp://mt2015.com
hxxp://trash2009.com
hxxp://secureanonymoussurfing.com
hxxp://returnflights.net
hxxp://spamemailblocker.net
hxxp://rewpost.com
hxxp://joesgardeningtools.com
hxxp://vistomail.com
hxxp://naninu.com
hxxp://aidsgame.com
hxxp://everlag.com
hxxp://mt2009.com
hxxp://bankweber.com
hxxp://turutu.com
hxxp://sexfriendshare.com
hxxp://trashymail.com

hxxp://raptoreum.us
hxxp://virtual-hiv-test.com
hxxp://websecureemail.com
hxxp://silver-quote.com
hxxp://bitcoinqt.com
hxxp://bitcoin-qt.com
hxxp://mtgox.us
hxxp://planofattack.us
hxxp://digicash.us

Dancho Danchev