Skip to content

WinterGate-IC/doxbin-excision

Repository files navigation

Operation: Excision – Exposing the Doxbin Criminal Platform

An open-source intelligence dossier for national security, law enforcement, and public awareness.


📌 Overview

Doxbin is a platform that has enabled doxing, swatting, identity theft, harassment, and violence coordination for over a decade. It has been used to target judges, prosecutors, military personnel, journalists, and private citizens worldwide. Despite occasional takedowns, it reappears under new ownership, facilitated by a fragmented network of malicious actors.

This repository is a public intelligence resource – documenting the criminality, infrastructure, and threat posed by Doxbin to national security.


🧠 Why Doxbin Matters

Threat Impact
Doxing Personal info of judges, military, and civilians exposed
Swatting Life-threatening police responses triggered by false reports
Identity Theft Financial fraud and long-term harm to victims
Extremist Coordination Used by Atomwaffen Division and Insanity Security Team
National Security Exposure of government personnel undermines trust and safety

🏛️ Legal & Ethical Context

  • Doxbin's content violates laws in multiple jurisdictions (GDPR, doxing laws, harassment statutes)
  • Law enforcement has seized the platform before, but it resurfaces
  • This dossier is not an attack; it is a call to action for lawful intervention
  • It aligns with national security directives to disrupt enemy networks

🧾 Doxbin's "Transparency" – A Criminal Cover

Doxbin maintains a facade of legitimacy through a "Transparency Report" and a "Law Enforcement Policy." These are not evidence of good faith – they are a calculated legal shield designed to create plausible deniability while the platform continues to facilitate crime.

The Reality:

  • Doxbin's policies are selectively enforced. Content that aligns with the platform's extremist user base is rarely removed.
  • The "Transparency Report" is a marketing tool, not a genuine accountability mechanism.
  • Doxbin's operators have repeatedly demonstrated that their own policies are disregarded when it serves their interests.
  • The platform is governed by a fragmented underground collective, not a legitimate entity – which explains why ownership shifts so easily.

This is not a platform with flawed policies. This is a criminal enterprise masquerading as a legitimate service.


🔗 Links to Violent Extremism & Criminal Groups

Atomwaffen Division

Doxbin has been directly linked to the Atomwaffen Division, a neo-Nazi terrorist group designated in multiple countries. In July 2020, federal prosecutors confirmed that the group maintains Doxbin to list past and potential swatting targets. John William Kirby Kelley, a 19-year-old who pleaded guilty to conspiracy to make interstate threats, maintained Doxbin as a storehouse of information about government officials, journalists, and others targeted for swatting. Kelley, along with Atomwaffen leader John Cameron Denton, used the site to coordinate swatting attacks against a historically Black church, the home of then-Homeland Security Secretary Kirstjen Nielsen, and ProPublica. Atomwaffen members have also been arrested for plotting terrorist attacks and murder.

Sources:

Insanity Security Team (IST)

The Insanity Security Team version of Doxbin is a dox pasting archive that explicitly states it has a "strict no removing dox policy" without a court order. It admits it is completely legal only if information is not obtained illegally. The site claims immunity under Section 230 of the Communications Decency Act while knowingly hosting illegally obtained and malicious content.

Sources:


🕵️ Observed Criminal Activities

Spain – Doxing of Government and Military Personnel

In March 2026, the personal data of hundreds of Spanish judges and prosecutors – including full names, DNI numbers, personal mobile phone numbers, and professional email addresses – was published on Doxbin. An individual was arrested in May 2026 for leaking sensitive information related to members of critical state institutions, including the State Attorney General's Office, INCIBE, the National Police, the Civil Guard, and the National Security Council. The Spanish National Police stated the case was treated as a national security risk.

Sources:

Previous Law Enforcement Actions

Doxbin was seized in November 2014 as part of Operation Onymous, an international police initiative. The site was restored under different ownership within a week. Operators have since admitted to hosting the site on the clearnet and darknet, keeping links secret to "keep it secure and out of the reach of incompetent people using it for malice things."

Sources:

Cloudflare Abuse Reports

Cloudflare has received abuse reports regarding the DNS hosting for doxbin.com and doxbin.net, but has not acted on them.

Sources:


📂 Repository Contents

  • DOXBIN_INTELLIGENCE.md – Complete technical dossier (origin servers, subdomains, endpoints, vulnerabilities, errors)
  • NATIONAL_SECURITY_ALERT.md – Legal warning and threat assessment
  • reports/ – Archived intelligence reports
  • logs/ – Redacted logs

All data is redacted to protect sensitive information.


🚨 Call to Action

  1. Hosting Providers – Terminate service to AS211273 and its subsidiaries
  2. Cloudflare – Reevaluate allowing Doxbin to use their services
  3. Law Enforcement – Coordinate cross-jurisdictional takedown
  4. Policymakers – Strengthen laws against doxing and cyber-harassment
  5. Citizens & Journalists – Share this dossier and raise awareness

🤝 How You Can Help

  • Star & Fork this repository to increase visibility
  • Contribute evidence, court documents, or additional intelligence
  • Contact your representatives and demand action
  • Report illegal content to appropriate authorities

⚖️ Disclaimer

This repository is intended for educational, research, and awareness purposes only. All information is derived from publicly available sources. The authors do not condone or encourage any illegal activity.


❄️ WHAT A FREEZE

Documentation. Awareness. Accountability.

WinterGate IC Command

Repository: https://github.com/WinterGate-IC/doxbin-excision

About

Operation: Excision – Exposing the Doxbin Criminal Platform. Intelligence dossier on Doxbin's infrastructure, vulnerabilities, links to violent extremism (Atomwaffen Division, Insanity Security Team), and national security threat. Includes origin servers, API endpoints, XSS/SQLi vulnerabilities, and law enforcement resources.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors