The Hidden Costs of Bad OPSEC: A Case Study on ‘Xanthorox’

Executive summary: An OSINT investigation uncovered a criminal AI-tooling campaign run by an actor using the aliases Xanthorox / vengeance141; the report details exposed infrastructure (Open WebUI panel hosted on a residential IP and an exposed TP-Link router), linked Telegram/Discord/YouTube handles, domains and bot identifiers, cryptocurrency addresses and a traceable transaction, prior defacement activity, ties to WormGPT and partner disputes, and publicly available doxxed personal information — illustrating that poor OPSEC and reuse of handles enabled linkage and attribution.