Track. Identify. Protect.
Gatekeeper is a real-time threat intelligence platform for Discord communities. It maintains a global blacklist of malicious actors, including known abusers from UTTP (UTubeTrollPolice), DPOS (Degeneracy Police Order State), and other cross-server threat groups. Built by WinterGate Intelligence Collective, Gatekeeper represents a new approach to community defense: transparent, community-driven, and relentlessly updated.
https://wintergate.org/gatekeeper/
Search by Discord ID or username. Instant results. Live threat scores. No login required. No API key needed. Free for everyone.
- Search Users – Enter any Discord ID or username to check their status against the global blacklist
- View Threat Scores – See risk levels from 0 (clean) to 100 (confirmed malicious)
- Check Blacklist Status – Know instantly if a user is globally flagged across all Gatekeeper-protected servers
- Monitor Statistics – Live counts of tracked, authenticated, and blacklisted users
- Verify Authenticated Users – See who has been vetted and trusted by the community
- Track Undetected Users – Identify users who are in the system but not yet authenticated
| Metric | Value |
|---|---|
| TOTAL USERS TRACKED | 7,906 |
| ✓ AUTHENTICATED | 8 |
| ? UNDETECTED | 7,896 |
| ✗ BLACKLISTED | 0 |
| SECURED SERVERS | 2 |
| DTAD MALICIOUS IDS | 1,750+ |
Last updated: May 16, 2026
Gatekeeper actively tracks and maintains intelligence on the following cross-server threat groups:
| Group | Aliases | Status | Primary Activity |
|---|---|---|---|
| UTTP | UTubeTrollPolice, The Troll Police | ✅ TRACKED | Raiding, doxxing, harassment campaigns |
| DPOS | Degeneracy Police Order State, Emperor Tomas | ✅ TRACKED | Targeted harassment of LGBTQ+ and religious minorities |
| Additional cross-server threat actors | Various | ✅ MONITORED | Raiding, spam, CSAM distribution, doxxing |
GateKeeper (Discord Threat Actor Database) is our internal collection of verified malicious Discord IDs. It currently contains 1,750+ entries spanning:
- Known raid leaders and coordinators
- CSAM (Child Sexual Abuse Material) distributors
- Doxxing operators
- Harassment campaign organizers
- Cross-server abuse network members
- Repeat spammers and bot operators
Each entry is manually verified before being added to the blacklist. We do not accept automated or unverified reports.
- Go to https://wintergate.org/gatekeeper/
- Enter a Discord ID (17-19 digits) or username
- View results instantly
What you'll see:
- Whether the user is authenticated, undetected, or blacklisted
- Their current threat score (0-100)
- Their global status across all Gatekeeper servers
What you won't see:
- Private messages or server content
- Personal information beyond Discord usernames and IDs
- Any data not directly related to threat assessment
When a server enables Gatekeeper, the system provides:
- Auto-ban on join – Undetected users are automatically banned based on server configuration
- 24-hour auto-cleaner – Removes stragglers and unverified users
- Quad-Brain Hunter – Resolves placeholder usernames (user_xxxxx) to actual Discord usernames
- Username history tracking – Tracks name changes to prevent evasion
- Alt account detection – 85% similarity threshold catches sock puppets
- Global blacklist sync – Banned in one server = banned everywhere
-
Cloudzy Upstream Filter Vulnerability Disclosure – Our independent security assessment of Cloudzy (RouterHosting LLC), an Iranian front company that hosted 17+ nation-state APT groups, ransomware affiliates, and a US-sanctioned spyware vendor.
-
WinterGate Intelligence Collective – Main portal for threat intelligence, infrastructure disclosure, and community defense resources.
Educational and defensive use only. Not for harassment or malicious targeting.
Gatekeeper is provided as a community defense tool. Abuse of the system (e.g., false reporting, harassment through the platform) will result in permanent ban from Gatekeeper services and public disclosure of abuse.
Gatekeeper was built in the aftermath of the Cloudzy takedown – one of the most sophisticated DDoS campaigns ever recorded, which exposed an Iranian front company operating under US sanctions. The lessons learned from that operation were used to build a better shield.
- DataDome – For documenting the 2.45 billion request, 1.2 million IP, 16,402 ASN attack as "one of the most sophisticated DDoS infrastructures ever observed"
- Halcyon – For exposing Cloudzy as a Command-and-Control Provider (C2P) for 17+ nation-state APTs
- The security community – For using the Cloudzy case study to push forward the conversation on low-and-slow DDoS defense
For questions, reports, or to request Gatekeeper for your server:
- Main Portal: https://wintergate.org
- Gatekeeper Portal: https://wintergate.org/gatekeeper/
- GitHub: https://github.com/WinterGate-IC
The Gatekeeper watches. The data is public. The abusers have nowhere left to hide.
— WinterGate Intelligence Collective (WIC) Threat Intelligence. Infrastructure Defense. Community Empowerment.