On The Hunt for Cyber Jihadists on the Dark Web - An Analysis

0
May 07, 2025

Dear blog readers,

In this post I'll share a recent research which I did on the topic of finding and locating cyber jihadist infrastructure on the Dark Web with some interesting results and clearnet references to their actual infrastructure with the idea to share some actionable intelligence including some additional technical details behind what they've been and what they're currently up to.

In this post I'll provide practical and relevant technical details behind the infrastructure of the Al-Raud, I'lam and Fahras groups including some of their actual Monero cryptocurrency donation addresses and Dark Web Onion URLs.

I'lam Foundation

hxxp://i3lam.co.za
hxxp://fahras.ru
hxxp://fahras.eth.limo

Sample Dark Web Onions involved in the campaign:
hxxp://ggjvmjhcgtcnel3n3ddjcwhdx5yzbfab24pcjll7ef4gfysdjgjdlnid.onion
hxxp://i3lam7sb2m367t3g7e57l3isedjnmmffy5ousw4peeml7hf2nsytbmad.onion
hxxp://dqhlysycv2uv2h3fay3cpopxuug6fxyp2reykt7lg67hnuonhm4iveqd.onion
hxxp://fahras4fw3s5bi3enjrompr6kxpywkscqmmcvyiyey3xamrv5zjllgad.onion

Cryptocurrency Monero donation address involved in the campaign:
48PDPNy375cYyVZmyJUmhqBt76T8WeW2iMRafR8ifXxASM8kHcFWsJV9XgPJR1aUN66rJq9DWbXGtdkNntktx35S3QoSwHt

Related domains:

hxxp://alfustat.click/
hxxp://fahras.co.za/
hxxp://getsession.org/
hxxp://i3l.in.net/
hxxp://raud.co.rw/
hxxp://saah.link/

Cryptocurrency Monero donation address involved in the campaign:

43ksWU6vH2ZjmgXFEvML9fTqotiiAVyFgGKBdQQPkJfccsjj9gxtZAQFWP4GeU482bAGuMKcxHP5WEgfkaw1NoGB8WL6nJe

Related Dark Web Onion URLs:

hxxp://4iooccjesuvrknrda4je45vc7irtvphytnd6tu6vk2rk7g62yfyk5fqd.onion/
hxxp://77sczzsfci3pib4jnxw2i5p3e4tronkk45m7sorudsb5lhxr6gemr6id.onion/
hxxp://alraudzemjub7whxfmqxbmtt7lhz4qpqjydlrqzasbiymhk5bwkvxdid.onion/
hxxp://inews5p7l77hzkw2nycoqwfsyuer54yrxxvrvw3gi7tz2q54fiygnbad.onion/
hxxp://tmkin4usxzxy7rbgv4jb7wwqrefixef5xa2gpxbi4fteyoy2n3exnfqd.onion/
hxxp://zc5esmqostmk45nly4lmoptuifllbqr7fwfw4vmlywt7uz5pqnvut6yd.onion/

Related domains:

hxxp://saah.link/
hxxp://ssah.in.net 

Cryptocurrency Monero donation address involved in the campaign:

84c8v8Nrf9rikyxTC2iTtM5spQjeYjTQX2uBRxFiXhCe7GWrpC4C91DFqMZMJX8Bq1MwKVZE6KG7BGg1gw1mtZxoCKRpc4M

Related domains:

hxxp://alfustat.click/

Related domains:

hxxp://alfaj.re
hxxp://raud.su

Al-Raud:

hxxp://raud.cl
hxxp://raud.su
hxxp://raud.wf
hxxp://raad.ws
hxxp://al-raud.com
hxxp://raad.fans

I'lam:

hxxp://i3lam.co.za
hxxp://i3l.co.za
hxxp://ilam.wf
hxxp://i3l.me
hxxp://i3lm.com
hxxp://ilnews.online
hxxp://ilnews.co

Fahras:

hxxp://fahras.fans
hxxp://fahras.eth.limo

hxxp://i3lam.co.za
hxxp://gab.com/nasr1
hxxp://banglanashir.pw
hxxp://shineofislam.com

About Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

0 Comments:

Subscribe to: Post Comments (Atom)