This is Dancho and I've decided to share with everyone a currently active list of high-profile cyber jihad domain and campaign registration email addresses which I obtained using a variety of means where the ultimate goal would be to assist U.S Law Enforcement and the U.S Intelligence Community on its way to track down and prosecute the cybercriminals behind these campaigns.
Sample currently active email addresses known to have been involved in cyber jihad domain registrations and current and ongoing cyber jihad campaigns include:
yunding5568@163.com
redaksi_si@yahoo.com
cancnebut@gmail.com
tbg17888@gmail.com
neharikarai@outlook.com
xpj09166@gmail.com
ahmed.alqassam@gmail.com
abumos3b33@hotmail.com
iali3g@gmail.com
tevhididavetcom@gmail.com
zayizef@gmail.com
kinyongof12@gmail.com
jo9277547316@gmail.com
kokludegisimmedya@gmail.com
sitenevic@gmail.com
NAMEMONITORS34@OUTLOOK.COM
ahmed.alqassam@gmail.com
johnlassandro@hotmail.com
kokludegisimmedya@gmail.com
3422926751@qq.com
4dm1nhizb@gmail.com
tkaydesigns@hotmail.co.uk
turkhackteamiletisim@gmail.com
VANILLAHOLDINGS@GMAIL.COM
doenfahri@gmail.com
bestselection@gmail.com
hostdem@gmail.com
kandaharimama@gmail.com
DOENFAHRI@GMAIL.COM
islamdin1@nasimke.ru
salammedia2011@yahoo.com
awad@zadgroup.net
domainmanagers@outlook.com
Sarah@kcicom.com
txgals50@aol.com
cdlr@cdlr.net
aktivera@flighton.se
5292086@qq.com
adilmadani@yahoo.com
kinyongof12@gmail.com
shutdown2022@gmail.com
FURAAT4@HOTMAIL.COM
khelafa2000@yahoo.com
support@ghaaly.com
love@qiaomi.com
yboss455@yahoo.co.jp
akuatekbilisim@gmail.com
samirnet2@gmail.com
keywordacquisitions@gmail.com
alkantar@thisiscyberia.com
forgetmenot1343@yahoo.com
hosting.dedearif@gmail.com
kevin.cyber.base@gmail.com
whoisprotectionservice@gmail.com
koool123@live.co.uk
DAKHEEL123@GMAIL.COM
2085553878@qq.com
ishaq@islamicsupremecouncil.org
VD@NYM.HUSH.COM
jo9277547316@gmail.com
RCASPER76@YAHOO.COM
darultavhid@mail.md
kamkashem@gmail.com
brett.evans@icloud.com
tevhiddergisi@gmail.com
yunding5568@163.com
bluetextmama@gmail.com
alfetn2004@gmail.com
akuedris@gmail.com
money_detailsiai@yahoo.com
yusufestes@msn.com
fkummah@hotmail.co.uk
janeverno@gmail.com
vwinlucky@gmail.com
milen.radumilo@gmail.com
zoooom2025@gmail.com
redaksi_si@yahoo.com
abdullah.fahed@gmail.com
abdvvv@gmail.com
tevhididavetcom@gmail.com
2628342@gmail.com
iraqipanet88@gmail.com
muhammadhurayra@gmail.com
aulia_suwandi@yahoo.com
kilickaya.i@gmail.com
tbg17888@gmail.com
kenta.yano831@gmail.com
abine.mariyah@yahoo.com
mailusamah@gmail.com
fad.lee@hotmail.com
wardak14794@yahoo.com
iali3g@gmail.com
info@cyberkov.com
rk2387927@mail.com
domkeeper777@gmail.com
RUSELBIEV@GMAIL.COM
intercostltd@gmail.com
khamenai@hotmail.com
rk2387927@gmail.com
jim_7788@tom.com
admin@compubyte.vg
net1001.net@gmail.com
PQY@HOTMAIL.COM
homjea@163.com
mohalfares@gmail.com
cyberkov@nym.hush.com
abuabdou.mohammed@gmail.com
sitenevic@gmail.com
info@exposurepdp.com.au
zayizef@gmail.com
elmanara@gmail.com
hydomains@yandex.com
tsuyama@sparkle-ark.co.jp
hizbuttahrirmedia@gmail.com
tevhidigundem01@gmail.com
al_jarba@yahoo.com
tariqghazniwal@yahoo.com
ed@albawaba.com
2028403301@qq.com
neharikarai@outlook.com
bijankani@gmail.com
puissance-group@yandex.ua
milenradumilo@gmail.com
info.bj@gmail.com
ALITEAIB@GMAIL.COM
xpj09166@gmail.com
HTM.ITTECH@GMAIL.COM
mawaqe3@gmail.com
naeemchaudhry@hotmail.com
gt3030@yahoo.com
SAAID@ALODA.ORG
9235365@GMAIL.COM
aa999nn@hotmail.com
alsamedon@yahoo.com
juturna_alaska@hotmail.com
cancnebut@gmail.com
lic210826@gmail.com
crywole1@yahoo.com
dougsanders1070@gmail.com
834174739@qq.com
dvlpmntltd@gmail.com
aalmaree@gmail.com
almubarak@hotmail.co.uk
Faily1929@cheerful.com
info@bengisu.com.tr
SSSAS_66@YAHOO.COM
hataya.hachi@gmail.com
souh@mail.com
289626@hush.sc
hpsoro@yahoo.com
wins_ku@yahoo.com
bf1@sitematrix.com
abdulkerimeski@hotmail.com
charlie_elias@yahoo.com.au
salahuddinvc@hotmail.com
adoaenlg@yahoo.co.jp
jose29@gmail.com
fad.lee@yahoo.com
basomidi@gmail.com
rafatkatta@gsibc.net
albaylsan@gmail.com
eng.rimawi@gmail.com
omori@sakejapan.com
ml-link@ioix.com
abumos3b33@hotmail.com
maherzain.0071@gmail.com
shiaweb2@yahoo.com
gulf1001@yahoo.com
249442918@qq.com
shenxingyu888@outlook.com
wobuyaoqiand@163.com
hizb.russia@gmail.com
Stay tuned!
Continue reading →
I've decided to share a recently obtained using Technical Collection portfolio of email addresses known to have been involved in various cyber jihad campaigns online including to possess a direct involvement with the GIMF (Global Islamic Media Front) including the Ekhlaas Islamic Network including the actual registrations of cyber jihad themed domains for the purpose of assisting U.S Law Enforcement and the U.S Intelligence Community on its way to track down and monitor the cybercriminals behind these campaigns.
Sample portfolio of currently active email addresses known to have been involved in cyber jihad campaigns online:
inscont@yahoo.com
pirezine@yahoo.com
inspire11malahem@gmail.com
inspire2magazine@yahoo.com
inspire22malahem@fastmail.net
inspire1magazine@hotmail.com
inspire11malahem@gmail.com
inspire22malahem@fastmail.net
inspire2magazine@yahoo.com
convoyofmartyrs@gmail.com
convoyofmartyrs@yahoo.com
convoyofmartyrs@hotmail.com
dabiq-is@0x300.com
dabiq-is@india.com
dabiq-is@yandex.com
s.mlahem@gmail.com
sada_malahem@maktoob.com
s.mlahem@gmail.com
almlahem@gmail.com
azan23452@yahoo.com
arsalan8542@gmail.com
azan_2013@mail.ru
azan_98762@yahoo.com
Sample URL known to have been involved in the campaign:
hxxp://gimfmedia.com - 203.211.145.203; 111.90.148.5
Related domains known to have participated in the campaign:
hxxp://dozygroup.com
hxxp://forums.gimfmedia.com
hxxp://gimfmedia.com
hxxp://bravoteknindo.com
hxxp://bestcominfo.com
Related IPs known to have participated in the campaign:
159.100.176.171
203.211.145.203
203.211.145.31
151.80.200.124
Sample Al-Ekhlaas Network ASRAR El Moujahedeen V2.0 Public PGP Keys:
#---Begin Al-Ekhlaas Network ASRAR El Moujahedeen V2.0 Public Key 2048 bit---
pyHAv2KZ9gRLgLtwb4spOh0Xb1cFjsZ3tcbo6CnuUT+wOy74p7
uZnEbshDmLZFXVSe5RntWOI5m86+rdl2HRcC401JZIgxsmMI5I
KaSLmepn6dElNoWTbVAjtsFERXcjtEOYkZvhQN3JCIAlNTs6Xk
I8zxI4U7VU2LoZzJw4QEdRcWutnZ3yCS5VxLnTOUtIawwZKd3C
HFLrkzmhEr5G1Nxe6+OlU6ZI8aomCOfwFkYLao28RLDL8vGag7
JFbxSXy7f6LOBrCCO8Mu4lfUpUGOZCGP4RXJfRLTEEmH9sFf/C
ZEwJEeWm9o2fo2yU/4nXMZIxN441iVzvlGTPbuPxy2f0+p/NMV
X+orew/pvkoofnw0lxFhVxYU99eixHBEgEQCAusw7FVGHbpRJg
gULtulLCd9VLAZRFvhyUk+lHPpsoedrQLvSoHlVC/Ga7ZIMJYX
2PNuYqbafJpUZAqU1Ghq/YKIICeClbLuWSaDErp+K3kMz0m6Ay
qCFcrv6gcxMqzHPIj9VJ3ZS97vMqgux3VeZKRG1TCV+Jm1whg8
/32OnzZILNtYBWLvWavpum
#---End Al-Ekhlaas Network ASRAR El Moujahedeen V2.0 Public Key 2048 bit---
I've decided to continue my "Profiling a Currently Active Portfolio of High-Profile Cybercriminal Jabber and XMPP Accounts Including Email Address Accounts - Part Four" blog post series and I've recently decided to issue yet another update in terms of currently active high-profile XMPP/Jabber including email address accounts used by high-profile cybercriminals which I've managed to obtain using Technical Collection.
Sample currently active high-profile XMPP/Jabber accounts used by cybercriminals include:
I've decided to continue the "Exposing Protonmail and Tutanota's Illicit Abuse by Ransomware Gangs - A Compilation of Currently Active Ransomware-Themed Email Addresses" blog post series and offer an in-depth tactical and actionable threat intelligence on some of the currently active Protonmail and Tutanota email accounts known to have been involved in currently active ransomware campaigns.
A list of currently active Protonmail email address accounts known to have been involved in currently active ransomare campaigns:
saturndayc@protonmail.com
mammon0503@protonmail.com
GoNNaCrypt@protonmail.com
helpteam38@protonmail.com
mstr.hack@protonmail.com
hccapx@protonmail.com
erica2020@protonmail.com
werichbin@protonmail.com
getscoin3@protonmail.com
bugbugo@protonmail.com
newhelper24@protonmail.ch
recoverydata52@protonmail.com
metasload2021@protonmail.com
encryptor2020@protonmail.com
rans0me@protonmail.com
fiasco911@protonmail.com
metron28@protonmail.com
Bit_decrypt@protonmail.com
databack2@protonmail.com
SafeGman@protonmail.com
decrypt25@protonmail.com
n0pr0blems@protonmail.com
decryptfilekhoda@protonmail.com
SmartDen@protonmail.com
getdataback22@protonmail.com
geniusid@protonmail.ch
cryptonationusa@protonmail.com
cynthia-it@protonmail.com
aihlp@protonmail.com
ambrosiaa@protonmail.com
gangflsbang@protonmail.ch
usernamus@protonmail.com
basilisque@protonmail.com
mailnitrom@protonmail.ch
araujosantos@protonmail.com
paymebtc@protonmail.com
logiteam@protonmail.com
recovery_server@protonmail.com
china_jm@protonmail.ch
FushenKingdee@protonmail.com
imperial755@protonmail.com
geneve010@protonmail.com
geneve020@protonmail.com
ngeneve010@protonmail.com
ngeneve020@protonmail.com
grupposupp@protonmail.ch
ripntfs@protonmail.com
unlockmeADMIN@protonmail.com
ArtemisDC@protonmail.ch
leakthemall@protonmail.com
nleakthemall@protonmail.com
middleman2020@protonmail.com
nmiddleman2020@protonmail.com
moloch_helpdesk@protonmail.ch
mr.dec@protonmail.com
ZiCoyote@protonmail.com
recover_24_7@protonmail.com
nrecover_24_7@protonmail.com
ransomD3m@protonmail.com
newhelper@protonmail.ch
zemblax@protonmail.com
2rest0re@protonmail.com
n2rest0re@protonmail.com
Cryptoware12@protonmail.com
RestoreFile@protonmail.com
nRestoreFile@protonmail.com
TimothyCrabtree@protonmail.com
filedownload2020@protonmail.com
helpcov19@protonmail.com
black8201@protonmail.com
kjingx@protonmail.ch
gibberishEdmundBass@protonmail.com
recoverydata54@protonmail.com
mewellwisher@protonmail.ch
CCD-help@protonmail.ch
rdpconnect@protonmail.com
ReftuOne@protonmail.com
hupstore@protonmail.com
bepabepababy1@protonmail.com
myphoto.jpg.bepabepababy1@protonmail.com
BlackMajor@protonmail.com
zetfile@protonmail.ch
admincrypt@protonmail.com
nrecovery_server@protonmail.com
use_harrd@protonmail.com
un42@protonmail.com
Servicedeskpay@protonmail.com
yoursalvations@protonmail.ch
y0000@protonmail.com
supportcrypt2019@protonmail.com
0xc030@protonmail.ch
backuping@protonmail.com
0x1service@protonmail.com
document.txt.bepabepababy1@protonmail.com
Blitzkriegpc@protonmail.com
CyberSCCP@protonmail.com
dogeremembersss@protonmail.ch
mykeyhelp@protonmail.com
Zagrec@protonmail.com
jackgreen13@protonmail.com
jacksparrow@protonmail.com
my-contact-email@protonmail.com
alanson_street8@protonmail.com
lambchristoffer@protonmail.com
moncoin@protonmail.com
Unlckr@protonmail.com
castor-troy-restore@protonmail.com
unlockransomware@protonmail.com
52pojie_mail@protonmail.com
support981723721@protonmail.com
solutionshelp@protonmail.com
gluttonBD@protonmail.com
sigrun_decryptor@protonmail.ch
reservedecryption@protonmail.com
recoverydbservice@protonmail.com
wecanhelp2@protonmail.com
yoursalvationsa@protonmail.ch
dalailama2015@protonmail.ch
decrypthelpfiles@protonmail.com
5btc@protonmail.com
Anony.killers@protonmail.com
provectus@protonmail.com
Look1213@protonmail.com
mrbin775@protonmail.com
AskHelp@protonmail.com
Restore@protonmail.ch
Santa_helper@protonmail.com
Recuperadados@protonmail.com
cryz1@protonmail.com
petersburgrecover@protonmail.com
Recoverhelp@protonmail.ch
painplain98@protonmail.com
hpjar@protonmail.ch
ballxball@protonmail.com
crioso@protonmail.com
angry_war@protonmail.ch
cheet0s_de@protonmail.com
Pringls_us@protonmail.com
backinfo@protonmail.com
agent.dmr@protonmail.com
getscoin2@protonmail.com
hlpp@protonmail.ch
lxhlp@protonmail.com
onepconebtc@protonmail.com
recoverysql@protonmail.com
anna.kurtz@protonmail.com
x_coded@protonmail.com
niggchiphoterl974@protonmail.com
teamvi@protonmail.com
teamvv@protonmail.com
mr.crypteur@protonmail.com
help.me24@protonmail.com
support_blackkingdom2@protonmail.com
backcompanyfiles@protonmail.com
bhatmaker@protonmail.com
polssh1@protonmail.com
polssh@protonmail.com
coincidenceleague@protonmail.com
Prometheus.help@protonmail.ch
nPrometheus.help@protonmail.ch
btpsupport@protonmail.com
GeorjeHalique@protonmail.com
cottleakela@protonmail.com
villiamsscorj_rembly@protonmail.com
flopored@protonmail.com
hjelp.main@protonmail.com
Savemyfiles@protonmail.com
Lucky_top@protonmail.com
rsupport@protonmail.ch
rsupp@protonmail.ch
se_harrd@protonmail.com
crab1917@protonmail.com
6699nm@protonmail.com
decryptxxx@protonmail.com
grafimatriux72224733@protonmail.com
Catsexy@protonmail.com
A list of currently active Tutanota email address accounts known to have been involved in currently active ransomare campaigns:
yasomoto@tutanota.com
seamoon@tutanota.com
xsmaxs@tutanota.com
mammon0503@tutanota.com
samsung00700@tutanota.com
RestorFile@tutanota.com
notgoodnews@tutanota.com
hlper4y@tutanota.com
moloch_helpdesk@tutanota.com
vassago_0203@tutanota.com
pvphlp@tutanota.com
adolfhackler@tutanota.com
decryfiles2021@tutanota.com
axitrun2@tutanota.com
barboza40@tutanota.com
nbarboza40@tutanota.com
mailnitrom@tutanota.com
ha7medtit@tutanota.com
dashagh@tutanota.com
Citrteam@tutanota.com
nCitrteam@tutanota.com
nekross@tutanota.com
nnekross@tutanota.com
Swordf1sh@tutanota.com
recover10@tutanota.com
tcprx@tutanota.com
middleman2020@tutanota.com
nmiddleman2020@tutanota.com
Hiden_pro@tutanota.com
mr.dec@tutanota.com
retrnyoufiles23@tutanota.com
nretrnyoufiles23@tutanota.com
pecunia0318@tutanota.com
clyde.barrow15@tutanota.com
nRestorFile@tutanota.com
HappyNewYear2021@tutanota.com
vassago0225@tutanota.com
iamwellwisher@tutanota.com
yourfiles1@tutanota.de
kamira99@tutanota.com
host2021@tutanota.com
legalrestore@tutanota.com
fishersam1188@tutanota.com
price.decoding@tutanota.com
Blacknord@tutanota.com
krasume@tutanota.com
yuzhou13@tutanota.com
patrik008@tutanota.com
Files2021@tutanota.com
adren.kutospov.97@tutanota.com
donutmmm@tutanota.com
bcpfile17@tutanota.com
bitrequest@tutanota.com
konxnobx@tutanota.com
triplock@tutanota.com
ths1337@tutanota.com
rsa1024@tutanota.com
rememberggg@tutanota.com
skynet45@tutanota.com
Starbax@tutanota.com
Xzet@tutanota.com
mr.hacker@tutanota.com
Patagonia92@tutanota.com
powerbase@tutanota.com
mirey@tutanota.com
sabantui@tutanota.com
qar48@tutanota.com
yyuzhou13@tutanota.com
nmode@tutanota.com
Sacura889@tutanota.com
savemyself1@tutanota.com
yongloun@tutanota.com
dozusopo@tutanota.com
tchukopchu@tutanota.com
dokulus@tutanota.com
pashmak@tutanota.com
blackmax@tutanota.com
lizscudata@tutanota.com
clifieb@tutanota.com
dryidik@tutanota.com
ammon0503@tutanota.com
judgemebackup@tutanota.com
yourfiles1@tutanota.com
ARASUF@tutanota.com
ykup@tutanota.com
bhatmaker@tutanota.com
buratino2@tutanota.com
ticketbit@tutanota.com
Stay tuned!
Continue reading →
Exposing Bulgaria's Largest Data Leak - An OSINT Analysis
Exposing the Black Basta Ransomware Group - Part Three
Exposing the Conti Ransomware Gang - An OSINT Analysis
Azerbaijanian Embassies in Pakistan and Hungary Serving Malware
Joining Team Astalavista.box.sk - Official Project Re-Launch - Join us Today!
Profiling a Currently Active High-Profile Cybercriminals Portfolio of Ransomware-Themed Extortion Email Addresses
New Project - Malware C&C Domains Offensive Network Reconnaissance Monitoring Project
Profiling a Currently Active Portfolio of High-Profile Cybercriminal Jabber and XMPP Accounts
Dissecting 'Operation Ababil' - an OSINT Analysis
RSS Feed