# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt-04, apt-c-24, apt-q-39, rattlesnake, ta399, sloppylemming, babyelephant, hardcore nationalist, nh2, GroupA21

# Reference: https://twitter.com/Sebdraven/status/1052864520522223616
# Reference: https://medium.com/@Sebdraven/apt-sidewinder-changes-theirs-ttps-to-install-their-backdoor-f92604a2739
# Reference: https://www.virustotal.com/#/ip-address/185.106.120.43

heartissuehigh.win
webserv-redir.net

# Reference: https://twitter.com/Sebdraven/status/1140597344720830471
# Reference: https://app.any.run/tasks/d7ce191d-c04f-4eff-a13c-02cbe746c256/
# Reference: https://www.virustotal.com/gui/domain/cdn-dl.cn/relations
# Reference: https://pastebin.com/rccqdjNB

cdn-dl.cn
bd-gov.cdn-dl.cn
bdgov-mopa.cdn-dl.cn
biaa-org-bd.cdn-dl.cn
biaa-org.cdn-dl.cn
gov-cn.cdn-dl.cn
gov-pk.cdn-dl.cn
hostmaster.cdn-dl.cn
info-account.cdn-dl.cn
ministry-gov.cdn-dl.cn
ministry-interior-gov-pk.cdn-dl.cn
mod-gov.cdn-dl.cn
moe-gov.cdn-dl.cn
moi-nadra.cdn-dl.cn
mopa-bd.cdn-dl.cn
mopa-bdgov.cdn-dl.cn
mopa-govbd.cdn-dl.cn
nadra-interior.cdn-dl.cn
nadra-moi.cdn-dl.cn
narda-moi.cdn-dl.cn
neteease.cdn-dl.cn
newmake.pw
serve-dropbx-ap-east1.cdn-dl.cn
suodeshui.cdn-dl.cn
tiexue.cdn-dl.cn

# Reference: https://twitter.com/Timele9527/status/1147750939576586244 

http://167.86.116.39

# Reference: https://twitter.com/Timele9527/status/1147750939576586244

vidyasagaracademybrg.in/scripts/lnk/
vidyasagaracademybrg.in/scripts/am/

# Reference: https://twitter.com/Timele9527/status/1150597482310619136
# Reference: https://app.any.run/tasks/e15e1cd1-0c38-41b9-aa1e-a29562f17b3d/
# Reference: https://www.freebuf.com/articles/network/196788.html (Chinese)

ap12.ms-update-server.net
cdn-do.net
cdn-edge.net
cdn-list.net
fb-dn.net
google.com.d-dns.co
msftupdate.srv-cdn.com
nadra.gov.pk.d-dns.co
pmo.cdn-load.net
s2.cdn-edge.net
s12.cdn-apn.net
trans-pre.net
webserv-redir.net

# Reference: https://twitter.com/blackorbird/status/1160734383864610816

trans-can.net

# Reference: https://mp.weixin.qq.com/s/pJ-rnzB7VMZ0feM2X0ZrHA

cdn-ps.net

# Reference: https://twitter.com/blackorbird/status/1189116884626493440

paknavy.gov.pk.ap1-port.net

# Reference: https://twitter.com/Timele9527/status/1195272502135549953
# Reference: https://www.virustotal.com/gui/domain/reawk.net/details

reawk.net

# Reference: https://twitter.com/ccxsaber/status/1195281985335201794

sd1-bin.net

# Reference: https://twitter.com/0xCARNAGE/status/1203882560176218113
# Reference: https://app.any.run/tasks/3abfc241-3ab0-4016-acbb-040b44199d52/

185.225.17.239:443

# Reference: https://twitter.com/RedDrip7/status/1206898954383740929

ap1-acl.net

# Reference: https://twitter.com/Timele9527/status/1211852764688478216
# Reference: https://app.any.run/tasks/c8469e19-96a0-4f2f-9765-72acf72dee05/

fincruitconsulting.in

# Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/
# Reference: https://otx.alienvault.com/pulse/5e133ac9f5eaf331885e74b4

aws-check.net
deb-cn.net
ms-db.net
ms-ethics.net

# Reference: https://github.com/blackorbird/APT_REPORT/tree/master/sidewinder

gov-pk.org

# Reference: https://mp.weixin.qq.com/s/L3dVwbkfTABtE4ZYtv5r4w
# Reference: https://otx.alienvault.com/pulse/5e206d8b77de0b2690b9946c

110.10.176.193:4443

# Reference: https://twitter.com/Timele9527/status/1247325070520750080
# Reference: https://twitter.com/Timele9527/status/1247327952238284800
# Reference: https://twitter.com/Timele9527/status/1247376905956765697

ap-ms.net
d01fa.net
fdn-en.net
nrots.net

# Reference: https://twitter.com/ShadowChasing1/status/1252547080070914048

link-cdnl.net

# Reference: https://twitter.com/ccxsaber/status/1260775018306236416

au-edu.km01s.net

# Reference: https://twitter.com/Arkbird_SOLG/status/1260727623539404800

kat0x.net

# Reference: https://twitter.com/ShadowChasing1/status/1268214042637684738
# Reference: https://www.virustotal.com/gui/domain/chrom3.net/relations

chrom3.net
r0dps.net

# Reference: https://twitter.com/ccxsaber/status/1281413683013287936

gov-mil.cn

# Reference: https://twitter.com/ShadowChasing1/status/1284319235481538565

cdn-m1l.net
tar-gz.net

# Reference: https://twitter.com/cyber__sloth/status/1293183011916193793
# Reference: https://twitter.com/cyber__sloth/status/1293187616897028098
# Reference: https://twitter.com/Arkbird_SOLG/status/1293221669134372865
# Reference: https://app.any.run/tasks/e3501b33-28a2-4b7c-bc79-d20891c4832e/

http://111.229.73.84
202.58.104.100:81

# Reference: https://twitter.com/ShadowChasing1/status/1296710024643796992
# Reference: https://www.virustotal.com/gui/file/a89189f1c7c101c8d9c2637e571c4f8546df3ea557a576090cde7b75009981a9/detection

fqn-cloud.net

# Reference: https://twitter.com/ShadowChasing1/status/1297902086747598852

asw-edu.net
filesrvr.net

# Reference: https://twitter.com/cyber__sloth/status/1298187291295461376
# Reference: https://www.virustotal.com/gui/ip-address/185.141.25.136/relations

mil-pk.net

# Reference: https://twitter.com/ShadowChasing1/status/1308620752703299585

aws-pk.net
cdn-aws-s2.net

# Reference: https://twitter.com/ShadowChasing1/status/1316680709478604800
# Reference: https://twitter.com/mg2_tracy1/status/1316688407280586752
# Reference: https://www.virustotal.com/gui/file/280fb291d49f277067667838cdf30a940eaed9ed7712448158ea29e1ce6af86f/detection

cdn-sop.net

# Reference: https://twitter.com/ShadowChasing1/status/1324349418162720769
# Reference: https://twitter.com/ShadowChasing1/status/1324349684664528897
# Reference: https://www.virustotal.com/gui/domain/gov-pok.net/detection

gov-pok.net

# Reference: https://twitter.com/RedDrip7/status/1328639418110865409
# Reference: https://www.virustotal.com/gui/file/1cbec920afe2f978b8f84e0a4e6b757d400aeb96e8c0a221130060b196ece010/detection

cdn-edu.net
brep.cdn-edu.net

# Reference: https://twitter.com/mg2_tracy1/status/1331153718931177473
# Reference: https://www.virustotal.com/gui/file/7238f4e5edbe0e5a2242d8780fb58c47e7d32bf2c4f860c88c511c30675d0857/detection

ms-trace.net

# Reference: https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html
# Reference: https://www.virustotal.com/gui/ip-address/185.225.19.46/relations
# Reference: https://otx.alienvault.com/pulse/5fd10760f9afb730d37c4742

185.225.19.46:4589
185.225.19.46:4875
gov-af.org
gov-np.org
aop.gov-af.org
arg.gov-af.org
imail.aop.gov-af.org
mail-apfgavnp.hopto.org
mail-apfgovnp.ddns.net
mail-kmgcom.ddns.net
mail-mfagovcn.hopto.org
mail-mofagovnp.hopto.org
mail-mofagovnp.zapto.org
mail-mofgovnp.hopto.org
mail-ncporgnp.hopto.org
mail-nepalarmymilnp.duckdns.org
mail-nepalgovnp.duckdns.org
mail-nepalgovnp.zapto.org
mail-nepalpolicegov.hopto.org
mail-nepalpolicegovnp.duckdns.org
mail-nrborg.hopto.org
mail-nscaf.myftp.org
mail-nscgovaf.hopto.org
mail-ntcnetnp.serveftp.com
mail.arg.gov-af.org
techfriend.hopto.org

# Reference: https://www.virustotal.com/gui/ip-address/83.171.236.49/relations

mail-mofa.myftp.org
mail-mohs.myftp.org
microsoftfp.hopto.org
nitcgov-np.hopto.org

# Reference: https://twitter.com/BaoshengbinCumt/status/1342297125141454848
# Reference: https://www.virustotal.com/gui/file/c59c6c18f529c88cf352883b23af36f829b8ae1d17daa0762f028184cba7199b/detection

cdn-re.net

# Reference: https://twitter.com/ShadowChasing1/status/1345559958796914694

gov-mail.net

# Reference: https://twitter.com/cyber__sloth/status/1346100925199478784

gov-af.net
gov-crt.net
gov-nadra.net
gov-pbs.net
gov-pmo.net

# Reference: https://www.virustotal.com/gui/domain/gov-cn.net/relations

gov-cn.net

# Reference: https://www.virustotal.com/gui/domain/gov-cnn.net/relations

gov-cnn.net

# Reference: https://www.virustotal.com/gui/domain/paknavy-gov.net/detection

paknavy-gov.net

# Reference: https://www.virustotal.com/gui/file/4b5e0ad20a8d143567cc424edf2010146e24a0b729de7ca0f66292141d363e57/detection

cdn-aws.net
cdn-src.net

# Reference: https://twitter.com/BaoshengbinCumt/status/1354270351702691843

del-ivery.net
trans-aws.net

# Reference: https://twitter.com/jfslowik/status/1362782587345727492

cdn-secure.net

# Reference: https://twitter.com/h2jazi/status/1363683531067715584
# Reference: http://hackdig.com/02/hack-280699.htm
# Reference: https://app.any.run/tasks/b88e935c-b17a-4429-acdc-65156804ad1c/
# Reference: https://otx.alienvault.com/pulse/6033e84e6fb8fc369323e8e3/

151.236.11.147:57670
alsalaf.info
gov-pk.info
govt-pk.org
gov-pak.org
pk-gov.org
attachments.gov-pk.info
nhsrcgovpk.servehttp.com
contact.gov-pak.org
onedrives.pk-gov.org
support.govt-pk.org
support.gov-pak.org
support-gov.myftp.org

# Reference: https://twitter.com/DeadlyLynn/status/1367746507974270981
# Reference: https://www.virustotal.com/gui/file/bb58796f79a913a985eb41f0d12446e7ae8fe99fd3f0d432d77d8d82f202bf5f/detection

cdn-pak.net
fqn-mil.net
mailmofagovpk.cdn-pak.net

# Reference: https://twitter.com/BaoshengbinCumt/status/1369916500014821377

afd-bdmil.cdn-pak.net
fmprc.cdn-pak.net
ibn.cdn-pak.net
mofa.cdn-pak.net
oimc.cdn-pak.net
pakbj.cdn-pak.net
poly.cdn-pak.net
trgdte.cdn-pak.net

# Reference: https://www.virustotal.com/gui/domain/www-cdn.net/relations

www-cdn.net

# Reference: https://twitter.com/ShadowChasing1/status/1384743822953877505

afohs.mod-pak.co
fbr.mod-pak.co
shaheenfoundation.mod-pak.co
mod-pak.co

# Reference: https://twitter.com/BaoshengbinCumt/status/1384792855692988416
# Reference: https://www.virustotal.com/gui/ip-address/185.163.45.56/relations
# Reference: https://www.virustotal.com/gui/file/37a3855e05c63fdab773fdd39da021f2daf1961cc8137385db079960bdfa18c7/detection

edu-mil.cn
iugur.live
bmac.iugur.live
mofa.iugur.live

# Reference: https://twitter.com/BaoshengbinCumt/status/1387233200871673856
# Reference: https://mp.weixin.qq.com/s/GWVz02_jGaUt_n9JxB1OwQ

autodiscover.mofagov-pk.online
cpanel.mofagov-pk.online
cpcalendars.mofagov-pk.online
cpcontacts.mofagov-pk.online
dgmi-share-folder-nepalarmy-mil-np-coas-sambodhan-pdf.netlify.app
email-nepalarmy-mil-np-owa.netlify.app
imail.aop.gov.af.egateway.nsc-gov.com
mail-nepalarmy-mil-np-fsdafjsd.herokuapp.com
mail-nepalarmy-mil-np-login-download.netlify.app
mail-nepalarmy-mil-np-view.netlify.app
mail-nepalpolice-gov-np-loginn.herokuapp.com
mail-nscaf.hopto.org
mail-ntmail-ntcnetnp.serveftp.comcnetnp.serveftp.com
mail.mofagov-pk.online
medeclinic.ae
mil-pk.net
mod-cn.trans-del.net
mofagov-pk.naatlibrary.com
mofagov-pk.online
naatlibrary.com
nepalarmy.trans-del.net
nsc-gov.com
nsc-gov.net
polyinc-global.trans-del.net
trans-del.net
webdisk.mofagov-pk.online
webmail.mofagov-pk.online
www-punjabpolice-gov-pk-sopforsecurityofforeignersandchinese.trans-aws.net

# Reference: https://twitter.com/ShadowChasing1/status/1391976060472860675

paf-gov.com
img-google.paf-gov.com

# Reference: https://twitter.com/ShadowChasing1/status/1396809305194590211
# Reference: https://www.virustotal.com/gui/file/caaf44f16dcbee93071887ab6844ed79975ccd20f9008deb93c13bfdb436e0b0/detection

bahariafoundation.org
pmaesa.bahariafoundation.org

# Reference: https://twitter.com/ShadowChasing1/status/1397135889327804417

comsates.org
crisismanagementunit.comsates.org
mofa-gov-pk-wireless.comsates.org

# Reference: https://twitter.com/ShadowChasing1/status/1398171992554053632
# Reference: https://www.virustotal.com/gui/file/ff54e9228b7160f9272d67ad1423600d2cb7aa4d335412a28b11f63a517270fe/detection

cdn-gov.net

# Reference: https://twitter.com/Des00464472/status/1399969790471507968

paknavy-gov-cvic.fbise.org

# Reference: https://twitter.com/BaoshengbinCumt/status/1403292104671916032

cdn-in.net
punjabpolice.gov.pk.standingoperatingprocedureforemergencythreat.cdn-in.net

# Reference: https://twitter.com/ShadowChasing1/status/1412695070659153925
# Reference: https://twitter.com/0xrb/status/1412727167151005703

pakmarines.com
as.pakmarines.com
dsadsa.pakmarines.com
gov.pakmarines.com
jmicc-gov-pk.pakmarines.com
pmaesa.pakmarines.com
pnwc-gov-pk.pakmarines.com
pqa.gov.pakmarines.com

# Reference: https://twitter.com/ShadowChasing1/status/1420762840479109122
# Reference: https://twitter.com/ShadowChasing1/status/1420762846980308999
# Reference: https://www.virustotal.com/gui/file/468351924d611359fb181855331da98359bb1b926b5ce3ee8cd3330986d6e12c/detection
# Reference: https://www.virustotal.com/gui/file/84d5a31227eaa3be1134bb6f5a2f92c2621e738ee0c0c4f84758ae8d79d09526/detection

pak-web.com
fbr.pak-web.com

# Reference: https://twitter.com/malwrhunterteam/status/1109085127290900480

nitb.pk-gov.org

# Reference: https://mp.weixin.qq.com/s/dMFyLxsErYUZX7BQyBL9YQ (Chinese)
# Note: APT-C-48

http://213.227.154.175
http://78.142.29.118
141.136.0.91:443
213.227.154.175:443
91.193.18.248:443
cert.pk-gov.org
dns1.pk-gov.org
nccs.pk-gov.org
ntc-pk.sytes.net
quwa-paf.servehttp.com
/F453457Pl_TMP347923592380/
/pl200_TMP2831474WDF.php

# Reference: https://twitter.com/ShadowChasing1/status/1466001768765018116
# Reference: https://www.virustotal.com/gui/file/38853bf262979313483310502d14a78db147586880d34571edf4d90e4bf05eb1

mofa.live
aitkenspencelogistics.mofa.live
careitservices.mofa.live
dsfvgbh.mofa.live
paknavy.mofa.live

# Reference: https://twitter.com/ShadowChasing1/status/1466686780531363840
# Reference: https://www.virustotal.com/gui/file/92dbd7f4399bce8b75e2c248af855df498bbed7e342c2d98ff6fcf15b611c50e

webarchive-datacenter.herokuapp.com

# Reference: https://blog.malwarebytes.com/threat-intelligence/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure/

afghannewsnetwork.com
afrepublic.xyz
amsss.in
appsstore.in
eurekawatersolution.com
maajankidevisevasansthan.org
newsroom247.xyz
republicofaf.xyz
scouttable.xyz
securecheker.in
securedesk.one
scout.fontsplugins.com

# Reference: https://twitter.com/souiten/status/1467674804211777536
# Reference: https://twitter.com/souiten/status/1467689489145339915
# Reference: https://twitter.com/souiten/status/1467693133001486337
# Reference: https://www.virustotal.com/gui/file/04206a2217be8d09e6dc6989d2a2b9aae8623f8fac962e5e07d9fa1a1577998b/detection

173.212.242.43:57149
paryavaranindia.com/css/files/docs/Updated-Leave-Rules-Fourth-Edition/css
paryavaranindia.com/css/files/hulfz/

# Reference: https://twitter.com/h2jazi/status/1469399194435735553
# Reference: https://twitter.com/h2jazi/status/1469399196369313792
# Reference: https://www.virustotal.com/gui/file/2cf842ec2bac099d200c079375a4be7a4d0b3b5869dd739582b7df168e6c4fb6
# Reference: https://www.virustotal.com/gui/file/a7b52acc18ce7fd14b4a410019a1f0042a6743dcbe887e82d498130848ce195c/detection
# Reference: https://www.virustotal.com/gui/file/c02108f0b413ecdcb8fe48ff445cb75d45324bfd06734011409de57c7cfdeb73/detection
# Reference: https://www.virustotal.com/gui/file/4219de40e65c89ecba9bd392f744fa26b867cad82d1b994e1e9266482089d8f9/detection
# Reference: https://www.virustotal.com/gui/file/16467586cb1a11ce2e1ca81ae6fb490fbc8f5602245f883c14e940189dfd2b79/detection

http://62.171.172.199
62.171.172.199:443
62.171.172.199:81

# Reference: https://twitter.com/GGGGh0st/status/1471323446713864193
# Reference: https://www.virustotal.com/gui/file/1bf584616477e16b54d6be7ce4d69f7ea26ee7841ec9a17ed162f4d560ab125a/detection

62.171.187.53:43
62.171.187.53:44
62.171.187.53:45

# Reference: https://twitter.com/ShadowChasing1/status/1474901903418949636
# Reference: https://twitter.com/ShadowChasing1/status/1474901905474129922
# Reference: https://www.virustotal.com/gui/file/d3a0b7c5a1eafbf7d381b6ee064083496476163da5dfed53096fac36c2b30738/detection

bahariafoundation.live
compress.bahariafoundation.live
invitation.bahariafoundation.live
mohgovsg.bahariafoundation.live
pnwc.bahariafoundation.live

# Reference: https://twitter.com/ShadowChasing1/status/1435546349856907268
# Reference: https://www.virustotal.com/gui/file/da08044373bc9bd54fd2ead9705446917e8f6e53d32f0885854e720e601cdbef/detection

asw-sns.link
edu-cx.org
afd.edu-cx.org
f.edu-cx.org
fsfdsf.edu-cx.org
go.edu-cx.org
mofagovpk.edu-cx.org
paknavy.edu-cx.org
rkvisa200de.edu-cx.org
rrkvisa200de.edu-cx.org
yahoo.edu-cx.org

# Reference: https://twitter.com/ShadowChasing1/status/1433038639961804800
# Reference: https://www.virustotal.com/gui/file/8a1c9a28ba0c74bafd71705aa12128831d66bbae06536a81d680cd207e740a65/detection

ppra.live
nima.ppra.live

# Reference: https://twitter.com/ShadowChasing1/status/1427258373532119044
# Reference: https://www.virustotal.com/gui/file/66ddbdfe9328d6a3f49abbb814252617fce0e05934ceeef9813e8bd30385fe50/detection

ppinewsagency.live
behr.ppinewsagency.live

# Reference: https://twitter.com/h2jazi/status/1478496217789341698
# Reference: https://www.virustotal.com/gui/file/df0b09c9f359f2e086e5e6b78f6fc6f63c9be1c6023cc6ee1e698d6e0daba31b/detection

teckblog.live
ms.teckblog.live

# Reference: https://twitter.com/s1ckb017/status/1478750005594927109
# Reference: https://twitter.com/s1ckb017/status/1478750907827429380
# Reference: https://twitter.com/500mk500/status/1478758092611407876
# Reference: https://www.virustotal.com/gui/ip-address/164.68.108.153/relations
# Reference: https://www.virustotal.com/gui/file/88a174855020c69d7719779a09c9b1058ec6732aa0fb04343c1d82fe13ca2e6e/detection
# Reference: https://www.virustotal.com/gui/file/f4777f8751ed6818a693817513a5685f13a249803658d1f12190d7b1aa26079e/detection
# Reference: https://www.virustotal.com/gui/file/9abd42a9f2cc147db47d4bb9598870eab96a2094964e97a6cb231f58d4d4ada2/detection
# Reference: https://www.virustotal.com/gui/file/c401fc82d3ffdf118aac1bc247838fcd554b7faa3fd10aaa00ed83d80d00b87b/detection

164.68.108.153:4142
164.68.108.153:5000
164.68.108.153:8062
digitalworldonline.net

# Reference: https://twitter.com/uslss_etr/status/1478784684452720646
# Reference: https://www.virustotal.com/gui/domain/paknvay-pk.net/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.158.245.67/relations
# Reference: https://www.virustotal.com/gui/file/146e2c51cd7c904e0eeb641daa6ee956e80b48b198b9d2a9fd9b92b68399f9d1/detection
# Reference: https://www.virustotal.com/gui/file/e74be8bbad2fa8577b7383e6ad4dffd5d0cd44e75c0a7148a971c417d38d8ee7/detection

paknvay-pk.net
careitservices.paknvay-pk.net
dgpr.paknvay-pk.net
mofa.paknvay-pk.net

# Reference: https://www.virustotal.com/gui/domain/cdn-noc.net/relations

cdn-noc.net

# Reference: https://twitter.com/souiten/status/1474200802344386560
# Reference: https://www.virustotal.com/gui/file/ed4912f09e212479a319de1e95dd3e7d0e3574658be60782369c0e7a19ae0173/detection

62.171.172.199:88

# Reference: https://twitter.com/h2jazi/status/1479502335328112645
# Reference: https://www.virustotal.com/gui/ip-address/144.126.141.41/relations
# Reference: https://www.virustotal.com/gui/file/d15f76acb846b237956a6373bd6646ef804419dd9a9fd3c9501acc241fcddff9/detection
# Reference: https://www.virustotal.com/gui/file/947b81c1ecdb34533f7bc9c41d6678fa525c17eae5b8f383e89c6c66db0743c1/detection

afcat.xyz

# Reference: https://twitter.com/alex_lanstein/status/1479569375971713029
# Reference: https://pastebin.com/9HwieuS2

moma-pk.org
dfgrthy.moma-pk.org
mofa.moma-pk.org
sppc.moma-pk.org

# Reference: https://www.virustotal.com/gui/domain/cvix.live/relations

cvix.live
cn.cvix.live
cosmic.cvix.live
defencelk.cvix.live
mailaplf.cvix.live
mailmfagovnp.cvix.live
mailmofagoug.cvix.live
mailmofagovpk.cvix.live
mailoutlookcom.cvix.live
mailyahoocom.cvix.live

# Reference: https://twitter.com/ShadowChasing1/status/1481583143735808001
# Reference: https://www.virustotal.com/gui/file/cb933361cd6c26ca61c441a40da394a505086f572fd7e9bd425bf086adf50edc/detection

ministry-pk.net
cabinet-gov-pk.ministry-pk.net

# Reference: https://twitter.com/cyber__sloth/status/1485361081329631236

email-gov-in.digital
mailnic.info
indianarmy.mailnic.info
kavach.mailnic.info
mod.mailnic.info
passapp.mailnic.info

# Reference: https://twitter.com/uslss_etr/status/1489274205917044736
# Reference: https://www.virustotal.com/gui/file/85ab1c3ee01c5456eb45bf13c69dda88fa014a1dc5e832bdaa3e801a29d84ccd/detection

aeltron.xyz
incometaxreturn.aeltron.xyz
instructions.aeltron.xyz
rgdtyt.aeltron.xyz

# Reference: https://twitter.com/ShadowChasing1/status/1490984172797984770
# Reference: https://www.virustotal.com/gui/file/eeeb99f94029fd366dcde7da2a75a849833c5f5932d8f1412a89ca15b9e9ebb7/detection

mod-pk.com
dgmp-paknavy.mod-pk.com

# Reference: http://blog.talosintelligence.com/2022/02/whats-with-shared-vba-code.html
# Reference: https://www.virustotal.com/gui/ip-address/45.153.240.66/relations

changeworld.hopto.org
mail-argaf.myftp.org
mail-meagovmv.hopto.org
mail-modaf.hopto.org
mail-modgav.hopto.org
mail-mofa.hopto.org
mail-mofagovpk.myftp.org
mail-mopitgovnp.hopto.org
mail-nepalpolgavnp.hopto.org
mail-nepalpolice.hopto.org
mail-opmcmgavnp.hopto.org
microsoft-winupdate.servehttp.com
teamchat.hopto.org
webmail-accbt.hopto.org
webmail-morrgovaf.hopto.org

# Reference: https://twitter.com/souiten/status/1491681294391992325
# Reference: https://www.virustotal.com/gui/file/44c720bc1adde78e11c202615260fb9e2e4301cf06edfefe06cde09a373a6c0e/detection

asianetnews.xyz
awww.asianetnews.xyz
mofa-gov-pk.asianetnews.xyz
ofa-gov-pk.asianetnews.xyz

# Reference: https://assets.sentinelone.com/sentinellabs-apt/modified-elephant-apt

bbcworld-news.net
newsinbbc.com

# Reference: https://twitter.com/uslss_etr/status/1496118824944697345
# Reference: https://www.virustotal.com/gui/file/94214e83441e3a6a5cde971f6abe0d4bf226fd0750a0ad26d2241c085de9b604/detection

crclab-bahria.org
dbms.crclab-bahria.org

# Reference: https://twitter.com/__0XYC__/status/1502593457201811459

nationalhelpdesk.pk
pkgov.org
sngpl.org.pk
bok.pkgov.org
bop.pkgov.org
csd.pkgov.org
cybernet.pkgov.org
dawn.pkgov.org
energy.pkgov.org
fauji.pkgov.org
mail.pkgov.org
mofa.pkgov.org
myth.pkgov.org
nespak.pkgov.org
nitb.pkgov.org
nlc.pkgov.org
np.pkgov.org
nrlpak.pkgov.org
ns1.pkgov.org
ns2.pkgov.org
ntc.pkgov.org
ntdc.pkgov.org
ogdcl.pkgov.org
pakoil.pkgov.org
parco.pkgov.org
pmo.nationalhelpdesk.pk
pmsa.pkgov.org
ptcl.pkgov.org
ptv.pkgov.org
radio.pkgov.org
sco.pkgov.org
ssgc.pkgov.org
sui.nationalhelpdesk.pk
wapda.pkgov.org
web.sngpl.org.pk
whale.pkgov.org
email.nespak.pkgov.org
email.nitb.pkgov.org
email.nlc.pkgov.org
lotussrv01.fauji.pkgov.org
mail-corp.cybernet.pkgov.org
mail.bok.pkgov.org
mail.bop.pkgov.org
mail.csd.pkgov.org
mail.dawn.pkgov.org
mail.mofa.pkgov.org
mail.nrlpak.pkgov.org
mail.ntc.pkgov.org
mail.ntdc.pkgov.org
mail.ogdcl.pkgov.org
mail.pakoil.pkgov.org
mail.pkgov.org
mail.pmsa.pkgov.org
mail.ptv.pkgov.org
mail.radio.pkgov.org
mail.sco.pkgov.org
parchqwebmail.parco.pkgov.org
webmail.cybernet.pkgov.org
webmail.ssgc.pkgov.org
webmail.wapda.pkgov.org
zmail.ptcl.pkgov.org

# Reference: https://twitter.com/ShadowChasing1/status/1504347312838959106
# Reference: https://research.checkpoint.com/2022/state-sponsored-attack-groups-capitalise-on-russia-ukraine-war-for-cyber-espionage/
# Reference: https://www.virustotal.com/gui/domain/kpt-pk.net/relations
# Reference: https://otx.alienvault.com/pulse/624c29baad734a210134b02c
# Reference: https://www.virustotal.com/gui/file/f765b0b6e4a34eb95c6f0ddf058bc88d5ef9ec2b11a5f3504d1673f4f69aceca/detection

kpt-pk.net
awww.kpt-pk.net
job.kpt-pk.net
maritimepakistan.kpt-pk.net

# Reference: https://twitter.com/ShadowChasing1/status/1512011407838961664
# Reference: https://www.virustotal.com/gui/file/37baf7415c755688e1e89679130b5cfd713d662330734eb310089d1f2afd82b8/detection

ksew.org
srilankanavy.ksew.org

# Reference: https://twitter.com/ShadowChasing1/status/1518594904393355264
# Reference: https://www.virustotal.com/gui/file/5dfe303f04e3432101b676fa0f230667eb6c9bc1715d5b4042f99d9522aa00fe/detection

ksewpk.com
defrgthyj.ksewpk.com
mofabn.ksewpk.com

# Reference: https://twitter.com/botlabsDev/status/1522500574956109825
# Reference: https://www.virustotal.com/gui/file/b3caa7ce9a8de209d5a63ab95485c1181f7fca03346330fe92ff3c0a0a9c1040/detection

paknavy.live
awww.paknavy.live
dxfgbdfh.paknavy.live
pmsa.paknavy.live
yfghvjb.paknavy.live

# Reference: https://twitter.com/blackorbird/status/1526840629010894848
# Reference: https://mp.weixin.qq.com/s/qsGxZIiTsuI7o-_XmiHLHg
# Reference: https://otx.alienvault.com/pulse/6285048d921d21c8d9beaf1f
# Reference: https://www.virustotal.com/gui/domain/cssc.info/relations

cssc.info
job.cssc.info
mailcantonfair.cssc.info
mailcitifs.cssc.info
mailgu.cssc.info
mailmofa.cssc.info
mailturkmenembassy.cssc.info
mofa.cssc.info
rancher.cssc.info
sdgsfg.cssc.info

# Reference: https://twitter.com/__0XYC__/status/1528616671103131649
# Reference: https://www.virustotal.com/gui/ip-address/92.118.190.165/relations
# Reference: https://www.virustotal.com/gui/file/fedc3b7cdb07f7b6f5a6bc85720528057297282bfae7960b3d33001ab34a51d6/detection

govpk-mail.net
csd.govpk-mail.net
finance.govpk-mail.net

# Reference: https://twitter.com/__0XYC__/status/1529707301979947009
# Reference: https://twitter.com/0xrb/status/1529709439808602113
# Reference: https://www.virustotal.com/gui/domain/interior-pk.org/relations
# Reference: https://www.virustotal.com/gui/file/6f4e89fce6a490d619cad9078079c6f6694b2798fc875288faa92b721f25d3cb/detection

comsats.xyz
interior-pk.org
awww.interior-pk.org
mofa-gov.interior-pk.org
punjab.interior-pk.org
paknavy.comsats.xyz

# Reference: https://twitter.com/virqdroid/status/1532094635170238464
# Reference: https://twitter.com/ReBensk/status/1532245757322924032
# Reference: https://www.virustotal.com/gui/ip-address/2.56.245.21/relations

pakgov.net
covid.pakgov.net
csd.pakgov.net
dvdbhjk.pakgov.net
finance.pakgov.net
financial.pakgov.net
flix.pakgov.net
hajj.pakgov.net
ji.pakgov.net
nadra.pakgov.net
ncoc.pakgov.net
nhsrc.pakgov.net
pt.pakgov.net
vpn.pakgov.net
wsde.pakgov.net
ww2.pakgov.net

# Reference: https://blog.group-ib.com/sidewinder-antibot
# Reference: https://otx.alienvault.com/pulse/62987c8eafd38f2088986035

bahariafoundation.org
bbcnew.cn
bitlyy.me
cdn-pak.net
cloud-apt.net
cr20g.org
csd-pk.co
cvix.live
dawnpk.org
docuserve.ltd
edu-cx.org
fdn-trace.net
fileserve.work
gov-mail.net
gov.pakmarines
govpk-mail.net
iugur.live
kdf-mail.com
kpt-pk.net
krlwin.org
ksew.org
mod-pk.com
mohp-gov.org
moma-pk.org
paf-gov.net
pafwa.info
pak-gov.com
pak-web.com
pakgov.net
pakgov.org
pakmarines.com
paknvay-pk.net
pkrepublic.org
ppinewsagency.live
tin-url.com
vpn-secure.co
api.vpn-secure.co
as.pakmarines.com
askari.bitlyy.me
askaribank.bitlyy.me
bangladeshmarineacademylibrary.ppinewsagency.live
bb.kdf-mail.com
china.bbcnew.cn
covid.bbcnew.cn
covid.pakgov.net
covid.pkrepublic.org
covid19.mohp-gov.org
csd.bitlyy.me
csd.pakgov.net
dasds.pak-gov.com
dasdsadsa.pak-gov.com
dawn.pakgov.org
defencelk.cvix.live
dgmp-paknavy.mod-pk.com
dgpr.paknvay-pk.net
dha.pakgov.org
dsadsa.pakmarines.com
dsasa.cr20g.org
faujifoundation.bitlyy.me
fbr.pak-web.com
fdscv.tin-url.com
finance.govpk-mail.net
finance.pakgov.net
financial.pakgov.net
flix.pakgov.net
hajj.pakgov.net
hajjplanner.bitlyy.me
hajjplanner.tin-url.com
hbl.pakgov.org
hpupdate.csd-pk.co
ibn.cdn-pak.net
independenceday.pafwa.info
islamabadclub.docuserve.ltd
islamicfinder.bitlyy.me
ji.pakgov.net
jp.pkrepublic.org
karachishipyard.krlwin.org
ltd.cdn-pak.net
luckydraw.csd-pk.co
mail.paf-gov.net
mail.pak-gov.com
mailmofagovpk.cdn-pak.net
mailoutlookcom.cvix.live
maritimepakistan.kpt-pk.net
meet.kdf-mail.com
min.tin-url.com
ministryofinterior.fileserve.work
mofa-gov-pk.fdn-trace.net
mofa.iugur.live
mofa.paknvay-pk.net
nadra.pakgov.net
ncoc.pakgov.net
news.bitlyy.me
news.dawnpk.org
news.kdf-mail.com
news.pakgov.org
news.pkrepublic.org
nhsrc.pakgov.net
niims.pakgov.org
paf.gov-mail.net
pafroa.pak-gov.com
paknavy.edu-cx.org
pk.kdf-mail.com
pkflix.bitlyy.me
pkflix.tin-url.com
pmaesa.bahariafoundation.org
pqa.gov.pakmarines.com
pt.pakgov.net
sbp.pakgov.org
sec-vpn.bitlyy.me
secp.pakgov.org
secure.tin-url.com
shoprex.bitlyy.me
smstest.kdf-mail.com
sppc.moma-pk.org
srilankanavy.ksew.org
t.bitlyy.me
telemart.bitlyy.me
ubl.pakgov.org
vim.kdf-mail.com
vpn.pakgov.net
vpn.tin-url.com
wsde.pakgov.net
wsed.pkrepublic.org
ww2.pakgov.net
xyz.kdf-mail.com

# Reference: https://twitter.com/GroupIB_GIB/status/1532651046111023104
# Reference: https://www.virustotal.com/gui/file/e089dc65af44ff334304e52c29755c96460691d93cfd4e4ab75f75bc6078993e/detection
# Reference: https://www.virustotal.com/gui/file/42b828e187e4b7f1ca5d774553c8b85c1fed204a2a5a8c50fd4c7e9a491fb118/detection

almighty-allah.com
supremeallah.world
api.almighty-allah.com
api.supremeallah.world

# Reference: https://twitter.com/GroupIB_GIB/status/1532651049776865280
# Reference: https://www.virustotal.com/gui/domain/srvapp.co/relations
# Reference: https://www.virustotal.com/gui/ip-address/185.225.19.142/relations
# Reference: https://www.virustotal.com/gui/file/c17cbe229e743df8993b96f2887393b2565ae355f3ba61d09c901e552e7ee4d1/detection

srvapp.co
awww.srvapp.co
discount.srvapp.co
localhost.srvapp.co
register.srvapp.co

# Reference: https://twitter.com/blackorbird/status/1534373342446202881
# Reference: https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg (Chinese)
# Reference: https://www.virustotal.com/gui/file/d74900bf7418f3ad39a5ab27326ad6591f792d1dfdfe44deb89f1b319b7d83b4/detection

afg-refugee.net
brwse.co
civix.live
crclab-bahria.org
cssc.info
cvix.live
dawnpk.org
docusserve.cc
docusserve.ltd
doken.xyz
fdn-mac.net
filedownload.work
gov-pk.net
kpt-pk.net
ministry-pk.net
mod-pk.com
mofa-pk.co
nationpk.org
norter.xyz
paf-gov.net
paf-mail.com
pak-gov.net
pakgov.net
pakgov.org
paknavy.live
pkrepublic.org
slap-games.club
trik.live
watch-earn.live
api.watch-earn.live

# Reference: https://twitter.com/h2jazi/status/1536330475656171520
# Reference: https://www.virustotal.com/gui/file/cf79ecafd3e1ae354fcf9cf33acdb06b6b64dc9a8128656a9d27ff94e154f9c4/detection

bahriafoundation.live
pnwc.bahriafoundation.live

# Reference: https://otx.alienvault.com/pulse/62a864daa688835ed774c449

srvapp.co
register.srvapp.co

# Reference: https://twitter.com/h2jazi/status/1536707820799807489
# Reference: https://www.virustotal.com/gui/ip-address/5.230.71.95/relations
# Reference: https://www.virustotal.com/gui/file/4bad3e34a192a8f305e188538b4370ea835446cc6ba32fe046d9a5f2bc3df172/detection

jmicc.xyz
navy.jmicc.xyz
navy-mil-bd.jmicc.xyz

# Reference: https://twitter.com/malwareforme/status/1540037682314629120
# Reference: https://www.virustotal.com/gui/ip-address/5.230.69.153/relations
# Reference: https://www.virustotal.com/gui/file/ee77e136f7df758c2ab9092529dc5c6b64b35bc9f4d2c16c65bcd05965ccd92a/detection

alit.live
bdmil.alit.live
mailmofa.alit.live
mailh.alit.live

# Reference: https://twitter.com/BaoshengbinCumt/status/1545247231938244610

mail-mofa-gov-pk-satellite-proposal-for-pakistan-files-ops.netlify.app

# Reference: https://twitter.com/Malwar3Ninja/status/1545376308196147200

mofa-pk.org
br.mofa-pk.org
mofa.g0v.cq.cn

# Reference: https://blog.checkpoint.com/2022/07/13/a-hit-is-made-suspected-india-based-sidewinder-apt-successfully-cyber-attacks-pakistan-military-focused-targets/
# Reference: https://otx.alienvault.com/pulse/62cffda72568807d4e9a9f2e
# Reference: https://www.virustotal.com/gui/ip-address/5.230.67.73/relations
# Reference: https://www.virustotal.com/gui/file/898513123f0f0342b1c47a4a65c88a60f895f90a9d0fa5fc5928c26dfab622b0/detection

bgevin.live
eterplicity.live
polvcrit.info
cdn.bgevin.live
cdn.polvcrit.info
/W6taHcwqKwhgzWGWr7ElpRAfWA7JcsXC0A2a4eFv/

# Reference: https://twitter.com/h2jazi/status/1549762807624880128
# Reference: https://www.virustotal.com/gui/file/cd1a9ae4a3968643a6fb41b36b67838d952dac83ad63c63ce4ad3c672fac31b8/detection

kpt-gov.org
discount.kpt-gov.org
ksew.kpt-gov.org

# Reference: https://twitter.com/h2jazi/status/1550524741202726919
# Reference: https://www.virustotal.com/gui/file/a28a5417d707ecae61313bd5b7c53736d40afba2280cd7ae673963075ae37072/detection

paf-gov.org
awww.paf-gov.org
summer.paf-gov.org
finance.paf-gov.org

# Reference: https://twitter.com/Des00464472/status/1550064523964338176
# Reference: https://www.virustotal.com/gui/ip-address/5.230.72.15/relations

ghaflah.top
cdn.ghaflah.top

# Reference: https://twitter.com/Des00464472/status/1548924681008590853

mawazna.info

# Reference: https://twitter.com/Des00464472/status/1531519247293513728

bluket.live

# Reference: https://twitter.com/Des00464472/status/1528935733888970753
# Reference: https://www.virustotal.com/gui/ip-address/185.234.72.188/relations
# Reference: https://www.virustotal.com/gui/ip-address/45.138.172.23/relations

balcon.live
greploc.live
cdn.greploc.live
tray.balcon.live
treaty.balcon.live

# Reference: https://twitter.com/Des00464472/status/1555024895020769280

paf-media.com

# Reference: https://twitter.com/Des00464472/status/1553931751852244992
# Reference: https://www.virustotal.com/gui/ip-address/192.71.166.139/relations

ubrig.live
cdn.ubrig.live

# Reference: https://twitter.com/Des00464472/status/1559010528013729792

fritor.xyz
cdn.fritor.xyz

# Reference: https://twitter.com/Des00464472/status/1559395659559899136
# Reference: https://www.virustotal.com/gui/ip-address/151.236.21.26/relations

nelpec.top
cdn.nelpec.top

# Reference: https://twitter.com/uslss_etr/status/1562641328055336960
# Reference: https://www.virustotal.com/gui/ip-address/103.149.46.237/relations
# Reference: https://www.virustotal.com/gui/file/efac11fcecbceb4e6273852207a3875ac1edd69158415c3a0bba704e58adeb2c/detection

office-drive.live
dsfbgnh.office-drive.live
sl-navy.office-drive.live

# Reference: https://twitter.com/Des00464472/status/1567657961887252480
# Reference: https://www.virustotal.com/gui/ip-address/5.255.104.124/relations

cssc.live
mailarmy.cssc.live
mailoutlook.cssc.live

# Reference: https://twitter.com/Des00464472/status/1569818563657224193

gov-pknet.org

# Reference: https://twitter.com/malwrhunterteam/status/1570061932706635781
# Reference: https://twitter.com/h2jazi/status/1570070185620512768
# Reference: https://www.virustotal.com/gui/file/719cbc3e08d90d557d464f1a27498626c1b76d6e8db302cb53cb3013a1c35dee/detection

d2klia4zfdp2mg.cloudfront.net

# Reference: https://twitter.com/uslss_etr/status/1570487402694590464
# Reference: https://www.virustotal.com/gui/file/53cc8f46f10e4b3958834d75b15db3aa0d8c86a63b8bd3e6ac180c05ce27d748/detection

ptcl-gov.com
mofadividion.ptcl-gov.com

# Reference: https://twitter.com/Des00464472/status/1571639928483885056

hare-ap.live

# Reference: https://twitter.com/RedDrip7/status/1575745702021705728
# Reference: https://www.virustotal.com/gui/file/e6a6066594160a053fe7d68d688b95920936d5880a37a2c91872fb2fc128adf6/detection
# Reference: https://www.virustotal.com/gui/file/5eec9df0c62b8a0d8c922d366e38ac91907d2a7f5cd13a717d7714015ae362c1/detection
# Reference: https://www.virustotal.com/gui/file/37eca58386fbf9c1e381f88776435565623e3d2d1e2b01218f7717b963449735/detection

comsats-net.com
lforvk.com
moma.comsats-net.com
promotionlist.comsats-net.com
srilanka-navy.lforvk.com

# Reference: https://twitter.com/__0XYC__/status/1580083623717658624
# Reference: https://twitter.com/__0XYC__/status/1580796395052670976
# Reference: https://www.virustotal.com/gui/file/cd592c969a3a940e43888a1902ec9e4605ed28676d3945ab84d72175fbc87253/detection
# Reference: https://www.virustotal.com/gui/file/bbcca0dc10b700c01e557612f009c050ca618f227e0b8be3d4f471dd9d887a18/detection

comsats-mail.pk
ntc-gov.com
paf-pk-gov.org
finance.gov.pk.ntc-gov.com

# Reference: https://twitter.com/Des00464472/status/1582922779707703297

bentec.tech
front.bentec.tech

# Reference: https://twitter.com/t3ft3lb/status/1582838910857932802
# Reference: https://www.virustotal.com/gui/file/808058f4e1c47b91cacfc032f348a617961a463d19ee5389f472d29c65197438/detection

tsinghua.institute
awww.tsinghua.institute
fdgnyt.tsinghua.institute
mail.tsinghua.institute

# Reference: https://twitter.com/ShadowChasing1/status/1583063616667799552
# Reference: https://www.virustotal.com/gui/file/b27968c0d0f55a06cbf424cacf62d0b22e64f021c72d51d4adb0c1771709fe70/detection

gov-net.co
finance.gov-net.co

# Reference: https://www.zscaler.com/blogs/security-research/warhawk-new-backdoor-arsenal-sidewinder-apt-group-0 (# WarHawk)
# Reference: https://www.virustotal.com/gui/ip-address/3.239.29.103/relations
# Reference: https://www.virustotal.com/gui/file/58b3686e4255d32dbcf7dee9dac1d5be6d4692d086cde167da1e1a5e0e1b315a/detection
# Reference: https://www.virustotal.com/gui/file/624c6b56ee3865f4a5792ad1946a8e86b876440a5af3bac22ac1dee92f1b7372/detection
# Reference: https://www.virustotal.com/gui/file/7d3574c62df44b74337fc74ec7877792b4ffa1486a49bb19668433c3ca8836b5/detection
# Reference: https://www.virustotal.com/gui/file/f97d5d3e1c2ceb3e9d23ae5b5d4e7c9857155df5acf7f67fee995cb041c797dc/detection

http://146.190.235.137
74.125.196.113:53
customs-lk.org
fia-gov.org
nadra-pk.org
1c1157fa.caa.update.customs-lk.org
1d06bfb2.check.update.fia-gov.org
1d06bfb2.local.update.fia-gov.org
1d06bfb2.scan.update.fia-gov.org
64115cb6.check.update.fia-gov.org
753fa5b2.check.update.fia-gov.org
a.bc.1d06bfb2.check.update.fia-gov.org
a.bc.1d06bfb2.local.update.fia-gov.org
a.bc.1d06bfb2.scan.update.fia-gov.org
a.bc.64115cb6.check.update.fia-gov.org
bc.1d06bfb2.local.update.fia-gov.org
bc.1d06bfb2.scan.update.fia-gov.org
bc.753fa5b2.check.update.fia-gov.org
caa.update.customs-lk.org
check.update.fia-gov.org
generic.update.fia-gov.org
lms.update.fia-gov.org
local.update.fia-gov.org
microsoft.update.fia-gov.org
nadra.update.customs-lk.org
scan.update.fia-gov.org
update.customs-lk.org
update.fia-gov.org
nepra.org.pk/css/32-Advisory-No-32.iso
/wh/glass.php

# Reference: https://twitter.com/Des00464472/status/1585171289261891585

plokin.top
count.plokin.top

# Reference: https://twitter.com/Timele9527/status/1585824832842653696
# Reference: https://twitter.com/Timele9527/status/1585824983598538752

alit.info
civix.site
direct88.org
fenctor.top
file-server.co
gov-netpk.net
hblbank.co
marksafe.org
net-pk.org
outlookk.co
paf-govt.com
paf-govt.org
pak-navy.co
paknavy.net
paknavygov.org
playstore.cloud
reas.tech
supportgovpk.co
tinlly.co
tinly.org
vopler.tech

# Reference: https://twitter.com/Des00464472/status/1586959212596563968

tonse.info
rock.tonse.info

# Reference: https://twitter.com/jaydinbas/status/1591096310870179840
# Reference: https://www.virustotal.com/gui/ip-address/5.230.74.58/relations
# Reference: https://www.virustotal.com/gui/file/ee2018f7b42ed56fb8b272c9662bf9ddd01f6058abd756019a857a33e54d8faf/detection

mofagov.com
mailnepalarmy.mofagov.com

# Reference: https://twitter.com/Des00464472/status/1592039315823276032

play-store.co
google.play-store.co
hostmaster.play-store.co

# Reference: https://twitter.com/Des00464472/status/1592393354138259457
# Reference: https://www.virustotal.com/gui/ip-address/192.36.41.43/relations

fbr.net-pk.org

# Reference: https://twitter.com/Des00464472/status/1597099850075901957
# Reference: https://www.virustotal.com/gui/ip-address/158.255.211.188/relations
# Reference: https://www.virustotal.com/gui/file/023a9b64f4a97bebca72cbfa58553cf7ab3f6b80beba908447a441ef4870f284/detection

mofs-gov.org
mailpakbj.mofs-gov.org
mailv.mofs-gov.org

# Reference: https://twitter.com/Des00464472/status/1597474158367379456

graty.tech
guide.graty.tech

# Reference: https://twitter.com/RedDrip7/status/1598252489866121216
# Reference: https://www.virustotal.com/gui/ip-address/5.230.73.106/relations
# Reference: https://www.virustotal.com/gui/file/cd09bf437f46210521ad5c21891414f236e29aa6869906820c7c9dc2b565d8be/detection

bol-north.com
abc.bol-north.com
cdsve.bol-north.com
dgdfvdf.bol-north.com
dger.bol-north.com
dvdf.bol-north.com
fyujv.bol-north.com
pnwc.bol-north.com
pnwc.bol-north.com

# Reference: https://twitter.com/Des00464472/status/1599652629403299840

appsrv.live

# Reference: https://twitter.com/malwareforme/status/1600150609616949248
# Reference: https://www.virustotal.com/gui/file/bc9d4eb09711f92e4e260efcf7e48906dca6bf239841e976972fd74dac412e2f/detection

downld.net
paknavy-gov-pk.downld.net

# Reference: https://twitter.com/t3ft3lb/status/1605501885531553797
# Reference: https://www.virustotal.com/gui/file/46cc2e14b7daeadc9f7e5be5cb2004f1370620c93ac97a31cd9a7d329211fd9e/detection

paf-govt.net
csd.paf-govt.net

# Reference: https://twitter.com/fr0s7_/status/1605917826711048193
# Reference: https://www.virustotal.com/gui/file/a2faee1e5fe8717d6360458f1fd6d83902a2c9c6bb2e84f9ea5e4b67ffafbebd/detection

foodies.alit.info
mail.alit.info
maildefence.alit.info
mailmofa.alit.info

# Reference: https://twitter.com/Des00464472/status/1621434286816759808
# Reference: https://www.virustotal.com/gui/ip-address/5.255.105.243/relations

pmdu-gov.org
dsfgb.pmdu-gov.org
elchxdnj.pmdu-gov.org
ghj.pmdu-gov.org
qhacgeao.pmdu-gov.org

# Reference: https://twitter.com/GroupIB_TI/status/1625762101758140416

http://160.20.147.84
http://185.163.47.226
http://185.243.112.186
http://185.248.101.231
http://185.248.102.15
http://194.32.76.244
http://45.153.240.66
http://45.92.156.114
http://46.30.188.222
http://5.2.79.135
http://83.171.236.49
akamai.servehttp.com
bankofceylon.sytes.net
expolanka.serveftp.com
gavaf.org
gavnp.org
lankabelltd.myftp.org
mail-mohs.ddns.net
mail.gavaf.org
mail.nepal.gavnp.org
nepal.gavnp.org
nic-share.myftp.org
nucleusvision.co
outlook.gavaf.org
sltelecom.servehttp.com
sltmobitel.hopto.org
srilankanairlines.redirectme.net
webmail.gavaf.org
windowupdate.myftp.org
/@/@/h31l0

# Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1626044765874814977
# Reference: https://www.virustotal.com/gui/ip-address/62.113.255.80/relations
# Reference: https://www.virustotal.com/gui/file/0ad752520774efca09add91df67ec72d2b1a8b503975569b077e43f40fc7a599/detection

mod-gov.org
gysdj.mod-gov.org
iididbiy.mod-gov.org
service.mod-gov.org
slpa.mod-gov.org

# Reference: https://twitter.com/ThreatBookLabs/status/1628764544331059201

sinacn.co

# Reference: https://twitter.com/jaydinbas/status/1629149185806069761
# Reference: https://www.virustotal.com/gui/file/f81d1c47a666d4ec32e69b3e1312dda62c932298e32cc42d5c0c6543589d96be/detection
# Reference: https://www.virustotal.com/gui/file/3ed1dc92e8399f062e5e62e5483a87736e51ad4ce651f0628abf98d5e10aee27/detection

kcps.edu.in/css/fonts/files/jquery/
kcps.edu.in/css/fonts/files/ntsfonts/
kcps.edu.in/css/fonts/files/docs/graentsodocumentso/ganeshostwoso/
/graentsodocumentso/ganeshostwoso/
/graentsodocumentso/
/ganeshostwoso/

# Reference: https://twitter.com/StopMalvertisin/status/1630934296113577984
# Reference: https://www.virustotal.com/gui/file/cdcc1e6e62df117cc40103c3b2821c10fd5f0372cf06e238663e634a05741764/detection

hpuniversity.in

# Reference: https://twitter.com/suyog41/status/1633822870601363457
# Reference: https://twitter.com/bofheaded/status/1634309581705715712
# Reference: https://twitter.com/fmc_nan/status/1634096201577660416
# Reference: https://www.virustotal.com/gui/file/9aed0c5a047959ef38ec0555ccb647688c67557a6f8f60f691ab0ec096833cce/detection

144.91.72.17:8080
cornerstonebeverly.org/js/files/DRDO-K4-Missile-Clean-room
cornerstonebeverly.org/js/files/docufentososo/doecumentosoneso/pantomime.hta
cornerstonebeverly.org/js/files/ntfonts/
cornerstonebeverly.org/js/files/ntfonts/avena

# Reference: https://twitter.com/StopMalvertisin/status/1634084568608264192
# Reference: https://www.virustotal.com/gui/ip-address/79.141.174.208/relations
# Reference: https://www.virustotal.com/gui/file/a45258389a3c0d4615f3414472c390a0aabe77315663398ebdea270b59b82a5c/detection

bol-south.org
mtss.bol-south.org

# Reference: https://twitter.com/StopMalvertisin/status/1634084573620604934
# Reference: https://www.virustotal.com/gui/ip-address/5.255.106.249/relations
# Reference: https://www.virustotal.com/gui/file/8af93bed967925b3e5a70d0ad90eae1f13bc6e362ae3dac705e984f8697aaaad/detection

dowmload.net
cstc-spares-vip-163.dowmload.net

# Reference: https://twitter.com/bofheaded/status/1634290081627271168

connectiiest.com
goinfinity.tech

# Reference: https://twitter.com/StopMalvertisin/status/1638194026162827265
# Reference: https://www.virustotal.com/gui/file/7dcf935a24039dff2d084f41ab8ca318b28c53c01f9de069f087b3be15457ba9/detection

defpak.org
paknavy.defpak.org

# Reference: https://twitter.com/ThreatBookLabs/status/1644346009198395392

awrah.live
blesico.site

# Reference: https://twitter.com/ThreatBookLabs/status/1645269421873840129

mod-gov.com

# Reference: https://twitter.com/__0XYC__/status/1648577567840952321
# Reference: https://www.virustotal.com/gui/ip-address/2.58.14.249/relations

fia-gov.com
cabinet-division-pk.fia-gov.com
dad.fia-gov.com
desk.fia-gov.com
foooders.fia-gov.com
ghckjxvo.fia-gov.com
m.fia-gov.com
plbulcbo.fia-gov.com
test.fia-gov.com
tmlbxveb.fia-gov.com
wndro.fia-gov.com

# Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1648890379943706625

halterarks.co.uk

# Reference: https://twitter.com/jaydinbas/status/1653361390491430915
# Reference: https://www.virustotal.com/gui/ip-address/39.104.50.12/relations
# Reference: https://www.virustotal.com/gui/file/88c10674bb6a53791bfe08497948699bf57ea9980a878a3a5fc1afb160d1d234/detection

alibababackupcloud.com
portal.alibababackupcloud.com
secure.alibababackupcloud.com
vpn.alibababackupcloud.com

# Reference: https://twitter.com/500mk500/status/1653860821020049410
# Reference: https://www.virustotal.com/gui/file/d236df798c56b2a32ff744f16d93c6a0412b4caaf2ea35b171a3953b19609074/detection

nadra-gov-pk.com

# Reference: https://twitter.com/ThreatBookLabs/status/1655769610116038657
# Reference: https://threatbook.io/domain/ntc-pk.org

ntc-pk.org

# Reference: https://twitter.com/ThreatBookLabs/status/1656499255056687104
# Reference: https://www.virustotal.com/gui/ip-address/5.230.72.98/relations

aliit.org
cxvdfg.aliit.org

# Reference: https://twitter.com/t3ft3lb/status/1656554005491859456
# Reference: https://x.com/banthisguy9349/status/1867536997528875196
# Reference: https://www.virustotal.com/gui/ip-address/5.230.73.198/relations
# Reference: https://www.virustotal.com/gui/file/a703c6772e8bcf7cd0aef05ecbee4c7f7f39371d45b42bf1030df2be5261717c/detection

dytt88.org
mail-dmp-navy-pk.dytt88.org
ministryofforeignaffairs-mofa-gov-pk.dytt88.org
ww25.mail-dmp-navy-pk.dytt88.org
ww25.ministryofforeignaffairs-mofa-gov-pk.dytt88.org

# Reference: https://blogs.blackberry.com/en/2023/05/sidewinder-uses-server-side-polymorphism-to-target-pakistan

govpk.net
paknavy-gov.com
dgms.paknavy-gov.com
forecast.comsats-net.com
mailnavybd.govpk.net
mailnavymilbd.govpk.net
paknavy-gov-pkp.downld.net
paknavy.jmicc.xyz
paknavy.paknavy.live

# Reference: https://twitter.com/ThreatBookLabs/status/1657207787397718018

daraz-pk.com

# Reference: https://twitter.com/ThreatBookLabs/status/1657941419401805824

ntc-pk.com

# Reference: https://twitter.com/ThreatBookLabs/status/1658323281420881926

govpk.org

# Reference: https://www.bridewell.com/insights/news/detail/the-distinctive-rattle-of-apt-sidewinder

aa173.bank-ok.com
active.roteh.site
aeryple.xyz
agarg.tech
ailyun.live
amuck.scoler.tech
article-viewer.com
assbutt.xyz
ausib-edu.org
avail.freay.tech
axis.heplor.biz
bank-ok.com
basic.gruh.site
basis.agarg.tech
blesis.live
bless.agarg.tech
bluedoor.click
brac.tech
brave.agarg.tech
breat.info
cater.sphery.live
cdn.torsey.xyz
ceiling.kalpo.xyz
cert.repta.live
climb.kalpo.xyz
cluster.jotse.info
confluence.assbutt.xyz
countpro.info
cpec.site
csdstore.app
cssc-net.co
cvix.cc
dirctt88.org
directt88.org
dolper.top
dr-doom.xyz
dsmes.xyz
e-tohfa.net
elopter.top
enclose.info
endure.sphery.live
estate.ovil.tech
fdrek.live
file-download.co
focus.mectel.tech
focus.semain.tech
found.neger.site
found.troks.site
freay.tech
freedom.olerpic.info
ftp.true-islam.org
fujit.info
gearfill.biz
geoloc.top
georgion.info
gitlab.enclose.info
glorec.tech
gretic.info
groove.olipy.info
gruve.site
hakimiya.live
handle.proey.tech
helpdesk-gov.info
heplor.biz
hertic.tech
hldren.info
hostmaster.enclose.info
hread.live
hyat.tech
inkly.net
insert.roteh.site
islamic-path.com
jester.hyat.tech
jotse.info
kalpo.xyz
kito.countpro.info
krontec.info
leron.info
leyra.tech
lines.aeryple.xyz
livo.silvon.site
lucas.hertic.tech
mat.trelin.tech
mectel.tech
mfagov.org
moon.tfrend.org
mopiler.top
msoft-updt.net
neger.site
nelcec.info
normal.aeryple.xyz
offshore.leron.info
olerpic.info
olipy.info
oprad.top
opt.freay.tech
ortra.tech
ovil.tech
paf-govt.info
pak-gov.info
pak-govt.net
pak-news.info
pastlet.live
plors.tech
portal.breat.info
preag.info
preat.fujit.info
preat.info
privacy.olerpic.info
private.hldren.info
proey.tech
prol.info
ptcl-gov.org
rack.nelcec.info
reay.tech
repta.live
reth.cvix.cc
reveal.troks.site
ridlay.live
roof.wsink.live
rugby.wsink.live
sbp-pk.org
sdfsdg.enclose.info
semain.tech
service.true-islam.org
shortney.org
shrtny.co
shrtny.live
silk.freat.site
silvon.site
sindhpolice-govpk.org
sk.krontec.info
spec.trelin.tech
sphery.live
split.tyoin.biz
square.oprad.top
srv-app.co
storeapp.site
straight.hldren.info
support-twitter.com
tab.gruve.site
telemart-pk.com
tfrend.org
tiinly.co
tinurl.click
torsey.xyz
treat.fraty.info
trelin.tech
troks.site
true-islam.org
tyoin.biz
utilize.elopter.top
verocal.info
view.proey.tech
vtray.tech
wsink.live
yrak.info
zed.shrtny.live
zolosy.top
zone.vtray.tech
zretw.xyz

# Reference: https://twitter.com/ThreatBookLabs/status/1658669939010715653
# Reference: https://www.virustotal.com/gui/ip-address/192.36.27.97/relations

efrgfh.pak-ntc.org
emv1.pak-ntc.org
service.pak-ntc.org

# Reference: https://twitter.com/ThreatBookLabs/status/1659021576841601026
# Reference: https://www.virustotal.com/gui/ip-address/5.255.99.99/relations

ntc-net.co
emv1.ntc-net.co
service.ntc-net.co

# Reference: https://twitter.com/ThreatBookLabs/status/1660854037149884417
# Reference: https://www.virustotal.com/gui/ip-address/5.230.78.184/relations

mofss.co
drtgfhj.mofss.co
emv1.mofss.co
service.mofss.co

# Reference: https://twitter.com/__0XYC__/status/1664581189766610944
# Reference: https://twitter.com/uslss_etr/status/1664705054069215252
# Reference: https://www.virustotal.com/gui/ip-address/8.208.90.73/relations
# Reference: virustotal.com/gui/file/e7d2d26cc056b607b7af96cc08d66a168555afc38cf29b37729f4b90141fa5db/detection

http://149.129.237.253
cons-mofagovpk.servehttp.com
ebill-ptclnetpk.servehttp.com
flysmart-piaccompk.servehttp.com
mail-armybd.servehttp.com
mailtest-mofa.servehttp.com
nlc-govpk.servehttp.com
offers-ptclnetpk.servehttp.com
online-csdgovpk.servehttp.com
rewards-ptclnetpk.servehttp.com

# Reference: https://www.virustotal.com/gui/ip-address/146.70.161.36/relations

pkgov-mail.com
emv1.pkgov-mail.com
service.pkgov-mail.com

# Reference: https://twitter.com/ThreatBookLabs/status/1663729069811458048
# Reference: https://www.virustotal.com/gui/ip-address/5.230.78.76/relations

ruve.live
cgate.ruve.live
volt.ruve.live

# Reference: https://twitter.com/ThreatBookLabs/status/1663400816907272192
# Reference: https://www.virustotal.com/gui/ip-address/5.255.124.203/relations

pargue.tech

# Reference: https://twitter.com/ThreatBookLabs/status/1661558607857717248

data-protect.tech

# Reference: https://twitter.com/StopMalvertisin/status/1668668882108940288
# Reference: https://www.virustotal.com/gui/ip-address/13.213.47.21/relations
# Reference: https://www.virustotal.com/gui/file/8a431314696e82f994dd7fd32e6151232a9bbdc948c64cc6ee8a6e3dc67bb4f6/detection

csd-govpk.servehttp.com
finance-govpk.servehttp.com
ntc-govpk.serveftp.com
ntc-govpk.servehttp.com
vpn-ptclnetpk.servehttp.com

# Reference: https://twitter.com/TLP_R3D/status/1672174181935464448

pk-co.info

# Reference: https://www.group-ib.com/blog/hunting-sidewinder/

bol-south.com
ptcl-govp.org
ishd.directt88.org
microsoft-365.directt88.org
punjabpolice-gov-pk.fia-gov.com

# Reference: https://twitter.com/ThreatBookLabs/status/1675852641874632705

fssp.tech

# Reference: https://twitter.com/TLP_R3D/status/1676537779574931457
# Reference: https://www.virustotal.com/gui/ip-address/98.142.254.52/relations

mofagov.live

# Reference: https://twitter.com/t3ft3lb/status/1676511378117648386
# Reference: https://www.virustotal.com/gui/file/4e86f36820d5e96739fa6ed192d410eeca975c3a2ec48e13eb98d3486c9262b0/detection

mailsiis.alit.info

# Reference: https://twitter.com/TLP_R3D/status/1676680838774136832
# Reference: https://www.virustotal.com/gui/ip-address/193.42.39.133/relations

ptcl-gov.info

# Reference: https://twitter.com/__0XYC__/status/1676905915885187073
# Reference: https://www.virustotal.com/gui/file/3ef7b9a872dc1247edb0f3947d0db681ff14be81cb46be22ce4f896f2d2dc7f0/detection

pakistanarmy.xyz

# Reference: https://twitter.com/ThreatBookLabs/status/1678384704679182336
# Reference: https://www.virustotal.com/gui/ip-address/5.230.74.80/relations

mofa-gov.info

# Reference: https://twitter.com/ThreatBookLabs/status/1678934448186728448

cylit.info

# Reference: https://twitter.com/ThreatBookLabs/status/1679132754842390529

nbcot.info

# Reference: https://twitter.com/ThreatBookLabs/status/1680766347255611394

mofagov.info

# Reference: https://twitter.com/ThreatBookLabs/status/1680943216114253825

tref.tech

# Reference: https://twitter.com/ThreatBookLabs/status/1681132716534923267
# Reference: https://www.virustotal.com/gui/ip-address/85.113.70.48/relations

mod-pkgov.org
mailafdbd.mod-pkgov.org

# Reference: https://twitter.com/Axel_F5/status/1681354510642429982
# Reference: https://www.virustotal.com/gui/file/61a839aaba4807e492922a3ba0000b98568669626638acf5e5ed0b597fdd5e40/detection

libreofficeupdates.com

# Reference: https://twitter.com/Axel_F5/status/1669794530592170001
# Reference: https://www.virustotal.com/gui/file/b41d54a9686b312f9e114f62e6bf11e21c8e97dda477d488ca19e2afa45efc9e/detection

plainboardssixty.com

# Reference: https://twitter.com/Axel_F5/status/1597978238542057473
# Reference: https://www.virustotal.com/gui/file/f946663a780806693ea3fb034215bd6da25971eb07d28fe9c209594c90ec3225/detection

sinacn.co
mailtsinghua.sinacn.co
mailstinghua.sinacn.co

# Reference: https://mp.weixin.qq.com/s/ewGyvlmWUD45XTVsoxeVpg
# Reference: https://otx.alienvault.com/pulse/64a445050a5e0f1018b5bf6d

cloudplatfromservice.one
gclouddrives.com

# Reference: https://twitter.com/ThreatBookLabs/status/1696504153500213519

defpak.net

# Reference: https://twitter.com/ThreatBookLabs/status/1697240572417974285

gyre.site

# Reference: https://twitter.com/ThreatBookLabs/status/1698883638937657412

slic.live

# Reference: https://twitter.com/suyog41/status/1706194781112537213
# Reference: https://twitter.com/TLP_R3D/status/1706262046587682998
# Reference: https://www.virustotal.com/gui/ip-address/185.117.90.59/relations
# Reference: https://www.virustotal.com/gui/file/6e89d7eedc4088f1bcdf45171c41deb6c778e14141802c153496550f09b85fb7/detection

mofa-gov.org
pakarmy-govpk.net
emv1.mofa-gov.org
mailciieorg.mofa-gov.org
maile.mofa-gov.org
mailmofa.mofa-gov.org
mailyafd.mofa-gov.org

# Reference: https://twitter.com/suyog41/status/1708827613727531181
# Reference: https://www.virustotal.com/gui/ip-address/193.142.58.149/relations
# Reference: https://www.virustotal.com/gui/file/e36e8244c06d88a5650783bfb3e0e85acd76b803a33018d48391f1ebcc849622/detection

govpk.info
cpanel.govpk.info
dev.govpk.info
endofmission.govpk.info
intdtebangladesh.govpk.info
invitation-letter.govpk.info
mail.govpk.info
mofa.govpk.info
note1582023.govpk.info
webdisk.govpk.info
webmail.govpk.info
ww1.govpk.info
ww25.govpk.info
ww38.govpk.info
wwww.govpk.info
wwww.invitation-letter.govpk.info

# Reference: https://twitter.com/TLP_R3D/status/1708843583778763109
# Reference: https://www.virustotal.com/gui/ip-address/193.42.36.66/relations

pak-army.com

# Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1713750113167053187
# Reference: https://www.virustotal.com/gui/ip-address/8.222.250.160/relations
# Reference: https://www.virustotal.com/gui/file/d28ee2ab42b30c24b2569d9042f182e0a64e8dba2653500046153256e4620505/detection

cloud-ptclnetpk.servehttp.com

# Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1697074761380278599
# Reference: https://www.virustotal.com/gui/ip-address/147.139.212.200/relations
# Reference: https://www.virustotal.com/gui/file/78cea4a9ee2cce19f961c2ddd4972ec479c196c8e9f9763a95561e0f18776883/detection

complaints-ntcgovpk.viewdns.net
mail-mofagovpk.servehalflife.com
mail-mofagovpk.serveirc.com
mail-mofagovpk.viewdns.net
mail-pmogovpk.servehttp.com
ntdc-govpk.viewdns.net
sharepakistanmofa.servehttp.com
vibe-ptclnetpk.servehalflife.com

# Reference: https://twitter.com/RedDrip7/status/1719897373185560890
# Reference: https://www.netskope.com/blog/a-look-at-the-nim-based-campaign-using-microsoft-word-docs-to-impersonate-the-nepali-government
# Reference: https://www.virustotal.com/gui/ip-address/213.109.192.93/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.181.20.102/relations
# Reference: https://app.validin.com/axon?find=213.109.192.93&type=ip
# Reference: https://www.virustotal.com/gui/file/fd7a25223ffd731ad4f4a4083ef4a776e4c6f5b0a068b213859f780f1c44cd82/detection
# Reference: https://www.virustotal.com/gui/file/d7f8173c108696584f9c1e36d72a3bb0785609d8951acab355a2e112a64497a4/detection

http://213.109.192.93
dns-mofgovbt.ddns.net
dof-govmm.sytes.net
edms-vpn.ddns.net
mail-dor.hopto.org
mail-mofgovbt.hopto.org
microsoftupdte.redirectme.net
mpt-ap.servehttp.com
myanmar-apn.serveftp.com
telenor-mm.redirectme.net
updatemanager.ddns.net
windows-update.hopto.org
/update/R0FNd0lCb0RGbU1VTUdwcQ==.php
/update/R1JNU1p4a1RGbU1VTUdwcQ==.php
/R0FNd0lCb0RGbU1VTUdwcQ==.php
/R1JNU1p4a1RGbU1VTUdwcQ==.php

# Reference: https://mp.weixin.qq.com/s/iWx2tGCLOR0JtDBnC3FOwQ (Chinese)

asean-ajp.myftp.org
cloud.nitc.gavnp.org
dns.nepal.gavnp.org
drsasa.hopto.org
mail-mohs.servehttp.com
mx1.nepal.gavnp.org
mx2.nepal.gavnp.org
mytel-mm.servehttp.com
nitc.gavnp.org
pdf-shanstate.redirectme.net
pdf-shanstate.serveftp.com

# Reference: https://twitter.com/TLP_R3D/status/1722667675468312942
# Reference: https://www.virustotal.com/gui/ip-address/212.83.46.137/relations

mfa-gov.net
mailmofagovmm.mfa-gov.net
webmail.mfa-gov.net

# Reference: https://twitter.com/ginkgo_g/status/1727155248081555886
# Reference: https://www.virustotal.com/gui/file/b5c001cbcd72b919e9b05e3281cc4e4914fee0748b3d81954772975630233a6e/detection
# Reference: https://www.virustotal.com/gui/file/b60f71bfbdf86b8959cebc7585ec5a39e6cdd1c8efc80aa2bb8b051df4b8889b/detection
# Reference: https://www.virustotal.com/gui/file/9a3481ad198c0ed8e0e9945a35387631784125d42a2132b8428e7bf041c1d397/detection
# Reference: https://www.virustotal.com/gui/file/1246356d78d47ce73e22cc253c47f739c4f766ff1e7b473d5e658ba1f0fdd662/detection
# Reference: https://www.virustotal.com/gui/file/696f57d0987b2edefcadecd0eca524cca3be9ce64a54994be13eab7bc71b1a83/detection

govnp.org
dns.govnp.org
mofa.govnp.org
nepal.govnp.org
nitc.govnp.org
mail.mofa.govnp.org
mx1.nepal.govnp.org
/mail/AFA/RWlVOGJCSUxEaVljT0dKaQ==.aspx
/AFA/RWlVOGJCSUxEaVljT0dKaQ==.aspx
/RWlVOGJCSUxEaVljT0dKaQ==.aspx

# Reference: https://twitter.com/alex_lanstein/status/1727280460022300924
# Reference: https://twitter.com/BaoshengbinCumt/status/1727517020269527069
# Reference: https://twitter.com/k3yp0d/status/1727613488967614761
# Reference: https://twitter.com/k3yp0d/status/1727612826661896390
# Reference: https://www.virustotal.com/gui/ip-address/47.251.51.195/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.252.52.225/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.222.250.160/relations
# Reference: https://www.virustotal.com/gui/file/d28ee2ab42b30c24b2569d9042f182e0a64e8dba2653500046153256e4620505/detection
# Reference: https://www.virustotal.com/gui/file/47144b2a4fa036692dccc81f0414c5d7898da001075c3e3c9995665cf5603791/detection

http://8.222.250.160
8.222.250.160:443
pakmail.cloud
senate-pak.site
yes2khalistan.online
awards-piaccompk.serveftp.com
cloud-ptclnetpk.servehttp.com
fbr-taxupdates.serveblog.net
/uPSnswhC

# Reference: https://twitter.com/k3yp0d/status/1727695607203078193
# Reference: https://app.validin.com/axon?find=47.74.90.0&type=ip
# Reference: https://app.validin.com/axon?find=47.74.90.10&type=ip

alfalahtransct-bank.servehttp.com
cloud-ntdc.servehttp.com
e-servicesptclnetpk.servehttp.com
e-supportntc.servehttp.com
financeptcl-govpk.servehttp.com
flysmart-piac.servehttp.com
ogdclcloud-mysharep.servehalflife.com
services-ptclnetpk.servehttp.com
wetransfer.servehttp.com

# Reference: https://twitter.com/Glacius_/status/1727968223088214182
# Reference: https://x.com/Cyberteam008/status/1925009704918393295
# Reference: https://www.virustotal.com/gui/ip-address/5.230.54.3/relations
# Reference: https://www.virustotal.com/gui/file/170ccf1225154fa0cd92a14219f0b912479cc4095203646c38a31bb78baafe9f/detection

donwloaded.com
mofa-gov-pk.donwloaded.com
police-gov-bd.donwloaded.com

# Reference: https://twitter.com/Glacius_/status/1736687727721013448
# Reference: https://www.virustotal.com/gui/file/0e51c4f52b63e7ce231959168dbc4270b4fa451c58e3bd2081441e7d83915361/detection

mailmfa.mofa-gov.info

# Reference: https://twitter.com/Cuser07/status/1738790090326061060
# Reference: https://twitter.com/Joseliyo_Jstnk/status/1740672426906927562
# Reference: https://www.virustotal.com/gui/ip-address/77.83.196.59/relations
# Reference: https://www.virustotal.com/gui/file/1a88ef58675971eb18eeb267b1be90594cd6c7ebddf1c67d66729fa3e68de323/detection
# Reference: https://www.virustotal.com/gui/file/a11fab6de2c5111833e9e4a6f69ce5dded17085a3d8ae21c7fcfa00d7e113c9b/detection
# Reference: https://www.virustotal.com/gui/file/b565bd60e9182746de76feeebe7f85902e22ee3a22d5d55a278be7340923806e/detection

fia-gov.net
apps.fia-gov.net
cirt-gov-mm.fia-gov.net
mofa-gov-bd.fia-gov.net
mofa-gov-np.fia-gov.net
moitt-gov-pk.fia-gov.net
myanmar-gov-mm.fia-gov.net
myoffice.fia-gov.net
nepalcert-org.fia-gov.net
opmcm-gov-np.fia-gov.net
police-circular-gov-bd.fia-gov.net
police-gov-bd.fia-gov.net

# Reference: https://twitter.com/Joseliyo_Jstnk/status/1743190819245326808
# Reference: https://www.virustotal.com/gui/ip-address/5.180.114.198/relations
# Reference: https://www.virustotal.com/gui/file/15ce7d3c879975ca81777cf58f47409283e34ec1fe8e966fde608bc7eda16646/detection
# Reference: https://www.virustotal.com/gui/file/9d02bf092fdcf44a51ae6e264ec3e3e57afbe79622c92a797e33fb62ed495cda/detection
# Reference: https://www.virustotal.com/gui/file/931aee9ba0e51804cb354a3a41830721e41a0fab6758aa19a43eaf1abe621b4d/detection
# Reference: https://www.virustotal.com/gui/file/613068422c214b944c7b2e3fb60412ed99d35c9e18d53d45b16965c5a36f734a/detection

direct888.net
mofa-gov-np.direct888.net
mofa-gov-sa.direct888.net
mopf-gov-mm.direct888.net
navy-lk.direct888.net
www-moha-gov-lk.direct888.net
www-police-gov-bd.direct888.net
wwww.direct888.net
wwww.mofa-gov-sa.direct888.net

# Reference: https://twitter.com/Joseliyo_Jstnk/status/1743223664391160170
# Reference: https://www.virustotal.com/gui/ip-address/69.61.36.170/relations

gov-org.net
lk.gov-org.net
mm.gov-org.net
mv.gov-org.net
np.gov-org.net
gov.lk.gov-org.net
gov.mm.gov-org.net
gov.mv.gov-org.net
gov.np.gov-org.net
defence.lk.gov-org.net
immigration.gov.mv.gov-org.net
mfa.gov.lk.gov-org.net
mod.gov.np.gov-org.net
mofa.gov.np.gov-org.net
moha.gov.np.gov-org.net
mohs.gov.mm.gov-org.net
navy.lk.gov-org.net
po.gov.mv.gov-org.net
presidentoffice.lk.gov-org.net

# Reference: https://twitter.com/Cuser07/status/1743214744910401794
# Reference: https://www.virustotal.com/gui/ip-address/2.58.15.71/relations
# Reference: https://www.virustotal.com/gui/file/89d4d85592bf0b5e8b55c2d62c9050bfa8c3017f9f497134dbacbb2a0f13a09e/detection

donwloaded.net
president-gov-lk.donwloaded.net

# Reference: https://medium.com/@fofabot/practical-fofa-asset-expansion-sidewinder-apt-389714a70061

academy.lesporc.live
agency.lesporc.live
api.argus.trondheim.bama.zoopit.no
cdn.awrah.live
cdn.cpec.site
cdn.dolper.top
cdn.dr-doom.xyz
cdn.gearfill.biz
cdn.geoloc.top
cdn.hread.live
cdn.plors.tech
cdn.preag.info
cdn.preat.info
cdn.prol.info
cdn.verocal.info
civil.leyra.tech
csla.blesis.live
density.meplor.xyz
deputy.meplor.xyz
direct888.org
employ.fdrek.live
energy.fdrek.live
lax036.relay.arandomserver.com
lesporc.live
lnkly.net
meplor.xyz
mu-api.anyremote.cn
mxhichina.info
nextgen.fia-gov.net
ns.seiffenn.nohost.me
resolve.preat.info
seiffenn.nohost.me
tercom.site
test.api.68wx.com
test.api.g.luohu8.com
test.api.hzy.68wx.com
test.es.68wx.com
toss.tercom.site
trust-crypto.net
wide.storeapp.site
wind.ridlay.live
xmpp-upload.seiffenn.nohost.me

# Reference: https://twitter.com/nahamike01/status/1747167370190458924

ntc-telecomcorporation.workers.dev
elccorp-net.ntc-telecomcorporation.workers.dev
mail-depo-gov-pk.ntc-telecomcorporation.workers.dev
mail-dgdp-gov-pk.ntc-telecomcorporation.workers.dev
mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev
mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev
mail-hit-gov-pk.ntc-telecomcorporation.workers.dev
mail-modp-gov-pk.ntc-telecomcorporation.workers.dev
mail-paf-gov-pk.ntc-telecomcorporation.workers.dev
mail-punjab-gov-pk.ntc-telecomcorporation.workers.dev
mail-sco-gov-pk.ntc-telecomcorporation.workers.dev
news.ntc-telecomcorporation.workers.dev

# Reference: https://www.virustotal.com/gui/ip-address/172.67.192.82/relations

gwadarportt.workers.dev
gwadarport-gov-pk.gwadarportt.workers.dev
mail-invest-gov-pk.gwadarportt.workers.dev
mail-nespak-com-pk.gwadarportt.workers.dev
webmail-gda-gov-pk.gwadarportt.workers.dev
worker-orange-unit-abfb.gwadarportt.workers.dev

# Reference: https://www.virustotal.com/gui/ip-address/172.67.137.37/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.67.184.202/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.67.215.149/relations

government-pak.workers.dev
pak-gov-pk.workers.dev
pakistan-gov-pk.workers.dev
cpanel-nha-gov-pk.pakistan-gov-pk.workers.dev
mail-asian-parliament-org.pakistan-gov-pk.workers.dev
mail-depo-gov-pk.government-pak.workers.dev
mail-hit-gov-pk.government-pak.workers.dev
mail-hitgovpk.government-pak.workers.dev
mail-kpt-gov-pk.pak-gov-pk.workers.dev
mail-mod-gov-pk.pakistan-gov-pk.workers.dev
mail-modp-gov-pk.government-pak.workers.dev
mail-modp-gov-pk.pak-gov-pk.workers.dev
mail-mofa-gov-pk.pakistan-gov-pk.workers.dev
mail-nba-gov-pk.pakistan-gov-pk.workers.dev
mail-pof-gov-pk.government-pak.workers.dev
mail-ppra-org-pk.pakistan-gov-pk.workers.dev
mail-sco-gov-pk.government-pak.workers.dev
nha-gov-pk.pakistan-gov-pk.workers.dev
webmail-wapda-gov-pk.pakistan-gov-pk.workers.dev
worker-plain-wind-01a9.pakistan-gov-pk.workers.dev

# Reference: https://www.virustotal.com/gui/ip-address/104.21.29.219/relations

kr-i-sas-orv-e-l-a.workers.dev
mail-gwadarport-gov-pk.kr-i-sas-orv-e-l-a.workers.dev

# Reference: https://app.validin.com/axon?find=*.govpk.live&type=dom

govpk.live
cpanel.govpk.live
cpcalendars.govpk.live
cpcontacts.govpk.live
dirbspta.govpk.live
ecp.govpk.live
mail.govpk.live
mora.govpk.live
ptcl.govpk.live
webdisk.govpk.live
webmail.govpk.live
verification.ptcl.govpk.live

# Reference: https://twitter.com/__0XYC__/status/1752238025269272906
# Reference: https://twitter.com/Cuser07/status/1752266296463667343
# Reference: https://www.virustotal.com/gui/file/4438df17d22e4df1b430788da31ae0c0f4826b0c9896d1fb7d225cff586f11ad/detection

download-services.online
pdf-download.live
royalmigration.buzz
services-download.top
win-service-update.top
backup.download-services.online
blue.win-service-update.top
file.services-download.top
files.pdf-download.live
newfile.pdf-download.live
uk.royalmigration.buzz

# Reference: https://twitter.com/Joseliyo_Jstnk/status/1753385273587626057
# Reference: https://www.virustotal.com/gui/ip-address/81.171.7.136/relations
# Reference: https://www.virustotal.com/gui/ip-address/81.171.7.139/relations
# Reference: https://www.virustotal.com/gui/file/ae9ba351fdeb8f06173770682d0df4caef31774b3e0c8e25e2c998cd96e70fa8/detection

nr3c-govpk.com
api.nr3c-govpk.com
mailx.nr3c-govpk.com
o.nr3c-govpk.com
r.nr3c-govpk.com

# Reference: https://www.virustotal.com/gui/ip-address/47.90.210.26/relations

mail-mofagovpk.servehttp.com
ntc-govpk.servehalflife.com
taxsys-fbrgovpk.servehttp.com
vpn-ptclnetpk.servehalflife.com
vpn-ptclnetpk.viewdns.net

# Reference: https://www.virustotal.com/gui/ip-address/51.195.146.204/relations

fbrgov-pk.ddns.net
fbrgov.ddns.net

# Reference: https://www.virustotal.com/gui/ip-address/65.108.198.252/relations

mofagovpk.cheematrd.com

# Reference: https://www.virustotal.com/gui/domain/gov-pk.online/relations

gov-pk.online
mail-ead.gov-pk.online
mail-mowr.gov-pk.online
mail-ntc.gov-pk.online
mail-pc.gov-pk.online
mail-sco.gov-pk.online
mofa.gov-pk.online
ntc.gov-pk.online
ntcmail.gov-pk.online
paec.gov-pk.online
pc.gov-pk.online
pnra.gov-pk.online
pta.gov-pk.online
sco.gov-pk.online
suparco.gov-pk.online
tdap.gov-pk.online

# Reference: https://www.virustotal.com/gui/ip-address/181.41.35.224/relations

diagov.ddns.net
govaruba.duckdns.org

# Reference: https://www.virustotal.com/gui/ip-address/47.236.243.41/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.74.85.109/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.209.221.234/relations

advisory-cabinetgpk.servehttp.com
cap-mofagovpk.servehttp.com
circular-financegov.servehalflife.com
eservice-ptclnetpk.servehttp.com
finance-govpk.serveblog.net
hrmis-financegovpk.serveftp.com
mail-depogovpk.servehttp.com
mail-modgovpk.servehttp.com
mail-mofagovpk.ddns.net
mail-mofagovpk.gotdns.ch
mail-mofagovpk.myddns.me
nanfung.servehttp.com
newmail-armymilbd.servehttp.com
offers-ptclnetpk.serveblog.net
ogdcl.servehttp.com
piac-compk.servehttp.com
portal-ptclnetpk.servehttp.com

# Reference: https://www.virustotal.com/gui/ip-address/47.236.248.66/relations
# Reference: https://www.virustotal.com/gui/ip-address/47.88.26.202/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.211.192.22/relations
# Reference: https://www.virustotal.com/gui/ip-address/8.222.232.191/relations

awards-piacaero.servehalflife.com
awards-piacaero.servehttp.com
discounts-ptclnetpk.servehttp.com
mail-bafmilbd.servequake.com
mail-dgdpgovpk.servehalflife.com
mail-mofapk.servehttp.com
mail-pofgovpk.3utilities.com
mail-pofgovpk.sytes.net
mail-scogovpk.servehalflife.com
mailhitgovpk.servehalflife.com
news-ptvcompk.servehttp.com
offer-ptclnetpk.servehttp.com
offers-ptclnetpk.serveftp.com
offers-ptclnetpk.serveirc.com
rewards-ptclnetpk.viewdns.net
sharepakistan-mofa.viewdns.net
support-ntc.servehttp.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.92.59/relations

cap-mofagovpk.servehttp.com
cap-mofapk.servehttp.com
finance-govpk.serveftp.com
financegovpk.servehttp.com
navy-govbd.servehttp.com
sdmx-financegovpk.servehttp.com
vibe-ptclnetpk.servehttp.com

# Reference: https://www.virustotal.com/gui/ip-address/147.139.140.175/relations

vibe-ptclnetpk.viewdns.net

# Reference: https://www.virustotal.com/gui/ip-address/147.139.145.19/relations

finance-govnp.servehalflife.com
mail-ntcgovpk.servehttp.com
mail-scogovpk.servehttp.com
mof-govnp.servehttp.com

# Reference: https://www.virustotal.com/gui/ip-address/172.67.133.19/relations

ethanhunthero125.workers.dev
mail-pc-gov-pk-login.ethanhunthero125.workers.dev

# Reference: https://www.virustotal.com/gui/ip-address/172.67.194.69/relations

crypton0019.workers.dev
ethanhunthero125.workers.dev
mail-pc-gov-pk-login.ethanhunthero125.workers.dev
mail-sco-gov-pk.crypton0019.workers.dev
worker-crimson-bread-052d.crypton0019.workers.dev

# Reference: https://www.virustotal.com/gui/ip-address/47.236.119.146/relations

203-124351878443.hopto.org
mail-bafmilbd.myvnc.com
mail-depogovpk.myvnc.com
mailhit-govpk.hopto.org
mailpsab-modgovpk.hopto.org
mailsco-govpk.hopto.org
webmail-pacorgpk.myvnc.com

# Reference: https://www.virustotal.com/gui/ip-address/8.208.11.212/relations

mail-hitgovpk.servegame.com
mailsco-govpk.myvnc.com

# Reference: https://www.virustotal.com/gui/ip-address/47.250.57.207/relations

ideas2024-pakistan.myvnc.com
ideaspakistan-govpk.myvnc.com
iportal-ntdcgovpk.myvnc.com
mail-armylk.myvnc.com
mail-armylk.servehalflife.com
mail-hitgovpk.myvnc.com
mail-hitgovpk.servehttp.com
meter-ntdccompk.myvnc.com
meter-ntdccompk.servehttp.com
pertest-ntdccompk.ddnsking.com

# Reference: https://www.virustotal.com/gui/domain/g0v-pk.net/relations

g0v-pk.net
pujfjue003hmdhfh99ppjdflsdqwlkls.g0v-pk.net
mail.dgdp.gov.pk.pujfjue003hmdhfh99ppjdflsdqwlkls.g0v-pk.net
mail.paf.gov.pk.pujfjue003hmdhfh99ppjdflsdqwlkls.g0v-pk.net
mail.sco.gov.pk.pujfjue003hmdhfh99ppjdflsdqwlkls.g0v-pk.net

# Reference: https://www.virustotal.com/gui/ip-address/185.166.188.146/relations

mof-govn.online

# Reference: https://twitter.com/malwrhunterteam/status/1762199010062766152
# Reference: https://www.virustotal.com/gui/ip-address/91.193.18.108/relations
# Reference: https://www.virustotal.com/gui/file/13dafd14c85aee3ed60ec25284ba39d6ecdd7ddf4b484d2048efc05960da51e2/detection

126-com.live
mailarmylk.126-com.live
spark.126-com.live

# Reference: https://twitter.com/h2jazi/status/1762874221493879011
# Reference: https://www.virustotal.com/gui/file/df2be2327ed0062cba45a3f85378d0d386500ffcae20ed155ca106854d706325/detection
# Reference: https://www.virustotal.com/gui/file/525b00fc379589a73ebd6471e440220c886b969332360e17fb44d5175b3d945e/detection

newmofa.com
mailmofa.newmofa.com

# Reference: https://www.virustotal.com/gui/ip-address/82.180.175.87/relations

govnp.live
mailmofa.govnp.live
mofa.govnp.live
opmcm.govnp.live

# Reference: https://www.virustotal.com/gui/ip-address/172.67.135.224/relations

govtpak.workers.dev
mail-depo-gov-pk.govtpak.workers.dev
mail-hitgovpk.govtpak.workers.dev

# Reference: https://twitter.com/Joseliyo_Jstnk/status/1765304025358954689
# Reference: https://www.virustotal.com/gui/file/4d8ef13543182fdc5cd5bb270878bcac80b77ac7c3e566c0934450e35141ece0/detection

finance-gov-pk.rf.gd

# Reference: https://twitter.com/Joseliyo_Jstnk/status/1765727342263988567
# Reference: https://www.virustotal.com/gui/file/acbfbf6fd00fa347a52657e5ca0f5cc6cbcf197a04e2d3fd5dc9235926b319d7/detection

mofa.email
mailmofagovmm.mofa.email

# Reference: https://twitter.com/RedDrip7/status/1765935716964675683
# Reference: https://www.virustotal.com/gui/file/ae22f9da201032d007a0b3f54c3a53ea7a41292bba6e9855d48dd21b55c048ae/detection

pmd-office.com
moemaldives.pmd-office.com

# Reference: https://twitter.com/ginkgo_g/status/1768477798191263970
# Reference: https://twitter.com/suyog41/status/1773224136095023435
# Reference: https://www.virustotal.com/gui/file/31b558d79c20b2d18f404096532156e2a25dff5626589a0b27404f359dc9e8db/detection
# Reference: https://www.virustotal.com/gui/file/0b917833380d87990413d318ecd7ed08710d07aedc1d39b749256530c32f2ca9/detection

163inc.org
mailafdgovbd.163inc.org
mailcn.163inc.org

# Reference: https://twitter.com/Cyberteam008/status/1773587888279630292
# Reference: https://www.virustotal.com/gui/ip-address/103.151.111.61/relations
# Reference: https://www.virustotal.com/gui/ip-address/142.202.191.187/relations
# Reference: https://www.virustotal.com/gui/ip-address/91.92.252.90/relations
# Reference: https://www.virustotal.com/gui/ip-address/94.156.65.165/relations

punjabgov.org
surveyofpakistan.org
submitsurvey.info
mail.punjabgov.org

# Reference: https://twitter.com/alex_lanstein/status/1773817732426863037
# Reference: https://www.virustotal.com/gui/file/7dca552bc38f54716c80eb2c4f1f35cf6e5b12a78a5cec8bf335453c1b433cfd/detection

paknavy-govpk.info
moitt.paknavy-govpk.info

# Reference: https://www.virustotal.com/gui/ip-address/198.54.116.197/relations

mail-np.net
paknavy-gov-pk.mail-np.net

# Reference: https://www.virustotal.com/gui/ip-address/109.106.251.65/relations

paknavy-govpk.org

# Reference: https://www.virustotal.com/gui/ip-address/79.141.165.199/relations

paknavy-govpk.net

# Reference: https://www.virustotal.com/gui/ip-address/84.32.84.32/relations

paknavy.tech

# Reference: https://www.virustotal.com/gui/ip-address/46.17.175.230/relations

paknavy.cloud
paknavy.online

# Reference: https://www.virustotal.com/gui/domain/mofagovpk.info/relations

mofagovpk.info

# Reference: https://twitter.com/ginkgo_g/status/1774639942628761827
# Reference: https://www.virustotal.com/gui/file/0fa00d4f4f8e8449883aef7f0459a0fb754d57d55af2b41f5e445f867000fa70/detection
# Reference: https://www.virustotal.com/gui/file/85d5c21050bd72c4ee02060d0be234ac35babc785567dca5bfc1d299150576b7/detection

cabint-division-pk.fia-gov.com
police.fia-gov.com
vpn.fia-gov.com
ctd2.police.fia-gov.com
sindh.police.fia-gov.com

# Reference: https://twitter.com/Cyberteam008/status/1774703213390057829

64.46.102.122:8443
64.46.102.26:443
64.46.102.63:8443

# Reference: https://www.virustotal.com/gui/ip-address/185.174.135.4/relations

ptcl-gov.net

# Reference: https://www.virustotal.com/gui/ip-address/172.67.143.200/relations

mil-bd.workers.dev
mailbaf.mil-bd.workers.dev
mail-sco-gov-pk.mil-bd.workers.dev

# Reference: https://www.virustotal.com/gui/ip-address/185.27.134.221/relations

mai1-sco-gov-pk-sdf.rf.gd

# Reference: https://www.virustotal.com/gui/ip-address/93.183.74.8/relations

moe-gov-ae.info
mofa-gov-ae.info
mofagov-sa.info
mail.moe-gov-ae.info
mail.mofa-gov-ae.info
mail.mofagov-sa.info

# Reference: https://twitter.com/alex_lanstein/status/1775623052941799483
# Reference: https://blog.strikeready.com/blog/rattling-the-cage-of-a-sidewinder/

afmat.tech
aliyumm.tech
almightyallah.live
ausibedu.org
boket.tech
btud.live
comptes.tech
dafpak.org
defenec.net
detru.info
directt888.com
download-file.net
dynat.tech
gebre.tech
mfa-govt.net
mfacom.org
moittpk.org
msacn.ntcpk.net
newoutlook.live
ntcpk.info
ntcpk.net
numpy.info
paknavy-gov.org
pnscpk.com
sezti.org
tni-mil.com
tni-mil.org
tnial-mil.net
commerce-gov-in.iima.remotexs.in
commerce-gov-pk.directt888.com
mailrta.mfagov.org
mofa-gov-pk.directt888.com
sarabanmithnavy.tni-mil.com
training.detru.info

# Reference: https://www.virustotal.com/gui/ip-address/91.195.240.12/relations

mfa-gov.cc

# Reference: https://www.virustotal.com/gui/ip-address/134.209.86.200/relations

mofagov.online
ai.mofagov.online
server.mofagov.online

# Reference: https://www.virustotal.com/gui/ip-address/185.151.30.193/relations

mofa-gov-pk.co

# Reference: https://www.virustotal.com/gui/ip-address/172.66.47.59/relations

mofa-gov-pk.pages.dev

# Reference: https://www.virustotal.com/gui/ip-address/185.27.134.33/relations

mofa-gov-pk.rf.gd

# Reference: https://www.virustotal.com/gui/ip-address/185.82.22.193/relations

mofa-gov-qa.gq
mail.mofa-gov-qa.gq
webmail.mofa-gov-qa.gq

# Reference: https://www.virustotal.com/gui/ip-address/128.199.145.180/relations

mofa-gov-qa.ml
mail.mofa-gov-qa.ml

# Reference: https://www.virustotal.com/gui/ip-address/208.109.19.101/relations

mofagovpk.com

# Reference: https://www.virustotal.com/gui/ip-address/47.74.10.112/relations

modp-pk.org
1.modp-pk.org
gov.pk.1.modp-pk.org
gov.pk.modp-pk.org
mail.mofa.gov.pk.modp-pk.org
mofa.gov.pk.1.modp-pk.org
mofa.gov.pk.modp-pk.org
pk.1.modp-pk.org
pk.modp-pk.org

# Reference: https://www.virustotal.com/gui/ip-address/3.33.130.190/relations

pk-hqr-online.co
gov.pk-hqr-online.co
mofa.gov.pk-hqr-online.co

# Reference: https://www.virustotal.com/gui/ip-address/185.245.180.3/relations

govt-org.net
bd.govt-org.net
lk.govt-org.net
gov.bd.govt-org.net
gov.lk.govt-org.net
mod.gov.bd.govt-org.net
mofa.gov.lk.govt-org.net

# Reference: https://www.virustotal.com/gui/ip-address/77.95.113.16/relations

qrrl.net
pk-hq.qrrl.net
gov.pk-hq.qrrl.net
mofa.gov.pk-hq.qrrl.net
cons.mofa.gov.pk-hq.qrrl.net

# Reference: https://www.virustotal.com/gui/ip-address/185.245.180.44/relations

gov-co.org
bd.gov-co.org
com.gov-co.org
lk.gov-co.org
mv.gov-co.org
np.gov-co.org
org.gov-co.org
defence.lk.gov-co.org
e-mopf.gov.mm.gov-co.org
finance.gov.mv.gov-co.org
for.gov-co.org
foreign.gov.mv.gov-co.org
gov.bd.gov-co.org
gov.mm.gov-co.org
gov.np.gov-co.org
health.gov.lk.gov-co.org
health.gov.mv.gov-co.org
immigration.gov.np.gov-co.org
mfa.gov.lk.gov-co.org
mil.np.gov-co.org
mod.gov.np.gov-co.org
mofa.bd.gov-co.org
mofa.gov.bd.gov-co.org
mofa.gov.np.gov-co.org
myanmar.gov-co.org
navy.lk.gov-co.org
nepal.gov.np.gov-co.org
nhsrc.pk.gov-co.org
nugmyanmar.org.gov-co.org
plandiv.gov.bd.gov-co.org
po.gov.mv.gov-co.org
presidentoffice.lk.gov-co.org
pubsec.gov.lk.gov-co.org
punjab-ministry-pk.com.gov-co.org

# Reference: https://www.virustotal.com/gui/ip-address/109.70.148.47/relations

2let.org
pk.2let.org
gov.pk.2let.org
mofa.gov.pk.2let.org
cons.mofa.gov.pk.2let.org

# Reference: https://www.virustotal.com/gui/ip-address/185.27.134.151/relations

mofa-gov-msg-view.rf.gd

# Reference: https://www.virustotal.com/gui/ip-address/185.27.134.55/relations

mofa-gov-bd-mailll.rf.gd
mofa-gov-pk-download.rf.gd

# Reference: https://www.virustotal.com/gui/ip-address/185.27.134.222/relations

mofa-gov-mail-view-pk.rf.gd

# Reference: https://www.virustotal.com/gui/ip-address/185.212.70.84/relations

timeoflahore.com
mofa-gov-pk-foreignministry-documents.timeoflahore.com

# Reference: https://www.virustotal.com/gui/ip-address/84.32.84.32/relations

govt-org.com
lk.govt-org.com
gov.lk.govt-org.com
mfa.gov.lk.govt-org.com

# Reference: https://www.virustotal.com/gui/ip-address/104.219.248.111/relations

emaiil.co
pk.emaiil.co
gov.pk.emaiil.co
mod.gov.pk.emaiil.co

# Reference: https://www.virustotal.com/gui/ip-address/185.82.22.193/relations

srvssl.cf
mofa-gov-qa.srvssl.cf

# Reference: https://www.virustotal.com/gui/ip-address/8.218.5.63/relations

investgov.info
pakchinavest.info
com.pakchinavest.info
gwadarport.ddns.net
gwadarport.gov.jzbnco.com
gwadarport.gov.pk.migkua.com
gwadarport.gov.packetfilters.org
gwadarport.gov.pk.rankglobe.com
mail.investgov.info
pakchinainvest.com.pakchinavest.info
webmail.pakchinainvest.com.pakchinavest.info

# Reference: https://twitter.com/doc_guard/status/1785422860741202184
# Reference: https://www.virustotal.com/gui/file/8a6e381ab6f1d2ab74e3ee232680d5991c9f751241a6a0c3f0d9082d2cf61a05/detection
# Reference: https://app.docguard.io/23f3a046884bf94ec706f98000a9efbda48455b4dd86f0665409937b1fb811cb/112148fa-67fb-4646-8dcd-9007ddf87e00/0/results/dashboard

mofa-services-server.top
docs.mofa-services-server.top

# Reference: https://twitter.com/alex_lanstein/status/1788200111966658963
# Reference: https://pastebin.com/5tvyLKZM

govt-pk.com
amigos.govt-pk.com
bd.govt-pk.com
dfd-punjab.govt-pk.com
dfd.punjab.govt-pk.com
gov.pk.govt-pk.com
ics.govt-pk.com
ics1.govt-pk.com
investinnepal.gov.np.govt-pk.com
lgcd.punjab.gov.pk.govt-pk.com
medicalbillers.govt-pk.com
mindef.gov.pk.govt-pk.com
mod.gov.bd.govt-pk.com
mod.gov.np.govt-pk.com
mofa.gov.bd.govt-pk.com
mofa.gov.np.govt-pk.com
np.govt-pk.com
oidc.idp.elogin.att.govt-pk.com
prisons.punjab.govt-pk.com
pubad.gov.lk.govt-pk.com
sparrso.gov.bd.govt-pk.com

# Reference: https://twitter.com/alex_lanstein/status/1788203426020499698
# Reference: https://www.virustotal.com/gui/file/006e5fe0c01712391c54319a9d1579d7208f3cfa9f49fe56a14d93f0d0e8928b/detection

dowmload.org
efes-mindef-gov-pk.dowmload.org

# Reference: https://twitter.com/ValidinLLC/status/1788210860017553882

govt-net.com
bd.govt-net.com
com.govt-net.com
fia-govt-net.com.govt-net.com
fia.govt-net.com
gov.bd.govt-net.com
gov.lk.govt-net.com
gov.np.govt-net.com
lk.govt-net.com
mfa.gov.lk.govt-net.com
mofa.gov.bd.govt-net.com
mofa.gov.lk.govt-net.com
mofa.gov.np.govt-net.com
np.govt-net.com
ptdi.govt-net.com

# Reference: https://twitter.com/mal_analysis136/status/1788219355446075756
# Reference: https://www.virustotal.com/gui/ip-address/84.32.84.33/relations

mofa-govtpk.com
mail.mofa-govtpk.com

# Reference: https://twitter.com/Cyberteam008/status/1788436206528680124
# Reference: https://pastebin.com/vPLMDA1U

193.200.16.230:443
5.230.40.141:443
5.230.42.202:443
5.230.43.203:443
5.230.52.133:443
5.230.54.162:443
5.230.54.63:443
5.230.55.29:443
5.230.70.181:443
5.230.71.148:443
5.230.74.96:443
5.230.77.142:443
aliyum.org
appclub.live
crypto-wise.co
dgps-govpk.co
jupyt.tech
ntcpak.live
office.ntcpak.live
tsinghua-edu.tech
amarsonarbangla123.dgps-govpk.co
api.crypto-wise.co
bangladeshnavy.dgps-govpk.co
emv1.crypto-wise.co
mailotloc.aliyum.org
mailotlook.aliyum.org
mta-sts.crypto-wise.co

# Reference: https://www.virustotal.com/gui/ip-address/98.142.254.94/relations

dgps-govpk.com

# Reference: https://www.virustotal.com/gui/ip-address/98.142.254.83/relations

dgps-govpk.org

# Reference: https://www.virustotal.com/gui/ip-address/5.230.73.238/relations1

libqstur.tech

# Reference: https://twitter.com/suyog41/status/1768558626929860749
# Reference: https://twitter.com/k3yp0d/status/1789806184175685805
# Reference: https://www.virustotal.com/gui/ip-address/146.70.157.120/detection
# Reference: https://www.virustotal.com/gui/ip-address/146.70.80.58/detection
# Reference: https://www.virustotal.com/gui/file/92145633823ed4a4c56915ab81f6bc0582fd27700d8515400edd0a153d39829f/detection
# Reference: https://www.virustotal.com/gui/file/736315462b91943de9df6210db3bb52564982dd6c758d06ea79e3a404548569b/detection
# Reference: https://www.virustotal.com/gui/file/6e4a4d25c2e8f5bacc7e0f1c8b538b8ad61571266f271cfdfc14725b3be02613/detection
# Reference: https://www.virustotal.com/gui/file/316e01b962bf844c3483fce26ff3b2d188338034b1dbd41f15767b06c6e56041/detection
# Reference: https://www.virustotal.com/gui/file/2f5f44863048243c1bbec6e16b1c0902f8c61d61fdb8277f5c514b2f04ce8993/detection
# Reference: https://www.virustotal.com/gui/file/2027a5acbfea586f2d814fb57a97dcfce6c9d85c2a18a0df40811006d74aa7e3/detection
# Reference: https://www.virustotal.com/gui/file/3e35834b72b475952ae60ea8479ebe3638e204df414a838dfe143081f6729d8e/detection

packageupdates.net
syncscheduler.com
/r3diRecT/redirector/
/r3diRecT/redirector/proxy.php

# Reference: https://www.embeeresearch.io/advanced-guide-to-infrastructure-analysis-tracking-apt-sidewinder-domains/

amazonas-gov.co
cabinet-download-server.top
cnsa-gov.com
ctd.govt-pk.com
documents-server-pk.top
ecp.govt-pk.com
embajadadenepal.es.govt-pk.com
ep-gov-pk.christmas
ep-gov-pk.icu
gov-govpk.info
goverment-pk-update.top
justice-gov.info
mail-govpk.com
mod-gov-pk.live
mohre-gov.info
moma-gov-pk.org
my-gov-confirm.org
nadra-govpk.com
ncsc-gov.com
newmofa.org
nitb-update-services.top
pakistan-mofa.cloud
paknavy-govpk.com
pmo.documents-server-pk.top
pta-govpk.com
s3-network-pakistan.online
services-pk-users.top
update-govpk.co

# Reference: https://x.com/uslss_etr/status/1795534272725713221
# Reference: https://www.virustotal.com/gui/ip-address/46.183.187.190/relations
# Reference: https://www.virustotal.com/gui/file/ceb93ee3093dbf1a49918ede81055018d9c0f0945a97f904a16951010cfbce61/detection

dirctt88.co
mfa-gov-lk.dirctt88.co
moto.dirctt88.co
office.dirctt88.co
sp-nepalembassy-gov-np.dirctt88.co
sparrso-gov-bd.dirctt88.co
www-army-mil-bd.dirctt88.co

# Reference: https://x.com/ginkgo_g/status/1801540845797315055
# Reference: https://x.com/Joseliyo_Jstnk/status/1804112721408835817
# Reference: https://www.virustotal.com/gui/ip-address/91.223.208.175/relations
# Reference: https://www.virustotal.com/gui/file/c87e8d369a9718304e253ebe24da5267bf3a39f0b456c4191029b6be4bc04a42/detection
# Reference: https://www.virustotal.com/gui/file/57d761453bbc6ba9ace467f4491d7a19b9c7e097f81d9772efbcd2f43ada4dce/detection

mods.email
mailnepalarmymil.mods.email
mailarmylk.mods.email
premier.mods.email

# Reference: https://www.virustotal.com/gui/ip-address/89.150.40.43/relations
# Reference: https://www.virustotal.com/gui/file/512a83f1a6c404cb0ba679c7a2f3aa782bb5e17840d31a034de233f7500a6cb9/detection
# Reference: https://www.virustotal.com/gui/file/b72ac58d599e6e1080251b1ac45a521b33c08d7d129828a4e82a7095e9f93e53/detection

session-out.com
investigation04.session-out.com
policy.session-out.com
salary-cutting.session-out.com
/fbd901_harassment/

# Reference: https://x.com/StrikeReadyLabs/status/1811134839598326198
# Reference: https://www.virustotal.com/gui/ip-address/5.230.35.199/relations
# Reference: https://www.virustotal.com/gui/file/9572312a12605c6a6ea6447af6fc063f4196aeba523ed38ce2c5ff51c33d4831/detection

dgps-govtpk.com
reports.dgps-govtpk.com

# Reference: https://x.com/RedDrip7/status/1813049510601630031
# Reference: https://www.virustotal.com/gui/file/15081f25bd44b8591d2895c33db7c238b6d52ffb5fbeb235b62d52e681c99249/detection

mofa-filetransfer.servehttp.com

# Reference: https://x.com/suyog41/status/1814216605414351325
# Reference: https://www.virustotal.com/gui/file/005188f4c96d1f996e260d4cd1f6cb51de8c02654520673506976004203328cc/detection

paknavy.store
heatwave.paknavy.store

# Reference: https://x.com/suyog41/status/1814216605414351325
# Reference: https://www.virustotal.com/gui/ip-address/5.255.113.149/relations
# Reference: https://www.virustotal.com/gui/file/c4627139cab65aed8b7639006fa4848516f5681dca4ddf483fd27aa2e9f645c2/detection

pdfadobe.com
mora.pdfadobe.com

# Reference: https://x.com/wa1Ile/status/1816718243123593410
# Reference: https://www.virustotal.com/gui/ip-address/5.255.112.244/relations
# Reference: https://www.virustotal.com/gui/file/b8294a2038c3e79a06ad1f35c1083edaa6591b393f8bba681384a103734c27e9/detection

portdedjibouti.live
leave.portdedjibouti.live
notice.portdedjibouti.live
wwww.portdedjibouti.live
wwww.notice.portdedjibouti.live

# Reference: https://www.virustotal.com/gui/ip-address/93.127.192.14/relations

pk-govt.com
army.mil.bd.pk-govt.com
beoe.gov.pk-govt.com
cabinet.gov.bd.pk-govt.com
cabinet.gov.pk-govt.com
ead.gov.pk-govt.com
fia.gov.pk-govt.com
fia.gov.pk.pk-govt.com
finance.gov.pk-govt.com
mod.gov.ba.pk-govt.com
mod.gov.bd.pk-govt.com
mofa.gov.bd.pk-govt.com
mofa.gov.np.pk-govt.com
mofa.gov.pk-govt.com
mofa.gov.pk.pk-govt.com
nepalembassyusa.org.pk-govt.com
nepembassy.org.uk.pk-govt.com
paknavy.gov.pk-govt.com
paknavy.gov.pk.pk-govt.com
pasb.mod.gov.pk-govt.com
pmo.gov.bd.pk-govt.com
pmo.gov.pk.pk-govt.com
police.gov.bd.pk-govt.com
prisons.punjab.gov.pk-govt.com
prisons.punjab.pk-govt.com
punjabpolice.gov.pk-govt.com
sparrso.gov.bd.pk-govt.com

# Reference: https://www.virustotal.com/gui/ip-address/193.29.57.101/relations

geopk.org
geo.org.pk
mofa-govlk.com
army.mil.bd.mofa-govlk.com
gmail.com.mofa-govlk.com
mod.gov.bd.mofa-govlk.com
mofa.gov.bd.mofa-govlk.com
pmo.gov.bd.mofa-govlk.com
sparrso.gov.bd.mofa-govlk.com
army.mil.bd.mofa-govlk.com
gmail.com.mofa-govlk.com
mod.gov.bd.mofa-govlk.com
mofa.gov.bd.mofa-govlk.com
pmo.gov.bd.mofa-govlk.com
sparrso.gov.bd.mofa-govlk.com

# Reference: https://x.com/StrikeReadyLabs/status/1820454673603768564

mofserviceserver.top
shiftroof.top
ofc.mofserviceserver.top
pmofficepakistancloudserver.shiftroof.top

# Reference: https://x.com/StrikeReadyLabs/status/1821133707077370041
# Reference: https://www.virustotal.com/gui/file/fec66a9aabf379d150ad51926b318f9c03edbe8f7e655193c036db6c0ba9a6b6/detection

dowmload.info
mofa-gov-pk.dowmload.info

# Reference: https://www.virustotal.com/gui/domain/mofa-g0v-pk.workers.dev/relations

mofa-g0v-pk.workers.dev
sharepakistan.mofa-g0v-pk.workers.dev

# Reference: https://www.virustotal.com/gui/ip-address/76.223.105.230/relations

mofa-gov-pk.xyz

# Reference: https://www.virustotal.com/gui/ip-address/195.35.10.141/relations

mofa-gov-pk.site
cons.mofa-gov-pk.site

# Reference: https://x.com/k3yp0d/status/1821526304635650555
# Reference: https://www.virustotal.com/gui/file/b81c49fe252f763e43d2be298298ecc5d986c59e047efff6ecb928126e17f881/detection

refnameit.life
my.refnameit.life

# Reference: https://x.com/StrikeReadyLabs/status/1818267844972306610
# Reference: https://www.virustotal.com/gui/file/6842aee028eaa07af8e8eba41bef019aee72fe245ca86be39efd2df883b2402c/detection

xuzeest.buzz
management.xuzeest.buzz

# Reference: https://x.com/k3yp0d/status/1821523835214065877
# Reference: https://www.virustotal.com/gui/file/ffb1e4d9253ed97cc381826993a8812ac6c53f7a7d01793e282fc148102bdab3/detection

screenpont.xyz
ministryofficedownloadcloudserver.screenpont.xyz

# Reference: https://x.com/mal_analysis136/status/1822672814924611748
# Reference: https://www.virustotal.com/gui/ip-address/5.255.121.188/relations

dowmload.co
fmprc-gov-cn.dowmload.co
mod-gov-bd.dowmload.co
mofa-gov-bd.dowmload.co
mofa-gov-pk.dowmload.co
punjabpolice-gov-pk.dowmload.co
www-army-mil-bd.dowmload.co

# Reference: https://x.com/suyog41/status/1822904355777138829
# Reference: https://www.virustotal.com/gui/ip-address/213.183.55.52/relations
# Reference: https://www.virustotal.com/gui/file/a84b3dd5f7d29d8d257fdef0ede512ae09e6cd5be7681b9466a5c60f6f877c2b/detection

pmd-offc.info
moittadvisory.pmd-offc.info

# Reference: https://x.com/mal_analysis136/status/1822916700762984543
# Reference: https://x.com/suyog41/status/1824001819149799434
# Reference: https://www.virustotal.com/gui/ip-address/5.255.121.168/relations
# Reference: https://www.virustotal.com/gui/ip-address/5.255.99.223/relations
# Reference: https://www.virustotal.com/gui/file/bdbbb8fc621a1717e0dd373c143279db794a72a5bbd846ede92df412043623f7/detection

pmd-office.info
pmd-office.live
cyber.pmd-offc.info
office.pmd-office.info

# Reference: https://x.com/StrikeReadyLabs/status/1826250092669751401
# Reference: https://www.virustotal.com/gui/file/e3802e7f09f499537271f80af7ca81ee1e6d8559164e644665cf50d0a43bccdc/detection

pafmodernwebclient-srirj3dq.b4a.run

# Reference: https://x.com/StrikeReadyLabs/status/1830774400397779262
# Reference: https://www.virustotal.com/gui/ip-address/194.68.44.55/relations

document-viewer.live
stae-org-mz.document-viewer.live

# Reference: https://x.com/StrikeReadyLabs/status/1831386292728598949
# Reference: https://www.virustotal.com/gui/file/c2bc69085df7036bdef980932a2383b34a9fb76a92d85b9f377beca060053c17/detection

pkinfo.live

# Reference: https://x.com/StrikeReadyLabs/status/1833558192024142056
# Reference: https://www.virustotal.com/gui/file/5ba6e6deae5da0adf35e78319e9c528343a21f09863b879b3976351896578229/detection

dellicon.top
cloud.dellicon.top

# Reference: https://x.com/StrikeReadyLabs/status/1836356550274826416
# Reference: https://www.virustotal.com/gui/ip-address/212.46.38.168/relations

document-viewer.info
customs.document-viewer.info
office.document-viewer.info

# Referemce: https://blog.cloudflare.com/unraveling-sloppylemming-operations/

168-gov.info
acrobat.paknavy-pk.org
aljazeerak.online
apl-com.icu
apl-org.online
aurora.dawn-904.workers.dev
blabla.apl-com.icu
browser.apl-org.online
classifieds.workers.dev
confidential.zapto.org
crec-bd.site
dawn.apl-org.online
dawnnews.workers.dev
docs.apl-com.icu
epaper.dawn-323.workers.dev
filebox-1-y7125191.deta.app
fonts.apl-org.online
gov-pkgov.workers.dev
hascolgov.info
helpdesk-lab.site
herald-b2a.workers.dev
hesco.hascolgov.info
hit-pk.org
humariweb.info
hurr.zapto.org
images-11d.workers.dev
itsupport-gov.com
locaal.navybd-gov.info
localhost.apl-com.icu
locall.hascolgov.info
login.apl-org.online
mail-islamabadpolice-gov-pk.ntc-telecommunication-safecity.workers.dev
mail-na-gov-pk.na-gov-pk.workers.dev
mail.apl-com.icu
mail.pakistangov.com
mofapak.info
mozilla.apl-org.online
na-gov-pk.workers.dev
new.apl-org.online
ntc-telecommunication-safecity.workers.dev
obituary.workers.dev
oil.hascolgov.info
openkm.paknavy-pk.org
owa-spamcheck.apl-org.online
pakistangov.com
paknavy-pk.org
pitb.gov-pkgov.workers.dev
pitb.zapto.org
quran-books.store
redzone.apl-org.online
redzone2.apl-org.online
sco.zapto.org
sharepoint-punjab.sharepoint-e13.workers.dev
storage-e13.sharepoint-e13.workers.dev
update.apl-org.online
updpcn.online
zero-berlin-covenant.apl-org.online
zoom.osutuga7.workers.dev

# Reference: https://x.com/suyog41/status/1839593288455606483
# Reference: https://x.com/malwrhunterteam/status/1846308333432852902
# Reference: https://www.virustotal.com/gui/file/21c0756d52ca7947a83529e2cc7d3341f4626b8da05c256f5ec09034d147c6ba/detection
# Reference: https://www.virustotal.com/gui/file/f51361da0c24c1ae422ebe8fb12aa1ff9ec49c71d1d699c9cff68f2ee93fcdfa/detection
# Reference: https://www.virustotal.com/gui/file/3958bd2062a15c764427a2cc886743df1b1ac56633e1ae43f190e43db836ddb3/detection

desktopserver.top
auth.desktopserver.top
cloud.desktopserver.top
drive.desktopserver.top

# Reference: https://x.com/suyog41/status/1844615527106322754
# Reference: https://x.com/salmanvsf/status/1844636033109066079
# Reference: https://www.virustotal.com/gui/file/bafd23bf68bcb56f7927d10627c7e361127e8d42acdb7206752182ecadb611bc/detection

ms-office.app
command.ms-office.app
holiday.ms-office.app
update.ms-office.app

# Reference: https://x.com/suyog41/status/1844614969158984039
# Reference: https://www.virustotal.com/gui/ip-address/167.88.164.63/relations
# Reference: https://www.virustotal.com/gui/file/8782aa3b2f8b28b67101532937ab95a47e0d246513c8496c2f6a29cd44d02cf1/detection

dirctt888.info
kafka.dirctt888.info
paknavy-gov-pk.dirctt888.info

# Reference: https://securelist.com/sidewinder-apt/114089/
# Reference: https://www.virustotal.com/gui/ip-address/79.141.174.176/relations

63inc.com
aliyum.tech
asyn.info
cnsa-gov.org
colot.info
condet.org
conft.live
decoty.tech
dinfed.co
dirctt88.net
direct88.co
donwload-file.com
downloadabledocx.com
e1ix.mov
e1x.tech
grouit.tech
gtrec.info
healththebest.com
kernet.info
kretic.info
mfas.pro
mitlec.site
mofagovs.org
moittpk.net
mshealthcheck.live
nactagovpk.org
navy-mil.co
nopler.live
ntcpak.org
numzy.net
nventic.info
pafgovt.com
pdfrdr-update.com
pdfrdr-update.info
pmd-office.org
ptcl-net.com
scrabt.tech
shipping-policy.info
sjfu-edu.co
support-update.info
tazze.co
tex-ideas.info
tumet.info
u1x.co
ujsen.net
updtesession.online
widge.info
dynamic.nactagovpk.org
mmcert-org-mm.donwloaded.com
mod-gov-bd.direct888.net
nextgen.paknavy-govpk.net
portdedjibouti.shipping-policy.info
portdjibouti.pmd-office.org
premier.moittpk.org

# Reference: https://x.com/suyog41/status/1846521863347789927
# Reference: https://www.virustotal.com/gui/file/fa95fadc73e5617305a6b71f77e9d255d14402650075107f2272f131d3cf7b00/detection

mofa-gov-np.dirctt888.info

# Reference: https://x.com/suyog41/status/1848679667399807266
# Reference: https://www.virustotal.com/gui/file/865f5b3b1ee94d89ad9a9840f49a17d477cddfc3742c5ef78d77a6027ad1caa5/detection

sgad-punjab-gov-pk.dirctt888.info

# Reference: https://www.virustotal.com/gui/ip-address/84.32.84.32/relations

dirctt888.net

# Reference: https://x.com/suyog41/status/1849679847137870328
# Reference: https://www.virustotal.com/gui/ip-address/5.255.116.103/relations
# Reference: https://www.virustotal.com/gui/file/56bf8948160e563b835cb3b656d0f3848625433b66cb3f89ba07f04f4e8e78cf/detection

dytt88.co
mfa-go-ke.dytt88.co
moitt-gov-pk.dytt88.co

# Reference: https://x.com/StrikeReadyLabs/status/1849797282499039404

acc.pk-govt.net
apgml.pk-govt.net
bard.gov.bd.pk-govt.net
caab.gov.bd.pk-govt.net
cabinet.gov.bd.pk-govt.net
cabinet.pk-govt.net
cga.gov.bd.pk-govt.net
ecs.pk-govt.net
email.pk-govt.net
establishment.gov.pk-govt.net
fbr-gov.net
finance.gov.pk-govt.net
fisheries.gov.bd.pk-govt.net
gov-cn.co
gov-org.com
govt-cn.co
govt-cn.org
icd.punjab.gov.pk-govt.net
minland.pk-govt.net
mochta.pk-govt.net
mod-govbd.com
mod.gov.bd.pk-govt.net
mod.gov.pk-govt.net
modp.gov.pk-govt.net
mof.pk-govt.net
mofa-govlk.net
mofa.gov.bd.pk-govt.net
mofa.gov.np.pk-govt.net
mofa.gov.pk-govt.net
mofa.pk-govt.net
moha.gov.np.pk-govt.net
mopa.gov.bd.pk-govt.net
mopa.pk-govt.net
nepalpolice-govnp.com
nespak.com.pk-govt.net
ofac-gov.net
pk-govt.net
pnra.pk-govt.net
prisons.punjab.pk-govt.net
punjab.gov.pk-govt.net
punjabpolice.gov.pk-govt.net
sgad.punjab.gov.pk-govt.net
tcp.gov.pk-govt.net

# Reference: https://x.com/k3yp0d/status/1856401803379876074
# Reference: https://x.com/StrikeReadyLabs/status/1856724048903836018
# Reference: https://urlscan.io/result/82d6480b-898a-4ea5-9105-557c4096a79c
# Reference: https://www.virustotal.com/gui/file/ce4428b9b4455cfc051f195fcab0bfee775a7ef5aa3432a7d807c798444c250d/detection

bmac-g0v-cn-aman-exercise-1etter.netlify.app
bmac-org-cn-exercise-observer-invites.netlify.app
bmac-pla-exercise-aman-2024-letter.netlify.app
china-immigration-department-letter.netlify.app
chinese-pla-a1rforce-0fficil-drive.netlify.app
ministryofdefencechinadrive.pages.dev
paknavy.org.pk

# Reference: https://x.com/StrikeReadyLabs/status/1857456905167237288
# Reference: https://x.com/suyog41/status/1859132957870694480
# Reference: https://www.virustotal.com/gui/file/5fd3f901163aad60fae9afc8c969bba7ff233c7eba242ce85f17b920f9b70140/detection

cloudmails.live
ecloudsmails.com
mail-gov.org
opertingsmail.us
www-airport-lk.mail-gov.org

# Reference: https://x.com/suyog41/status/1858462344856101197
# Reference: https://x.com/banthisguy9349/status/1875904770697003459
# Reference: https://www.virustotal.com/gui/ip-address/89.46.234.85/relations
# Reference: https://www.virustotal.com/gui/file/40159fcfe9793a8a13111131e31f10eb1652343f6b9d172e2cadc821bc5f28fd/detection

d0cumentview.info
advisories-sgcustoms.d0cumentview.info
notifications-khmod.d0cumentview.info

# Reference: https://x.com/blackorbird/status/1859161598469836806
# Reference: https://blogs.blackberry.com/en/2024/11/suspected-nation-state-adversary-targets-pakistan-navy-in-cyber-espionage-campaign
# Reference: https://www.virustotal.com/gui/collection/f6f862c588961ae94c5c23d92331b85e5023ed7064c00d1299f73d47aadf699d/iocs
# Reference: https://www.virustotal.com/gui/file/fc39ec35d767a2c0a178ca9874be8aaf87033f8b834ee8dcb57d3904516e4335/detection
# Reference: https://www.virustotal.com/gui/file/a0a18e76d8af39b9b198d9ea7c67dc372fa3cdb2286ac405fa8e76154af34fff/detection

paknavy.rf.gd

# Reference: https://x.com/StrikeReadyLabs/status/1864282578561221054
# Reference: https://www.virustotal.com/gui/file/a1b5ca71501c5215b2a7ed637308060e10914e436dcda11c219448e3540ef200/detection

mofw.pro
dntnavymil.mofw.pro

# Reference: https://x.com/ginkgo_g/status/1867518951930179775
# Reference: https://www.virustotal.com/gui/file/8ae6cf2d0932782784084ff0e792a85146d5073115556e8d05a225e635ec96fa/detection

military-bd.org
defence-lk.military-bd.org

# Reference: https://x.com/banthisguy9349/status/1867529811750694984
# Reference: https://pastebin.com/raw/eEBba59X

http://213.183.55.52
efes-mindef-qov-pk.dowmload.org
google.gov-pok.net
kenaikan.portdedjibouti.live
mofa-gov-np.dirctt88.co
mofa-gov-pk.download.info
salary-cuxxing.session-out.com
suezcanal.portdedjibouti.live
www-opmcm-gov-np.direct888.net

# Reference: https://x.com/DmitriyMelikov/status/1869829399023104432
# Reference: https://www.virustotal.com/gui/file/ba6ca4391a9fb405dd780fd5fb1a8acea22435f1707b2422e2bec6d74dbecc41/detection

mail-govt.com
btrc-gov-bd.mail-govt.com
cag-org-bd.mail-govt.com
mod-portal-gov-bd.mail-govt.com
mofa-portal-gov-bd.mail-govt.com
molwa-gov-bd.mail-govt.com
mopa-gov-bd.mail-govt.com
www-mof-gov-np.mail-govt.com
www-prc-mhapsd-gov-bd.mail-govt.com

# Reference: https://x.com/ThreatBookLabs/status/1871570023665275210
# Reference: https://x.com/StrikeReadyLabs/status/1871572110134726720
# Reference: https://x.com/blackorbird/status/1871576281571274847
# Reference: https://www.virustotal.com/gui/file/c27843c64f1e9bfbaabe5a98f384ef9d3eb2c32f97efe109690de16dd52d44e8/detection

mailserver-lk.com
draft-paper-advertisementfdg.netlify.app
mail-defence-lk-session-out.pages.dev

# Reference: https://x.com/k3yp0d/status/1871927642984968619
# Reference: https://www.virustotal.com/gui/file/01c6bc7bc8b4367205b698b99ad57df27387aa855a3245bdf5fa727e73925d06/detection

cloudpmo.top
ofc.cloudpmo.top

# Reference: https://x.com/ThreatBookLabs/status/1872288256370585931

mail-defence-lk-loging-horde.pages.dev
38273409.mail-defence-lk-loging-horde.pages.dev

# Reference: https://x.com/banthisguy9349/status/1875901285783962024

fia-gob.net
int-secure.org
officedrive.live
sarabanmithnavvtni-mil.com
cmm.int-secure.org
cnmm.int-secure.org
mofa-gov-np.fia-gob.net
pmd.paknavy-gov.com
president-gov-ik.donwloaded.net
sl-navy.officedrive.live

# Reference: https://x.com/banthisguy9349/status/1875930695388037559

download-files-0pen-err0r-l0gin.netlify.app
downloadfiles-mail.pages.dev

# Reference: https://x.com/banthisguy9349/status/1875934113292861656

nia-china-inviation-package-zip.netlify.app

# Reference: https://x.com/suyog41/status/1876157867423879302
# Reference: https://www.virustotal.com/gui/ip-address/178.209.51.231/relations
# Reference: https://www.virustotal.com/gui/file/5f0d9a8f26a8ead63c0d2063abdef157138eb59def34c361cdc3a42b0ed2c17d/detection

downnload.org
ibas-finance-gov-bd.downnload.org
mofa-gov-bd.downnload.org
mofa-gov-np.downnload.org
mof-portal-gov-bd.downnload.org

# Reference: https://x.com/StrikeReadyLabs/status/1876284392319963587
# Reference: https://x.com/StrikeReadyLabs/status/1876353156252340233
# Reference: https://raw.githubusercontent.com/StrikeReady-Inc/samples/refs/heads/main/2025-01-06%205000%20BDT/urls.txt
# Reference: https://www.virustotal.com/gui/file/136dd864f5772a6567aff34fcbe6f0665b7cc04b2d486004c370f410bee259b1/detection
# Reference: https://www.virustotal.com/gui/file/eebf4a5104d75f8f6536e592d4c7945d56f8431059f2cab980756d9b9e96f0fc/detection

81-cn.ddns.net
81-cn.info
az-updates.store
bangladeshbaank-gov-bd.workers.dev
boc-cn.81-cn.info
boc.cn.81-cn.info
cas.sysu.edu.cn.81-cn.info
cloud.moe.gov.cn.81-cn.info
cmclient-downloader.serveirc.com
corporate-social-activity-updates.ciecc.com.cn.81-cn.info
crec-bangladesh.ddns.net
fileserver.81-cn.info
globaltimes-cn.org
internal-portal.ceair.com.81-cn.info
mail-cscec.ddns.net
mail-mofa.ddns.net
mail-nssc.sytes.net
mail-nudt.sytes.net
mail.a.globaltimes-cn.org
mail.cfau.edu.cn.81-cn.info
mail.hit.gov.pk.81-cn.info
mail.hust.edu.cn.81-cn.info
mail.mail.cmec.com.globaltimes-cn.org
mail.mail.spacechina.com.81-cn.info
mail.mfa.gov.cn.81-cn.info
mail.mfaa.gov.cn.globaltimes-cn.org
mail.mofa.gov.pk.globaltimes-cn.org
mail.nju.edu.cn.81-cn.info
mail.nudt.edu.cn.81-cn.info
mail.smmu.edu.cn.81-cn.info
mail.tsinghua.edu.cn.81-cn.info
news-gov-cn.info
gateway.ceair.com.81-cn.info
uat-updates.gateway.ceair.com.81-cn.info
updates.moe.gov.cn.81-cn.info
moe.gov.cn.81-cn.info
cfau.edu.cn.81-cn.info
hit.gov.pk.81-cn.info
hust.edu.cn.81-cn.info
mail.cmec.com.globaltimes-cn.org
spacechina.com.81-cn.info
mfa.gov.cn.81-cn.info
mfaa.gov.cn.globaltimes-cn.org
mofa.gov.pk.globaltimes-cn.org
nju.edu.cn.81-cn.info
nudt.edu.cn.81-cn.info
smmu.edu.cn.81-cn.info
tsinghua.edu.cn.81-cn.info
vrms.bangladeshbaank-gov-bd.workers.dev
wandering-pond-e7f4.foxiproxi.workers.dev

# Reference: https://x.com/JAMESWT_MHT/status/1869724537115541616
# Reference: https://www.virustotal.com/gui/file/44f7c5e8855fc2c9a0026183759f99635d7b89eee46dc904d5618123ed217435/detection
# Reference: https://www.virustotal.com/gui/file/6750a7e6eb02eecab234f42a6cc6a88c1510d557336d53a85c02ad43776d8cb9/detection
# Reference: https://www.virustotal.com/gui/file/623767715bd1a33c41e2de8ab3af341e629105132c3434f454cf249f98adbfd7/detection

http://47.76.135.130
http://47.84.196.148
47.76.135.130:443
47.84.196.148:443
bangla.b-cdn.net

# Reference: https://x.com/ginkgo_g/status/1877604805612548507
# Reference: https://www.virustotal.com/gui/file/f29de289f33c8c9e4a53d25443e6d949b0028b31accf9abb4a8bab4a9dcbba42/detection
# Reference: https://www.virustotal.com/gui/file/896ddb35cde29b51ec5cf0da0197605d5fd754c1f9f45e97d40cd287fb5a2d25/detection

modpak.live
paknavy.modpak.live

# Reference: https://x.com/mal_analysis136/status/1878823552188883024
# Reference: https://www.virustotal.com/gui/ip-address/195.201.179.80/relations

prepforce.site
mystore.prepforce.site

# Reference: https://x.com/mal_analysis136/status/1879225400666313177
# Reference: https://www.virustotal.com/gui/ip-address/89.116.192.242/relations

govpk.email
govvv.pk
ib.govvv.pk
mindef.govvv.pk
mofa.govpk.email
mofa.govvv.pk
paknavy.govpk.email
paknavy.govvv.pk

# Reference: https://x.com/wa1Ile/status/1879794476480426196
# Reference: https://www.virustotal.com/gui/ip-address/45.137.159.236/relations

govpk.me
commerce.govpk.me
depo.govpk.me
ead.govpk.me
fia.govpk.me
ib.govpk.me
mofa.govpk.me
moitt.govpk.me
mpnr.govpk.me
pc.govpk.me

# Reference: https://x.com/suyog41/status/1880182370902634893
# Reference: https://www.virustotal.com/gui/ip-address/5.255.117.75/relations
# Reference: https://www.virustotal.com/gui/file/d3fb61c0211bd379bf80f15cf072fdbc1187fe95546fdfcfcbdf8918004f05e2/detection

mail-govt.org
interior-gov-pk.mail-govt.org
www-cabinetoffice-gov-lk.mail-govt.org

# Reference: https://x.com/suyog41/status/1884178221127852096
# Reference: https://www.virustotal.com/gui/ip-address/5.255.126.233/relations
# Reference: https://www.virustotal.com/gui/file/54c4641f709e51622531dc3d04fd2f4a3bad2a42dca287e2777c04d59cbca789/detection

dytt888.org
presidentsoffice-gov-lk.dytt888.org
www-mopa-gov-bd.dytt888.org
www-presidentsoffice-gov-lk.dytt888.org

# Reference: https://x.com/SecAI_AI/status/1884616742082932870
# Reference: https://www.virustotal.com/gui/ip-address/51.89.9.145/relations

app-sec01.online
docum.store
files-ci.com
gooogle.live
kra20.fun
msonlineoffice.com
noreplyuser.site
onlinestatus.live
opensign-delta3e.com
reecesayer.com
security-it1.com
sqrt.ovh
surveydocs.online
synoslabs-test.com
xn--micosoftonline-iwc.com
email.mofa.gov.pk.docum.store
email.navy.gov.bd.docum.store
email.nvy.milbd.onlinestatus.live
emails.mofa.gov.pk.docum.store
mail.baf.mil.bd.docum.store
mail.baf.mil.bd.onlinestatus.live
mail.bcc.gov.bd.onlinestatus.live
mail.fwo.com.pk.onlinestatus.live
mail.mofa.gov.pk.docum.store
mail.mofa.gov.pk.onlinestatus.live
mail.navy.mil.bd.docum.store
mail.navy.mil.bd.onlinestatus.live
mail.nepla.gov.np.onlinestatus.live
mail.pof.gov.pk.onlinestatus.live
mail.ssf.gov.bd.onlinestatus.live
mail1.mofa.gov.pk.docum.store
mail1.navy.mil.bd.docum.store
webmail.fwo.com.pk.docum.store

# Reference: https://x.com/suyog41/status/1887133284276244512
# Reference: https://www.virustotal.com/gui/file/15cf5271c7b9b8ad22c4c96bc8674d9835e8d419fc1a6077f3b59fbd7e59d112/detection

mail163.info
gso2.mail163.info

# Reference: https://x.com/suyog41/status/1887812529151443394
# Reference: https://www.virustotal.com/gui/file/47d77499968244911d0179fb858578de00dbb98079e33f5ed5d229d03eb04d67/detection

org-co.net
pubad-gov-lk.org-co.net

# Reference: https://x.com/suyog41/status/1888906530118062394
# Reference: https://www.virustotal.com/gui/file/22527dd1a62dc46dd4edd23a681657cf4c3477e9f90fb1ef63ef657608b9838c/detection

net-src.info
pubad-gov-lk.net-src.info

# Reference: https://x.com/mal_analysis136/status/1889041601709977866

dirctt88.info
micret.live
mteron.info
recred.live
warecon.xyz

# Reference: https://x.com/SecAI_AI/status/1890047778539061342
# Reference: https://app.validin.com/detail?find=38.60.198.71&type=ip4&ref_id=612fb65def6#tab=resolutions

hilsa.online
up2dts.online
updatemaster.info
baf.mil.bd.hilsa.online
bd.hilsa.online
email.moitt.gov.pk.hilsa.online
emails.moitt.gov.pk.hilsa.online
getnew.file.update.up2dts.online
gov.pk.hilsa.online
hillview.net.pk.hilsa.online
mail-mod-gov-bd-account-data-file.netlify.app
mail.baf.mil.bd.hilsa.online
mail.bgb.gov.bd.up2dts.online
mail.hillview.net.pk.hilsa.online
mail.hilsa.online
mail.mofa.gov.pk.up2dts.online
mail.mofas.gov.pk.updatemaster.info
mail.navy.lk.updatemaster.info
mail.navy.mil.bd.up2dts.online
mail.npc.gov.np.up2dts.online
mail.ntc.gov.pk.hilsa.online
mail.paf.gov.pk.hilsa.online
mail.punjab.gov.pk.hilsa.online
mail.sco.gov.pk.hilsa.online
mails.baf.mil.bd.updatemaster.info
mails.bcc.gov.bd.updatemaster.info
mails.mofa.gov.np.updatemaster.info
mails.mofa.gov.pk.updatemaster.info
mails.navy.mil.bd.updatemaster.info
mails.nepal.gov.np.updatemaster.info
mails.ntc.net.pk.hilsa.online
mails.paf.gov.pk.hilsa.online
mails.pmo.gov.pk.hilsa.online
mil.bd.hilsa.online
mofa.gov.np.updatemaster.info
moitt.gov.pk.hilsa.online
net.pk.hilsa.online
ntc.gov.pk.hilsa.online
ntc.net.pk.hilsa.online
paf.gov.pk.hilsa.online
pk.hilsa.online
pmo.gov.pk.hilsa.online
punjab.gov.pk.hilsa.online
sco.gov.pk.hilsa.online
view.full.pdf.file.up2dts.online

# Reference: https://x.com/Malwar3Ninja/status/1890393003207843897
# Reference: https://www.virustotal.com/gui/file/866f2112ee7e2553b0db0e931dd14f18515020ebc5985d91f6c96f1fce24a56c/detection

dopm.gov.np.totheeverest.com
gov.bd.account.login.sessions.webmailarmy.com
gov.np.farwestkhabar.com
gov.np.namlo.com.np
gov.np.totheeverest.com
gov.np.unsilk.com
gov.np.webproxy.to
ims.sudurpashchim.gov.np.farwestkhabar.com
mail-navy-mil-bd-modern-email-inbox-messages.webmailarmy.com
mail.bgb.gov.bd.account.modern.sessions.webmailarmy.com
mail.cao.gov.bd.account.login.sessions.webmailarmy.com
mail.mod.gov.bd.account.login.sessions.webmailarmy.com
mhealth.dopm.gov.np.totheeverest.com
ov.bd.account.modern.sessions.webmailarmy.com
psdph.dopm.gov.np.totheeverest.com
see.gov.np.unsilk.com
snnp.gov.np.namlo.com.np
vaccine.moha.gov.np.webproxy.to
vaccine.mohp.gov.np.webproxy.to
webmailarmy.com

# Reference: https://x.com/mal_analysis136/status/1890729450792268024

nbppakistan.com
github.nbppakistan.com
api.nbppakistan.com
collector.nbppakistan.com

# Reference: https://x.com/suyog41/status/1891372873496834115
# Reference: https://www.virustotal.com/gui/file/96d429d67a2663ef2cf3f45ccd0619adf0cd030f7fe70f072af1ce1d67ec52a3/detection

live-co.org
data-sob-gov-bd.live-co.org
mod-gov-bd.live-co.org
mofa-gov-bd.live-co.org
pubad-gov-lk.live-co.org

# Reference: https://x.com/__0XYC__/status/1893503792827527388
# Reference: https://www.virustotal.com/gui/ip-address/202.142.177.150/detection

viewdoc.online
gov.pk.viewdoc.online
moitt.gov.pk.viewdoc.online
ntc.gov.pk.viewdoc.online
paf.gov.pk.viewdoc.online
pof.gov.pk.viewdoc.online
sco.gov.pk.viewdoc.online
email.moitt.gov.pk.viewdoc.online
email.ntc.gov.pk.viewdoc.online
email.paf.gov.pk.viewdoc.online
email.pof.gov.pk.viewdoc.online
email.sco.gov.pk.viewdoc.online

# Reference: https://x.com/wa1Ile/status/1893896154825294224
# Reference: https://www.virustotal.com/gui/file/1527cf10f00c798262b3347c00af8028fee3bc88a450bc2df7766b1118c62cd5/detection

milqq.info
jtops.milqq.info

# Reference: https://x.com/suyog41/status/1895090090650784157
# Reference: https://x.com/suyog41/status/1895440300421881953
# Reference: https://www.virustotal.com/gui/file/a61335c10cf98064761806af6451b3cddd66641ccb35a6d8b915a02d6279f46a/detection
# Reference: https://www.virustotal.com/gui/file/74111c9b0ed748fc6bfc025d13a2ed08663b988cb69c044f1c6f153f9020294c/detection

dwnlld.info
cabinet-gov-bd.dwnlld.info
fa-gov-lk.dwnlld.info
infomfa-gov-lk.dwnlld.info
mfa-gov-lk.dwnlld.info
mofa-gov-bd.dwnlld.info
prison-gov-bd.dwnlld.info
www-cbsl-gov-lk.dwnlld.info

# Reference: https://www.virustotal.com/gui/ip-address/198.54.120.24/relations

mofa-govlk.org
lk.mofa-govlk.org
mod.mofa-govlk.org
presidentsoffice.mofa-govlk.org
pubad.mofa-govlk.org
sob.mofa-govlk.org
gov.lk.mofa-govlk.org
mfa.gov.lk.mofa-govlk.org

# Reference: https://www.virustotal.com/gui/domain/mfa-gov-al.com/relations

mfa-gov-al.com
mfa-gov-cy.online

# Reference: https://www.virustotal.com/gui/ip-address/139.84.131.91/relations

mfa-gov-cy.info

# Reference: https://x.com/__0XYC__/status/1896843819838251335

ntc.net.pk.bismi.pro
mail.ntc.net.pk.bismi.pro

# Reference: https://x.com/mal_analysis136/status/1897314313720983686

bismi.pro
vpdf.online

# Reference: https://x.com/blackorbird/status/1897618982384873643
# Reference: https://www.virustotal.com/gui/ip-address/185.235.138.29/relations

d0wnlaod.org
modp-gov-pk.d0wnlaod.org

# Reference: https://securelist.com/sidewinder-apt-updates-its-toolset-and-targets-nuclear-sector/115847/

aliyum.email
crontec.site
d0wnlaod.com
debcon.live
defencearmy.pro
depo-govpk.com
dirctt888.com
directt88.com
documentviewer.info
dowmloade.org
downl0ad.org
file-dwnld.org
mevron.tech
mod-kh.info
modpak-info.services
modpak.info
ms-office.pro
pncert.info
veorey.live
zeltech.live
ziptec.info
dgtk.depo-govpk.com

# Reference: https://x.com/salmanvsf/status/1901922280508469555
# Reference: https://x.com/suyog41/status/1902321493520064582
# Reference: https://www.virustotal.com/gui/file/9b76d98c2641512c66e8f2f99b2d0bda86ec1a4809420b74feadfb8f4f7dbf48/detection
# Reference: https://www.virustotal.com/gui/file/5b5a1833d4daaf05699a009316a4d866851130b258f424f066b867a534ba944d/detection

nic-svc.net
cabinet-gov-bd.nic-svc.net
www-erd-gov-lk.nic-svc.net
www-treasury-gov-lk.nic-svc.net

# Reference: https://x.com/ShadowChasing1/status/1902203302315749870
# Reference: https://x.com/suyog41/status/1901879336480989522
# Reference: https://www.virustotal.com/gui/file/1815d9aa261c60dde4abe3d8beea19496a9295775d8824087744276fb18a23e0/detection
# Reference: https://www.virustotal.com/gui/file/341a21538b90c87b40e150967519a695f2c339befde232e2f3cd85caf6885803/behavior

adobeglobal.com
cadetcollege.adobeglobal.com
latestupdate.adobeglobal.com
livestreaming.adobeglobal.com

# Reference: https://x.com/ThreatBookLabs/status/1902740067703202129
# Reference: https://x.com/suyog41/status/1914624962876596333
# Reference: https://www.virustotal.com/gui/ip-address/2.58.14.27/relations
# Reference: https://www.virustotal.com/gui/file/f464ad5c6aba13b42aa903bda0add7c074d45388da379747c83f2c3756c9b658/detection

org-liv.net
cabinet-gov-bd.org-liv.net
cirt-gov-bd.org-liv.net
mail-mofa-gov.org-liv.net
mofa-gov-np.org-liv.net
pubad-gov-lk.org-liv.net

# Reference: https://x.com/blackorbird/status/1902694151847850310
# Reference: https://www.virustotal.com/gui/ip-address/5.255.100.151/relations

nrdi-gov.com
afdtrg.nrdi-gov.com
slpa-lk.nrdi-gov.com

# Reference: https://x.com/mal_analysis136/status/1903400504925028535
# Reference: https://www.virustotal.com/gui/ip-address/5.255.120.103/relations
# Reference: https://en.fofa.info/result?qbase64=amFybT0iMmFkMmFkMDAwMmFkMmFkMjJjNDJkNDJkMDAwMDAwOGE1OTQxYzEzZjY3ZTBjMGEyYzhhMzZiZmVlZjY5MjAiICYmIGJhbm5lcj0iSFRUUC8xLjEgNDA0IE5vdCBGb3VuZCIgJiYgYmFubmVyPSJTZXJ2ZXI6IG5naW54IiAmJiBiYW5uZXI9IkNvbnRlbnQtVHlwZTogdGV4dC9odG1sIiAmJiBiYW5uZXI9IkNvbm5lY3Rpb246IGtlZXAtYWxpdmUiICYmIGFzbj0iNjA0MDQiICYmIHNlcnZlcj09Im5naW54Ig%3D%3D (# 2025-03-22)

ntcpk.co
paletec.live
sinantion.com
circulars.ntcpk.co

# Reference: https://x.com/mal_analysis136/status/1903410777085948009
# Reference: https://en.fofa.info/result?qbase64=amFybT0iMjFkMTlkMDAwMjFkMjFkMjFjMjFkMTlkMjFkMjFkZGRjNzVlYThiYjA1MzEzNGU3NDc4ZTAwNGQwM2ZmNjUiICYmIGhlYWRlcj0iSFRUUC8xLjEgNDA0IE5vdCBGb3VuZCIgJiYgaGVhZGVyPSJDb25uZWN0aW9uOiBjbG9zZSIgJiYgaGVhZGVyPSJDb250ZW50LVR5cGU6IHRleHQvaHRtbCIgJiYgaGVhZGVyPSJTZXJ2ZXI6IG5naW54IiAmJiBhc249IjU5NzExIg%3D%3D&page=1&page_size=10 (# 2025-03-22)

mail126.live
pncert.pro
roncez.tech
sercoten.info

# Reference: https://x.com/Cyberteam008/status/1904701843927863409
# Reference: https://en.fofa.info/result?qbase64=ZmlkPSJhRnJ1NVZDRW1PWWN2KzlIVUczU3J3PT0i (# 2025-03-26)

0ultook.live
acenent.site
aliyumm.pro
appcrew.info
ateows.info
baatube.com
bdnews.info
buzsep.info
cespkom.info
ciamat.info
csd-pk.online
d0ownload.com
doc-downlod.com
downnload.net
ecility.xyz
encetion.live
ereribe.tech
estsaln.site
ex1.mov
fx1.live
inporta.org
install-manager.com
kaleido.moe
krontab.info
krotab.info
letcrip.xyz
limkdin.com
luckjav.com
mainet.info
maroos.live
moragovt.net
navy-support.org
nolotion.info
nrtc-support.com
ntc-net.com
ntc-pak.org
ostcone.site
p1x.live
pareing.info
pl1.mov
pn0fficial.info
porket.info
reasoen.org
recovar.org
ritenoc.live
senine.info
superback.space
tchgin.site
tolera.live
updotes.co
vinver.live
winger.live
y1x.org
zeanos.live

# Reference: https://x.com/__0XYC__/status/1907321547326661055
# Reference: https://x.com/__0XYC__/status/1917099175331959296
# Reference: https://app.validin.com/detail?find=209.74.80.196&type=ip4&ref_id=aed6130bdda#tab=host_pairs
# Reference: https://www.virustotal.com/gui/file/2ab8d52677ebc2517c79979246e69ed9bd88b2c40170b3061cd49007c1f6fef4/detection
# Reference: https://www.virustotal.com/gui/file/a928c417df15814ebee6434742bfec78cf35fcdc61c871a2f07ce4d7a2a13e3d/detection

islamabadpk.site
kptkp.online
pkcert.news
pkcert.report
slpa.news
moma.islamabadpk.site
moma.kptkp.online

# Reference: https://x.com/suyog41/status/1909121702707048705
# Reference: https://www.virustotal.com/gui/file/69eee36642f274c724fadcfdf1f103ae0fd9b5f4bad7ac6a33b3c627d6114426/detection

net-co.info
customs-gov-lk.net-co.info
postmaster.net-co.info
www-customs-gov-lk.net-co.info

# Reference: https://x.com/__0XYC__/status/1909926129340965172

it-pakistan-gov-pk.workers.dev
support.it-pakistan-gov-pk.workers.dev

# Reference: https://x.com/spontiroli/status/1912850014520463442
# Reference: https://www.virustotal.com/gui/file/7363887b6b0fe7cece3c21ad18515835922379c7d78c47cea745940a1061a6c4/detection

info-lanka.org
modltr.info-lanka.org

# Reference: https://x.com/suyog41/status/1914565910607880350
# Reference: https://app.validin.com/detail?find=2.58.15.89&type=ip4&ref_id=227c9fab6be#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/63f5445527c47e17b71e87eef4dd7a86883607a22830bcee5b1fabc5d03bab38/detection

mfa-qov.com
updates-installer.store
pimec-paknavy.updates-installer.store
analytic.mfa-qov.com
rnail.mfa-qov.com
superset.mfa-qov.com

# Reference: https://www.virustotal.com/gui/ip-address/2.58.15.76/relations

mofa-qov.com
rnail.mofa-qov.com

# Reference: https://www.virustotal.com/gui/ip-address/2.58.15.42/relations

compnetworkservices.ddns.net
maildefence.myftp.org
office365-server.ddns.net

# Reference: https://x.com/volrant136/status/1916037219770634729
# Reference: https://www.virustotal.com/gui/ip-address/2.58.15.183/relations

botcel.info

# Reference: https://x.com/volrant136/status/1916593879983571354

govtpk.co
beoe.govtpk.co

# Reference: https://x.com/volrant136/status/1919123011107451280

gov.pk-mail.co
pkcert-arbeitssicherheit.de
pkcert.com
pkcert.live
pkcert.net
pkcert.org
pkcert.gov.pk-mail.co

# Reference: https://x.com/suyog41/status/1919279981105992119
# Reference: https://www.virustotal.com/gui/ip-address/109.70.236.126/relations
# Reference: https://www.virustotal.com/gui/file/57b9744b30903c7741e9966882815e1467be1115cbd6798ad4bfb3d334d3523d/detection

army-govbd.info
advisory.army-govbd.info
amended.army-govbd.info
emv1.army-govbd.info
geninstr.army-govbd.info
mail.army-govbd.info

# Reference: https://x.com/Glacius_/status/1919444379971821617
# Reference: https://www.virustotal.com/gui/file/1955c6914097477d5141f720c9e8fa44b4fe189e854da298d85090cbc338b35a/detection

mod-gov-bd.dwnlld.info
pc-gov-pk.downnload.net

# Reference: https://x.com/suyog41/status/1920014750643007950
# Reference: https://www.virustotal.com/gui/ip-address/193.42.39.217/relations
# Reference: https://www.virustotal.com/gui/file/558de2a01fbd76be171561c3c82fd6a8e2d4c913444850af99d44a4cfb41b680/detection
# Reference: https://www.virustotal.com/gui/file/725ded50e7f517addd12f029aeaf9a23f2b9ce6239b98820c8a12ea5cb79dbfa/detection
# Reference: https://www.virustotal.com/gui/file/b6b98197133a19a20ef64d6206e4b0e98d8d9db00d66a643577f5d55e00ea58d/detection

dwnlld.com
mod-gov-bd.dwnlld.com
mofa-gov-np.dwnlld.com
mofa-gov-pk.dwnlld.com
mopa-gov-bd.dwnlld.com
www-cbsl-gov-lk.dwnlld.com
www-presidentsoffice-gov-lk.dwnlld.com

# Reference: https://www.virustotal.com/gui/ip-address/85.239.55.124/relations

net-co.live
cabinet-gov-pk.net-co.live

# Reference: https://x.com/suyog41/status/1920723276243894501
# Reference: https://www.virustotal.com/gui/file/85afc5d78392be685ae84f4391aa4e7ea11bb44eb92a3d94a0329a963abf8932/detection
# Reference: https://www.virustotal.com/gui/file/8e37838066f5e02e01aa5bf7cfc12f74ed18473d017f00441f57e22e64497c88/detection
# Reference: https://www.virustotal.com/gui/file/29f36deedf252bcc1f51882c8f071c9aa128ba7f8acd8dd21d4e2800eb440905/detection
# Reference: https://www.virustotal.com/gui/file/1f7873ffa104f80e306b60d00854849b905beaaccb99ab4505146553f4c7e847/detection

army-lk.com
dsf.army-lk.com
dteofmediapsyops.army-lk.com

# Reference: https://x.com/suyog41/status/1922211946847228187
# Reference: https://x.com/suyog41/status/1922258775567712490
# Reference: https://www.virustotal.com/gui/file/56ce6048c13a0742f2a00bd75135784a3135c089518d6786242424e5fcb52161/detection
# Reference: https://www.virustotal.com/gui/file/01afb99be9f3077b9ebd80f0e67e99a5a0162ba1fa4f7e9285154c78389c206c/detection
# Reference: https://www.virustotal.com/gui/file/fdb90737709a989f8d8f1df4d02e9eae2eb6299dc1a9ee55c62ed2eeb6f54cda/detection
# Reference: https://www.virustotal.com/gui/file/974e7115f257c4c47a8c12c468f29888cbc31a37504a033dd34aa5190c3381ca/detection
# Reference: https://www.virustotal.com/gui/file/08b273a27150fdb1a84f922ffcf55da614b29c149d1c96873aced3f9547e6365/detection

nepalarmy-milnp.info
cybersecurity.nepalarmy-milnp.info
dtecyber.nepalarmy-milnp.info

# Reference: https://x.com/suyog41/status/1922225245680721992
# Reference: https://www.virustotal.com/gui/ip-address/5.230.37.44/relations
# Reference: https://www.virustotal.com/gui/file/162a1efb479cc29e8f007168386ff4d6e441c46827e00751c56ff5e389a30d37/detection

file-dwnld.net
interior-gov-pk.file-dwnld.net
mofa-gov-bd.file-dwnld.net
pmo-gov-pk.file-dwnld.net

# Reference: https://x.com/volrant136/status/1922300186526638477

gov-pk.pk
cons.gov-pk.pk
consmofa.gov-pk.pk
mail.gov-pk.pk
school.gov-pk.pk

# Reference: https://x.com/volrant136/status/1922332480503181486
# Reference: https://www.virustotal.com/gui/ip-address/93.190.143.108/relations

goov.pk
visa-nadra-gov-pk.pk

# Reference: https://x.com/volrant136/status/1923061758643597787

g0vt.pk
pk-hhq.cc
pk-hq.cc
pk-hq.us
pk-hqr.co
pk-hqr.online
pk-ht.pk
gov.pk-hhq.cc
gov.pk-hq.cc
gov.pk-hq.us
gov.pk-hqr.co
gov.pk-hqr.online
gov.pk-ht.pk

# Reference: https://x.com/volrant136/status/1923403903262986410

ducane.info
l1kdine.com

# Reference: https://www.virustotal.com/gui/ip-address/80.251.18.108/relations

file-downlod.org
songlong88.net

# Reference: https://x.com/volrant136/status/1925229593897709961

cons-mofa-gov-pk-hqr-1777839.online

# Reference: https://x.com/volrant136/status/1925581298782941625
# Reference: https://www.virustotal.com/gui/ip-address/47.236.12.192/relations

mod-gov-bd.info

# Reference: https://www.acronis.com/en-us/cyber-protection-center/posts/from-banks-to-battalions-sidewinders-attacks-on-south-asias-public-sector/

6441056b613c32a9.dwnlld.info
7ef1996f-c463-4540-936a-70d0fd477f98.live-co.org
a5936441-e402-41e3-b02b-75af112074b5.org-co.net
advisary.army-govbd.info
bscic-gov-bd.dwnlld.info
dirsports.milqq.info
dwnlld.infomfa-gov-lk.dwnlld.info
esxipubad-gov-lk.org-co.net
hisidewindersidewinder.pimec-paknavy.updates-installer.store
lolsidewindersidewinder.nic-svc.net
mail.ntc.net.pk.onlinestatus.live
mail.ntc.net.pk.vpdf.online
mail.paf.gov.pk.onlinestatus.live
mod-gov-bd.org-liv.net
mof-gov-bd.nic-svc.net
mof-gov-np.dwnlld.info
mofa-gov-np.live-co.org
mofa-gov-np.net-src.info
moitt-gov-pk.dwnlld.info
probashi-gov-bd.mail-govt.org
probashi-gov-bd.net-src.info
wnic-svc.net
www-cbsl-gov-lk.dwnlld.infomfa-gov-lk.dwnlld.info
www-erd-gov-lk.dwnlld.info
www-presidentsoffice-gov-lk.dwnlld.com
www-treasury-gov-lk.org-liv.net
xcfhg.dwnlld.info

# Reference: https://x.com/suyog41/status/1925828628517921245
# Reference: https://www.virustotal.com/gui/file/b7a703096c719d8c70f7ce8f586ed83d50975982c83c5bf48e6faff626c6bdee/detection

net-src.org
mod-gov-bd.net-src.org
pmo-gov-pk.net-src.org

# Reference: https://x.com/TLP_R3D/status/1926147062552223856
# Reference: https://x.com/volrant136/status/1926301843916734747

http://185.159.128.117
http://31.58.137.246
http://31.15.17.230
http://46.8.226.5
185.159.128.117:443
31.58.137.246:443
31.15.17.230:443
46.8.226.5:443
acfinang.shop
anefank.mom
asfinnagg.shop
asfrimag.mom
asfrimamg.mom
eairr.mom
eneralbqark.shop
ier-modile.shop

# Reference: https://x.com/volrant136/status/1926564282252120128

mfagov.info
mfagov.net

# Reference: https://x.com/volrant136/status/1926559917101494717

paknavy.info

# Reference: https://www.virustotal.com/gui/ip-address/62.72.22.91/relations
# Reference: https://www.virustotal.com/gui/ip-address/92.113.21.70/relations

gbpay.gov.pk
pmrugb.gov.pk
gbpay.pmrugb.gov.pk
test.gbpay.gov.pk

# Reference: https://x.com/volrant136/status/1927753865471918171

consmofa-gov-pk.com
gov-pk.com
spfc-punjab-gov-pk.com
armslicensekpk.gov-pk.com
dlimspunjab.gov-pk.com
dlimssindh.gov-pk.com
fbr.gov-pk.com
licenseinterior.gov-pk.com
mail.gov-pk.com
ministryofinteriorlicense.gov-pk.com
ministryofinteriorpermit.gov-pk.com
nadra.gov-pk.com
pakvisanadra.gov-pk.com
permitinterior.gov-pk.com
permitsinteriors-gov-pk.com
ptpkp.gov-pk.com
punjabpolice.gov-pk.com
scandalsofallovertheworld.gov-pk.com

# Reference: https://x.com/suyog41/status/1927704786981224607
# Reference: https://www.virustotal.com/gui/ip-address/46.30.189.18/relations
# Reference: https://www.virustotal.com/gui/file/dec609e4b53e1b9b5fd9ec72f2c012324b25e9eb0539b0d454e89c4bd2e3bd5c/detection

ndma-govpk.co
advisory.ndma-govpk.co
confidential.ndma-govpk.co

# Reference: https://www.virustotal.com/gui/ip-address/34.216.117.25/relations

ndma-govpak.org

# Reference: https://x.com/malwrhunterteam/status/1928777698526044415
# Reference: https://x.com/volrant136/status/1928856220292571240
# Reference: https://x.com/volrant136/status/1928905494892003331

47.236.177.123:9090
boundschain.workers.dev
themegaprovider.ddns.net
blue-term-c168.gov-pkgov.workers.dev
restless-brook-f09b.boundschain.workers.dev

# Reference: https://app.validin.com/lookalikes?limit=1000&lookback=90&depth=0&find=pmo-gov-pk (# 2025-06-11)

pbm-gov-pk.ignitebiz.de
pqa-gov-pk.workers.dev
pta-gov-pk.workers.dev

# Reference: https://x.com/suyog41/status/1934520152726413764
# Reference: https://www.virustotal.com/gui/file/2aec3dcec0274b498bd5e6996a7ff835980953485f5a96f105bfa8f4eceda98a/detection
# Reference: https://www.virustotal.com/gui/file/cfc62931fafc8e73986d80743215e6d3a4c345c387c2654c3a42968906811f4d/detection
# Reference: https://www.virustotal.com/gui/file/a5f3bffd4adbbc344d1b81c7673d6b037713da07baa4b0a0838780436d182946/detection
# Reference: https://www.virustotal.com/gui/file/9a2ccd6340020c3f4b5ebbdba16b260fd2869e37c43a7a01fcfa17f2d4438f25/detection

downld.org
mod-gov-bd.downld.org
mofa-gov-bd.downld.org
mofa-gov-np.downld.org
pubad-gov-lk.downld.org
www-erd-gov-lk.downld.org
www-treasury-gov-lk.downld.org

# Reference: https://x.com/volrant136/status/1936332922849566845
# Reference: https://www.virustotal.com/gui/ip-address/185.233.166.156/relations
# Reference: https://app.validin.com/detail?find=3004e97990e49dc01e5377263f9cd5a75f1d0c7c3bf16cc596be5c84c510c96e&type=hash&ref_id=6f07ea3f6ef#tab=host_pairs

inkora.org
power-govpk.org
mail.power-govpk.org

# Reference: https://x.com/volrant136/status/1936722517433213141

interior-gov-pk.com

# Reference: https://x.com/volrant136/status/1937176053765853314

pkgov.xyz
api.pkgov.xyz
sco.pkgov.xyz
wapda.pkgov.xyz

# Reference: https://x.com/volrant136/status/1937546185109029284

cons-mofa-gov-pk.rf.gd
cons-mofa-govt.pk
consmofagovhqipk.com

# Reference: https://x.com/Cyberteam008/status/1938086890411893240

advancedhealth.medicallab.site
armslicense.interiorgovt.com
chughtai.medicallab.site
cons.mofa.gov.pk.cons1.mfa-ir.cn
dlimspunjabgovpk.com
dlimssindh.gov-pk.site
fir.islamabadpolice.gov-pk.site
gov-pk.site
interiorgovt.com
interiorministrypk.com
khanlab.medicallab.site
kpkarmslicense.site
license.interiorministrypk.com
licenseinterior.gov-pk.site
madhouse.cloud
mail.dlimspunjabgovpk.com
mail.gov-pk.site
medicallab.site
mfa-ir.cn
ministryofinteriorlicense.gov-pk.site
ministryofinteriorpermit.gov-pk.site
nadra.gov-pk.site
nims.nadra.gov-pk.com
pakvisanadra.gov-pk.site
permitinterior.gov-pk.site
punjabpolice.gov-pk.site
vmi1789770.contaboserver.net

# Reference: https://x.com/volrant136/status/1938595504843051137

punjabgovpk.org

# Reference: https://x.com/volrant136/status/1938601633123868683

punjabsafecities.com

# Reference: https://x.com/volrant136/status/1938850528672313834

interiorministrygov.site
interiorsgovpk.site
ministryofinterior.shop

# Reference: https://x.com/volrant136/status/1938848055022833806

interiorgovpk.site

# Reference: https://x.com/volrant136/status/1939225148021784776

bd.mofa-govbd.com
erd.gov.lk.mofa-govbd.com
ftp.mofa-govbd.com
gov.bd.mofa-govbd.com
gov.lk.mofa-govbd.com
lk.mofa-govbd.com
mail.mofa-govbd.com
mhapsd.gov.bd.mofa-govbd.com
mod.mofa-govbd.com
mofa-gov-bd.com
mofa-govbd.com
mofa-govbd.org
mofa.gov.bd.mofa-govbd.com
mofagovbd.com
nvloi.mofagovbd.com
tod.treasury.gov.lk.mofa-govbd.com
treasury.gov.lk.mofa-govbd.com
yahoo.com.mofa-govbd.com

# Reference: https://x.com/volrant136/status/1939737733024415965

islamabadpolice.org

# Reference: https://x.com/volrant136/status/1939739683023421890

mofa-govpk.co
mofagovpk-hq.co
mofagovpk.co
cons.mofagovpk.co

# Reference: https://x.com/volrant136/status/1939744960170885468

safecityctd.com

# Reference: https://x.com/volrant136/status/1940461337936646467

aku-edu-pk.org
alphapolice.org
kptgov.org
news-pk-media.news
punjab-bankpk.org
punjab-pk.org
punjabpolice-pk.org
samaa-tv.com
turkavic.org
vmi2186317.contaboserver.net

# Reference: https://x.com/volrant136/status/1941881061492785292
# Reference: https://app.validin.com/detail?find=b39c305a502803d29b370488c7e55f2879d57358&type=hash&ref_id=6a40730d8aa#tab=host_pairs (# 2025-07-07)

allpakarmlicences.com
allpakarmslicence.com
allpakarmslisense.site
armlicensepk.site
bookutrips.com
govpk.site
licenceinteriorministrypk.com
ministryofinteriorlicense.govpk.site
pakarmslicense.com.pk
pakarmslisense.com
pakistanarmslicense.com
vehicleverificationsystem.com
licenseinterior.govpk.site
mail.allpakarmslicence.com
mail.licenceinteriorministrypk.com
mail.pakarmslicense.com.pk

# Reference: https://x.com/volrant136/status/1942261847438090310

psw-gov-pk.net

# Reference: https://x.com/volrant136/status/1942665553652637966

nastp-govpk.com

# Reference: https://x.com/suyog41/status/1942892749822566737
# Reference: https://www.virustotal.com/gui/file/c0b4d57dd0a8fe415b35ee452818a6ffe695c75d559bd92324771d9f663ebe14/detection
# Refereence: https://www.virustotal.com/gui/file/9c62d86d67b89032ab8bf10049d367f12608e495c5cd6f57c72ddff57791d69e/detection

army-lk.info
feedback.army-lk.info
invitation.army-lk.info

# Reference: https://x.com/volrant136/status/1943411984407343140

bd-govt.com
bd-govt.info
bdgovt.com
brebd-govt-bd.online

# Reference: https://x.com/volrant136/status/1943411876236230991

mofa-govtpk.net
bd.mofa-govtpk.net
bgb.gov.bd.mofa-govtpk.net
cabinet.gov.bd.mofa-govtpk.net
cbsl.lk.mofa-govtpk.net
gov.bd.mofa-govtpk.net
gov.lk.mofa-govtpk.net
lk.mofa-govtpk.net
mod.gov.bd.mofa-govtpk.net
mofa.gov.bd.mofa-govtpk.net
mopa.gov.bd.mofa-govtpk.net
presidentsoffice.lk.mofa-govtpk.net
pubad.gov.lk.mofa-govtpk.net

# Reference: https://x.com/volrant136/status/1943411794501931421

ptpkp-govt.site

# Reference: https://x.com/GroupIB_TI/status/1927692817599545555
# Reference: https://x.com/suyog41/status/1947177091893805561
# Reference: https://www.virustotal.com/gui/ip-address/5.230.249.5/relations
# Reference: https://www.virustotal.com/gui/file/34e1f529b6ea80483b92ce9604a1028db9133581869690376f9ddfb47cfb6fd9/detection
# Reference: https://www.virustotal.com/gui/file/d92961b536f1f8229208b2cd8c099dfaae67219ea6b55cd58e7c90daa4d8fc52/detection

info-bdgov.com
advisory.info-bdgov.com
feedback.info-bdgov.com
input.info-bdgov.com
nomination.info-bdgov.com
note.info-bdgov.com

# Reference: https://x.com/volrant136/status/1945535021890040150
# Reference: https://www.virustotal.com/gui/ip-address/46.30.191.184/relations

bdgov.info
afdinfo786.bdgov.info

# Reference: https://x.com/ThreatBookLabs/status/1947112060321714517
# Reference: https://www.virustotal.com/gui/file/4f008754902cfc8380f6fc4d9b8d93ac095d9cf3273b544c0aa1cf3d803ea623/detection

167.86.94.42:18745
/api/root_3977413298779/hello
/api/root_3977413298779/upload

# Reference: https://x.com/volrant136/status/1947733875385421848

dlimskpk-gov.com.pk

# Reference: https://x.com/volrant136/status/1947740571042201898

consmofagov.com
dlimpunjabgov.com
dlimsindhgov.com
dlimsitp-gov.com
hec-gov.com

# Reference: https://x.com/volrant136/status/1949199453102985695

www-navl-com-lk.pages.dev
www-officialregistration-accounts.netlify.app

# Reference: https://x.com/volrant136/status/1949543032547582120

mail-mod-gov-np-account-file-data.netlify.app

# Reference: https://x.com/volrant136/status/1949549269410545920

www-srilankanavy-cabinet-decision.netlify.app

# Reference: https://x.com/volrant136/status/1949896689864540232

encrypted-files-paknavy-0pen.netlify.app

# Reference: https://x.com/volrant136/status/1949896889966505997

mail-sessionexpired.com
all-files.mail-sessionexpired.com

# Reference: https://x.com/volrant136/status/1949867469012685147

mail-mod-gov-bd-account-conf-files.netlify.app

# Reference: https://x.com/volrant136/status/1950950797736329381

axigen-web-expired-paknavy-files.netlify.app

# Reference: https://x.com/volrant136/status/1950951163748118935

exmail-qq-drive.com
/cetcc/crud.php

# Reference: https://x.com/volrant136/status/1951339364585447465

mail-modp-gov-pk-view.netlify.app

# Reference: https://x.com/volrant136/status/1951339826235711650

pnra-gov-view.000webhostapp.com

# Reference: https://x.com/volrant136/status/1952014499172495781

mail-baf-mil-bd-account-data-files-document.pages.dev

# Reference: https://x.com/volrant136/status/1952014981278355879

mailbox3-inbox1-bd.com

# Reference: https://x.com/ThreatBookLabs/status/1952157611350241612
# Reference: https://app.validin.com/detail?type=dom&find=mailcloucl.com#tab=host_pairs

coremailcloud.com
demsflygerxamy.com
mailcloucl.com
oilplus1td.com
vistavue.shop
cloud.coremailcloud.com
mail.oilplus1td.com
mail.demsflygerxamy.com
qq.mailcloucl.com
server.oilplus1td.com

# Reference: https://x.com/wa1Ile/status/1953339615714386101
# Reference: https://www.virustotal.com/gui/ip-address/88.119.161.40/relations
# Reference: https://www.netskope.com/blog/a-look-at-the-nim-based-campaign-using-microsoft-word-docs-to-impersonate-the-nepali-government

govaf.org
24170-40494.bacloud.info
andc.govaf.org
dns.andc.govaf.org
e-nothi.ddns.net
edgeupdate.redirectme.net
mail-bccgov.gotdns.ch
mail-bccnetdd.ddns.net
mail.andc.govaf.org
mail.mobta.govaf.org
mail.moi.govaf.org
mobta.govaf.org
moi.govaf.org
winhost.redirectme.net
winupdate.redirectme.net

# Reference: https://hunt.io/blog/apt-sidewinder-netlify-government-phishing

dgdp-account-file-data-doc-procuremen.netlify.app
dgdp.cloud.secured.file.updatemind52.com
dgfi.gov.bd
drive-rokectsaans-com-tr-account-file.netlify.app
drive-roketsans-com-tr-account-files.netlify.app
gov.bd.account.file.updatemind52.com
idef-2025-conf-data-file-tr-account-d.netlify.app
idef2025-com-tr-files-drive-account.netlify.app
mail-aselsans-com-tr-account-files-da.netlify.app
mail-bof-gov-file-account-conf-files.netlify.app
mail-dgfi-gov-bd-accounts-file-data-d.netlify.app
mail.gov.bd.account.file.updatemind52.com
mailbox-inbox-bd.com
police.gov.bd.updatemind52.com
webmail.police.gov.bd.updatemind52.com

# Reference: https://x.com/volrant136/status/1954575077359698237

drive-afd-gov-bd-account-file.netlify.app
drive-army-mil-bd-account-data-file.netlify.app
drive-bcc-registraion-cloud-storage.netlify.app
drive-newmail-arm-mil-bd-account-data.netlify.app
embassy-of-italy-visit-to-cxb.netlify.app
mail-account-data.github.io
mail-bof-gov-bd-cas-visit.netlify.app
newmail-army-mil-bd-pso-meeting-file.netlify.app

# Reference: https://x.com/volrant136/status/1954576749125304709

agenda-talking-point-for-army.up.railway.app
d515dc5c-16cd-4443-8f83-0ab5cb549050.us-east-1.cloud.genez.io
dbarny-fdtref.up.railway.app
mail-arny-nil-db.up.railway.app
mail-download-army-mii-bd.up.railway.app
newmailarmyy-53ufzg0t.b4a.run

# Reference: https://x.com/volrant136/status/1955663006303699041

101c4a583c3acdd2a06ca2fb183cf995fgd55fghf67dhf7dhf7dhnfks7.pages.dev
arf26th-hducim-kdu-ac-lk-index-html.pages.dev
click-here-to-keep-same-password.netlify.app
fcgzbgcvzsgrjbnndsfdsdfffcffgzsfwferfvd4hfgtyghjtghjrhgts.pages.dev
mail-airforce-lk1b8470bce36a0e858a410b4169b23e1c.pages.dev
mail-army-sl-dte-of-welfare-session-out.pages.dev
mail-kdu-lk-inbox-interanl-memo.pages.dev
mail-preview-trainingcollabration-bangladesh-srilanka.pages.dev
mail-prevlew-jointworkshop-training-srilanka-bangladesh.pages.dev
nsvay8faydj3f79dje9djr02j101c4a583c3acdd2a06ca2fb183cf995.pages.dev
p2m3o4j3j101c4a583c3acdd2a06ca2fb183cf995mrfi34ur9rj40fm49.pages.dev
saffsdf-fgjhhgj-fhfgjrt65df-tfgy54hgf.netlify.app
sdfgsdfsdhfgdfgdsgfsdjfdjsghfsdgfjkdsfdsbfbsdfjksdkjfdsfks.pages.dev
sdfsdgfsd-sdfjdgsjff-sdfg44gdfgjf-dfghkjfdhkj-dfgklhfghklf.pages.dev
www-airforcelk-preview-com.netlify.app

# Reference: https://x.com/volrant136/status/1956738787243139245

a6dff163-e0b9-49c9-87e4-357f761f3c3b.us-east-1.cloud.genez.io
gmail-1-production-3004.up.railway.app
gmails-downloadnew-production.up.railway.app
gmals-downloadpdfs-gdrive.up.railway.app
gpk-production.up.railway.app
mail-doc-download-pdf.up.railway.app
minutes-interministryproduction.up.railway.app
ngmail-downloadsnew-pdf.up.railway.app
sg21-production.up.railway.app

# Reference: https://x.com/ThreatBookLabs/status/1957623577643217181
# Reference: https://www.virustotal.com/gui/file/2185e15486256a3bf16176f54e765a76fd9b96cb3800920402a137bdc698e7da/detection
# Reference: https://www.virustotal.com/gui/file/5dca94edf42e5578edccf63a51790e68ec46fa0fb6377c884b056339cfb58dac/detection

149.102.131.122:41521

# Reference: https://x.com/__0XYC__/status/1955863170712530987
# Reference: https://app.validin.com/detail?type=hash&find=f7ea7521e47f6071c33f72316691557f#tab=host_pairs (# 2025-08-19)

modcloudspace.com
moddirectoratecloud.com
myanmar-org-mail.com
app.modcloudspace.com
mail.modcloudspace.com

# Reference: https://www.virustotal.com/gui/ip-address/36.50.40.202/relations

centralized-email-system-np.com
inboxofficial-bd.com

# Reference: https://strikeready.com/blog/apt-android-phishing-microsoft/
# Reference: https://research.checkpoint.com/2024/foxit-pdf-flawed-design-exploitation/
# Reference: http://malasada.tech/open-directory-search-leads-to-aged-apt-c-35-findings/
# Reference: https://app.validin.com/detail?type=hash&find=9d38a97bccfc3cffbb72786a0c02ce140e6ef25b#tab=host_pairs (# 2025-08-19)

quickhelpsolve.com
updatemind52.com
combined-training-and-administrative.netlify.app
coordination-cas-visit.netlify.app
drive-baf-mil-bd-share-file.netlify.app
goc-visit-program-details-pdf.netlify.app
mail-afd-gov-bd-account-error-issues.netlify.app
mail-baf-mil-bd-fils-cas-visit-to-chi.netlify.app
mail.baf.mil.bd.pdf.quickhelpsolve.com
mail.bcc.gov.bd.pdf.quickhelpsolve.com
mail.drive.gov.bd.files.updatemind52.com
newmail-army-mil-bd-owa-apth-mail-dat.netlify.app
sdkfjsh23-sdfgdklhg4-efglhdfg4-dfgjkl.netlify.app

# Reference: https://x.com/suyog41/status/1958766748804817302
# Reference: https://www.virustotal.com/gui/file/4efcee12fc15253ffbfc6c85076e0d675a2210a081a23e59f9b0364fb4279c04/detection
# Reference: https://www.virustotal.com/gui/file/29afca6e2c38105952012a51e5b40b789bc5fb9bc7c73e33c399df4b2d58999b/detection
# Reference: https://www.virustotal.com/gui/file/7cac51f6941028cf7e77722484e2ced8eb43511f1b1b8d99f6e17703534103de/detection
# Reference: https://www.virustotal.com/gui/file/7dc75ac10f838a418f18bf69d867dc77bc36a3342165737d1b9bce9582a8d8b4/detection
# Reference: https://www.virustotal.com/gui/file/2e48dc76c7cd8cc59db6114359fc6b7cdcc2f883becb7f91c3d59ba42e2f7cb7/detection

army-bd.com
nomination.army-bd.com

# Reference: https://x.com/volrant136/status/1959269610600968526

http://112.13.121.89
cgwic-sessionexpired-challenge.pages.dev
cgwic-sessionexpired-challenges.pages.dev
dacastexpo.com
expo.com.cn.mail-files-open-preview.com
expo.infinityfreeapp.com
expo.test-links.com
file-preview-session-expired.pages.dev
gleaming-praline-dcd579.netlify.app
i737461746963o6578706fo646576z.oszar.com
jingjang-duduva.000webhostapp.com
l0gin-cetc1-files-0pen-expired.netlify.app
mail-files-open-preview.com
mail.biitt.cn
meeting-rigistration-defence-attache.netlify.app
meeting-rigistration-embassy.netlify.app
plaaf-a1irshow-registrati0n-2024.netlify.app
plaaf-zhuhaiairshow-registration-2024.netlify.app
pr-21356.expo.dev
preview-attachments-f1les-0pen-pdf.netlify.app
session-expired-file-download-cetcimail.pages.dev
tamhuudung.com
timoney.getexpo.com
we-are-under-gain.000webhostapp.com
wpda-mom-meeting-invitation-letter.netlify.app
zhuhai-a1rsh0w-reg1strat1i0n-2o24.netlify.app

# Reference: https://x.com/volrant136/status/1959704085298663626

mailscodomain-hubenkks.b4a.run

# Reference: https://x.com/volrant136/status/1959693263897813084

101c4a583c3acdd2dfgn54990fgmkl5i90ghml569ig06ca2fb183cf995.pages.dev
101c4a5fdjfjkf8fg90fksd9dfslsd0fk83c3acdd2a06ca2fb183cf995.pages.dev
d101c4a583c3acdd2a06ca2fb183cf99d6fm7fjdf8djf9lfjf4mfi89.pages.dev
dnsvay8faydj3f79dje9djr02j101c4a583c3acdd2a06ca2fb183cf995.pages.dev

# Reference: https://x.com/__0XYC__/status/1960328082746753424

posta-nhq43i6x.b4a.run

# Reference: https://x.com/volrant136/status/1962212071275368628

101c4a583c3acdd2afd06ca2fb183cf995sdfsdh54jkdfgh54893489h5.pages.dev

# Reference: https://www.virustotal.com/gui/ip-address/89.46.65.19/relations
# Reference: https://www.virustotal.com/gui/file/01c29e84ad1a5fc1f2d16a93fee1c6386aecef1a99153eccaddbca54549befd3/detection
# Reference: https://www.virustotal.com/gui/file/3068db7b9b198a82971a353cec4dd775257dd35358745bd471c6784acb05297e/detection
# Reference: https://www.virustotal.com/gui/file/cd8f065206ead30ae634397d9f9ceb715d7f8b378a23924227850c92b013ec41/detection

http://89.46.65.19
89.46.65.19:443
gwadar-port.zapto.org
social-welfare.ddns.net

# Reference: https://app.validin.com/detail?find=5.181.159.226&type=ip4&ref_id=99333d38ae6#tab=resolutions

punjabpolicegovpk.org

# Reference: https://app.validin.com/detail?find=69c8a3baf76640c8385adcc2b8ef3174ead8a1fc&type=hash&ref_id=99333d38ae6#tab=host_pairs (# 2025-09-05)

punjabgovpolice.org
punjabpolicegovernmentofpakistan.org
punjabpolicepakistan.org

# Reference: https://x.com/volrant136/status/1964037554736398445

2aeb306b-4c5f-4cc6-a7a2-6fcd96612b9d.us-east-1.cloud.genez.io
5673696e-bcf9-4a34-848d-2e6875b0561e.us-east-1.cloud.genez.io
7b1271c3-0158-4f94-b54e-d51a4be1cfc4.us-east-1.cloud.genez.io
85476ee3-a4b9-4815-bd1d-68653205e378.us-east-1.cloud.genez.io
mail-ntc-net-pk-pdf.up.railway.app
mail-ntc-net-pk.up.railway.app
posta-nhq43i6x.b4a.run
webservermail-g2689far.b4a.run
/login/?jcvjeijnasdncadasdbfdfurhtnbfgbsydbx=
/?jcvjeijnasdncadasdbfdfurhtnbfgbsydbx=

# Reference: https://x.com/blackorbird/status/1966082587098755312
# Reference: https://mp.weixin.qq.com/s/wxRSVugKHy7x1SmANQOrAA

mail163cn.info
masarh.live
downloads.masarh.live
lk.aliyumm.pro
policy.mail163cn.info
sudden.nepalarmy-milnp.info

# Reference: https://x.com/volrant136/status/1966935607483265167
# Reference: https://www.virustotal.com/gui/file/04e378b653cb975609ab637eef36bf92d26867dcd79fb90c5f7e1993019eff91/detection

cdn-caa-sco.pages.dev
8ad94e36.cdn-caa-sco.pages.dev
eede6f46.cdn-caa-sco.pages.dev

# Reference: https://x.com/Cyberteam008/status/1967811673924022458

download-doc.net
pdf-downlod.com
adobe.pdf-downlod.com
pubad-gov-lk.download-doc.net
www-cbsl-gov-lk.download-doc.net

# Reference: https://strikeready.com/blog/sidewinder-apt-leverages-nepal-protests-to-push-mobile-malware/
# Reference: https://app.validin.com/detail?find=Nepal%20Emergency%20Helpline&type=raw&ref_id=8e81c44632d#tab=host_pairs (# 2025-09-18)
# Reference: https://www.virustotal.com/gui/file/679743ceb283331b973728921406125179f56737f0b4b667f983a7303d36af78/detection
# Reference: https://www.virustotal.com/gui/file/f2b22a17835034a17d4133cf46bd1339c793b5591822f11179bcbe88b04183c8/detection

dafillio.com
playservicess.com
playsevices.com

# Reference: https://x.com/__0XYC__/status/1972166420403572852
# Reference: https://x.com/volrant136/status/1972184931284799492
# Reference: https://www.virustotal.com/gui/file/5e1cfa57771084629c2b08757f38d67f0ad28faa412090f1c6ef3fa0fd893bb3/detection
# Reference: https://www.virustotal.com/gui/file/e4aa98c1beee901871fd8a78b37b21ef886e507e65fc6499e3df3769081cd1cb/detection

buildthenations.info
hitpak.org

# Reference: https://hunt.io/blog/operation-southnet-sidewinder-south-asia-maritime-phishing

autodiscover-paa-gov-pk-auth-logon-aspx.pages.dev
dgdp-product-details-2025-turkey.netlify.app
doc-ye9wbezc.b4a.run
drive-dgdp-gov-bd-confidential-files.netlify.app
drive-dgdp-gov-bd-files.netlify.app
drive-nepal-gov-np-files.netlify.app
drive-nepal-gov.com
gooogle.files-cyber-net-pk.workers.dev
govmm.org
helpful-national-poilcy-nepla-gov-np.netlify.app
maif-piac-aero.gov-pkgov.workers.dev
mail-776f305796709f2d567e6868feaba274-gov-pk-investment.pages.dev
mail-aviation-gov-pk-pdf.pages.dev
mail-minfinance-gov-np.netlify.app
mail-mod-gov-np-download-pdf.netlify.app
mail-moha-gov-np-download.netlify.app
mail-paa-gov-pk.pages.dev
mail-suparco-gov-pk-owa-auth-logon-aspx.pages.dev
mail.pof-gov-pk.workers.dev
mailcbmgovmm.pages.dev
maill-govtnepal-gov-np.netlify.app
maill-nepalgv-gov-np.netlify.app
mall-ministryoffinance-np.netlify.app
na-gov-pk-meeting-pac.pages.dev
ntc-06gd0upz.b4a.run
owa-suparco-gov-pk-logon-aspx.pages.dev
owa-suparco-gov-pk-owa-autho.pages.dev
secure-ntc.net
technologysupport.help
uploads.ptcl-gov-pk.workers.dev
verify.mod-defence-lk.workers.dev
viewpdfonline-1wgtaeus.b4a.run
webmail-hubpower-com-error.pages.dev
webmail.cybar-net-pk.workers.dev
workermdxxx.naychilin-pk.workers.dev
www-foreignaffairs-nepal-com.netlify.app
www-nepalgovernment-genz-agendapdf.netlify.app

# Reference: https://x.com/volrant136/status/1975244229287846383

mail-moitt-gov-pk-meeting-sun-committee.pages.dev

# Reference: https://x.com/volrant136/status/1976333787400409330

email-sco-gov-pk.zeabur.app

# Misc.

cb-govt.com
ik-gost.ru
pakgovt.online
pakgovt.site
pk-go.net
pk-gods.com
pk-post.top
pk-soft.online
pkgovk.info
pm-gov.cloud
ptgovt.top
ptt-govt.blog
ptt-govt.ink
ptt-govt.lat
pttgovt.bond
pygovt.com
uk-gov.cyou
uk-gov.icu
uk-gov.qpon
uk-gova.today
