# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt-c-56, sidecopy, falseflag, apt36, mythic leopard, actionrat, elizarat, fetarat, scarimson, crimsonrat, seedoor, sindoor, getarat, reverserat, drat, tag-140, G0134

# Reference: https://twitter.com/Timele9527/status/1144069969845481474
# Reference: https://app.any.run/tasks/69351273-5fd3-4590-a5a5-da639f86f9ec/
# Reference: https://www.virustotal.com/gui/file/bf34be94275f5b05d82b3805bccb30f217020d88f501d156324f98b5eda9ba7e/detection
# Reference: https://www.virustotal.com/gui/file/071c2ac354452d484a37e7af15dd4685061dd4af93abad4308f41df673132ff0/detection

192.99.241.4:4915

# Reference: https://twitter.com/Timele9527/status/1130670958971215873
# Reference: https://www.virustotal.com/gui/file/386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef_Tencent%20HABO.html

95.168.176.141:4864
95.168.176.141:16672

# Reference: https://twitter.com/HONKONE_K/status/1122327639249698816
# Reference: https://www.freebuf.com/articles/network/197398.html

bdrive.club
bdrive.space
cloudserve.online
cynqms.com
data-backup.online
firebasebox.com
scan9t.com
tprlink.com

# Reference: https://twitter.com/Timele9527/status/1121607912676261890
# Reference: https://www.virustotal.com/gui/file/b80635fed8c7fce92385ddb66fb6f58337a8a150c4a1d158888adaa8db0cfebc/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/b80635fed8c7fce92385ddb66fb6f58337a8a150c4a1d158888adaa8db0cfebc_Tencent%20HABO.html

peechtrees.com

# Reference: https://twitter.com/HONKONE_K/status/1104951156730544128
# Reference: https://www.virustotal.com/gui/file/500f8798dd582b22928097f24d8516893beb84d155f5a2a6ebf30bbcf4d91dae/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/500f8798dd582b22928097f24d8516893beb84d155f5a2a6ebf30bbcf4d91dae_Tencent%20HABO.html

81.17.56.226:3864

# Reference: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf

178.238.228.113:7861
178.238.235.143:80
178.238.235.143:9001
193.37.152.28:9990
213.136.87.122:10001
5.189.143.225:11114
5.189.145.248:10032
5.189.145.248:1453
5.189.145.248:6318
62.4.23.46:1500
ad2.admart.tv
afgcloud7.com
avadhnama.com
bbmdroid.com
bbmsync2727.com
bhai123.no-ip.biz
bhai1.ddns.net
brooksidebiblefellowship.org
cdrfox.xyz
intribune.blogspot.com
lolxone.com
mvssync8767.com
ordering-checks.com
thefriendsmedia.com
sahirlodhi.com
sms.totalworthy.com
sudhir71nda.no-ip.org
winupdatess.no-ip.biz
comdtoscc.attachment.biz
ceengrmes.attachment.biz
email.attachment.biz
fileshare.attachment.biz

# Reference: https://twitter.com/Timele9527/status/1167626219916972032

kmcodecs.com

# Reference: https://twitter.com/Timele9527/status/1186816375857139712

isroddp.com
/rEmt1t_pE7o_pe0Ry/

# Reference: https://twitter.com/Arkbird_SOLG/status/1219769450989334528

198.46.177.73:6421
198.46.177.73:4920
198.46.177.73:10422
198.46.177.73:14823
198.46.177.73:16824

# Reference: https://twitter.com/_re_fox/status/1232402275181703169

185.136.163.197:4442

# Reference: https://twitter.com/_re_fox/status/1226344529046929408

awsyscloud.com
/E@t!aBbU0le8hiInks/
/H!pT0pNSc3nd/
/eNn!T5eals/
/Pon0N.php
/Cor2PoRJSet!On.php
/f3dlPr00f.php
/pR0T5o-Niums.php
/Dev3l2Nmpo7nt.php
/xwunThedic@t6.php

# Reference: https://twitter.com/spider_girl22/status/1246082462649683968
# Reference: https://twitter.com/teamcymru_S2/status/1382724143444004866
# Reference: https://www.virustotal.com/gui/file/94fc14e5c961c1dd8ff63330f0bdd11c8f5e1563468d7d35127ae486144c3dd2/detection
# Reference: https://www.virustotal.com/gui/file/736c9682399885ca1219cb10472b406d381ce66bd3a5cdc919cb28ee59b898fe/detection

107.175.1.103:14686
107.175.1.103:3268
107.175.1.103:5418
107.175.1.103:7646
107.175.1.103:9348

# Reference: https://twitter.com/ShadowChasing1/status/1250303709013147650
# Reference: https://www.virustotal.com/gui/file/3c7eb76db2a503d495d1332dc50acbcf511d56a6ff5a7f1a5f9c16c5efc10b5d/detection

64.188.25.205:3692

# Reference: https://twitter.com/ShadowChasing1/status/1257268847175860224
# Reference: https://twitter.com/KodaES/status/1257265452654497792
# Reference: https://app.any.run/tasks/250c2c2d-fdfb-4f46-8565-a9b2538c1ace/

107.175.64.251:6286

# Reference: https://twitter.com/_re_fox/status/1286826493335805953
# Reference: https://www.virustotal.com/gui/file/99b24003e4d5a19430653760db6492d920dfda94194ba8aaa9e82d2949aab740/detection

164.68.101.194:3312

# Reference: https://twitter.com/ShadowChasing1/status/1296988003911360516
# Reference: https://www.virustotal.com/gui/file/e91836bbf90b1eafd5cdcf8868408309470d4a06c5239dfee7dd74eca1a7f222/detection

64.188.12.126:4676

# Reference: https://securelist.com/transparent-tribe-part-2/98233/
# Reference: https://otx.alienvault.com/pulse/5f46861db7f081f8c83140dc

http://212.8.240.221
212.8.240.221:5987
sharemydrives.com
sharingmymedia.com
tryanotherhorse.com

# Reference: https://twitter.com/ShadowChasing1/status/1311590568674291712

servicesmail.site

# Reference: https://twitter.com/DeadlyLynn/status/1318006847949819912
# Reference: https://www.virustotal.com/gui/file/d4b36731cb37ad05b0b9678b568c10a56f2e84967b393b626afb19d2df41c9b9/detection

173.249.14.104:6630

# Reference: https://twitter.com/ShadowChasing1/status/1337000347810729984
# Reference: https://www.virustotal.com/gui/file/6257ab26547f390bfd67d60766a708a95998452eb487d6d7208a52dc3e9840e0/detection

198.12.90.116:3691

# Reference: https://twitter.com/ShadowChasing1/status/1338077086896963584
# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1338177112059088903
# Reference: https://www.virustotal.com/gui/file/2714b12d0c65cb6fe783571a2d103866c4059f40b2905f58a6cd5de80eefeb73/detection
# Reference: https://www.virustotal.com/gui/file/26a4d9bd2961d724ef07aaec5cbbd120891c600ab7932e5e4ddef38aa3ee9700/detection

89.249.65.206:4816
89.249.65.206:49483

# Reference: https://twitter.com/ShadowChasing1/status/1338507666373558273
# Reference: https://www.virustotal.com/gui/file/48f662986a80c5c73a878b0f46cd7e3a548e556ad9c3f76c4eb867968b240eaf/detection

172.217.15.110:4876

# Reference: https://twitter.com/ShadowChasing1/status/1360018043703762945
# Reference: https://www.virustotal.com/gui/file/86d43578ba26f02cf845f16a38ab29a48ad86c17f4a2ec3b69fc0d5fe82b4af7/detection

64.188.25.143:4586

# Reference: https://twitter.com/h2jazi/status/1367102521400053767
# Reference: https://twitter.com/h2jazi/status/1367105848544284676
# Reference: https://twitter.com/teamcymru_S2/status/1367436864941150208
# Reference: https://www.virustotal.com/gui/file/f6bec3c2d0503978f88734c6d52f2a01552c1d24b8e014ab835827ba3c9cc548/detection

23.254.119.118:11214
23.254.119.118:15822
23.254.119.118:17443
23.254.119.118:6128
23.254.119.118:8761

# Reference: https://twitter.com/InQuest/status/1368879546695618561
# Reference: https://twitter.com/ShadowChasing1/status/1368902119051325447
# Reference: https://www.virustotal.com/gui/file/d0a5ffa3b9c40eb1e4277e7c41a100b0836c9424b36fb9bbe281711c0b116883/detection

173.249.14.104:4568
templatesmanagersync.info

# Reference: https://twitter.com/modubyk/status/1215690858131066881
# Reference: https://www.virustotal.com/gui/file/3cbb07af5c85a539ba970bd831de6ad53473afe6d99b3cdbb963711e2b1ee9c3/detection
# Reference: https://www.virustotal.com/gui/file/fde8b0e2ce949e09070d6788194f63131070afab0ebd479bedd545091e7cc8aa/detection

cfrbackup.com
/P0urWa1t3_r!es/
/P0urWa1t3_r!es/iptonps.php

# Reference: https://twitter.com/h2jazi/status/1374754308676280323
# Reference: https://www.virustotal.com/gui/file/8bd2a1aa58cd9fb15ce499be7131e810abbdcc7770806ebfbd83b8e8f701c5e4/detection

75.119.139.169:4568

# Reference: https://twitter.com/ShadowChasing1/status/1374713010472685569

185.136.169.155:8761

# Reference: https://twitter.com/h2jazi/status/1385577616606961664
# Reference: https://www.virustotal.com/gui/file/f87d8b4376bdb341964801a836bb7ae4843351ded70801d401e951cbbe05d613/detection

167.160.166.177:4698

# Reference: https://team-cymru.com/blog/2021/04/16/transparent-tribe-apt-infrastructure-mapping/

134.119.181.15:6818
134.119.181.15:8561
134.119.181.15:8861
151.106.14.125:14618
151.106.14.125:16418
151.106.14.125:3468
151.106.14.125:8722
151.106.19.220:2682
172.245.247.112:11824
172.245.247.112:14624
172.245.247.112:8666
172.245.87.12:12447
172.245.87.12:18856
172.245.87.12:4586
172.245.87.12:8443
173.212.192.229:16564
173.249.22.30:10864
173.249.22.30:16582
173.249.22.30:4228
173.249.14.104:3312
173.249.14.104:9808
173.249.42.113:8148
185.136.169.155:11214
185.136.169.155:15882
185.136.169.155:17443
185.136.169.155:6128
185.174.102.105:54131
198.12.90.116:3691
198.12.90.116:4684
198.12.90.116:6582
23.254.119.11:3163
23.254.119.11:4828
23.254.119.11:5661
23.254.119.11:6614
45.32.151.155:11427
45.32.151.155:12835
45.77.246.69:16185
5.189.134.216:5156
64.188.12.126:12824
64.188.12.126:49747
64.188.12.126:9666
64.188.25.206:11422
64.188.25.206:16621
64.188.25.206:4125
64.188.25.206:6522
66.154.113.38:3878
66.154.113.38:8666

# Reference: https://twitter.com/ShadowChasing1/status/1385561727559864321
# Reference: https://www.virustotal.com/gui/file/fafcbb35db7cd2725d2f3f4268ffb32390f0e7602263841914fae72f37baca5b/detection

109.236.85.16:5987
myabcxyz1.ddns.net

# Reference: https://twitter.com/ShadowChasing1/status/1387357625013080064

167.86.89.53:1443
167.86.89.53:16688
167.86.89.53:24619
167.86.89.53:6118
167.86.89.53:8843

# Reference: https://twitter.com/cyber__sloth/status/1383394061965348867
# Reference: https://twitter.com/ShadowChasing1/status/1383217637853831169
# Reference: https://twitter.com/_re_fox/status/1383207625874083841
# Reference: https://www.seqrite.com/documents/en/white-papers/Seqrite-WhitePaper-Operation-SideCopy.pdf
# Reference: https://www.virustotal.com/gui/file/54759951089f44a3918e164b8bf29c8f388cfd41f9930f81b8103852947fed93/detection
# Reference: https://www.virustotal.com/gui/file/5bc838b11eadb3fec80a7e6bb46183b868096d8c2e499bedd9c976f3d70d41b1/detection

http://161.97.142.96/htt_p
http://173.212.224.110/h_ttp
144.91.65.100:6102
144.91.91.236:6102
164.68.108.22:6102
173.212.224.110:6102
173.249.50.230:3245
drivetoshare.com
mailfourms.com
iiieyehealth.com
socialistfourm.com
updatedportal.com
mfahost.ddns.net
newsindia.ddns.net
tor-relay2.innonetlife.com
vmi192147.contaboserver.net
vmi268056.contaboserver.net
vmi296708.contaboserver.net
vmi312537.contaboserver.net
vmi314646.contaboserver.net
demo.smart-hospital.in/uploads/staff_documents/18/html/
demo.smart-hospital.in/uploads/staff_documents/18/h-xmlhttp/
demo.smart-hospital.in/uploads/staff_documents/19/Armed-Forces-Spl-Allowance-Order/html/
demo.smart-hospital.in/uploads/staff_documents/19/Defence-Production-Policy-2020/html/
demo.smart-hospital.in/uploads/staff_documents/19/Images/8534
demo.smart-hospital.in/uploads/staff_documents/19/IncidentReport/html/
demo.smart-hospital.in/uploads/staff_documents/19/ParaMil-Forces-Spl-Allowance-Order/html/
demo.smart-hospital.in/uploads/staff_documents/19/Req-Data/html
demo.smart-hospital.in/uploads/staff_documents/19/Sheet_Roll/html
demo.smart-school.in/uploads/staff_documents/9/Sheet_Roll/html
demo.smart-school.in/uploads/student_documents/12/css/
drivetoshare.com/mod.gov.in_dod_sites_default_files_Revisedrates/html
sparc.org.in/wp-content/uploads/2020/06/now/rt.rtf

# Reference: https://twitter.com/ShadowChasing1/status/1391680709207609347

londonkids.in/preschool/video/Emergency_Vaccination/css/

# Reference: https://twitter.com/KseProso/status/1392063980961734657
# Reference: https://www.virustotal.com/gui/file/2491caddf4445d9297404493c7707b54591c989b94fd4634a7afdf54c0d22e9c/detection

vmi433658.contaboserver.net

# Reference: https://twitter.com/KseProso/status/1392063980961734657
# Reference: https://www.virustotal.com/gui/file/871cab3256acdbc3c27650adde878658568a85b87e85d3e3c137bdeb4592fb2c/detection

173.249.14.104:6140

# Reference: https://twitter.com/KseProso/status/1392064101103378437
# Reference: https://www.virustotal.com/gui/file/c7dbca435039a6148dc25208f04b734465e8b7c92010ede1401d88f5f8003f2d/detection

173.249.14.104:5670

# Reference: https://twitter.com/pollo290987/status/1564886555306692608
# Reference: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
# Reference: https://otx.alienvault.com/pulse/609d7a98443a742cd63c2784
# Reference: https://www.virustotal.com/gui/file/ee4615ba6097bde423549aadac4caea4e74493f93c91ad6cfa3372f2d1fae04d/detection

139.28.36.141:6922
7thcpcupdates.info
armypostalservice.com
clawsindia.com
isroddp.com
larsentobro.com
millitarytocorp.com
pmayindia.com
tprlink.com
awsyscloud.com
cloudsbox.net
datacyncorize.com
digiphotostudio.live
drivestransfer.com
emailhost.network
file-attachment.com
filelinks.live
filestudios.net
hostflix.live
maildrive.email
mediabox.live
mediaclouds.live
mediadrive.cc
mediafiles.live
mediaflix.net
medialinks.cc
mediashare.cc
onedrives.cc
servicesmail.site
shareboxs.net
shareflix.co
sharemydrives.com
shareone.live
sharingmymedia.com
studioflix.net
templatesmanagersync.info
urservices.net
bjorn111.duckdns.org
micrsoft.ddns.net
newsupdates.myftp.org
share.medialinks.cc
social.medialinks.cc
systemsupdated.duckdns.org
tgservermax.duckdns.org
vmd41059.contaboserver.net
vmi433658.contaboserver.net
email.gov.in.attachment.drive.servicesmail.site
email.gov.in.maildrive.email
india.gov.in.attachments.downloads.7thcpcupdates.info
mail.clawsindia.com
mail.isroddp.com
mailer.pmayindia.com
mailout.pmayindia.com

# Reference: https://tria.ge/210514-fsd2fkks9a/behavioral1

5.189.134.216:12538
5.189.134.216:7218
5.189.134.216:9686

# Reference: https://twitter.com/ShadowChasing1/status/1394229310911762434
# Reference: https://www.virustotal.com/gui/file/7f800784b00354dd15eee129317a63bd3f7bb25622e898c873603e5b142cbb09/detection

5-135-125-106.cinfuserver.com

# Reference: https://twitter.com/ShadowChasing1/status/1399012433520324617
# Reference: https://www.virustotal.com/gui/file/71a8e488b3d142bfdfcc4092ac35cf32e7d5e55b68acd262d16707f6a09f9321/detection

134.119.181.142:6672

# Reference: https://twitter.com/bofheaded/status/1399384209353969667
# Reference: https://www.virustotal.com/gui/file/cad6dcfe6942bb5ac648fb25b8aa3359f1d30b6671c132ce8c7c8c3cd08e8825/detection

178.238.229.192:11884
178.238.229.192:15285
178.238.229.192:3687
178.238.229.192:6782
178.238.229.192:8529

# Reference: https://twitter.com/ShadowChasing1/status/1402526383293624323

http://167.86.75.119
selforder.in/wp-content/uploads/wp-commerce/04/05/

# Reference: https://www.virustotal.com/gui/file/d228c1186003ae37e6c9e26222782291fa97580a254e77f290b46c2376b712e4/detection

185.136.169.155:15822

# Reference: https://twitter.com/ShadowChasing1/status/1406962468010614785
# Reference: https://www.virustotal.com/gui/file/907f594f49e498f0526684e03afd76e953b46b2c4947dd260f90f2665b7ff875/detection

afghannewsnetwork.com
dadsasoa.in/font/js/images/files/My-CV/css

# Reference: https://www.virustotal.com/gui/ip-address/144.91.65.100/relations
# Reference: https://www.virustotal.com/gui/file/1ac0288aaebbe07b6145f20dc3ba2c0107ab00b47a4fe90215a784c887bad35d/detection

mmfaa.ddns.net

# Reference: https://www.virustotal.com/gui/file/149b121b8f5755bc841ddd38f8dbcb6f857b00c8943b446ab85e1706e2216bde/detection

http://144.91.65.100

# Reference: https://blog.lumen.com/suspected-pakistani-actor-compromises-indian-power-company-with-new-reverserat/
# Reference: https://otx.alienvault.com/pulse/60d2f18dfd693f4314446f84
# Reference: https://twitter.com/0xrb/status/1409729774956597250

ankaraembassy.hopto.org
certindia.chickenkiller.com
certindia.ignorelist.com
coronavirusupdate.ddns.net
coronavirusupdate.ddnsking.com
defencecyberorg.myddns.me
frankooxyz2.ddns.net
minofdefence.mooo.com
minofdefenceindia.ddns.net
pmreference.ddnsking.com
iiieyehealth.com/fonts/times/files/Call-for-Proposal-DGSP-COAS-Chair-Excellance/css/
ikiranastore.com/images/files/ist/doc/i.php
londonkids.in/echoolz/assets/css/front/hwo/DATE-OF-NEXT-INCREMENT-ON-UP-GRADATION-OF-PAY-ON-01-JAN-AND-01-JUL/css
londonkids.in/preschool/video/Emergency_Vaccination/css/
minervacollege.co.in/fonts/plugins/mrt/Image-7563/css2

# Reference: https://twitter.com/h2jazi/status/1407788867260923908
# Reference: https://www.virustotal.com/gui/file/aadaa8d23cc2e49f9f3624038566c3ebb38f5d955b031d47b79dcfc94864ce40/detection

5.189.170.84:3901

# Reference: https://www.virustotal.com/gui/file/2bb2a640376a52b1dc9c2b7560a027f07829ae9c5398506dc506063a3e334c3a/detection
# Reference: https://www.virustotal.com/gui/file/d2113b820db894f08c47aa905b6f643b1e6f38cce7adf7bf7b14d8308c3eaf6e/detection

5.189.170.84:3312
iwestcloud.com
/Pick@Whatsoever/Mac.php
/Pick@Whatsoever/Qu33nRocQCl!mbing.php
/Pick@Whatsoever/S3r&eryvUed.php
/Pick@Whatsoever/
/Qu33nRocQCl!mbing.php
/S3r&eryvUed.php

# Reference: https://twitter.com/ShadowChasing1/status/1410157094343364609
# Reference: https://www.virustotal.com/gui/file/af5dec1a8eed98bbab9c03dd76a980edc987347c43798d726b0ca538376f27be/detection

drigablockszip.sytes.net
medizz.co/wp-content/base/phr/shareddocuments/Agenda

# Reference: https://twitter.com/BaoshengbinCumt/status/1411963177626046467
# Reference: https://www.virustotal.com/gui/file/c3e56af0c0a13e8ab4e6f2269d1c15586e72f9b7a90c22980f976e6786388a03/detection

185.233.202.230:44567
templateworkshop.site
/template_storage/normal_template/template48.dot

# Reference: https://twitter.com/ShadowChasing1/status/1411991006489112582
# Reference: https://www.virustotal.com/gui/file/49387b1a799944bb19f5b83cd5a05e421bcaff8ddc59750aba800ec03c447245/detection

167.86.105.43:6588

# Reference: https://twitter.com/teamcymru_S2/status/1412397642286522368
# Reference: https://team-cymru.com/blog/2021/07/02/transparent-tribe-apt-infrastructure-mapping-2/

107.173.204.38:6576
107.173.204.38:8586

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt

digitalfilestores.com
filehubspot.com
freewindowssoftware.com
mailupdater.net
mfahost.ddns.net
mffatool.ddns.net
nscinfo.ddns.net
vmi240582.contaboserver.net
vmi281634.contaboserver.net
vmi312537.contaboserver.net
vmi369553.contaboserver.net
vmi388643.contaboserver.net
vmi420862.contaboserver.net
vmi475662.contaboserver.net
vmi489177.contaboserver.net
vmi512038.contaboserver.net
vmi532529.contaboserver.net

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/132870a1ae6a0bdecaa52c03cfe97a47df8786f148fa8ca113ac2a8d59e3624a/detection

173.249.50.230:1238
muzicmirchi.000webhostapp.com

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/71bbf2394fe4909a6ce0f7085ca41f21cf5e05e3d761620e4d7f307183fb1e1b/detection

167.86.70.194:9091

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/852612666095aec2e9f3456ec4f8a9566be2c690c8583aff6055d180507d5476/detection

167.86.70.194:9092

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/956f0f369082068ef24b76ec162cfc2119adbffda94e33e41b40f39d2f192ffe/detection

161.97.90.175:8080

# Reference: https://twitter.com/bofheaded/status/1420466901466030083
# Reference: https://twitter.com/teamcymru_S2/status/1423281518034575363
# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/57466da1095f6c28d5d7c56d171417bb796b153f1c545e846fee1743cacc15fc/detection
# Reference: https://www.virustotal.com/gui/file/772bc22f6238eb368c47f4d34fb98db9124a44b8443cee92d73c6086609fd2f1/detection

http://149.248.52.61
/vpn-update/vpn-update.php
/weisenborn/aziroboro.php

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt

144.91.65.100:3245
144.91.65.100:4145
144.91.91.236:4140
144.91.91.236:4145
149.248.52.61:2323
149.248.52.61:5656
149.248.52.61:87
149.248.52.61:89
149.248.52.61:8989
161.97.90.175:6666
164.68.104.126:3245
164.68.104.126:4140
173.212.224.110:4140
173.212.224.110:4145
173.249.50.230:1144
173.249.50.230:1244
173.249.50.230:1245
173.249.50.230:1289
173.249.50.230:3245
173.249.50.230:4145

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt

http://109.236.85.152
http://164.68.104.126
http://161.97.142.96
http://167.86.75.119
http://173.249.41.175

# Reference: https://twitter.com/Timele9527/status/1419853559860920320
# Reference: https://twitter.com/Timele9527/status/1419853918293544967
# Reference: https://www.virustotal.com/gui/file/8b20b81f05c0acebb97200b5cfa3bec23ddeb9f7307e47c9b942c6f9bee91b44/detection
# Reference: https://www.virustotal.com/gui/file/70fab64895bcfaf7e9bd713e3b3b4c354e19ff9d083285b791d43bb39c5d3253/detection
# Reference: https://www.virustotal.com/gui/file/670bf2bad23645b731a67e3299f4f1692da3bdaa711c588b17024ed916e55438/detection

122.166.149.57:8888
161.97.164.143:20121
161.97.164.143:2121
161.97.164.143:2123
161.97.164.143:2124
161.97.164.143:2122
161.97.164.143:2125
161.97.164.143:8011
161.97.164.143:9512
161.97.164.143:9515
182.188.181.224:2255
certindia.ignorelist.com
certindia.chickenkiller.com
defencecyberorg.myddns.me
email-govin.duia.eu
emailgov-in.sytes.net
kavachhost.ddns.net
nicindia.mywire.org
/005056A0A34C-X-061544/
/005056A052CF-X-445817/
/005056A05902-X-088753/
/005056A0A34C-X-061544/file.pdf
/005056A052CF-X-445817/fastag.jpg
/005056A05902-X-088753/fastag.jpg

# Reference: https://twitter.com/teamcymru_S2/status/1420446957961625602
# Reference: https://www.virustotal.com/gui/file/67a225feedc5ce4adf75acb41e8b0e746e7daaec779225cd72f860a263b92a6e/detection

191.101.172.44:11422
191.101.172.44:14624
191.101.172.44:16621
191.101.172.44:4125
191.101.172.44:6522
64.188.25.206:3389

# Reference: https://www.virustotal.com/gui/ip-address/104.227.146.200/relations

http://104.227.146.200
/KingEfulefu/
/KingEfulefu/login.php

# Reference: https://twitter.com/ShadowChasing1/status/1422452244079779841
# Reference: https://twitter.com/360CoreSec/status/1422403743354482692
# Reference: https://www.virustotal.com/gui/file/8554b5cace52a0fdf0fd3378e4df6606efb45b8ee686ed5b3c1657633405eb85/detection
# Reference: https://www.virustotal.com/gui/file/f5e7b8dddd4137ac008186a4c5e9cb644dc1bbddb61612c29c2087b1efe48974/detection
# Reference: https://www.virustotal.com/gui/file/bc3ff3fb73736649a9aad6ccb811819a912c03aaa9ec81c6fa733f1459e66af9/detection
# Reference: https://www.virustotal.com/gui/file/640ffa981ef531f5ceb98c59cfa1c65a9da9a088dc3157f78ffa0fa6cd5e8e02/detection
# Reference: https://www.virustotal.com/gui/file/72950c1a7d26f9bb6acc0e33d1cd65310db31f5b03c3b3e722ce216bb20f12fe/detection
# Reference: https://www.virustotal.com/gui/file/bc3ff3fb73736649a9aad6ccb811819a912c03aaa9ec81c6fa733f1459e66af9/detection

66.154.112.206:6188

# Reference: https://twitter.com/ShadowChasing1/status/1422914152381616134
# Reference: https://otx.alienvault.com/pulse/610baec1825b7a6f14ae8c21
# Reference: https://www.virustotal.com/gui/file/dc9002bc8fec5e678ae60285dd9fc303e87a9ea15b037be76285e41b50f62f8b/detection

149.248.52.61:91
149.248.52.61:92
149.248.52.61:93
bsnlplots.com/css/css/

# Reference: https://twitter.com/ShadowChasing1/status/1423194120512688133
# Reference: https://www.virustotal.com/gui/file/460c098565a7f5866bb96281ebada37d8e3a7f9e4112de663a05bba470e27929/detection

pafwa.info
independenceday.pafwa.info

# Reference: https://twitter.com/ShadowChasing1/status/1460614611200217093
# Reference: https://www.virustotal.com/gui/file/f79445105ab2dc3c3be899c1e1fd1adca60723f613c242ce4e0b95ee835ac82a/detection

isteandhrapradesh.in/NewSite/Admin/try/b/

# Reference: https://twitter.com/h2jazi/status/1460744936635224064
# Reference: https://twitter.com/h2jazi/status/1460744939105669132
# Reference: https://www.virustotal.com/gui/file/9836cfb7c54febcbbf2b252414dbdc95784ed429c228a363b65b7586ffcc3b0c/detection

194.233.67.90:6785
securedesk.one

# Reference: https://twitter.com/0xrb/status/1460900779175276550
# Reference: https://www.virustotal.com/gui/file/df87afed0b9bef37d4ff79b0065e95b65cb3ffd320dc258548a229720e4bf99f/detection
# Reference: https://www.virustotal.com/gui/file/ac80eb10f16f3da1651b8fcb7dbc714255f4ec9719e922baeeb3499d9bd89e23/detection

mojochamps.com
assessment.mojochamps.com

# Reference: https://twitter.com/RedDrip7/status/1486656925320183809
# Reference: https://www.virustotal.com/gui/file/476c183a7ac3435b0085d652c816b07910d081a92c83b85dfda7ba630cd4957f/detection

45.138.172.222:3691

# Reference: https://twitter.com/ShadowChasing1/status/1490988027354648576
# Reference: https://twitter.com/ShadowChasing1/status/1491261131800780810
# Reference: https://twitter.com/0xrb/status/1491021258741653511
# Reference: https://www.virustotal.com/gui/file/d15f76acb846b237956a6373bd6646ef804419dd9a9fd3c9501acc241fcddff9/detection
# Reference: https://www.virustotal.com/gui/file/46828fb51abae8b9ca21090f56d90d63270464318cd81235872a8fba35ce3064/detection

http://144.91.87.179
144.91.87.179:6659
softwiz.xyz
singleseller.blueappsoftware.com

# Reference: https://twitter.com/bofheaded/status/1491350274937868291
# Reference: https://www.virustotal.com/gui/file/14f4fe625daf1ac498d8557a4fddc67f8183f6a097e84b52f311bf436640d7cc/detection

5.189.182.93:6659

# Reference: https://twitter.com/0xrb/status/1491344919155589124
# Reference: https://www.virustotal.com/gui/file/0d7fdeea6cd1f7732db11f78c2dfd2c4bc5053b6f1bc590d3963705b4a256f22/detection

kokotech.xyz

# Reference: https://twitter.com/0xrb/status/1493801814005022723

161.97.85.89:12786
173.249.50.34:12182
198.12.91.240:18876
198.23.213.22:7776
198.23.213.22:7778
207.180.245.93:12184
209.127.19.241:10284

# Reference: https://blog.lumen.com/reverserat-reemerges-with-a-nightfury-new-campaign-and-new-developments-same-familiar-side-actor/ (# preBotHta)
# Reference: https://github.com/blacklotuslabs/IOCs/blob/main/ReverseRat2.0_NightFury_IoCs.txt

http://62.171.191.230
62.171.191.230:5310
zimbrasoft.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1494655193002266625
# Reference: https://twitter.com/malwrhunterteam/status/1494655193002266625
# Reference: https://twitter.com/JAMESWT_MHT/status/1494664440175865865
# Reference: https://app.any.run/tasks/5dc8d5eb-b9c0-4c08-b2b1-ae80cd25da62/

160.20.147.202:7421
highexpresspass.zapto.org
/softwaredailyupdate

# Reference: https://twitter.com/h2jazi/status/1495825063299403785
# Reference: https://www.virustotal.com/gui/file/656124b7148dd8c72add0bfcc1a1ec856232c9e6dd13d8ea9d0f1d0a148889a4/detection
# Reference: https://www.virustotal.com/gui/file/7d834e9caaaadd4f7e43777873550dd195d552038e7bd7ce4319f5cd51ed5c9d/detection

107.150.18.166:6849

# Reference: https://twitter.com/s1ckb017/status/1499312004426870788
# Reference: https://www.virustotal.com/gui/file/f66c2e249931b4dfab9b79beb69b84b5c7c4a4e885da458bc10759c11a97108f/detection
# Reference: https://www.virustotal.com/gui/file/d9037f637566d20416c37bad76416328920997f22ffec9340610f2ea871522d8/detection

45.147.228.195:5524

# Reference: https://twitter.com/ShadowChasing1/status/1499704398284345345
# Reference: https://www.virustotal.com/gui/file/ec9b9a711f81df91d3b243c4e90d2f33abe2dffe4ebb2ed284bd6d0e11cdfb6c/detection

gdcrvpm.ac.in

# Reference: https://twitter.com/0xrb/status/1501061897604730881
# Reference: https://twitter.com/GGGGh0st/status/1513477203828559876
# Reference: https://www.virustotal.com/gui/file/d10e90484ebdeea8a5d2b15820d067f99139a76302e3cc558d942d77fe7fb9f3/detection
# Reference: https://www.virustotal.com/gui/file/bdeb9d019a02eb49c21f7c04169406ac586d630032a059f63c497951303b8d00/detection

161.97.176.42:10019
161.97.176.42:33009
161.97.176.42:47834
161.97.176.42:57000
161.97.176.42:35010
161.97.176.52:10015
161.97.176.52:47822
sunjaydut.ddns.net
swissaccount.ddns.net

# Reference: https://twitter.com/teamcymru_S2/status/1501955807499403270

194.163.139.250:3389

# Reference: https://twitter.com/ShadowChasing1/status/1505893006070583301
# Reference: https://www.virustotal.com/gui/file/94f50d46f72e533ffceb464f2824ef1e0bb2b6638de918ced25123e741339e40/detection

inapharma.in

# Reference: https://twitter.com/0xrb/status/1506155286289326085
# Reference: https://www.virustotal.com/gui/file/2e1ebb72b3b483797564fe541e4b0bb23ec57373a825a927407c17dc107c1888/detection
# Reference: https://www.virustotal.com/gui/file/2ace3b4ea7ecacb6ef8b4da7f5c315a31663523808a685d3600bc57571c1eb83/detection

209.145.55.95:3676

# Reference: https://www.virustotal.com/gui/file/7778f344aae32175751c4f3ec2c43abe637ff6aa67d2731dfa072fd86a9c9b47/detection

209.145.55.95:6659

# Reference: https://www.virustotal.com/gui/file/94f50d46f72e533ffceb464f2824ef1e0bb2b6638de918ced25123e741339e40/detection

209.145.55.95:443

# Reference: https://twitter.com/malwareforme/status/1505935361234677760

209.145.55.95:3285

# Reference: https://twitter.com/0xrb/status/1506879902146269184
# Reference: https://www.virustotal.com/gui/file/868b3d9c6431e57b5a10b04c2c385ee4e507395224e431fdef8012c1351d5325/detection
# Reference: https://www.virustotal.com/gui/file/694e9f128904c4e456c76cff2d7534d43afb53384999fd32e4f0b72dd078385e/detection

95.111.230.252:3349
95.111.230.252:4098

# Reference: https://ti.qianxin.com/blog/articles/transparent-tribe-and-sidecopy-share-infrastructure/ (Chinese)
# Reference: https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
# Reference: https://www.virustotal.com/gui/file/a0f6963845d7aeae328048da66059059fdbcb6cc30712fd10a34018caf0bd28a/detection
# Reference: https://www.virustotal.com/gui/file/45ed0b23cc90fbe8eade520bdc230e4103435c6e0d64f779b12da90bc1f1596f/detection

144.91.79.40:12427
194.163.129.89:14427
directfileshare.net
dsoi.info
kavach-app.in
otbmail.com
secure256.net
zoneflare.com
download.kavach-app.in
/C2L!Dem0&PeN/A@llPack3Ts/
/A@llPack3Ts/
/C2L!Dem0&PeN/
/C2L!Dem0&PeN/A@llPack3Ts/Cor2PoRJSet!On.php
/C2L!Dem0&PeN/A@llPack3Ts/Dev3l2Nmpo7nt.php
/C2L!Dem0&PeN/A@llPack3Ts/f3dlPr00f.php
/C2L!Dem0&PeN/A@llPack3Ts/xwunThedic@t6.php
/Pick@Whatsoever/Qu33nRocQCl!mbing.php
/Pick@Whatsoever/S3r&eryvUed.php
/R!bB0nBr3@k3r/FunBreaker.php
/R!bB0nBr3@k3r/tallerthanhills.php
/Pick@Whatsoever/
/R!bB0nBr3@k3r/

# Reference: https://twitter.com/h2jazi/status/1509887066204745743
# Reference: https://www.virustotal.com/gui/file/388f212dfca2bfb5db0a8b9958a43da6860298cdd4fcd53ed2c75e3b059ee622/detection
# Reference: https://www.virustotal.com/gui/file/e2cf71c78d198fdc0017b7bfd6ce8115301174302b3eaaf50cfc384db96bc573/detection

sunnyleone.ddns.net

# Reference: https://twitter.com/h2jazi/status/1513360845807534081
# Reference: https://www.virustotal.com/gui/file/bdeb9d019a02eb49c21f7c04169406ac586d630032a059f63c497951303b8d00/detection

studentsportal.live

# Reference: https://twitter.com/0xrb/status/1515979150515122178
# Reference: https://www.virustotal.com/gui/file/477147271a54e32ef184030393f17c30d68d4aeb8bd6202a225e354f1800b279/detection

66.154.112.251:5235

# Reference: https://twitter.com/0xrb/status/1517052777167732736
# Reference: https://www.virustotal.com/gui/file/4342dd4999d1247fc9032003bafb7d3d58d2cbefe1705d5d91e258d0ed1fef86/detection
# Reference: https://www.virustotal.com/gui/file/bc3441864f2e9276261733b35e2473b7beed0e6ed14ad8fa13d99d15ee5477b6/detection

185.197.249.247:16252
185.197.249.247:18696
185.197.249.247:20862
185.197.249.247:4858

# Reference: https://twitter.com/h2jazi/status/1518382259228844033
# Reference: https://www.virustotal.com/gui/file/b3f8e026f39056ec5e66700e03eeaf57454ee9c0bc1c719d74e10f5702957305/detection

sunnyleone.hopto.org

# Reference: https://www.virustotal.com/gui/file/4841e73697c846f33ffa09d38c0ce58e978b06e32c6807cd21c22dfeadbfd0fa/detection

206.189.185.75:8000
66.63.162.16:4788

# Reference: https://twitter.com/0xrb/status/1523929430238035968
# Reference: https://www.virustotal.com/gui/file/1e0fe0c057163e5cc1a2598b7de1adf06db8bfe814e172557383eea3acbf9a2b/detection
# Reference: https://www.virustotal.com/gui/file/5091ca8bcfee8d3980700de91d3b1f6286420f85be9069bde944ffceac2b02fd/detection
# Reference: https://www.virustotal.com/gui/file/b53e73189ad4db83a5891d0dd73fd86d290fb7de8ab9378a1b9f29cddfc14d8c/detection
# Reference: https://www.virustotal.com/gui/file/b9e1c9e0e8a169b7055d39720b862782922090f0a08cf73de730e2e6ce73eac8/detection

104.129.42.102:16862
104.129.42.102:21584
104.129.42.102:28184
104.129.42.102:6276
104.129.42.102:8891

# Reference: https://twitter.com/ShadowChasing1/status/1526583480867758084
# Reference: https://twitter.com/ShadowChasing1/status/1526583490732781568

indianblog.xyz
indiantrainer.in
dns1.indianblog.xyz

# Reference: https://twitter.com/RedDrip7/status/1533659387277221888
# Reference: https://www.virustotal.com/gui/file/0d61d5fe8dbf69c6e61771451212fc8e587d93246bd866adf1031147d6d4f8c2/detection
# Reference: https://www.virustotal.com/gui/file/f3a1ac021941b481ac7e2335b74ebf1e44728e8917381728f1f5b390c6f34706/detection
# Reference: https://www.virustotal.com/gui/file/fc34f9087ab199d0bac22aa97de48e5592dbf0784342b9ecd01b4a429272ab5b/detection

192.3.99.68:10268
192.3.99.68:16098
192.3.99.68:25822
192.3.99.68:28441
192.3.99.68:7514

# Reference: https://twitter.com/RedDrip7/status/1545363738991403009
# Reference: https://www.virustotal.com/gui/file/21721fe37e170ac53bcfe9dde528dad341dcce6df4abacbaacf50ba804108f2f/detection
# Reference: https://www.virustotal.com/gui/file/fa8c21188ab5a2425f7909d720c54fb1a86be418d1f69e92f5c7ee61af32cb6e/detection

38.74.14.137:12267
38.74.14.137:18197
38.74.14.137:25821
38.74.14.137:26442
38.74.14.137:7516

# Reference: https://www.virustotal.com/gui/file/2dd0416a1a530a56357887709cd37d691a32a30326b75218c5e92b34773d00f3/detection

http://167.86.97.221

# Reference: http://blog.talosintelligence.com/2022/07/transparent-tribe-targets-education.html

cloud-drive.store
drive-phone.online
geo-news.tv
studentsportal.co
studentsportal.website
user-onedrive.live
cloud-drive.geo-news.tv
drive-phone.geo-news.tv
studentsportal.geo-news.tv
user-onedrive.geo-news.tv

# Reference: https://twitter.com/bofheaded/status/1547801705198518272
# Reference: https://www.virustotal.com/gui/file/085f9bfbb1ff54afe4a562824470aeff4d69b1ce3eeeedd4dbef537d2015f627/detection

209.126.80.23:3281
209.126.80.23:6391

# Reference: https://twitter.com/souiten/status/1548952536257679361
# Reference: https://www.virustotal.com/gui/file/1db3adc06f4dccee2cc936333367f1e611092396a21102d9a54296c5a67c89af/detection
# Reference: https://www.virustotal.com/gui/file/ee4615ba6097bde423549aadac4caea4e74493f93c91ad6cfa3372f2d1fae04d/detection

207.180.221.51:5731
test1480.000webhostapp.com

# Reference: https://twitter.com/ShadowChasing1/status/1562072883580764165

ryanglobalschools.com/js/files/IMPL_OF_SPL_ALLCE_ORDER

# Reference: https://twitter.com/InQuest/status/1561659933808119810
# Reference: https://twitter.com/InQuest/status/1561999463933157377
# Reference: https://twitter.com/InQuest/status/1562019017879175169
# Reference: https://twitter.com/InQuest/status/1562043288860991489
# Reference: https://www.virustotal.com/gui/file/bc32040a1ebb05c38e9d564b576b158c71390011c4812aa8ba810e462f62d4d6/detection
# Reference: https://www.virustotal.com/gui/file/6cac8225634748e673e5ae53a14c3c8d403d7e979280874663cea129b0ee5849/detection

http://192.3.108.11
/https/www_a/
/https/www_b/
/https/www_c/
/https/www_d/
/https/www_e/
/https/www_f/
/https/www_g/
/https/www_h/
/https/www_i/
/https/www_j/
/https/www_k/
/https/www_l/
/https/www_m/
/https/www_n/
/https/www_o/
/https/www_p/
/https/www_q/
/https/www_r/
/https/www_s/
/https/www_t/
/https/www_u/
/https/www_v/
/https/www_w/
/https/www_x/
/https/www_y/
/https/www_z/
/www/https_a/
/www/https_b/
/www/https_c/
/www/https_d/
/www/https_e/
/www/https_f/
/www/https_g/
/www/https_h/
/www/https_i/
/www/https_j/
/www/https_k/
/www/https_l/
/www/https_m/
/www/https_n/
/www/https_o/
/www/https_p/
/www/https_q/
/www/https_r/
/www/https_s/
/www/https_t/
/www/https_u/
/www/https_v/
/www/https_w/
/www/https_x/
/www/https_y/
/www/https_z/

# Reference: https://twitter.com/0xrb/status/1577981859287293952
# Reference: https://www.virustotal.com/gui/file/ca74472613129855bd7fc79c4a245a2f27de85086cfd191506f1c9906b9ae460/detection
# Reference: https://www.virustotal.com/gui/file/905fb292dc983a9d731f4716aa2e1ee289975330d11e82df95491f5a9dd7e3ed/detection
# Reference: https://www.virustotal.com/gui/file/396a46e9595fe6bdae709ab3171900ebd4fd1c6e1cd8ad94d17d2dcacb6bf6b6/detection
# Reference: https://www.virustotal.com/gui/file/1c9024f2d696f949091be27aced113f4e98bc46c0580eb93e644a51b269c76e4/detection
# Reference: https://www.virustotal.com/gui/file/18029be2b0bf5284713f9cf61ba5e160ae10a581f346fdd396065d5728906768/detection

164.68.96.32:11232
164.68.96.32:15828
164.68.96.32:3468
164.68.96.32:8169

# Reference: https://twitter.com/h2jazi/status/1580302226597478401
# Reference: https://www.virustotal.com/gui/file/7658cc15e65b9000860658e8d2c7e6c305d972254d21072dfb4955e79649d1f9/detection
# Reference: https://www.virustotal.com/gui/file/0d865bdcd75c4ec6fc1e182c4e68fc34db36cde8467988221d742413609da8c3/detection
# Reference: https://www.virustotal.com/gui/file/77259c0d236c96450663fcf1d0837ebf4d10e024293cc89de1082a76e3e9ce10/detection

23.254.119.234:6178
23.254.119.234:8989

# Reference: https://twitter.com/Des00464472/status/1581873684478046208

161.97.119.238:7778

# Reference: https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations

http://139.59.23.88
http://139.59.79.86
acmarketsapp.com
gcloudsvc.com
kavach.mail.nic-updates.in
kavachauthentication.blogspot.com
kavachmail-govin.rf.gd
ncloudup.com
nic-updates.in
wzxdao.com

# Reference: https://twitter.com/0xrb/status/1589502482786713600
# Reference: https://www.virustotal.com/gui/file/5d2b37c02e60bbed036c9bb6e4f2c75de6e42c03b69c713c33d3b9325ed1b1ea/detection

154.127.54.168:35010
154.127.54.168:47834

# Reference: https://twitter.com/Des00464472/status/1597845527168970752
# Reference: https://www.virustotal.com/gui/file/46262d79b7e21b5536dc1910a78a6db2b11789503e44a6a89d22a1c169220426/detection

185.225.19.165:4862
185.225.19.165:5350
185.225.19.165:8419

# Reference: https://twitter.com/0xrb/status/1605485461874491393
# Reference: https://www.virustotal.com/gui/file/5e7edf2d81717a0c76e2ad426d1b5610566ef0d86c964a050866e50737660cef/detection
# Reference: https://www.virustotal.com/gui/file/db54820a956615536550e4f78085f23be65bc796d0a636632c9a328a50d97e20/detection

173.249.0.199:10484
173.249.0.199:14882

# Reference: https://twitter.com/SethKingHi/status/1613839332158361600
# Reference: https://www.virustotal.com/gui/file/0a6144cad9483d578d642ed6366afc36291562deb6fa9d4284ffee1d7e98c417/detection

kaspesrky.live

# Reference: https://twitter.com/Des00464472/status/1614174297962188802

194.9.178.85:51512

# Reference: https://twitter.com/suyog41/status/1788434198833045901
# Reference: https://www.virustotal.com/gui/file/8b87459483248d7b95424cd52b7d4f3031e89c6644adc2e167556e071d9ec3aa/detection
# Reference: https://www.virustotal.com/gui/file/0bec6c0c27cc25e96201f1fd4f3f81d4e912d1aaf963a74ec79a74c95af10425/detection

http://185.174.102.54
185.174.102.54:443
/-dsfjslkdjfweoirwsdfkjweirw

# Reference: https://www.virustotal.com/gui/file/73850abc86944209d17ade2b0942401f7c1d30372cf2da158d6019ef96a1a035/detection

sunriseschoolsystem.xyz

# Reference: https://twitter.com/souiten/status/1620629752863404032
# Reference: https://twitter.com/HaoZhixiang/status/1620716673543315464
# Reference: https://www.virustotal.com/gui/file/b277a824b2671f40298ce03586a2ccc0fca2a081a66230c57a3060c2028f13ee/detection

luckyoilpk.com
wellsfargopaymentservices.com

# Reference: https://twitter.com/0xrb/status/1620724303984721920

185.174.102.54:2121

# Reference: https://twitter.com/RedDrip7/status/1622908094606094338
# Reference: https://www.virustotal.com/gui/file/5046947524c39601b5e8e4d8772e4273a3618bba9ea609fd001660d152f3963a/detection
# Reference: https://www.virustotal.com/gui/file/6fb82ca662f7e3f55cdd0f930507f2add996eef09c0f60a9924f469648c915f8/detection

151.106.19.20:12197
151.106.19.20:16867
151.106.19.20:23123
151.106.19.20:24784
151.106.19.20:8248

# Reference: https://twitter.com/RedDrip7/status/1627503544130752513
# Reference: https://www.virustotal.com/gui/file/86f6738c27ca4195813ec1b84d70eaad00670ae043158885cf7a68ad6ba924b1/detection

172.245.80.12:14198
172.245.80.12:18818
172.245.80.12:24224
172.245.80.12:26781
172.245.80.12:8149

# Reference: https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/

meetup-chat.com
phone-drive.online
share-lienk.info
meetsapp.org

# Reference: https://twitter.com/StopMalvertisin/status/1634101674066448387
# Reference: https://www.virustotal.com/gui/file/ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6/detection

167.114.138.12:10614
167.114.138.12:14822
167.114.138.12:18443
167.114.138.12:6828
167.114.138.12:8661

# Reference: https://twitter.com/suyog41/status/1635983614906187778
# Reference: https://www.virustotal.com/gui/file/ba203358836bd59ffab1e993433765511844ffd3b0985b25e4772d37a28ecfa0/detection

84.46.250.78:8080
84.46.250.78:9812
kwalityproducts.com/bootstrap/jquery/files/details

# Reference: https://twitter.com/0xrb/status/1638049660895100928
# Reference: https://www.virustotal.com/gui/file/c89806e27ecefa3a05ba84b2dd46b148aef007ffa0ef80f6b34621d7777fbd65/detection
# Reference: https://www.virustotal.com/gui/file/bca2ae73987fd0f3f9c7cd984c55b3a0881333ced9a666f375d684d72f082acb/detection

185.229.119.60:9134
89.117.63.146:9921

# Reference: https://twitter.com/StopMalvertisin/status/1640798678649827329
# Reference: https://www.virustotal.com/gui/file/b74250a2259c947073225bbb24f11f4239d0ea4dabc45f4a40a4bbd46793fa6b/detection

richa-sharma.ddns.net

# Reference: https://twitter.com/StopMalvertisin/status/1645805949234597889
# Reference: https://www.virustotal.com/gui/file/c33ee5a2d9df04d07df9f02678f1f880d271dd4d21140f51468eb6affc38a8e8/detection

104.168.48.210:12267
104.168.48.210:18197
104.168.48.210:7516

# Reference: https://twitter.com/jaydinbas/status/1648246659170672640
# Reference: https://twitter.com/fr0s7_/status/1648697733182627841
# Reference: https://www.virustotal.com/gui/file/6d1d3801e227f99c75687b486d0b6879347d6b231de311ad6b5be8661d49d3a3/detection
# Reference: https://www.virustotal.com/gui/file/806c9f3f5ac1d04991776baa627161a1808166ca6d958de756c09f884cb2f000/detection

209.126.81.42:444
ssynergy.in

# Reference: https://www.team-cymru.com/post/allakore-d-the-sidecopy-train

144.91.72.17:9468
185.229.119.60:7469
66.219.22.252:3389
66.219.22.252:8080
66.219.22.252:82
66.219.22.252:9467
89.117.63.146:7439

# Reference: https://twitter.com/teamcymru_S2/status/1649417705269723140

38.242.207.36:2244
38.242.207.36:3764
38.242.207.36:9467

# Reference: https://twitter.com/suyog41/status/1646528247772110853
# Reference: https://twitter.com/suyog41/status/1650377206571618304
# Reference: https://www.virustotal.com/gui/file/5ecbc33fe3b345f2956cff566203e33b9390a3ed9923b990a46804880ae2f59b/detection
# Reference: https://www.virustotal.com/gui/file/efa5a2cbc174b0dba15a453e70f632a23f2213fa7e6473cb8fa66ed0dc8a3a15/detection

78.47.204.216:443
defenseinsight.in
insight.defenseinsight.in

# Reference: https://twitter.com/suyog41/status/1652927978802925568
# Reference: https://www.virustotal.com/gui/file/136fdbc6edec659ef19c4e57b2db005fe8e5a59bbe913f0603698699465e5589/detection

31.187.72.107:443

# Reference: https://www.virustotal.com/gui/file/f63c9c67ef1cc74f3936d637217b1812e04794316cc3895665688068cb31b50e/detection

144.91.65.100:3245

# Reference: https://www.virustotal.com/gui/file/4e110011e8467c77c2de3a335d291b45b24633b2d22169552c200a1095355111/detection

144.91.65.100:4145

# Reference: https://www.virustotal.com/gui/file/587f77cdd90078107928360213536ee69fd7164c4682d44a571bb469795ea06c/detection

144.126.143.138:8080
144.126.143.138:9813

# Reference: https://twitter.com/RedDrip7/status/1666624522408333313
# Reference: https://www.virustotal.com/gui/file/3656a664cde158cf5c3220fb2fdb468fbc8c4e4ff21b951259a9cc10e6bf5615/detection

64.188.21.102:12267
64.188.21.102:18197
64.188.21.102:25821
64.188.21.102:26442
64.188.21.102:7516

# Reference: https://twitter.com/StopMalvertisin/status/1676869449394327553
# Reference: https://www.virustotal.com/gui/file/3859ecfffaf16065a45fce44988e197cc56838a7f6bfb27cb4e8bdc5e43f87db/detection
# Reference: https://www.virustotal.com/gui/file/86eccc88dcae9d1890a43f35b1a30c63b19176f5bff371b21588ee4a7519ab56/detection
# Reference: https://www.virustotal.com/gui/file/f0176c4de5bdac87cc1db60abf64f0736ac101548417cba6a16f7481fccf907e/detection

173.232.44.69:9149

# Reference: https://twitter.com/StopMalvertisin/status/1676869451776671745
# Reference: https://www.virustotal.com/gui/file/c2342e96f7443a221336cd4ff46905a9c30ee54fc02f6c0da11b13b7503bdd53/detection
# Reference: https://www.virustotal.com/gui/file/c3497181b42c520ead76a8ced713c4a2b307f869903b288cc0528895bedf7fdf/detection

185.187.235.186:14198
185.187.235.186:18818
185.187.235.186:24224
185.187.235.186:26781
185.187.235.186:8149

# Reference: https://twitter.com/StopMalvertisin/status/1676869453987086341
# Reference: https://www.virustotal.com/gui/file/86f6738c27ca4195813ec1b84d70eaad00670ae043158885cf7a68ad6ba924b1/detection
# Reference: https://www.virustotal.com/gui/file/f77205a9238a123b74b764be6e2132777e1f3eda9c515f31219387c45629e3ea/detection
# Reference: https://www.virustotal.com/gui/file/6d372ac5ea7270b83a04ef72eaed5a87258cf612f4c52e4dd2a7e073e5913c5c/detection

172.245.80.12:14198
172.245.80.12:18818
172.245.80.12:24224
172.245.80.12:26781
172.245.80.12:8149

# Reference: https://twitter.com/suyog41/status/1677224671790473216
# Reference: https://www.virustotal.com/gui/file/19a5c5472d299f153bab581f4fba6d678ee3055b3d9c605c1467b9991b207087/detection

144.126.154.84:8080
144.126.154.84:9813
politicalclearance.serveftp.com

# Reference: https://twitter.com/StopMalvertisin/status/1677317772072693766
# Reference: https://twitter.com/StopMalvertisin/status/1677317776514375690

aadiloans.co.in/asset/css/cat/
aadiloans.co.in/asset/css/files/pre/
aadiloans.co.in/asset/js/files/pre/

# Reference: https://twitter.com/StopMalvertisin/status/1682064332547555328
# Reference: https://www.virustotal.com/gui/file/a9007c0f22dc7ef45ee7a4acea4d39af897642e618f3eb0c73da83887f3471ea/detection

http://211.135.21.210
185.136.163.197:10926
185.136.163.197:14286
185.136.163.197:443
185.136.163.197:6982

# Reference: https://twitter.com/StopMalvertisin/status/1680989559373582336
# Reference: https://www.virustotal.com/gui/file/9d2404b27788b96562a13cfddff8d66ef82b0b606d3db55c22f55d9f72445ddb/detection

104.168.48.210:25821
104.168.48.210:26442

# Reference: https://twitter.com/StopMalvertisin/status/1689669636940570624
# Reference: https://www.virustotal.com/gui/file/462fe328cb5cff68bea48c2a96896e998d238118f2b372ef444f9b4230e9eeb5/detection
# Reference: https://www.virustotal.com/gui/file/94b8a01ad4b53d202984afb6781d7f88cb5cd329349791516e985ea88e08ad66/detection
# Reference: https://www.virustotal.com/gui/file/7c744de5dcaa8cf88db4e852405ada4ac99bfd166d671f7c476cb2085c6438ed/detection

64.188.19.199:8158

# Reference: https://twitter.com/StopMalvertisin/status/1696155037758591159
# Reference: https://twitter.com/fr0s7_/status/1696161980887744961
# Reference: https://www.virustotal.com/gui/file/5427d381fead7350478cd36eb05d379d4a61b43276fb440525a040b34f784316/detection
# Reference: https://www.virustotal.com/gui/file/2947a56a5485ca6871e15a26b0e05f9623023cdd2d6b69e1915c60e5ea39b3b8/detection

207.180.194.63:8080
207.180.194.63:9813
isometricsindia.co.in
createdaliyplan.serveftp.com

# Reference: https://twitter.com/suyog41/status/1697568816862261250
# Reference: https://www.virustotal.com/gui/file/e4de853a5f51105586ebca91c6ef9927d689f3317b6dafcbdbe4903ded529328/detection

http://66.135.2.62
/rivoblog

# Reference: https://twitter.com/SinghSoodeep/status/1702071866750390512
# Reference: https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal
# Reference: https://www.virustotal.com/gui/ip-address/153.92.220.59/relations
# Reference: https://otx.alienvault.com/pulse/65081462b23b4d1d7d561645

http://134.209.159.9
http://64.227.138.127
http://64.227.133.222
103.2.232.82:8081
admin-br.in
admin-dept.in
admin-desk.in
adminbr.in
admincell.in
admindept.in
admindesk.in
adminsec.in
apkzones.com
baseuploads.com
ccmsnew.in
civillist.in
coordbr.in
coordbranch.in
cs1.in
e0ffice.in
email9ov.in
govdopt.in
indiauc.com
ndcdelhi.in
pcdapune.in
rsbpunjab.in
sapcs.in

# Reference: https://twitter.com/0xrb/status/1702542474911371578
# Reference: https://www.virustotal.com/gui/file/0decd978542b52e4fe2cca7f540887ed097e972264306afada649b7965c36bfe/detection
# Reference: https://www.virustotal.com/gui/file/3c31ac10af1a3273041d897bfa25f0ceed2949f2f672d8d95ea4ccfe96d37e50/detection
# Reference: https://www.virustotal.com/gui/file/8fec0edf8264b4aae46e448d81bd8f29246f6dcd150ec89a2ea0f34764c4fa5d/detection

64.188.25.43:16868
64.188.25.43:20851
64.188.25.43:26150
64.188.25.43:30486
64.188.25.43:6816

# Reference: https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/
# Reference: https://www.virustotal.com/gui/file/f2d43369016b6c106f07cb214afdfb9807b808fc5fe6fd6cf7a6405271cafdd5/detection
# Reference: https://www.virustotal.com/gui/file/c3776e1e1b82e3e07fd94b7b9090d29c3410371c0d61d27301d38daf4a1f2c4d/detection
# Reference: https://www.virustotal.com/gui/file/c3776e1e1b82e3e07fd94b7b9090d29c3410371c0d61d27301d38daf4a1f2c4d/detection
# Reference: https://www.virustotal.com/gui/file/9fdbe6f05d2ce4baa7819a0789caa3b49a835093193370ba49bdc4dfd4d9c7c7/detection
# Reference: https://www.virustotal.com/gui/file/8cb542f5793279b8a11af28e9352f41d400856a28e40ed1daa323b47f9ea3e3c/detection
# Reference: https://www.virustotal.com/gui/file/2259c89d2c5e1d8324f075135b03492f393860b9911855e84f50ed6b3699ac4d/detection

209.127.19.241:10284
95.111.247.73:18892
newsbizshow.net
ptzbubble.shop

# Reference: https://twitter.com/suyog41/status/1683440871260188672
# Reference: https://www.virustotal.com/gui/file/bdee4edbe7adf842b519a47d964e64b219700b2ba1d7faf4b899e34bd63006b7/detection
# Reference: https://www.virustotal.com/gui/file/bbe0fa619435a89b6c054d9ef84574e05cb1ae76dd707d6c27155bf6951a01e5/detection

6jxbmkpe.torontobotdns.com
8tqxpf27.torontobotdns.com
cangpeitaoke.oss-cn-hangzhou.aliyuncs.com

# Reference: https://twitter.com/suyog41/status/1704368376456610172
# Reference: https://www.virustotal.com/gui/file/4662be09fce319b69ed4365e2e4fb3654ae9f597bb060cf2a0cc8b567f445848/detection

http://151.236.218.158

# Reference: https://twitter.com/0xrb/status/1704827410695528554
# Reference: https://www.virustotal.com/gui/file/e34a7a3f2204fb292b2c9a9d5526f440ba6b31cf0bc8171d2874f25d372b8774/detection

162.245.190.24:10108
162.245.190.24:16197
162.245.190.24:18968
162.245.190.24:20103
162.245.190.24:26784

# Reference: https://twitter.com/ginkgo_g/status/1711284161712124079
# Reference: https://www.virustotal.com/gui/file/a833dbdc5c2113da51bf778351834682bc6220461394050e04592cd9096e0aba/detection
# Reference: https://www.virustotal.com/gui/file/2110af4e9c7a4f7a39948cdd696fcd8b4cdbb7a6a5bf5c5a277b779cc1bf8577/detection

162.245.191.217:15198
162.245.191.217:17818
162.245.191.217:27781
162.245.191.217:29224
162.245.191.217:9149
210.115.11.107:15198
210.115.11.107:17818
210.115.11.107:27781
210.115.11.107:29224
210.115.11.107:9149

# Reference: https://twitter.com/suyog41/status/1713820527209680985
# Reference: https://www.virustotal.com/gui/file/435f3d02d94628698034f511e5e25f5996a977b6094e28f787e470a671d2f6a3/detection
# Reference: https://www.virustotal.com/gui/file/ba77adcff701f6c6116a6be12d127f43b82c7229c1bb6a172f9b8b2f25c91f70/detection
# Reference: https://www.virustotal.com/gui/file/60fbdc3d9404f9577848e5fc9137df0d63186d250ce132df5e1ef89f4ff3fca0/detection

mazagondoc.com
vocport.com
/khalistanLeaderprotest

# Reference: https://twitter.com/k3yp0d/status/1716386958253985927
# Reference: https://twitter.com/k3yp0d/status/1721490170027839638
# Reference: https://twitter.com/suyog41/status/1721762652366454788
# Reference: https://twitter.com/d1spat0h/status/1730106955195363573
# Reference: https://www.virustotal.com/gui/ip-address/162.241.85.104/relations
# Reference: https://www.virustotal.com/gui/file/32c629af8f602f18b9bf4b557e9ecf6cfd81c62dc1fa103e269a3fa1e7233526/detection
# Reference: https://www.virustotal.com/gui/file/47358f1f45fcf25b33d79ebf23770afd5cf6217fd58b44a87e9ff62db8c703a1/detection
# Reference: https://www.virustotal.com/gui/file/6beaf25f0fbe83e64d5f5271a1ed5320f8d8740c468f072d93e29e482cb0ec6f/detection
# Reference: https://www.virustotal.com/gui/file/324ab6f36d61a5a89992a267271f2b433e1cd595a54e262e04f91c0230c4be23/detection

185.213.27.94:8080
185.213.27.94:9813
inniaromas.com
masterrealtors.in
sunfireglobal.in
basicdailywork.webhop.me

# Reference: https://twitter.com/suyog41/status/1716709552543162496
# Reference: https://www.virustotal.com/gui/file/fa6aa00418f7c7e2c8c840f89acee25dac55e0623e7e5e6641880ffa3dd161ec/detection

tx.welxin.cn

# Reference: https://twitter.com/ginkgo_g/status/1719193143785259030
# Reference: https://www.virustotal.com/gui/file/29465f87bd3e6731668f3d3020924db55dae04d8cec335088d49072013900685/detection
# Reference: https://www.virustotal.com/gui/file/6935999ee4b2f88cf74ec299c24a212a2c4b0f95105fb773e920d88153eab3c3/detection

207.180.192.77:6023
futureuniform.ca/wp/wp-content/files/01/

# Reference: https://twitter.com/ginkgo_g/status/1720277345876262975
# Reference: https://www.virustotal.com/gui/file/fa48fbe37d6172bfb3c3bda961c7024ec41f5c3b2bbe0decd9dbf34f15127db1/detection

185.187.235.185:8896

# Reference: https://twitter.com/k3yp0d/status/1722213819681017947
# Reference: https://www.seqrite.com/blog/sidecopys-multi-platform-onslaught-leveraging-winrar-zero-day-and-linux-variant-of-ares-rat/
# Reference: https://www.virustotal.com/gui/file/5893b58d6a6a772f8ecd491a4dace11007fd1aac90e5f4a0363288d1376e1ce5/detection

207.180.220.55:8015
38.242.149.89:9828
elfinindia.com
occoman.com

# Reference: https://twitter.com/k3yp0d/status/1722217627328897057
# Reference: https://www.virustotal.com/gui/file/00fed27ac3b5b4703266c15f43841ab2cb8e85f61f790c51c1fb019ec4295ecf/detection

185.217.125.195:7208

# Reference: https://twitter.com/StopMalvertisin/status/1722948447689695235
# Reference: https://www.virustotal.com/gui/file/a0632cecfd478fbef1a69daae3d760041c6af2cc88965633d3837e076793cc82/detection

64.188.21.202:6826
tugpisacrev.com

# Reference: https://twitter.com/0xrb/status/1729787008954819065
# Reference: https://twitter.com/PrakkiSathwik/status/1729915833886085136
# Reference: https://www.virustotal.com/gui/ip-address/64.188.13.140/detection

64.188.13.140:18917
64.188.13.140:9649

# Reference: https://twitter.com/BaoshengbinCumt/status/1740666203679732077
# Reference: https://www.virustotal.com/gui/ip-address/195.35.38.44/relations

zomatofoods.info

# Reference: https://twitter.com/ginkgo_g/status/1719193850395369545
# Reference: https://www.virustotal.com/gui/file/9645299e58c7521d811fbdcdbd57db45160191db7c7b73eae5d97e4530136da8/detection

38.242.220.166:9012
rockwellroyalhomes.com
/api/root_149371139681480/hello
/api/root_168683512566649/hello
/api/root_149371139681480/upload
/api/root_168683512566649/upload
/api/root_149371139681480/
/api/root_168683512566649/

# Reference: https://www.virustotal.com/gui/file/61b898f4254d8c6d3d375584a1109367f9e86d221e2d404bf6768fb81b1b48b5/detection

161.97.151.220:7015
/api/root_36854582802642/hello
/api/root_36854582802642/upload
/api/root_36854582802642/

# Reference: https://twitter.com/PrakkiSathwik/status/1742161478021743080
# Reference: https://www.virustotal.com/gui/file/03888813079d01e1ba2d2675cf35724e529d58a78b9efd8161c746e8e33c643d/detection
# Reference: https://www.virustotal.com/gui/file/35eeba173fb481ac30c40c1659ccc129eae2d4d922e27cf071047698e8d95aea/detection

164.68.127.81:8149
riddhifoods.in
/api/root_228574257745523/hello
/api/root_228574257745523/upload
/api/root_228574257745523/

# Reference: https://twitter.com/h2jazi/status/1745544900106424336
# Reference: https://www.virustotal.com/gui/file/51a372fee89f885741515fa6fdf0ebce860f98145c9883f2e3e35c0fe4432885/detection

clawsindia.in

# Reference: https://twitter.com/Cyberteam008/status/1746030429856235837
# Reference: https://www.virustotal.com/gui/ip-address/142.11.216.84/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.220.103.127/relations

govn-in.site
email.govn-in.site

# Reference: https://twitter.com/ginkgo_g/status/1753326069359460471
# Reference: https://www.virustotal.com/gui/file/e87978f0af9bb550ab4686a7d3657e6cbfd92347744dfce8ff2321781ac2eee0/detection
# Reference: https://www.virustotal.com/gui/file/c59b2d6a70bc5b84998aebb2d21241a8adef33724838e92db4dee36a1ce46f43/detection

164.68.122.64:11128
164.68.122.64:18187
164.68.122.64:19986
164.68.122.64:25123
164.68.122.64:27684
mus09.duckdns.org

# Reference: https://twitter.com/Cyberteam008/status/1757378890631406027
# Reference: https://www.virustotal.com/gui/ip-address/74.50.94.41/relations

casedetail.info
casedetails.info
casesnews.info
casesreports.info
corruptioncase.info
corruptioncasedetails.info
corruptioncases.in
detailscases.info
detailsreport.info
harassmentcases.info
reportdetail.info
reportsdetail.info
supoortwindownlinux.cyou
mfa.gov.ir.corruptioncase.info
mod.gov.in.harassmentcases.info
nia.gov.in.casedetail.info
nia.gov.in.casedetails.info
nia.gov.in.casesnews.info
nia.gov.in.casesreports.info
nia.gov.in.detailscases.info
nia.gov.in.detailsreport.info
nia.gov.in.reportsdetail.info

# Reference: https://twitter.com/PrakkiSathwik/status/1770447142357741737

164.68.102.44:6663
164.68.102.44:9828

# Reference: https://twitter.com/PrakkiSathwik/status/1771846752489841135
# Reference: https://www.virustotal.com/gui/ip-address/162.241.85.104/relations
# Reference: https://www.virustotal.com/gui/domain/smokeworld.in/relations

joyworld.in
joyworldjw.in
maidmart.in
smokeworld.in
whm.maidmart.in

# Reference: https://twitter.com/Cyberteam008/status/1770748710567153783
# Reference: https://pastebin.com/058WtrX2

http://176.57.189.202
http://185.161.208.100
http://185.20.184.6
http://193.42.33.59
http://45.12.253.35
http://45.66.230.167
http://66.23.229.245
http://79.110.48.64
http://91.92.241.198
http://91.92.252.90
176.57.189.202:443
185.161.208.100:443
185.20.184.6:443
193.42.33.59:443
45.12.253.35:443
45.66.230.167:443
66.23.229.245:443
79.110.48.64:443
91.92.241.198:443
91.92.252.90:443
case-detail.info
casereported.info
harassmentcase.info
preventivemeasures.info
publicationsinfo.cyou
in.casereported.info
gov.in.casereported.info
ddp.gov.in.case-detail.info
dod.gov.in.publicationsinfo.cyou
mail.harassmentcase.info
mod.gov.in.casereported.info
mod.gov.in.harassmentcase.info
mod.gov.in.preventivemeasures.info
mod.gov.in.reportcases.info

# Reference: https://twitter.com/Cyberteam008/status/1773208866441851277

awarenessprogram.info
casesdetails.info
casesreport.info
harassmentcases.cyou
csk.gov.in.awarenessprogram.info
gov.in.awarenessprogram.info
gov.in.casesdetails.info
gov.in.casesreport.info
gov.in.harassmentcases.cyou
mod.gov.in.casesdetails.info
mod.gov.in.casesreport.info
modgov.in.casesreport.info
nia.gov.in.case-detail.info
nia.gov.in.harassmentcases.cyou

# Reference: https://app.validin.com/detail?find=casesdetail.info&type=dom#tab=subdomains

casesdetail.info
gov.in.casesdetail.info
in.casesdetail.info
mod.gov.in.casesdetail.info
nia.gov.in.casesdetail.info
niagov.in.casesdetail.info

# Reference: https://app.validin.com/detail?find=casesdetails.cyou&type=dom#tab=subdomains

casesdetails.cyou
gov.in.casesdetails.cyou
in.casesdetails.cyou
nia.gov.in.casesdetails.cyou

# Reference: https://twitter.com/MichalKoczwara/status/1774454226044817798

casereport.cyou
casereports.cyou
casereports.info
casesreported.info
cbi.gov.in.casereport.cyou
dgqa.gov.in.casereport.cyou
gov.in.casereport.cyou
gov.in.casereports.cyou
gov.in.casereports.info
gov.in.casesreported.info
mea.gov.in.casereports.info
mod.gov.in.casereport.cyou
mod.gov.in.casesreported.info
nia.gov.in.casereport.cyou
nia.gov.in.casereports.cyou

# Reference: https://www.virustotal.com/gui/ip-address/198.54.116.114/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.110.62.89/relations

accountsinfo.site
in.accountsinfo.site
gov.in.accountsinfo.site
dod.gov.in.accountsinfo.site
mail.gov.in.accountsinfo.site
kavach.mail.gov.in.accountsinfo.site

# Reference: https://app.validin.com/detail?type=dom&find=harassmentreports.info#tab=subdomains

harassmentreports.info
in.harassmentreports.info
gov.in.harassmentreports.info
mod.gov.in.harassmentreports.info

# Reference: https://twitter.com/Cyberteam008/status/1774723849403449523
# Reference: https://www.virustotal.com/gui/ip-address/68.65.121.178/relations

aiapplication.chat
in.aiapplication.chat
gov.in.aiapplication.chat
drdo.gov.in.aiapplication.chat

# Reference: https://twitter.com/Cyberteam008/status/1775469548566937667
# Reference: https://twitter.com/bofheaded/status/1775527176710099220
# Reference: https://www.virustotal.com/gui/ip-address/35.154.100.195/relations
# Reference: https://www.virustotal.com/gui/ip-address/52.66.136.7/relations

caselist.vip
cbigov-in.cc
cbigov-in.com
cbigov-in.net
cbigov-in.site
dailycourt.in
mainscigv.in
scigovt-in.cc
api.caselist.vip
api.cbigov-in.com
casedetails.dailycourt.in
sci.goovv.in
scigovt.caselist.vip
main.sci.goovv.in

# Reference: https://twitter.com/Cyberteam008/status/1775485100534423613
# Reference: https://www.virustotal.com/gui/ip-address/118.107.41.11/relations

caseinfo.in
caseinspection.in
caselist.in
caselists.top
casesubmit.in
caseterms.in
courtdelhi.in
courtpublic.in
judicature.in
justiceorder.in
scigovt.in
ad.caselist.in
api.caseinfo.in
api.caselist.in
api.caselists.top
api.caseterms.in
api.justiceorder.in
scigovt.caseinfo.in
scigovt.caseinspection.in
scigovt.caselist.in
scigovt.caselists.top
scigovt.casesubmit.in
scigovt.caseterms.in
scigovt.courtdelhi.in
scigovt.courtpublic.in
scigovt.judicature.in
scigovt.justiceorder.in
scigovt.maincases.in
scigovt.supremeorders.in
supreme.scigovt.in
supremeorders.in
main.scigovt.maincases.in
main.supreme.scigovt.in

# Reference: https://www.virustotal.com/gui/ip-address/13.126.2.62/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.67.134.15/relations

detailscheck.in
reportstatus.in
api.detailscheck.in
api.reportstatus.in
scigovt.detailscheck.in
scigovt.reportstatus.in

# Reference: https://app.validin.com/detail?find=casedetails.in&type=dom#tab=subdomains

casedetails.in
api.casedetails.in

# Reference: https://www.virustotal.com/gui/ip-address/172.67.217.169/relations

scigv.in
cbins.scigv.in

# Reference: https://twitter.com/Cyberteam008/status/1777531938552914291
# Reference: https://www.virustotal.com/gui/ip-address/91.225.217.103/relations

check-suspicious-activity-on-account.support
in.check-suspicious-activity-on-account.support
gov.in.check-suspicious-activity-on-account.support
cert-in.org.in.check-suspicious-activity-on-account.support
mail.gov.in.check-suspicious-activity-on-account.support
kavach.mail.gov.in.check-suspicious-activity-on-account.support

# Reference: https://twitter.com/PrakkiSathwik/status/1778300773912231966

vparking.online

# Reference: https://www.virustotal.com/gui/file/02f409e239ceeb38adf50bd878b7479c341752f3a37469a4735caefffafcc1f1/detection

ivinfotech.com

# Reference: https://twitter.com/PrakkiSathwik/status/1778392598421332212
# Reference: https://www.virustotal.com/gui/file/a9dce1db2cc56d9ea3ad6c1a53f42d43564ff042c48342f22082ffeb5037cde9/detection
# Reference: https://www.virustotal.com/gui/file/500502342f3d4fee9a415798af83e1d63129d70034b4b269a649ee275f08f5ac/detection
# Reference: https://www.virustotal.com/gui/file/cb2ba7b9aedb38a6ae248e9f54ccce781b62829b3670238268e6e942571bdcdd/detection

204.44.124.134:15597
204.44.124.134:18518
204.44.124.134:26791
204.44.124.134:28329
204.44.124.134:9149

# Reference: https://twitter.com/Cyberteam008/status/1778648573967847710
# Reference: https://www.virustotal.com/gui/file/a2d1e37fac01d2f72e51181b2e79ecfda2c6569346c5d67dc8af6c772cfe236f/detection
# Reference: https://www.virustotal.com/gui/file/3925dd34feb2d1b3eb24cb07564b0e2a2d81722a3891b4c7379d2f0c7a04f182/detection

162.245.191.214:909
176.107.182.55:909
juichangchi.online

# Reference: https://www.virustotal.com/gui/file/bc7fe650362c72b8de1fb2235d2607ac90eec14fe165151210ba96115959dd04/detection

155.94.209.4:8888

# Reference: https://www.seqrite.com/blog/pakistani-apts-escalate-attacks-on-indian-gov-seqrite-labs-unveils-threats-and-connections/

155.94.209.4:33678
155.94.209.4:9009
176.107.182.55:121
176.107.182.55:65
176.107.182.55:67

# Reference: https://twitter.com/Cyberteam008/status/1786247582005793091
# Reference: https://pastebin.com/KpS9FG8L

http://78.40.117.141
http://78.40.117.194
http://78.40.117.207
http://78.40.117.208
http://78.40.117.98
78.40.117.141:443
78.40.117.194:443
78.40.117.207:443
78.40.117.208:443
78.40.117.98:443
detailedcases.info
detailedreport.info
reportedcase.info
reportedcases.info
gov.in.detailedcases.info
gov.in.detailedreport.info
gov.in.reportedcase.info
gov.in.reportedcases.info
in.detailedcases.info
in.detailedreport.info
in.reportedcase.info
in.reportedcases.info
mod.gov.in.detailedcases.info
mod.gov.in.detailedreport.info
mod.gov.in.reportedcase.info
mod.gov.in.reportedcases.info

# Reference: https://twitter.com/ginkgo_g/status/1789235055417843988
# Reference: https://www.virustotal.com/gui/file/bc1acdca196f1ff72722243be2afe1429b88122afb9d4852d6d6e57689411d3d/detection
# Reference: https://www.virustotal.com/gui/file/81038a217237afd16d80da7fc9219cbd145f9698bb512e2b625559a47ba73fec/detection
# Reference: https://www.virustotal.com/gui/file/d777bcb6fba73faf96cb422383404c3b81a8afa5aebbc8ed70076081de7daa0c/detection
# Reference: https://www.virustotal.com/gui/file/116589b0ef0a11f5012ea80cfbcd8bcbe85116e515a05f77e2b86e533cad5ba4/detection

64.188.27.144:5863
reviewassignment.in
reviewassignment.online
checkdailytips.servehttp.com

# Reference: https://twitter.com/PrakkiSathwik/status/1789619166460178694

62.169.30.39:6660
62.169.30.39:7884
springfielduniversity.info

# Reference: https://twitter.com/PrakkiSathwik/status/1789989542621004049

84.247.170.237:8080
84.247.170.237:9813
ddbl.co.uk/js/files/autz/ctr/

# Reference: https://twitter.com/Cyberteam008/status/1790334538436194622

reportdetails.info
in.reportdetails.info
gov.in.reportdetails.info
mod.gov.in.reportdetails.info

# Reference: https://twitter.com/Jane_0sint/status/1714636442482176274
# Reference: https://app.any.run/tasks/4c9948bb-9599-4fd7-9d30-c2e2ed685741/
# Reference: https://www.virustotal.com/gui/file/fa86b5bc5343ca92c235304b8dcbcf4188c6be7d4621c625564bebd5326ed850/detection
# Reference: https://www.virustotal.com/gui/file/c328cec5d6062f200998b7680fab4ac311eafaf805ca43c487cda43498479e60/detection
# Reference: https://www.virustotal.com/gui/file/6ffed1bb706a5eb205294f9287a9182d71e293b3b131415bfbe24b99e28ccd67/detection

38.242.149.89:61101

# Reference: https://x.com/DmitriyMelikov/status/1793346094048461014
# Reference: https://blogs.blackberry.com/en/2024/05/transparent-tribe-targets-indian-government-defense-and-aerospace-sectors
# Reference: https://www.virustotal.com/gui/file/320a792ff9efcdaf56bdc828d0b352221f3e3c0f89192e17648768aa9f51dff7/detection
# Reference: https://www.virustotal.com/gui/file/544f7462dc0d61491b7502df6836692dff680a6a562ba2d8b81c127c355be840/detection
# Reference: https://www.virustotal.com/gui/file/f516c70f9c52aa2ed7ed14e87435d9b13ef1f1b3a9ae9651b14afb935a359f63/detection

admincoord.in
apsdelhicantt.in
awesindia.online
certdehli.in
coordoffice.in
coordsec2.in
emailnic-tech.email
eoffice-sparrow.online
estbsec.in
esttsec.in
infosec2.in
publicinfo.in
secy-org.in
tensupports.com
tpt123.com
twff247.cloud
warfarestudies.in
winp247.cloud
zedcinema.com
files.tpt123.com

# Reference: https://x.com/ValidinLLC/status/1793379580117745788
# Reference: https://www.virustotal.com/gui/ip-address/158.220.93.96/relations

aaloochaat.com
supportuploads.info
tensupports.com
zedcinema.com
zedsinema.com

# Reference: https://x.com/suyog41/status/1793547347877892448
# Reference: https://x.com/Cyberteam008/status/1795715878228832263
# Reference: https://www.virustotal.com/gui/file/dde5bae636602527eda591be7e45510996c2e56ad51ea7f61d3932a9a388647e/detection
# Reference: https://www.virustotal.com/gui/file/eb0b75756287fb3038fbcd2cc4cd261ec83dd8fd0fca3acabb12d4565ba8cddd/detection
# Reference: https://www.virustotal.com/gui/file/6bcc3e6c23017d7246352c2db0eb13bde264a7252a3ec6ae6e44714c1cbbd970/detection

104.223.106.8:11248
94.72.105.227:11248
94.72.105.227:16896
waqers.duckdns.org

# Reference: https://x.com/PrakkiSathwik/status/1795075152343908743
# Reference: https://x.com/PrakkiSathwik/status/1795082594037469349
# Reference: https://www.virustotal.com/gui/file/d0aef9bd02b6dfdaf6e71a485057728b55c8336391f1fbaa414d06f66c593329/detection

66.63.163.148:10168
66.63.163.148:12258
66.63.163.148:14267
66.63.163.148:16686
66.63.163.148:34153
qheelsec.duckdns.org

# Reference: https://x.com/PrakkiSathwik/status/1797634685302178167
# Reference: https://www.virustotal.com/gui/file/708e5d06a457bba1adb5b4cf81214ea4c7f73a813c86c0d2cec99ba54968f228/detection

162.218.122.3:12228
162.218.122.3:16897
162.218.122.3:18986
162.218.122.3:22665
162.218.122.3:26823
govsec.duckdns.org

# Reference: https://x.com/Cyberteam008/status/1798902051793174567
# Reference: https://www.virustotal.com/gui/ip-address/185.196.10.80/relations

investigationreport.info
reportscases.info
gov.in.investigationreport.info
gov.in.reportscases.info
in.investigationreport.info
in.reportscases.info
mod.gov.in.reportscases.info
nia.gov.in.investigationreport.info

# Reference: https://x.com/PrakkiSathwik/status/1799103555619672315
# Reference: https://www.virustotal.com/gui/file/2e8e1a221ed40614d1d1f28c6d37e1f3991169967aadab0ccb4e7756ec77bcbe/detection

utkalsevasamitikanjurmarg.in/assets/
windowupdatecache.in
defender.windowupdatecache.in
utkalsevasamitikanjurmarg.in.aintssa.in/assets/

# Reference: https://x.com/Cyberteam008/status/1800351661837390076
# Reference: https://x.com/akaclandestine/status/1800651122291478530
# Reference: https://pastebin.com/x13K7XWC

http://152.42.162.105
http://161.35.207.209
http://165.22.221.71
http://178.128.166.148
marketing11.porcmtecnologia.com
segmail54.laonwona.com

# Reference: https://x.com/PrakkiSathwik/status/1800933629012447376
# Reference: https://www.virustotal.com/gui/ip-address/84.247.170.237/relations
# Reference: https://www.virustotal.com/gui/file/e7d7d45677d1552950f74dbb72f214995382baaffea9465da1a412108210335d/detection
# Reference: https://www.virustotal.com/gui/file/683c61f8dda90ea3b1e76f2ff5ad78dc03ebe3827d56536988a9c5e4490eabd2/detection

84.247.170.237:4858
dipl.site
supplyprodaily.servehttp.com

# Reference: https://x.com/Cyberteam008/status/1806529081732694202
# Reference: https://pastebin.com/w0F6pVa7
# Reference: https://www.virustotal.com/gui/ip-address/154.12.41.46/relations
# Reference: https://www.virustotal.com/gui/file/6724ab0e718cd422dd2d2bf6a3244996cc35000253ea725dfbe474901e4279c7/detection

34667.fun
56184.fun
78990.fun
89204.fun
88c.34667.fun
903.78990.fun
9123.89204.fun
cbigovin.site
cbigovin.top
cbigovins.site
cbigovins.top

# Reference: https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/
# Reference: https://www.virustotal.com/gui/file/5cc20a3be2265c52eccf36a6d0a8d0a0fd90ab2cb6d7c65204ef2c487e38a8c3/detection
# Reference: https://www.virustotal.com/gui/file/7f981fc12dcb4621ac2a8c4f3882d24f113ac98fe4fb24207743ae24be762978/detection
# Reference: https://www.virustotal.com/gui/file/9f12f0bf13ff9a15e65065bc1fd95cdacb0072e0765aa781c920cfdd3506bde6/detection
# Reference: https://www.virustotal.com/gui/file/a1836f86daa774e0c9718343dbc2466c4851b86631dfd199e39a656404c237ac/detection

173.212.206.227:18582
173.249.50.243:18582

# Reference: https://x.com/ValidinLLC/status/1810978537517494672

casesreported.cc
incidentreports.info
incidentsreports.info
in.casesreported.cc
in.incidentreports.info
in.incidentsreports.info
gov.in.casesreported.cc
gov.in.incidentreports.info
gov.in.incidentsreports.info
nia.gov.in.casesreported.cc
nia.gov.in.incidentreports.info
nia.gov.in.incidentsreports.info

# Reference: https://x.com/ValidinLLC/status/1810980371850265046

danidns.com
deputation.info
hqrihq.cc
niapublication.cyou
niapublications.cyou
reportcases.info
reportsdetail.cyou
in.danidns.com
in.deputation.info
in.hqrihq.cc
in.niapublication.cyou
in.niapublications.cyou
in.reportcases.info
in.reportsdetail.cyou
gov.in.danidns.com
gov.in.deputation.info
gov.in.hqrihq.cc
gov.in.niapublication.cyou
gov.in.niapublications.cyou
gov.in.reportcases.info
gov.in.reportsdetail.cyou
nia.gov.in.danidns.com
nia.gov.in.deputation.info
nia.gov.in.hqrihq.cc
nia.gov.in.niapublication.cyou
nia.gov.in.niapublications.cyou
nia.gov.in.reportcases.info
nia.gov.in.reportsdetail.cyou
nia2.broadwayinfotech.net.au
nia4.broadwayinfotech.net.au

# Reference: https://x.com/Cyberteam008/status/1814126506899325309
# Reference: https://www.virustotal.com/gui/file/7ae13cf9080a0903670e6e6371d3625e3852b1a03bddebac68aa3b91a13ba0bf/detection

googleservices.live
/dakshf_upload.php

# Reference: https://x.com/PrakkiSathwik/status/1813934519231357159
# Reference: https://www.virustotal.com/gui/file/0993c7d97646641c7685000a045fbf04ac90568b3b785cdcb40522d5f9654a75/detection

66.154.103.133:11248
66.154.103.133:16896
66.154.103.133:18868
66.154.103.133:22245
66.154.103.133:26424
suwaq.duckdns.org

# Reference: https://x.com/NSFOCUS_Intl/status/1816009178298868140
# Reference: https://x.com/ValidinLLC/status/1816159394494660832
# Reference: https://www.virustotal.com/gui/ip-address/111.90.156.191/relations
# Reference: https://www.virustotal.com/gui/ip-address/179.43.170.230/relations
# Reference: https://www.virustotal.com/gui/ip-address/78.40.117.194/relations
# Reference: https://nsfocusglobal.com/transparenttribes-spear-phishing-targeting-indian-government-departments/

64.188.21.202:18828
64.188.21.202:22821
64.188.21.202:28120
confidentialreports.info
meacases.report
in.confidentialreports.info
in.meacases.report
gov.in.confidentialreports.info
gov.in.meacases.report
mea.gov.in.confidentialreports.info
mea.gov.in.meacases.report

# Reference: https://www.virustotal.com/gui/ip-address/198.187.31.100/relations

onedrive-storage.in
in.onedrive-storage.in
gov.in.onedrive-storage.in
mea.gov.in.onedrive-storage.in

# Reference: https://x.com/PrakkiSathwik/status/1816500997457375424
# Reference: https://www.virustotal.com/gui/file/ac63594e5040fc6a001791ef4a67f0de4ff7a2991cb99095733ce7067abf6948/detection
# Reference: https://www.virustotal.com/gui/file/69424ccb2129cc51348f4fe5e39b746c68190773ea4bb55e812808a1d0de65e9/detection
# Reference: https://www.virustotal.com/gui/file/5bfb024d5323b715db6c27ac59b768ed7df94d4e07dbc5aec2770edfdcf4c8d8/detection

http://157.245.100.177
http://159.223.224.93
http://159.65.146.80
http://165.232.177.53

# Reference: https://www.seqrite.com/blog/umbrella-of-pakistani-threats-converging-tactics-of-cyber-operations-targeting-india/

http://149.28.95.195
campusportals.in

# Reference: https://x.com/ValidinLLC/status/1819072543850221625
# Reference: https://x.com/raghav127001/status/1835203246480408951
# Reference: https://app.validin.com/detail?type=ip&find=185.196.9.113#tab=resolutions

aboutcase.nl
army.aboutcase.nl
in.aboutcase.nl
in.army.aboutcase.nl
gov.in.aboutcase.nl
gov.in.army.aboutcase.nl
mod.gov.in.aboutcase.nl
mod.gov.in.army.aboutcase.nl

# Reference: https://x.com/ValidinLLC/status/1819074034526548244
# Reference: https://x.com/Cyberteam008/status/1819226280509747419
# Reference: https://www.virustotal.com/gui/ip-address/78.40.117.194/relations

armycases.report
updater-cloud.us
in.armycases.report
gov.in.armycases.report
mea.gov.in.armycases.report
mod.gov.in.armycases.report

# Reference: https://x.com/k3yp0d/status/1822511399337165225
# Reference: https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations
# Reference: https://www.virustotal.com/gui/file/9393842b3738281fb1d200fdb1ac328157e7d70e571f94533c7e18a8f7234bce/detection

185.137.122.247:3389
get-kavach.in
getkavach.com
kavach-app.com
kavachdownload.in
kavachguide.com
kavachsupport.com
/C2L!Dem0&PeN/A@llPack3Ts/Cert.php

# Reference: https://x.com/TIntel2255/status/1822978019478454652
# Reference: https://x.com/Malwar3Ninja/status/1823043571383173444
# Reference: https://x.com/Malwar3Ninja/status/1823043724156559526

aboutcase.nl
admin-mcas-df.ms
crsorgi-goy.in
mcas-df.ms
orgi.live
in.aboutcase.nl
in.admin-mcas-df.ms
in.crsorgi-goy.in
in.mcas-df.ms
in.mcas.ms
in.orgi.live
gov.in.admin-mcas-df.ms
gov.in.admin-mcas.ms
gov.in.crsorgi-goy.in
gov.in.mcas-df.ms
gov.in.mcas.ms
gov.in.orgi.live
nic.in.aboutcase.nl
nic.in.admin-mcas-df.ms
nic.in.mcas-df.ms
nic.in.mcas.ms
amssdelhi.gov.in.admin-mcas-df.ms
amssdelhi.gov.in.admin-mcas.ms
amssdelhi.gov.in.mcas-df.ms
amssdelhi.gov.in.mcas.ms
crsorgi.gov.in.crsorgi-goy.in
crsorgi.gov.in.orgi.live
indiacode.nic.in.admin-mcas-df.ms
indiacode.nic.in.admin-mcas.ms
indiacode.nic.in.mcas-df.ms
indiacode.nic.in.mcas.ms
indianarmy.nic.in.aboutcase.nl
sebi.gov.in.admin-mcas-df.ms
sebi.gov.in.admin-mcas.ms
sebi.gov.in.mcas-df.ms
sebi.gov.in.mcas.ms

# Reference: https://x.com/Huntio/status/1823470041624666376

indiagstgov.org
services.indiagstgov.org

# Reference: https://x.com/Malwar3Ninja/status/1825115113361420548

ashifdigitalseva.xyz
birthdeath.in
counciling.com
gov-certificate.com
nbssedelhi.org
nimsme.org
verifycertificate.info
viewss.click

# Reference: https://x.com/k3yp0d/status/1825505181951316093
# Reference: https://www.virustotal.com/gui/file/de0edf22fbd5758ca9118e029802c09f8394abea3b58af4446611529b9bb2a9b/detection
# Reference: https://www.virustotal.com/gui/file/c12708e6829d7207b16a4fccf65ed05758c676cd70d3e9746c375f5d27bff501/detection

157.173.198.190:15124
swachbharat.xyz

# Reference: https://x.com/PrakkiSathwik/status/1826238464222011661
# Reference: https://www.virustotal.com/gui/file/18ade2d13833dc1054e0d16ad03f56bb2f67b3009f178a326d397ec42f4731bf/detection
# Reference: https://www.virustotal.com/gui/file/2019fec607e8955b79d194e1c6408e5c50269dac60b6f5864f36814774713361/detection
# Reference: https://www.virustotal.com/gui/file/5f607374431d77a7398927f45c5d1efc57513250622e23535dbc0a0a0584c3a1/detection

http://138.68.134.123
http://165.232.138.173
http://170.64.132.144
http://64.23.138.81

# Reference: https://x.com/Cyberteam008/status/1827913665539952755
# Reference: https://www.virustotal.com/gui/file/2e6bc46b4a5959dcba2791b68cdb70a938cf974a4153f2ec13390bc8c5761de2/detection
# Reference: https://www.virustotal.com/gui/file/7486ff26c68a4362572accab3308bc81cc45b121b31366173dbc71a4e7fc3af5/detection

154.216.18.90:67
154.216.18.90:909

# Reference: https://x.com/PrakkiSathwik/status/1831368562742882598
# Reference: https://www.virustotal.com/gui/file/7eb32944ecbcf386aeff5b9ac5276b4e8e7280346d9a14faae233a6d16eca852/detection
# Reference: https://www.virustotal.com/gui/file/48b8c5703ff73125cb373b9a05e959ea467038a1391f368a863b7734b92f44ae/detection

http://72.11.156.132
72.11.156.132:5863

# Reference: https://x.com/PrakkiSathwik/status/1833113297278644602
# Reference: https://www.virustotal.com/gui/file/3326ba81b48ab03f7f49d2da70d3bbe4ea0e163d33e7399d528152b7c3da9170/detection

http://143.198.64.151
http://157.245.139.146
http://159.89.165.86
http://206.189.134.185

# Reference: https://app.validin.com/detail?find=%2FC%3D--%2FST%3DSomeState%2FL%3DSomeCity%2FO%3DSomeOrganization%2FOU%3DSomeOrganizationalUnit%2FCN%3Dganditghal.com%2FemailAddress%3Droot%40ganditghal.com&type=raw&ref_id=b03d0e384b6#tab=host_pairs_v2

http://78.40.117.108
http://78.40.117.146
http://78.40.117.168
http://78.40.117.202
http://78.40.117.229
http://78.40.117.244
http://78.40.117.245
http://78.40.117.30
http://78.40.117.37
http://78.40.117.41
http://78.40.117.70
78.40.117.108:443
78.40.117.146:443
78.40.117.168:443
78.40.117.202:443
78.40.117.229:443
78.40.117.244:443
78.40.117.245:443
78.40.117.30:443
78.40.117.37:443
78.40.117.41:443
78.40.117.70:443

# Reference: https://x.com/Cyberteam008/status/1835514106641600734
# Reference: https://x.com/iam_rajhans/status/1835935106734694589
# Reference: https://en.fofa.info/result?qbase64=dGl0bGU9PSJTdXByZW1lIENvdXJ0IG9mIEluZGlhIHwgSW5kaWEi
# Reference: https://app.validin.com/detail?type=raw&find=Supreme+Court+of+India+%7C+India#tab=host_pairs_v2

http://103.231.254.55
http://129.227.206.99
http://198.252.103.101
http://207.148.99.243
http://43.228.125.28
http://45.115.39.3
http://45.115.39.69
http://47.246.50.178
http://47.76.72.16
http://65.2.164.102
http://79.133.176.214
103.231.254.55:443
129.227.206.99:443
198.252.103.101:443
207.148.99.243:443
43.228.125.28:443
45.115.39.3:443
45.115.39.69:443
47.246.50.178:443
47.76.72.16:443
79.133.176.214:443
incicourtgov.com
incourtsci.com
laoy-ajab.top
lx-yindu.top
mfpa.hk
phimp3.com
saxojp.com
sci-dailyorderssecurelogin.in 
scicourtgov.com
scicourtin.com
scidailyordercure-login.in
scigov.cc
scigov.cn
scigov.online
scigovin.com
scigovs.in
scingov.com
scingovin.com
scoi-qov.in
supreme-court-of-india.com
supremejudical.in
yindu4.top
sci.supremejudical.in
api.yindu4.top
test.yindu4.top
43-228-125-28.cprapid.com
mail.43-228-125-28.cprapid.com
mail.cocojojo-pet.com
webmail.cocojojo-pet.com

# Reference: https://x.com/Cyberteam008/status/1835875339425222966
# Reference: https://www.virustotal.com/gui/file/41accf41733ddcd65dc479a0c369f90894870ce10e4410ea2ffa7ce0f51672d9/detection
# Reference: https://www.virustotal.com/gui/file/4f946de9b5ebcc003274ad95125d80a805c5359643074fc6e756a08303d673e5/detection

http://139.59.34.138
http://165.232.180.251

# Reference: https://x.com/malwrhunterteam/status/1836835278348243086
# Reference: https://x.com/StrikeReadyLabs/status/1836841368875835575
# Reference: https://app.validin.com/detail?find=78.40.116.210&type=ip4&ref_id=422094cf4f4#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/5a06b3dc09b3a2c309d0f20536e1a11f168ff76d96d15a3233ede322788ab280/detection

http://78.40.116.210
78.40.116.210:443
briefreport.nl
casereports.nl
publications.ltd
webiaf.link
in.briefreport.nl
in.casereports.nl
in.webiaf.link
in.publications.ltd
gov.in.briefreport.nl
gov.in.casereports.nl
gov.in.publications.ltd
gov.in.webiaf.link
email.gov.in.briefreport.nl
email.gov.in.publications.ltd
email.gov.in.webiaf.link
jkpolice.gov.in.casereports.nl

# Reference: https://x.com/Cyberteam008/status/1859873454805458996
# Reference: https://app.validin.com/detail?find=Email%20Web%20Client%20Sign%20In&type=raw&ref_id=fbd42482808#tab=host_pairs_v2

email-gov.icu
email-gov-in.a5e1.com
indiagov.pw
indiagov.ws
in.indiagov.pw
in.indiagov.ws
gov.in.indiagov.pw
gov.in.indiagov.ws
email.gov.in.indiagov.pw
email.gov.in.indiagov.ws

# Reference: https://x.com/Cyberteam008/status/1838407864961892569
# Reference: https://x.com/Aarn63373424/status/1838464659428655505
# Reference: https://www.zoomeye.hk/searchResult?q=%22%5Cx0c%5Cx00%5Cx00%5Cx00%5Cx00info%3Dcommand%22&page=2&pageSize=10

134.119.181.142:10443
161.97.119.238:7776
172.245.244.42:14443
198.23.213.44:7778
207.180.245.93:7788
64.188.25.143:8529
75.119.133.15:7788

# Referecne: https://x.com/PrakkiSathwik/status/1839967368493068733
# Reference: https://www.virustotal.com/gui/file/690cb1f68b15a54438509e1ec1ce57bd1c617ce6c429a62a694b85da9c09542c/detection

64.188.21.199:14257
64.188.21.199:16267
64.188.21.199:22682
64.188.21.199:26153
64.188.21.199:6257

# Reference: https://x.com/Malwar3Ninja/status/1845062755843440807

cscegov.org
crsorgigov.site
crsorgigoovi.live
auth.crsorgigoovi.live
crsorgi-gov-com.fastportal.cloud
crsorgi-gov.co
crsorgi-gvo.tech
crsorgi.g0v.site
crsorgi.gov.in.amvvd0kewrewreowkjk4elkwrmpwkkkyzz093d3d.live
crsorgi.gov.in.apib.ltd
crsorgi.gov.in.verificationbwf4vexrzc9gtnhbwkhtztnrdwhuzz09.com
crsorgi.gov.in.web.index.php.viewcerti.xyz
crsorgi.gov.orgi.indnd.xyz
crsorgi.gpov.in
crsorgi.gov.in.aut.printh.shop
crsorgi.gov.in.coorv.org
crsorgi.gov.in.crs.verifycertificate.inoex.in
crsorgi.gov.in.index-csc.shop
crsorgi.gov.in.indexin.me
crsorgi.gov.in.inoex.in.birthportal.life
crsorgi.gov.in.inoex.in.inoex.in
crsorgi.gov.in.print.shop
crsorgi.gov.in.servicecertificate.in.net
crsorgi.gov.in.web.printh.shop
crsorgi.gov.in.dashboardbirth.in.net
crsorgigoov.co.in
crsorgigoovi.live
crsorgidc.co.in
dc.crsorgi.gov.in.aut.printh.shop
dc.crsorgi.gov.in.coorv.org
dc.crsorgi.gov.in.crs.verifycertificate.inoex.in
dc.crsorgi.gov.in.index-csc.shop
dc.crsorgi.gov.in.indexin.me
dc.crsorgi.gov.in.inoex.in.birthportal.life
dc.crsorgi.gov.in.inoex.in.inoex.in
dc.crsorgi.gov.in.print.shop
dc.crsorgi.gov.in.servicecertificate.in.net
dc.crsorgi.gov.in.web.printh.shop
dc.crsorgi.gov.in.dashboardbirth.in.net
dkprintportal.xyz.crsorgidc.co.in

# Reference: https://x.com/suyog41/status/1849420956114022526
# Reference: https://x.com/PrakkiSathwik/status/1849423423052620023
# Reference: https://www.virustotal.com/gui/file/2cf03b9eb39a6a17f83dbbce249acd7a284dc53ab687f3bb6323ae57bce77bac/detection

http://178.128.246.38
http://178.128.89.173
/libyajl2
/libxfixes3

# Reference: https://x.com/malwrhunterteam/status/1850821170032984194
# Reference: https://www.virustotal.com/gui/file/0cd4dbd246ef2e1e157f899c52ebc409a157507722ada5222da53883b135e928/detection

indianarmy.pl
in.indianarmy.pl
gov.in.indianarmy.pl
email.gov.in.indianarmy.pl

# Reference: https://twitter.com/bofheaded/status/1577197626852003840
# Reference: https://www.virustotal.com/gui/ip-address/173.249.18.251/relations
# Reference: https://www.virustotal.com/gui/file/e5ca4a6c4d2dbd0343cf59d7eb7fb034f45b86c13c8d80b92f289b464828d3bf/detection
# Reference: https://www.virustotal.com/gui/file/7034fd95d764429b5b4b84fc7e63fa259879c10a7c0786fa47e86f911970614e/detection

http://173.249.18.251
drivebrox.xyz
vaultsecure.xyz

# Reference: https://x.com/Cyberteam008/status/1851127191578288218
# Reference: https://www.virustotal.com/gui/file/72987ad4dd79861c3edab1125342f41beefa7e796b50d125c21eac0dde729590/detection
# Reference: https://www.virustotal.com/gui/file/e1d01b57e90312803b2d707fcf7d2e4dac44ea562d9b6680347d816a3bfb8f6b/detection

173.249.18.251:3945

# Reference: https://x.com/Cyberteam008/status/1851127191578288218
# Reference: https://www.virustotal.com/gui/file/99ee9f703b9fbac1d1e980cd32ce37fc8e2d0068b301aff44c05bf02a65612b9/detection
# Reference: https://www.virustotal.com/gui/file/b74e17337ea9be338bbac6022eafc63a3ba3a961bf8a4d9848ee9b6c24beedf6/detection

173.249.18.251:6659

# Reference: https://x.com/Cyberteam008/status/1851127191578288218
# Reference: https://www.virustotal.com/gui/file/2383289c1f14cbc7de650f5f79c8b3ff7b737f93179dfb5cfd5c583ce9653f42/detection

173.249.18.251:9794

# Reference: https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/

http://143.110.179.176
http://38.54.84.83
http://64.227.134.248
http://83.171.248.67
84.247.135.235:8080

# Reference: https://x.com/bofheaded/status/1855017264980148711
# Reference: https://app.validin.com/detail?find=Supreme%20Court%20of%20India%20%7C%20India&type=raw&ref_id=026d14c44ed#tab=host_pairs (# 2025-06-25)

indiajudicialinfo.com
indiajudiciallive.cc
indiajudiciallive.com
indiascihub.com
judicialsearchinia.com
sciinfo.cc
scindia.info
supremecourt.sc

# Reference: https://app.validin.com/detail?find=Email%20Web%20Client%20Sign%20In&type=raw#tab=host_pairs (# 2024-11-09)

indianarmy.ml
in.indianarmy.ml
gov.in.indianarmy.ml
email.gov.in.indianarmy.ml
nobooks.online
putir.shop
mail.putir.shop
webmail.putir.shop

# Reference: https://x.com/raghav127001/status/1853625255484633381

courtfiles.net
hotel99world.com
india-sci.com
india-sci.in
india-sci.net
indiasci.net
indiasci.org
sci-gov-in.com
sci-gov-in.net
sci-gov.net
smlgo.vb-in.cfd
smlgo.vb-in.top
smlgo.vb-in.xyz
smlgovb-in.cc
smlgovb-in.com
vb-in.cfd
vb-in.top
vb-in.xyz

# Reference: https://x.com/PrakkiSathwik/status/1855224137871978808

158.220.94.60:9813
pmshriggssssiwan.in
vmi1529454.contaboserver.net
vmi1877385.contaboserver.net

# Reference: https://x.com/bofheaded/status/1858780617493934279

scigove.com

# Reference: https://x.com/Cyberteam008/status/1859067522043322663

kavachapp.io

# Reference: https://x.com/Cyberteam008/status/1860987009910853898
# Reference: https://www.virustotal.com/gui/file/8941dead07922712a56bc8a891714657726cc8b63d2cf27f59d337672c3669ab/detection
# Reference: https://www.virustotal.com/gui/file/58a7bb1c4534b2ab9d967c4fd05a0b48797665bca3e874d32b18213a0414bbff/detection
# Reference: https://www.virustotal.com/gui/file/3e8c155ff5bfedceb60892f30e819ead65ca276b4553cd43bed47ad71c5d6cbf/detection

167.160.167.18:12165
167.160.167.18:14268
167.160.167.18:16265
167.160.167.18:18626
167.160.167.18:32123
qhev18.duckdns.org

# Reference: https://twitter.com/Antelox/status/768023996923277312

193.164.131.58:10000

# Reference: https://twitter.com/James_inthe_box/status/1080521422823337984

193.42.107.7:3687

# Reference: https://twitter.com/ostinjohn/status/994560995615039488
# Reference: https://www.hybrid-analysis.com/sample/3aca697f1ac623ac970764dd1b248339d03f18acd5ba1b4a443ff9d5016f8e4e/5af3d6237ca3e179812bdfc5

178.238.230.52:3828
178.238.230.52:6828
178.238.230.52:11226 

# Reference: https://twitter.com/Antelox/status/810488762140684288
# Reference: https://www.virustotal.com/gui/file/f0b27a8c47f6d9f82489e0e5fba75f70fab8acdbb63b05c93cb3cceec90295ae/community

37.48.84.229:9901

# Reference: https://twitter.com/Antelox/status/770613975662796803
# Reference: https://www.virustotal.com/gui/file/c88095a28fea80409da7b2fc601b4c68828f0d31b7faebe4453217887f9e3241/community

5.189.161.200:7865

# Reference: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf (# Crimson C&C)

bhai123.no-ip.biz
bhai1.ddns.net
sudhir71nda.no-ip.org
178.238.228.113:7861
193.37.152.28:9990
213.136.87.122:10001
5.189.143.225:11114

# Reference: https://twitter.com/killamjr/status/1190456533588598784

139.28.36.82:53631

# Reference: https://twitter.com/DynamicAnalysis/status/1197938882026901504

5.196.210.44:33401

# Reference: https://twitter.com/DeadlyLynn/status/1213338265308155904
# Reference: https://www.virustotal.com/gui/file/6078b55381e39779f915032533a93d725bab98982b303998fa8ba2ecfc675737/detection
# Reference: https://www.virustotal.com/gui/file/ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6/detection

167.114.138.12:6828

# Reference: https://twitter.com/DynamicAnalysis/status/1220432888019214337
# Reference: https://medium.com/@dinu135dk/revive-of-crimson-rat-6b8838920c02

160.20.147.59:2987
bjorn111.duckdns.org
newsupdates.myftp.org

# Reference: https://www.virustotal.com/gui/file/d27474625cdc0c3456918edfa58bfaf910c8b98c6168a506ac14afc1a41fb58f/detection

192.169.69.25:2987

# Reference: https://app.any.run/tasks/9ca972d6-3574-4d85-bd68-a9cd26c203ee/

185.140.53.91:6711

# Reference: https://twitter.com/malwrhunterteam/status/1229780080517357568

64.188.25.232:3263

# Reference: https://twitter.com/w3ndige/status/1235184651699998721
# Reference: https://www.virustotal.com/gui/file/370a108b98b8652aacd4acec5d140cab685291ad77e2a4a0821734aad614eb6a/detection

185.174.100.63:34891
185.174.100.63:3920
transfer-shopping-malls.webredirect.org

# Reference: https://app.any.run/tasks/8527edcf-6459-48f6-aee2-85eaf817571c/

198.46.177.73:6421

# Reference: https://twitter.com/killamjr/status/1232071072096239617
# Reference: https://app.any.run/tasks/2eeeb372-d6ba-4f9f-add7-8b1532f938ec/

alrazi-pharrna.com

# Reference: https://twitter.com/_re_fox/status/1236483115037704192

198.46.168.28:2581

# Reference: https://twitter.com/_re_fox/status/1235941826634354688
# Reference: https://app.any.run/tasks/d8b93681-2730-4d03-b796-c52562260328/

181.215.47.169:3368

# Reference: https://twitter.com/_re_fox/status/1232493185475104771

107.175.64.209:6728

# Reference: https://twitter.com/_re_fox/status/1232402275181703169

185.136.163.197:4442

# Reference: https://twitter.com/srcr/status/1232288977790668801

185.244.30.102:4590

# Reference: https://twitter.com/killamjr/status/1232071072096239617

185.244.30.102:4950

# Reference: https://twitter.com/_re_fox/status/1237740569293701120

64.188.25.205:3692

# Reference: https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/
# Reference: https://otx.alienvault.com/pulse/5e6fa2a12088756147d24648

email.gov.in.maildrive.email

# Reference: https://app.any.run/tasks/7fe802ae-9d74-4e40-91e3-bb65cd06a458/

107.175.95.107:6790
westvalleyhospicecare.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/9f7bc1ac97d28d614f9b1965709a284511b9b13f3bd9685707f8f377b949efe5/detection

78.159.131.80:10001
superingtest.zapto.org

# Reference: https://app.any.run/tasks/250c2c2d-fdfb-4f46-8565-a9b2538c1ace/

107.175.64.251:6286

# Reference: https://twitter.com/_re_fox/status/1280221170307137538
# Reference: https://app.any.run/tasks/3b6fa50a-2496-400e-b7cf-fd2d4d48f405/

173.212.226.184:3169

# Reference: https://app.any.run/tasks/26933c3a-127f-4b12-8396-8684d7bdec44/

185.136.161.124:8761

# Reference: https://twitter.com/JAMESWT_MHT/status/1290952335192195072
# Reference: https://www.virustotal.com/gui/file/f2e2cb71a06ac2a95a02168fc3d91f160e6e07ca19c5e6d3d708a9a486dd3f92/detection

193.142.59.56:1131
lawdvmercy.site

# Reference: https://www.virustotal.com/gui/file/6d3982d6c6ca753d6d1daa71d88678c07718dd1919a874959a0c7975619c37fc/detection

151.106.56.32:3561

# Reference: https://www.virustotal.com/gui/file/db37f6755e954367a3365c3264e3916e5fd00c4c3e4c609515fa8599d36ca681/detection

64.188.26.219:4820

# Reference: https://securelist.com/transparent-tribe-part-1/98127/
# Reference: https://www.virustotal.com/gui/file/a860ba3861df2ae0add2b695071c04468f83c0973525519d62679dd4cd4d0026/detection
# Reference: https://www.virustotal.com/gui/file/59c6721a5ec5f97ef9b35e17057a5edb4f0075d1430c0cbd3eecfd44ccfe272c/detection
# Reference: https://www.virustotal.com/gui/file/e4d1f8ff1282ac60adc0134aec2420aa652250ac8ddafe866e56d2fab165a132/detection
# Reference: https://www.virustotal.com/gui/file/d2cc95b72c3e72b3888e9fa35f6fe0563f9dbbd08b76d0c3546065ceca3c5961/detection

173.212.192.229:3364
173.212.192.229:8264
173.249.14.119:6865
newsbizupdates.net
uronlinestores.net

# Reference: https://twitter.com/ShadowChasing1/status/1298268550340067329
# Reference: https://twitter.com/CyS_Centrum/status/1298565025985069057

209.127.16.126:4768
209.127.16.126:6758
209.127.16.126:11066
209.127.16.126:14824
209.127.16.126:18614

# Reference: https://twitter.com/ShadowChasing1/status/1304347789917212672
# Reference: https://www.virustotal.com/gui/file/9e305566f7d342adc8eaf30471aa3eb95c049acffc742ae23a5830a44f96e51d/detection

185.174.102.105:2991
tasnimnewstehran.club

# Reference: https://www.virustotal.com/gui/file/a5f02bb70acdf335bed9c0fc8439ab3a220027a28c7eb44f459afda0ec7b62eb/detection

151.106.14.125:6818

# Reference: https://www.virustotal.com/gui/file/137c059adda4df22eb29785fada54ebc00a22d150bfdc423f87ff1f6093bd827/detection

185.136.161.124:11614

# Reference: https://www.virustotal.com/gui/file/87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad/detection

185.136.161.124:6128

# Reference: https://www.virustotal.com/gui/file/60d46513d3473c2cb4fdfcf64229f4e99d1e202a2f840503d77fa07978dcb025/detection

104.227.97.53:2548

# Reference: https://twitter.com/mg2_tracy1/status/1314754343124365312
# Reference: https://www.virustotal.com/gui/file/dba5d00a87ad96b74d234d1415ca5172285cd7d781556d45b6609fd738bfc747/detection

172.245.247.112:3878
172.245.247.112:5648

# Reference: https://www.virustotal.com/gui/file/e3fe87254b405fa132a52daf1651d2ff11296691131956bf3f0059031135dcdd/detection

45.147.231.191:3626

# Reference: https://twitter.com/_re_fox/status/1317499039932362753
# Reference: https://app.any.run/tasks/355396a2-6711-4750-98ec-e492625d4d54/

45.147.231.191:8226

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1338192738135789570
# Reference: https://www.virustotal.com/gui/file/47b99e50430e9abad7326d1837ecdda5f995112b0b12406d23df5ef603d52a4e/detection
# Reference: https://www.virustotal.com/gui/file/b9446d663f2aef34efdb579ae02e62923b5c3bc02b9d0fe537f5974ae439a422/detection
# Reference: https://www.virustotal.com/gui/file/5a449782c6d286a5af7fd5cbab5d5d46dd4dd153cbc46e4aeae0ea54f2785980/detection

64.188.12.126:6658

# Reference: https://app.any.run/tasks/b129aead-e7cb-4ba7-ba72-842644cf7c97/

173.212.246.247:4368

# Reference: https://twitter.com/_re_fox/status/1337411756818395136
# Reference: https://www.virustotal.com/gui/file/5920a3300107b7b1cf8c230a071a0e5f2f5ff5941a5c450ef911582a7ce08346/detection

45.32.151.155:6126

# Reference: https://twitter.com/ShadowChasing1/status/1369196724544106504
# Reference: https://www.virustotal.com/gui/file/4c8e0459524380a9f00ffc58913f461c3e1d8737dd18252881f09e2d416e4f73/detection

172.245.87.12:6276

# Reference: https://twitter.com/ShadowChasing1/status/1397419326160793600
# Reference: https://www.virustotal.com/gui/file/eb7c34343944a6ae52b052bb263d29e2c627368aeee2080da0481f33a72f2085/detection

142.105.157.110:8181

# Reference: https://twitter.com/teamcymru_S2/status/1402607930046832645

185.136.169.139:14565
185.136.169.139:20555
185.136.169.139:28443
185.136.169.139:4561

# Reference: https://www.virustotal.com/gui/file/5f736d23d5d7f7382afb78acdc3b125ec101c0629327fb9a7fc5545b32ec0c38/detection

167.160.166.80:12214
167.160.166.80:16441
167.160.166.80:18822
167.160.166.80:6288
167.160.166.80:8868

# Reference: https://www.virustotal.com/gui/file/e052a90bdb716da64928b1286d86b3670efe5192115175ba25bf0c191398323d/detection

104.144.198.105:12816
104.144.198.105:14572
104.144.198.105:16286
104.144.198.105:4289
104.144.198.105:6722

# Reference: https://www.virustotal.com/gui/file/899a755ff675dbbf66d8bbcf6300bca7aa0c13d794430a1173f6fdc5cb87bd66/detection

178.238.239.176:7624

# Reference: https://www.virustotal.com/gui/file/0335de8eadbbd5dc7cbe92ef869bcea6f6596ac39a38680142c982ec6e97ecde/detection

185.136.161.124:15822
185.136.161.124:17443

# Reference: https://twitter.com/RedDrip7/status/1486997244310351873
# Reference: https://www.virustotal.com/gui/file/cffb0b0695abe36c0d23894650214f9329c530703f52cf44bc8853ca79a107cf/detection

96.47.234.102:12961
96.47.234.102:20886
96.47.234.102:22668
96.47.234.102:5898
96.47.234.102:8796

# Reference: https://twitter.com/James_inthe_box/status/1488987814066753538
# Reference: https://app.any.run/tasks/c1ccd827-a257-4598-aa9b-5872cdc44a40/

92.12.144.246:5321

# Reference: https://twitter.com/0xrb/status/1491665998382247938
# Reference: https://www.virustotal.com/gui/file/d5484ddde1ea4aefcbf40f9845f911b059818ec0bb57d0d48922ed25d161e0ea/detection

78.138.107.166:16864

# Reference: https://twitter.com/0xrb/status/1492030514035060741

161.97.164.144:9168
164.68.108.169:16292
164.68.108.169:16484
164.68.108.169:6681
164.68.112.101:20864
164.68.96.32:8543
168.119.98.243:12184
173.249.14.119:12865
173.249.19.32:8866
173.249.50.243:22464
173.249.50.243:9248
185.136.161.169:18556
185.136.161.169:28443
185.136.169.214:11262
185.136.169.214:3561
185.136.169.214:8164
185.197.249.247:8543
207.180.227.55:10666
5.189.170.4:4268
5.189.170.4:8843
5.189.176.185:12262
75.119.133.15:10101
75.119.133.15:4401
75.119.133.15:8832
79.143.177.122:10468
79.143.177.122:14486
95.111.230.252:1051

# Reference: https://twitter.com/0xrb/status/1493467587619221507

139.28.36.77:2012

# Reference: https://twitter.com/PrakkiSathwik/status/1733923613437460525
# Reference: https://www.virustotal.com/gui/file/da298e4d09a9e151c6bf60e8ebfdd8fc2e633d078c705db768e3284acdad0678/detection

204.44.124.81:19182
204.44.124.81:20917
204.44.124.81:28791
204.44.124.81:26376
204.44.124.81:9159
adiptv.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8ff61163c7b74653da80dd1990123dd1977a5ec4e774f0c2f47d37f1360a6a9d/detection

95.119.198.38:3898
r6xyvcqm04wp1i4p.myfritz.net

# Reference: https://www.virustotal.com/gui/file/ffa0b1fcdf51cc0851a0b878df16577ea180a9d245e31166d81670372bc8b338/detection
# Reference: https://www.virustotal.com/gui/file/feda78f1dff8bd9d850a154a627bcfb4041dc36c325be0db436ca85fe565f767/detection
# Reference: https://www.virustotal.com/gui/file/b922698e7884f524cee2dd334f611b0cac193568c9de9f8073ef9c637f5833f0/detection
# Reference: https://www.virustotal.com/gui/file/b5db0dd322656c19a05bc78f3ce1d8bed30e72fb8c1ac5071fce4afa720f2696/detection
# Reference: https://www.virustotal.com/gui/file/7a07fbc4903e443f237fc7c99976a8cdb751a983860ea17b891a8c617a820ad0/detection
# Reference: https://www.virustotal.com/gui/file/2ab7a3c53e31187bab9675b184bf1e891bd76ceb2967b609a6aa66c4e7626419/detection

173.212.228.121:12460
173.212.228.121:16484
173.212.228.121:2836
173.212.228.121:5638
173.212.228.121:8626

# Reference: https://threatfox.abuse.ch/browse/malware/win.crimson/ (# 2024-01-01)

107.172.76.170:11408
119.157.27.213:16780
144.91.125.70:8489
144.91.72.22:8484
154.127.54.168:10019
160.20.147.56:6582
161.97.139.248:12262
161.97.139.248:8143
161.97.176.42:12184
161.97.176.52:12468
161.97.176.52:18584
164.68.112.101:14684
164.68.96.32:12861
167.86.71.146:3482
168.119.111.43:12184
173.249.0.199:12168
173.249.14.119:3285
173.249.50.57:2642
178.238.235.88:12536
185.137.122.104:8484
185.161.208.57:1912
194.163.139.252:4698
194.61.120.134:999
194.9.178.85:9109
198.23.144.126:10480
198.23.145.12:10480
198.23.210.211:4898
198.23.213.44:7776
23.226.132.105:6959
38.242.211.87:8143
45.14.194.253:10243
5.189.183.63:16568
62.171.130.47:2201
62.171.135.174:8589
66.154.103.101:9108
66.235.175.91:1051
66.235.175.91:23001
79.143.177.122:8682
79.143.181.178:8861
84.46.251.145:1717
84.46.251.145:901
91.229.77.1:999

# Reference: https://www.virustotal.com/gui/file/3cd76330e2cbcf7c37d6fc9d21779c60fd3552ba5d777a32ba49ca949379019f/detection

185.161.208.46:909
indiamails.info

# Reference: https://x.com/Cyberteam008/status/1867403358086013034
# Reference: https://www.virustotal.com/gui/file/5c0b5c2805dc1c22b86c6289f57207a34c4b345324d7459c1534549531634ef7/detection

mailindia.one
in.mailindia.one
gov.in.mailindia.one
email.gov.in.mailindia.one

# Reference: https://x.com/TIntel2255/status/1872524302157070579

kavach-nic.in

# Reference: https://x.com/Cyberteam008/status/1872467826881232901
# Reference: https://www.virustotal.com/gui/file/22b043bbf8fd39dc3433b1b54b8a78b70f44000e97711244f6f915b418cb56a3/detection

indiandefence.link
in.indiandefence.link
gov.in.indiandefence.link
email.gov.in.indiandefence.link

# Reference: https://x.com/PrakkiSathwik/status/1872727076954075316
# Reference: https://www.virustotal.com/gui/ip-address/157.20.51.28/relations
# Reference: https://www.virustotal.com/gui/file/7fb2ab732966e984b009880d116c16c08a57c10ad2400f619076e38444b7397c/detection
# Reference: https://www.virustotal.com/gui/file/a0dcf5d5c1bac633d44c99d43f3032ad5d9ae48814fc5a43e8edc2123da91742/detection

dssworld.in
egovservice.in
npvadgaon.in
rtsnmmconline.in
forest.dssworld.in
gadchiroli.egovservice.in
mail.egovservice.in
pakora.egovservice.in
pen.egovservice.in
trade.npvadgaon.in

# Reference: https://x.com/StrikeReadyLabs/status/1874099228881850620
# Reference: https://x.com/PrakkiSathwik/status/1874158663260418480
# Reference: https://www.seqrite.com/blog/goodbye-hta-hello-msi-new-ttps-and-clusters-of-an-apt-driven-by-multi-platform-attacks/
# Reference: https://www.virustotal.com/gui/file/b5a2949defda9a282aa307580118f929dd208a56e8cfbf5012c290e4cfac1ced/detection
# Reference: https://www.virustotal.com/gui/file/c717c6ce4304eb3e1454440c82b3d38d11bee98af530274fd4a6b99e4ab58749/detection
# Reference: https://www.virustotal.com/gui/file/541039d4eb67935884830657213991ba5da85f0650df6329c7153702a577a26a/detection
# Reference: https://www.virustotal.com/gui/file/cc90bf946b495aec9133f6c970dc873977592277d003248361cfea1d0706c811/detection

biossysinternal.com
widgetservicecenter.com
updates.biossysinternal.com
updates.widgetservicecenter.com
nhp.mowr.gov.in/NHPMIS/TrainingMaterial/aspx/Security-Guidelines/wont/
/antivmcommand

# Reference: https://x.com/TIntel2255/status/1876924224121479303
# Reference: https://x.com/Cyberteam008/status/1881174353376874861

indiandefence.nl
in.indiandefence.nl
in.martinsecompanhia.pt
gov.in.indiandefence.nl
gov.in.martinsecompanhia.pt
email.gov.in.indiandefence.nl
email.gov.in.martinsecompanhia.pt

# Reference: https://app.validin.com/detail?find=Supreme%20Court%20of%20India%20%7C%20India&type=raw#tab=host_pairs (# 2025-01-09)

cbisci.com
cbisciingov.com
sci-govven.com
scibovven.com
scicbi.com
scicbiovven.com
scigoin.com
scigoinvon.com
scigoinxon.com
thescoi.com
informationjudicial.com
sci.informationjudicial.com
spcourt-in.bounceme.net
spcourt-in.myvnc.com

# Reference: https://x.com/StrikeReadyLabs/status/1877444649721168029

8thpaycomission.cloud
in.8thpaycomission.cloud
gov.in.8thpaycomission.cloud
cgda.gov.in.8thpaycomission.cloud

# Reference: https://x.com/TIntel2255/status/1877791874263515562
# Reference: https://x.com/mal_analysis136/status/1878041395820200069

ail-govs.icu
govs.info

# Reference: https://x.com/TIntel2255/status/1877803513561882712
# Reference: https://app.validin.com/detail?find=Central%20Bureau%20of%20Investigation&type=raw&ref_id=0d272c0f3e2#tab=host_pairs (# 2025-01-09)

76767.icu
cbigov.site
ac.76767.icu
bs.76767.icu
aa.76767.icu
bb.76767.icu

# Reference: https://x.com/TIntel2255/status/1878174095600193716

157.173.122.139:443
157.173.122.139:60477

# Reference: https://x.com/suyog41/status/1878706537176457643
# Reference: https://www.virustotal.com/gui/file/67386fad18d548de90d13095d273de163acdd99e068cc52ca7a1d69eb5b38fcf/detection
# Reference: https://www.virustotal.com/gui/file/b805d4ae4a66c33175659a214554471dd296427a1c0d330494f41a48e8d3dc80/detection
# Reference: https://www.virustotal.com/gui/file/1a590332bfad8f37935669914b5cf5be99b029d74f9b11e27d3d0abae2344ba8/detection

209.145.52.172:6789
209.145.52.172:8816
sub172.duckdns.org

# Reference: https://x.com/StrikeReadyLabs/status/1879904120926240773
# Reference: https://www.virustotal.com/gui/file/e3d2cf307b2ca718bf9e28e6c95921b5b08092175e8c6252bb2e61eb4c9ca289/detection

modspaceinterior.com

# Reference: https://x.com/PrakkiSathwik/status/1879947131336945740
# Reference: https://www.seqrite.com/blog/goodbye-hta-hello-msi-new-ttps-and-clusters-of-an-apt-driven-by-multi-platform-attacks/

79.141.161.58:1256
79.141.161.58:56777

# Reference: https://app.validin.com/detail?find=Email%20Web%20Client%20Sign%20In&type=raw#tab=host_pairs (# 2025-01-19)

ministryofdefenceindia.link
in.ministryofdefenceindia.link
gov.in.ministryofdefenceindia.link
email.gov.in.ministryofdefenceindia.link

# Reference: https://app.validin.com/detail?find=Supreme%20Court%20of%20India%20%7C%20India&type=raw#tab=host_pairs (# 2025-01-19)

supremecourt-india.com

# Reference: https://x.com/skocherhan/status/1881031569223074137

scigovn-in.cc
scigovss.net
soi-qov.in
scis.scigovss.net

# Reference: https://x.com/TIntel2255/status/1882497021569044881

departmentofdefence.cc
in.departmentofdefence.cc
gov.in.departmentofdefence.cc
email.gov.in.departmentofdefence.cc

# Reference: https://x.com/TIntel2255/status/1882503330041352635

mail-gov-in.firebaseapp.com

# Reference: https://x.com/TIntel2255/status/1882504911688171621

cscvle.space
in.cscvle.space
gov.in.cscvle.space
crsorgi.gov.in.cscvle.space
serviceonline.gov.in.cscvle.space

# Reference: https://x.com/TIntel2255/status/1884471358484255051
# Reference: https://app.validin.com/detail?find=Defence%20Sector%20Pay%20Scale%20Updates&type=raw&ref_id=d269ae1304f#tab=host_pairs (# 2025-01-29)

cleverhandy.store
webmailnic.army
in.webmailnic.army
mail.cleverhandy.store
gov.in.webmailnic.army
pcdaopune.gov.in.webmailnic.army

# Reference: https://x.com/TIntel2255/status/1884554148785664166

devilwork.site
in.devilwork.site
gov.in.devilwork.site
crsorgi.gov.in.devilwork.site
dc.crsorgi.gov.in.devilwork.site

# Reference: https://app.validin.com/detail?find=3ce12827a69a7f00b514d7036a83db67afea26a3&type=hash&ref_id=cb626166f0b#tab=host_pairs (# 2025-01-29)

advanceservice.in
akhilbirth.xyz
aryanprint.site
biharbourd.xyz
crsargi.life
crsorg.in
dc-crsorgi-gov.shop
dsprint.site
dsprint24.xyz
eduvisions.in
kgn-e-birth.xyz
linkuclmp.xyz
mahakalwebhost.xyz
omsai.site
sindex.in
sindex.site
sindexcrs.xyz
sindexcrsx.xyz
smartbabul.xyz
svlprint.site
verifycertificatecrs.live
dccrsorgi.eduvisions.in
mail.advanceservice.in
mail.akhilbirth.xyz
veiwcertificate.mahakalwebhost.xyz
in.veiwcertificate.mahakalwebhost.xyz
in.aryanprint.site
in.crsargi.life
in.crsorg.in
in.sindex.in
in.sindex.site
in.sindexcrs.xyz
in.sindexcrsx.xyz
in.smartbabul.xyz
in.svlprint.site
in.verifycertificatecrs.live
gov.in.veiwcertificate.mahakalwebhost.xyz
gov.in.aryanprint.site
gov.in.crsargi.life
gov.in.crsorg.in
gov.in.sindex.in
gov.in.sindex.site
gov.in.sindexcrs.xyz
gov.in.sindexcrsx.xyz
gov.in.smartbabul.xyz
gov.in.svlprint.site
gov.in.verifycertificatecrs.live
crsorg.gov.in.veiwcertificate.mahakalwebhost.xyz
crsorgi.gov.in.aryanprint.site
crsorgi.gov.in.crsargi.life
crsorg.gov.in.crsorg.in
crsorgi.gov.in.sindex.in
crsorgi.gov.in.sindex.site
crsorgi.gov.in.sindexcrs.xyz
crsorgi.gov.in.sindexcrsx.xyz
crsorgi.gov.in.smartbabul.xyz
crsorgi.gov.in.svlprint.site
crsorgi.gov.in.verifycertificatecrs.live
dc.crsorg.gov.in.veiwcertificate.mahakalwebhost.xyz
dc.crsorgi.gov.in.aryanprint.site
dc.crsorgi.gov.in.crsargi.life
dc.crsorg.gov.in.crsorg.in
dc.crsorgi.gov.in.sindex.in
dc.crsorgi.gov.in.sindex.site
dc.crsorgi.gov.in.sindexcrs.xyz
dc.crsorgi.gov.in.sindexcrsx.xyz
dc.crsorgi.gov.in.smartbabul.xyz
dc.crsorgi.gov.in.svlprint.site
dc.crsorgi.gov.in.verifycertificatecrs.live

# Reference: https://app.validin.com/detail?type=raw&find=Login+Basic+-+Pages+%7C+Sneat+-+Bootstrap+5+HTML+Admin+Template+-+Pro (# 2025-01-29)

ccrssorgi.co.in
crsgoive.co.in
crsoorgii.in
crsorgi-gov.life
crsorginal.site
crsorgi.rest
cscprintportal2.xyz
in-crs.info
crsorgi.gov.rituji.fun
crs.org.govi.in.devgatyservice.xyz
crsorgi.g.onlline.in
crsorgi.gov.in.api1.ltd
crsorgi.gov.in.crs.vearify.site
crsorgi.gov.in.crsbestvery.site
crsorgi.gov.in.cscprintportal2.xyz
crsorgi.gov.in-crs.info
crsorgi.gov.in.index.ds.suvidhaprint.site
crsorgi.gov.in.m.ogri.in
crsorgi.gov.in.myanu.life
crsorgi.gov.in.orjinaal.site
crsorgi.gov.in.viesx.site
crsorgi.gov.in.web.index.auths.uclservice.org
crsorgi.gov.in.web.inbexin.shop
crsorgigovt.space
crsorgis.best
crsorgoi.gov.in.cxrsmm.site
dc-crsorgi.lindex-php.in
dc-crsorgi.inindex.co.in
dc.ccrssorgi.co.in
dc.crs.org.govi.in.devgatyservice.xyz
dc.crs.rituji.fun
dc.crsorgi.g.onlline.in
dc.crsorgi.gov.in-crs.info
dc.crsorgi.gov.in.api1.ltd
dc.crsorgi.gov.in.crsbestvery.site
dc.crsorgi.gov.in.cscprintportal2.xyz
dc.crsorgi.gov.in.index.ds.suvidhaprint.site
dc.crsorgi.gov.in.m.mahirhd.xyz
dc.crsorgi.gov.in.m.ogri.in
dc.crsorgi.gov.in.orjinaal.site
dc.crsorgi.gov.in.viesx.site
dc.crsorgi.gov.in.web.index.auths.uclservice.org
dc.crsorgi.gov.rituji.fun
dccrsorgi-govv.live
dccrsorgigov.store
dcrsorrg.shop
devgatyservice.xyz
gov.in.api1.ltd
gov.in.crs.vearify.site
gov.in.crsbestvery.site
gov.in.cscprintportal2.xyz
gov.in.cxrsmm.site
gov.in-crs.info
gov.in.index.ds.suvidhaprint.site
gov.in.m.mahirhd.xyz
gov.in.m.ogri.in
gov.in.myanu.life
gov.in.orjinaal.site
gov.in.rpt.qrcodeaspx.info
gov.in.viesx.site
gov.in.web.index.auths.uclservice.org
gov.in.web.inbexin.shop
govi.in.devgatyservice.xyz
gov.rituji.fun
gp.mahaegram.co.in.vlewcert.info
mail.crsoorgii.in
mail.crsorginal.site
mail.dcrsorrg.shop
mail.dc.ccrssorgi.co.in
org.govi.in.devgatyservice.xyz
pehchan.rajasthan.gov.in.rpt.qrcodeaspx.info
rtps.dccrsorgi-govv.live
verifycertificate.crsorgi.gov.in.crs.vearify.site

# Reference: https://x.com/fibanocci3/status/1884835706645663960

departmentofdefence.link
in.departmentofdefence.link
gov.in.departmentofdefence.link
email.gov.in.departmentofdefence.link

# Reference: # Reference: https://app.validin.com/detail?find=Email%20Web%20Client%20Sign%20In&type=raw&ref_id=fbd42482808#tab=host_pairs_v2 (# 2025-02-06)

email-govs.click
email-govs.icu
email-nic.site
defenceindia.link
in.defenceindia.link
gov.in.defenceindia.link
email.gov.in.defenceindia.link

# Reference: https://app.validin.com/detail?find=Supreme%20Court%20of%20India%20%7C%20India&type=raw#tab=host_pairs (# 2025-02-18)

sp-court-in.com
spcourt-in.com

# Reference: https://x.com/fibanocci3/status/1888895170449686775

indiandefenceforces.link
in.indiandefenceforces.link
gov.in.indiandefenceforces.link
email.gov.in.indiandefenceforces.link

# Reference: https://x.com/fibanocci3/status/1887816636608176618

nrsec-gov-in.online
nrsecbihar.co.in

# Reference: https://x.com/raghav127001/status/1848610638307701163

athu.world
awsgust.xyz
biharibabu.xyz
coorv.xyz
crsor.xyz
cstelecom.xyz
e-prints.xyz
findtec.xyz
imgpdf.xyz
indexview.xyz
lnde.xyz
oneepson.xyz
onlineuclshop.xyz
printsportal.xyz
uclchild.xyz
verfiy.xyz
viecard.xyz
viewcertificate.xyz
viewcertify.xyz
viewdob.xyz
worksirf.xyz
in.athu.world
in.biharibabu.xyz
in.coorv.xyz
in.crsor.xyz
in.cstelecom.xyz
in.findtec.xyz
in.imgpdf.xyz
in.indexview.xyz
in.lnde.xyz
in.oneepson.xyz
in.onlineuclshop.xyz
in.printsportal.xyz
in.uclchild.xyz
in.viecard.xyz
in.viewcertificate.xyz
in.viewcertify.xyz
in.viewdob.xyz
in.web.e-prints.xyz
in.web.in.awsgust.xyz
in.web.verfiy.xyz
in.worksirf.xyz
gov.in.athu.world
gov.in.biharibabu.xyz
gov.in.coorv.xyz
gov.in.crsor.xyz
gov.in.cstelecom.xyz
gov.in.findtec.xyz
gov.in.imgpdf.xyz
gov.in.indexview.xyz
gov.in.lnde.xyz
gov.in.oneepson.xyz
gov.in.onlineuclshop.xyz
gov.in.printsportal.xyz
gov.in.uclchild.xyz
gov.in.viecard.xyz
gov.in.viewcertificate.xyz
gov.in.viewcertify.xyz
gov.in.viewdob.xyz
gov.in.web.e-prints.xyz
gov.in.web.in.awsgust.xyz
gov.in.web.verfiy.xyz
gov.in.worksirf.xyz
crsorgi.gov.in.athu.world
crsorgi.gov.in.biharibabu.xyz
crsorgi.gov.in.coorv.xyz
crsorgi.gov.in.crsor.xyz
crsorgi.gov.in.cstelecom.xyz
crsorgi.gov.in.findtec.xyz
crsorgi.gov.in.imgpdf.xyz
crsorgi.gov.in.indexview.xyz
crsorgi.gov.in.lnde.xyz
crsorgi.gov.in.oneepson.xyz
crsorgi.gov.in.onlineuclshop.xyz
crsorgi.gov.in.printsportal.xyz
crsorgi.gov.in.uclchild.xyz
crsorgi.gov.in.viecard.xyz
crsorgi.gov.in.viewcertificate.xyz
crsorgi.gov.in.viewcertify.xyz
crsorgi.gov.in.viewdob.xyz
crsorgi.gov.in.web.e-prints.xyz
crsorgi.gov.in.web.in.awsgust.xyz
crsorgi.gov.in.web.verfiy.xyz
crsorgi.gov.in.worksirf.xyz
dc.crsorgi.gov.in.athu.world
dc.crsorgi.gov.in.biharibabu.xyz
dc.crsorgi.gov.in.coorv.xyz
dc.crsorgi.gov.in.crsor.xyz
dc.crsorgi.gov.in.cstelecom.xyz
dc.crsorgi.gov.in.findtec.xyz
dc.crsorgi.gov.in.imgpdf.xyz
dc.crsorgi.gov.in.indexview.xyz
dc.crsorgi.gov.in.lnde.xyz
dc.crsorgi.gov.in.oneepson.xyz
dc.crsorgi.gov.in.onlineuclshop.xyz
dc.crsorgi.gov.in.printsportal.xyz
dc.crsorgi.gov.in.uclchild.xyz
dc.crsorgi.gov.in.viecard.xyz
dc.crsorgi.gov.in.viewcertificate.xyz
dc.crsorgi.gov.in.viewcertify.xyz
dc.crsorgi.gov.in.viewdob.xyz
dc.crsorgi.gov.in.web.e-prints.xyz
dc.crsorgi.gov.in.web.in.awsgust.xyz
dc.crsorgi.gov.in.web.verfiy.xyz
dc.crsorgi.gov.in.worksirf.xyz

# Reference: https://x.com/PrakkiSathwik/status/1891203264626020406
# Reference: https://www.virustotal.com/gui/file/3217397c6b12d88b5039a4c42848d8a6b03c37ecf322d9cf0836eebacc81149f/detection
# Reference: https://www.virustotal.com/gui/file/947e75dc1f9b8a6d74a6d55afa7513ed86db907965cf0935ebb26c17f0ec6c5d/detection
# Reference: https://www.virustotal.com/gui/file/b5c8e2afa1091e9513da06cfaa1ceed25e091692cdfe7f304e367c58957e2d63/detection
# Reference: https://www.virustotal.com/gui/file/db2328a4c6f74c29670d87f90fc23fe46559b9d6f64e3ad685acb7a538835bad/detection

209.127.18.107:15493
209.127.18.107:22861
209.127.18.107:26184
209.127.18.107:6859
209.127.18.107:8718

# Reference: https://app.validin.com/detail?find=Email%20Web%20Client%20Sign%20In&type=raw#tab=host_pairs (# 2025-02-28)
# Reference: https://www.virustotal.com/gui/file/d0c30db4a14943bb9d94f577b4cd515f9ce6a49a30c55d63a848103754f40439/detection
# Reference: https://www.virustotal.com/gui/file/b56a0aeb468371e63608d14c47804a79f326879052001afd5996ffd7bb7881d8/detection

departmentofdefenceindia.link
indiadefencedepartment.link
in.departmentofdefenceindia.link
in.indiadefencedepartment.link
gov.in.departmentofdefenceindia.link
gov.in.indiadefencedepartment.link
email.gov.in.departmentofdefenceindia.link
email.gov.in.indiadefencedepartment.link

# Reference: https://labs.k7computing.com/index.php/exposing-the-deceit-phishing-sites-impersonating-government-entities/
# Reference: https://app.validin.com/detail?find=557ce7f39601f6826788cda47f75df7c&type=hash&ref_id=5d617c1c8ee#tab=host_pairs

http://129.154.249.114
http://140.245.30.252
http://141.148.193.77
http://141.148.195.37
http://141.148.199.161
http://141.148.199.227
http://144.24.114.19
http://146.56.50.80
http://45.202.35.172
http://47.76.72.16
http://80.225.193.92
http://93.157.106.19
129.154.249.114:443
140.245.30.252:443
141.148.193.77:443
141.148.195.37:443
141.148.199.161:443
141.148.199.227:443
141.148.199.227:8443
144.24.114.19:443
146.56.50.80:443
146.56.50.80:8443
45.202.35.172:443
47.76.72.16:443
80.225.193.92:443
80.225.193.92:8443
93.157.106.19:443

# Reference: https://app.validin.com/detail?find=178.63.172.30&type=ip4&ref_id=c8cf1bc5da0#tab=resolutions

email-gov-in.cdu.cm

# Misc.

crsorg.buzz
crsorgi.solutions
crsorgioi.online
gov-in.cloud
govi.site
dc.crsorgi.gov.in.admin.onlline.com.onlline.in
dc.crsorgi.gov.in.aoth.xyz
dc.crsorgi.gov.in.apnaedistrict.site
dc.crsorgi.gov.in.auth.fizaprint.xyz
dc.crsorgi.gov.in.auth.pdfview.in
dc.crsorgi.gov.in.biharibabu.site
dc.crsorgi.gov.in.biharibabu.top
dc.crsorgi.gov.in.birthvew.online
dc.crsorgi.gov.in.birthwala.site
dc.crsorgi.gov.in.bithprint.site
dc.crsorgi.gov.in.certificateonline.agency
dc.crsorgi.gov.in.certificateverify.in
dc.crsorgi.gov.in.certifiicate.in
dc.crsorgi.gov.in.cphp.info
dc.crsorgi.gov.in.crs.c.verifycerlificate.in
dc.crsorgi.gov.in.crs.certificate-verify.site
dc.crsorgi.gov.in.crs.certificate.veraify.site
dc.crsorgi.gov.in.crs.certificate.verify.ceart.site
dc.crsorgi.gov.in.crs.dcseo.online
dc.crsorgi.gov.in.crs.dcseo.online.dcseo.online
dc.crsorgi.gov.in.crs.indaxs.in
dc.crsorgi.gov.in.crs.inedx.in
dc.crsorgi.gov.in.crs.verafy.site
dc.crsorgi.gov.in.crs.verify.verifycerlificate.in
dc.crsorgi.gov.in.crs.verifyc.id-php.in
dc.crsorgi.gov.in.crs.verifycertifi.carit.site
dc.crsorgi.gov.in.crs.verifycertificate.droft.shop
dc.crsorgi.gov.in.crs.web.auth.dc-crs.store
dc.crsorgi.gov.in.crs.web.auth.indax.space
dc.crsorgi.gov.in.crsorg.buzz
dc.crsorgi.gov.in.crsorgi.solutions
dc.crsorgi.gov.in.crssg.shop
dc.crsorgi.gov.in.cscprintportal2.xyz
dc.crsorgi.gov.in.cscvle.shop
dc.crsorgi.gov.in.cxrsmm.site
dc.crsorgi.gov.in.dc-verify.info
dc.crsorgi.gov.in.dcbirth.fun
dc.crsorgi.gov.in.dcbirth.in
dc.crsorgi.gov.in.dccrs.in.net
dc.crsorgi.gov.in.dcert.ink
dc.crsorgi.gov.in.dclink.shop
dc.crsorgi.gov.in.dcverfy.in
dc.crsorgi.gov.in.endex.site
dc.crsorgi.gov.in.endx.xyz
dc.crsorgi.gov.in.fastprintseva.site
dc.crsorgi.gov.in.gavi.in.net
dc.crsorgi.gov.in.gcbs.site
dc.crsorgi.gov.in.gov-in.cloud
dc.crsorgi.gov.in.govi.site
dc.crsorgi.gov.in.hostingbest.live
dc.crsorgi.gov.in.igaxis.site
dc.crsorgi.gov.in.imgpdf.top
dc.crsorgi.gov.in.in.crsorgioi.online
dc.crsorgi.gov.in.in.viwe.life
dc.crsorgi.gov.in.ind2.xyz
dc.crsorgi.gov.in.indecx.site
dc.crsorgi.gov.in.indesx.cloud
dc.crsorgi.gov.in.index-ds.in-n.site
dc.crsorgi.gov.in.index.birth.onlline.in
dc.crsorgi.gov.in.index.in.suvidhaprint.site
dc.crsorgi.gov.in.index.php.oneepson.xyz
dc.crsorgi.gov.in.index.suvidhaprint.site
dc.crsorgi.gov.in.index.verifycertificate.info
dc.crsorgi.gov.in.index.viewscrit.org
dc.crsorgi.gov.in.indexe.cloud
dc.crsorgi.gov.in.indx.viwe.life
dc.crsorgi.gov.in.infhop.in
dc.crsorgi.gov.in.inix.live
dc.crsorgi.gov.in.logln.in
dc.crsorgi.gov.in.mrraj.shop
dc.crsorgi.gov.in.myadhaar.xyz
dc.crsorgi.gov.in.mycsccenter.top
dc.crsorgi.gov.in.nat.verifycertificatecrs.live
dc.crsorgi.gov.in.nest.verifycertificatecrs.live
dc.crsorgi.gov.in.or-ai.site
dc.crsorgi.gov.in.osolution.in
dc.crsorgi.gov.in.pdfverify.in
dc.crsorgi.gov.in.rmssolutionprint.xyz
dc.crsorgi.gov.in.rpjnsdl.co.in
dc.crsorgi.gov.in.shahji.cam
dc.crsorgi.gov.in.skfastportal.site
dc.crsorgi.gov.in.sm.smmi.in.net
dc.crsorgi.gov.in.smfind.shop
dc.crsorgi.gov.in.unqtech.xyz
dc.crsorgi.gov.in.veernishad.online
dc.crsorgi.gov.in.verfiycerti.co.in
dc.crsorgi.gov.in.verify.certificata.online
dc.crsorgi.gov.in.verify.gsaddartps.xyz
dc.crsorgi.gov.in.verify.indaxs.in
dc.crsorgi.gov.in.verifycerlificate.in
dc.crsorgi.gov.in.verifycerti.online
dc.crsorgi.gov.in.verifycertificate.buzz
dc.crsorgi.gov.in.verifycertificate.gsaddaprint.xyz
dc.crsorgi.gov.in.verifycertificate.xyz
dc.crsorgi.gov.in.verifycertificatecrs.verifycertificatecrs.live
dc.crsorgi.gov.in.verifycertificates.site
dc.crsorgi.gov.in.verifycsc.shop
dc.crsorgi.gov.in.verifyin.live
dc.crsorgi.gov.in.view.certificatepdf.in
dc.crsorgi.gov.in.viewcrsn.site
dc.crsorgi.gov.in.viewert.cloud
dc.crsorgi.gov.in.viewert.cloud.88-99-15-159.cprapid.com
dc.crsorgi.gov.in.viewpdfb.in.net
dc.crsorgi.gov.in.viewpfd.in
dc.crsorgi.gov.in.vipcrs.info
dc.crsorgi.gov.in.vivwcert.info
dc.crsorgi.gov.in.vlew.tech.aoth.xyz
dc.crsorgi.gov.in.vlew.xyz
dc.crsorgi.gov.in.vlewcert.info
dc.crsorgi.gov.in.w3standard.com
dc.crsorgi.gov.in.web-c.phpi.cloud
dc.crsorgi.gov.in.web-index.cloud
dc.crsorgi.gov.in.web.aoth.xyz
dc.crsorgi.gov.in.web.cloued.in
dc.crsorgi.gov.in.web.crsorgioi.online
dc.crsorgi.gov.in.web.i.ogii.in
dc.crsorgi.gov.in.web.in.ogii.in
dc.crsorgi.gov.in.web.indax.auth.dc-verifycertificate.info
dc.crsorgi.gov.in.web.index.auth.dc-verifycertificate.info
dc.crsorgi.gov.in.web.index.auth.verifycerti.online
dc.crsorgi.gov.in.web.index.auth.verifycertiificate.live
dc.crsorgi.gov.in.web.index.auth.verifyphpi.info
dc.crsorgi.gov.in.web.index.auth.weiw.site
dc.crsorgi.gov.in.web.index.auth.weiws.site
dc.crsorgi.gov.in.web.index.birtht.shop
dc.crsorgi.gov.in.web.index.dc-verify.info
dc.crsorgi.gov.in.web.index.ex7ucl.in
dc.crsorgi.gov.in.web.index.indaxs.in
dc.crsorgi.gov.in.web.index.phei.info
dc.crsorgi.gov.in.web.index.php.aothi.info
dc.crsorgi.gov.in.web.index.php.carit.site
dc.crsorgi.gov.in.web.index.php.ogii.in
dc.crsorgi.gov.in.web.index.phpi.dc-verify.info
dc.crsorgi.gov.in.web.index.rautenterprises.in
dc.crsorgi.gov.in.web.index.verify.royalucl.in
dc.crsorgi.gov.in.web.index.verify.uniquesewa.site
dc.crsorgi.gov.in.web.index.wiew.in
dc.crsorgi.gov.in.web.inoex.cloud
dc.crsorgi.gov.in.web.lndax.xyz
dc.crsorgi.gov.in.web.load.phpe.xyz
dc.crsorgi.gov.in.web.ogii.in
dc.crsorgi.gov.in.web.org.crsorgi.solutions
dc.crsorgi.gov.in.web.org.royalprintportal.xyz
dc.crsorgi.gov.in.web.phei.info
dc.crsorgi.gov.in.web.php.inbexx.site
dc.crsorgi.gov.in.web.php.lndax.xyz
dc.crsorgi.gov.in.web.verfycertificate.live
dc.crsorgi.gov.in.web.viewcerty.in
dc.crsorgi.gov.in.web.vle.site.vlecert.site
dc.crsorgi.gov.in.web.weiw.site
dc.crsorgi.gov.in.wiev.xyz
dc.crsorgi.gov.in.xpsdigi.solutions

# Reference: https://x.com/Fact_Finder03/status/1896113309319119185

http://91.211.248.245
http://92.119.114.57
91.211.248.245:443
92.119.114.57:443

# Reference: https://x.com/Cyberteam008/status/1896755260116578340
# Reference: https://www.virustotal.com/gui/file/9025f0bb681f73741a8ddf5cdccf44074d6271b0c03b42fa92dca3e32484879c/detection
# Reference: https://www.virustotal.com/gui/file/b5ab88485cbfca8a978bd4d858d3518d59ccc43cb8272dcae23b6ce80bc8bdf2/detection

185.174.101.108:12866
185.174.101.108:24124
185.174.101.108:24861
185.174.101.108:6515
185.174.101.108:7818
185.174.101.108:8817
185.174.101.147:12866
185.174.101.147:24124
185.174.101.147:24861
185.174.101.147:6515
185.174.101.147:7818
185.174.101.147:8817

# Reference: https://www.uptycs.com/blog/threat-research-report-team/cyber-espionage-in-india-decoding-apt-36-new-linux-malware
# Reference: https://www.virustotal.com/gui/file/cc53c74a8be261fab1f231e20d127cb815787ff3437daff8162855130f8ff271/detection

http://70.34.214.252
70.34.223.234:8001
govscholarships.in
supremo-portal.in
tt1.apktrial.com

# Reference: https://x.com/fibanocci3/status/1899344194235515091
# Reference: https://app.validin.com/detail?find=45.141.59.72&type=ip4&ref_id=35a07a5c4df#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/5815e06deb5ea6f7ce82690b80828546c48a7a06f1ebceaac896565f4bf9f479/detection

defencedept.work
indiandefence.work
in.defencedept.work
in.indiandefence.work
gov.in.defencedept.work
gov.in.indiandefence.work
email.gov.in.defencedept.work
email.gov.in.indiandefence.work

# Reference: https://x.com/solostalking/status/1899401046956679217
# Reference: https://app.validin.com/detail?type=ip&find=88.222.245.211#tab=resolutions
# Reference: https://app.validin.com/detail?find=153.92.210.104&type=ip4&ref_id=e8913126e78#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/cbf74574278a22f1c38ca922f91548596630fc67bb234834d52557371b9abf5d/detection

88.222.245.211:6969
analytics-metrics-gstaticplay.store
circularadmin.in
postindia.site
gov-in.mywire.org
in.gov-in.mywire.org
gov.in.gov-in.mywire.org
email.gov.in.gov-in.mywire.org

# Reference: https://x.com/TIntel2255/status/1899796191950377237

account-recovery.com
airforce-update.net
alert-notification.com
army-alert.net
brief-report.nl
briefreport.com
briefreport.ml
cgda-alert.com
confirm-identity.net
data-storage.services
datastorage.online
datastorage.services
defence-update.com
defencedept.work
department-of-defence.cc
department-of-defence.link
departmentofdefecce.cc
departmentofdefence.cc.login.secure.nl
departmentofdefence.com
departmentofdefence.ml
departmentofdefence.net
departmentofdefence.nl
departmentofdefence.online
departmentofdefence.pl
departmentofdefenceindia.cc
drdo-update.net
dvia.eu
egov-update.net
eids.email.gov.in.indiatop5.in
email-gov-in-access.com
email-gov-in-access.net
email-gov-in-access.org
email-gov-in-account.com
email-gov-in-account.net
email-gov-in-account.org
email-gov-in-alert.com
email-gov-in-alert.net
email-gov-in-alert.org
email-gov-in-confirm.com
email-gov-in-confirm.net
email-gov-in-confirm.org
email-gov-in-gov-in.in
email-gov-in-login.com
email-gov-in-login.net
email-gov-in-login.org
email-gov-in-official.com
email-gov-in-official.net
email-gov-in-official.org
email-gov-in-recovery.com
email-gov-in-recovery.net
email-gov-in-recovery.org
email-gov-in-reset.com
email-gov-in-reset.net
email-gov-in-reset.org
email-gov-in-security.com
email-gov-in-security.net
email-gov-in-security.org
email-gov-in-update.com
email-gov-in-update.net
email-gov-in-update.org
email-gov-in-verify.com
email-gov-in-verify.net
email-gov-in-verify.org
email-gov-in.account-recovery.com
email-gov-in.alert-notification.com
email-gov-in.confirm-identity.net
email-gov-in.official-login.net
email-gov-in.reset-password.com
email-gov-in.secure-access.net
email-gov-in.secure-login.com
email-gov-in.security-update.org
email-gov-in.verify-account.net
email-gov-in.verify-credentials.com
email-hw3b.gov.in.defenceindia.link
email.gov.in.account-recovery.com
email.gov.in.admin-mcas-df.ms
email.gov.in.airforce-update.net
email.gov.in.alert-notification.com
email.gov.in.army-alert.net
email.gov.in.brief-report.nl
email.gov.in.briefreport.com
email.gov.in.briefreport.ml
email.gov.in.cgda-alert.com
email.gov.in.cloud
email.gov.in.co
email.gov.in.confirm-identity.net
email.gov.in.data-storage.services
email.gov.in.datastorage.com
email.gov.in.datastorage.online
email.gov.in.datastorage.services
email.gov.in.defence-update.com
email.gov.in.defence.link
email.gov.in.defencedept.work
email.gov.in.department-of-defence.cc
email.gov.in.department-of-defence.link
email.gov.in.departmentofdefecce.cc
email.gov.in.departmentofdefence.cc.login.secure.nl
email.gov.in.departmentofdefence.com
email.gov.in.departmentofdefence.ml
email.gov.in.departmentofdefence.net
email.gov.in.departmentofdefence.nl
email.gov.in.departmentofdefence.online
email.gov.in.departmentofdefence.pl
email.gov.in.departmentofdefenceindia.cc
email.gov.in.drdo-update.net
email.gov.in.dvia.eu
email.gov.in.egov-update.net
email.gov.in.estbec.in
email.gov.in.governmentmail.link
email.gov.in.i-gov.ink
email.gov.in.icu
email.gov.in.id
email.gov.in.igov.com
email.gov.in.india-gov.pw
email.gov.in.indiadefence.link
email.gov.in.indiadefence.nl
email.gov.in.indiagov.com
email.gov.in.indiagov.mailindia.one
email.gov.in.indiagov.online
email.gov.in.indiagov.ps
email.gov.in.indiagov.site
email.gov.in.indian-army.ml
email.gov.in.indian-army.pl
email.gov.in.indian-defence.link
email.gov.in.indianarmy.com
email.gov.in.indianarmy.gov
email.gov.in.indianarmy.net
email.gov.in.indiandefence.com
email.gov.in.indiandefence.in
email.gov.in.indiandefence.link.verify.online
email.gov.in.indiandefence.work
email.gov.in.indiandence.nl
email.gov.in.indiatop5.in
email.gov.in.information.services
email.gov.in.link
email.gov.in.live
email.gov.in.login-secure.com
email.gov.in.mailgov.in
email.gov.in.mailgovin.com
email.gov.in.mailindia.ministryofdefenceindia.link
email.gov.in.martinseceompanhia.pt
email.gov.in.mcas-df.ms
email.gov.in.ministroyofdefenceindia.link
email.gov.in.misc.casacam.net
email.gov.in.modindia.link.com
email.gov.in.mygov.pw
email.gov.in.mygov.site
email.gov.in.parichay.link
email.gov.in.parichay.online
email.gov.in.publications.cc
email.gov.in.publications.ltd.publications.ltd
email.gov.in.publications.ltda.ms
email.gov.in.publications.ltdclawsindia.com
email.gov.in.publications.one
email.gov.in.publications.online
email.gov.in.reset-password.com
email.gov.in.support
gov.in.account-recovery.com
gov.in.airforce-update.net
gov.in.alert-notification.com
gov.in.army-alert.net
gov.in.brief-report.nl
gov.in.briefreport.com
gov.in.briefreport.ml
gov.in.cgda-alert.com
gov.in.cloud
gov.in.confirm-identity.net
gov.in.data-storage.services
gov.in.datastorage.com
gov.in.datastorage.online
gov.in.datastorage.services
gov.in.defence-update.com
gov.in.defence.link
gov.in.defencedept.work
gov.in.department-of-defence.cc
gov.in.department-of-defence.link
gov.in.departmentofdefecce.cc
gov.in.departmentofdefence.cc.login.secure.nl
gov.in.departmentofdefence.com
gov.in.departmentofdefence.ml
gov.in.departmentofdefence.net
gov.in.departmentofdefence.nl
gov.in.departmentofdefence.online
gov.in.departmentofdefence.pl
gov.in.departmentofdefenceindia.cc
gov.in.drdo-update.net
gov.in.dvia.eu
gov.in.egov-update.net
gov.in.email
gov.in.estbec.in
gov.in.governmentmail.link
gov.in.i-gov.ink
gov.in.india-gov.pw
gov.in.indiadefence.link
gov.in.indiadefence.nl
gov.in.indiagov.com
gov.in.indiagov.mailindia.one
gov.in.indiagov.online
gov.in.indiagov.ps
gov.in.indiagov.site
gov.in.indian-army.ml
gov.in.indian-army.pl
gov.in.indian-defence.link
gov.in.indianarmy.com
gov.in.indianarmy.gov
gov.in.indianarmy.net
gov.in.indiandefence.com
gov.in.indiandefence.in
gov.in.indiandefence.link.verify.online
gov.in.indiandefence.work
gov.in.indiandence.nl
gov.in.indiatop5.in
gov.in.information.services
gov.in.link
gov.in.live
gov.in.login-secure.com
gov.in.mailgov.in
gov.in.mailgovin.com
gov.in.mailindia.ministryofdefenceindia.link
gov.in.martinseceompanhia.pt
gov.in.ministroyofdefenceindia.link
gov.in.misc.casacam.net
gov.in.modindia.link.com
gov.in.mygov.pw
gov.in.mygov.site
gov.in.parichay.link
gov.in.parichay.online
gov.in.publications.cc
gov.in.publications.ltd.publications.ltd
gov.in.publications.ltda.ms
gov.in.publications.ltdclawsindia.com
gov.in.publications.one
gov.in.publications.online
gov.in.reset-password.com
governmentmail.link
i-gov.ink
in.account-recovery.com
in.airforce-update.net
in.alert-notification.com
in.army-alert.net
in.brief-report.nl
in.briefreport.com
in.briefreport.ml
in.cgda-alert.com
in.confirm-identity.net
in.data-storage.services
in.datastorage.com
in.datastorage.online
in.datastorage.services
in.defence-update.com
in.defence.link
in.defencedept.work
in.department-of-defence.cc
in.department-of-defence.link
in.departmentofdefecce.cc
in.departmentofdefence.cc.login.secure.nl
in.departmentofdefence.com
in.departmentofdefence.ml
in.departmentofdefence.net
in.departmentofdefence.nl
in.departmentofdefence.online
in.departmentofdefence.pl
in.departmentofdefenceindia.cc
in.drdo-update.net
in.dvia.eu
in.egov-update.net
in.estbec.in
in.governmentmail.link
in.i-gov.ink
in.india-gov.pw
in.indiadefence.link
in.indiadefence.nl
in.indiagov.com
in.indiagov.mailindia.one
in.indiagov.online
in.indiagov.ps
in.indiagov.site
in.indian-army.ml
in.indian-army.pl
in.indian-defence.link
in.indianarmy.com
in.indianarmy.gov
in.indianarmy.net
in.indiandefence.com
in.indiandefence.in
in.indiandefence.work
in.indiandence.nl
in.indiatop5.in
india-gov.pw
indiadefence.link
indiadefence.nl
indiagov.com
indiagov.mailindia.one
indiagov.online
indiagov.ps
indiagov.site
indian-army.ml
indian-army.pl
indian-defence.link
indianarmy.com
indianarmy.gov
indianarmy.net
indiandefence.com
indiandefence.in
indiandefence.work
indiandence.nl
indiapost.gov.in.email
indiatop5.in
mailindia.ministryofdefenceindia.link
martinseceompanhia.pt
ministroyofdefenceindia.link
mygov.pw
mygov.site
parichay.link
parichay.online
publications.cc
publications.ltda.ms
publications.ltdclawsindia.com
publications.one
publications.online
reset-password.com

# Reference: https://x.com/solostalking/status/1903785739764285529

pnpsmm.in
print.pnpsmm.in

# Reference: https://x.com/PrakkiSathwik/status/1906046098948661366
# Reference: https://app.validin.com/detail?type=raw&find=Saada+C2+-+Login#tab=host_pairs (# 2025-03-29)
# Reference: https://app.validin.com/detail?find=13.53.214.28&type=ip4&ref_id=8ee0ade942c#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=145.223.103.223#tab=resolutions

1s1.accesscam.org
414.camdvr.org
415.mywire.org
419.theworkpc.com
aws-vpn-hub-mggppgcnmv.dynamic-m.com
fur.monster
saadac2.mywire.org
saadac3.accesscam.org

# Reference: https://www.seqrite.com/blog/goodbye-hta-hello-msi-new-ttps-and-clusters-of-an-apt-driven-by-multi-platform-attacks/

educationportals.in
drjagrutichavan.com

# Reference: https://x.com/malwrhunterteam/status/1909710022919307317
# Reference: https://www.virustotal.com/gui/file/5c3472163ad4c1adcfebe15d1016058a5f020100f872ddcc3e692286abbae405/detection

http://134.122.73.171
http://167.99.66.81
http://178.128.246.187
http://64.227.121.136
/root-kin
/suko-vin

# Reference: https://app.validin.com/detail?find=SCI%20App&type=raw&ref_id=17eb19466ef#tab=host_pairs (# 2025-04-18)
# Reference: https://app.validin.com/detail?find=fe0a9bcacd3b3d185209dff67d7fda10&type=hash&ref_id=584d48afe02#tab=host_pairs (# 2025-04-18)
# Reference: https://www.virustotal.com/gui/file/10650a3376a1db207e07697f58e906c14ec67757364686f39e154c7cb6053601/detection
# Reference: https://www.virustotal.com/gui/file/47010225586861faba1575370bf83cc06b12355edea6b9f6075819cd05db7281/detection

main-sci.app
v8s.co
mail.main-sci.app
mail.v8s.co

# Reference: https://x.com/PrakkiSathwik/status/1913243880259993881
# Reference: https://www.virustotal.com/gui/file/f04acb3414c0f8eaf24e5cce18fc6fc800c4080fc20a470718392c536f5505e8/detection
# Reference: https://www.virustotal.com/gui/file/d1a1eaefe6bd2e245bba369e966d7a8eab9ed6ad1fa827321e5889cc8d43f976/detection

104.129.27.14:16197
104.129.27.14:19867
104.129.27.14:28784
104.129.27.14:30123
104.129.27.14:8108

# Reference: https://x.com/Cyberteam008/status/1915192345852596511
# Reference: https://www.virustotal.com/gui/ip-address/176.65.143.215/relations
# Reference: https://www.virustotal.com/gui/file/6c69e5353fe0420844fbc6ba6d8b3854a7fd57dcec5b2a3f3fafce8874bc042a/detection

departmentofdefence.de
ministryofdefenceindia.org
iaf.nic.in.ministryofdefenceindia.org
indianarmy.nic.in.departmentofdefence.de
indianarmy.nic.in.ministryofdefenceindia.org

# Reference: https://app.validin.com/detail?find=45.141.58.224&type=ip4&ref_id=f804e76536d#tab=resolutions

briefcases.email
defenceindia.ltd
departmentofspace.info
in.briefcases.email
in.defenceindia.ltd
in.departmentofdefence.de
in.departmentofspace.info
in.ministryofdefenceindia.org
gov.in.briefcases.email
gov.in.defenceindia.ltd
gov.in.departmentofdefence.de
gov.in.departmentofspace.info
gov.in.ministryofdefenceindia.org
email.gov.in.briefcases.email
email.gov.in.defenceindia.ltd
email.gov.in.departmentofdefence.de
email.gov.in.departmentofspace.info
email.gov.in.ministryofdefenceindia.org

# Reference: https://x.com/TIntel2255/status/1920726992367829117
# Reference: https://app.validin.com/detail?find=45.141.58.33&type=ip4&ref_id=f804e76536d#tab=resolutions

indiangov.download
indiangovt.download
in.indiangov.download
in.indiangovt.download
gov.in.indiangov.download
gov.in.indiangovt.download
email.gov.in.indiangov.download
email.gov.in.indiangovt.download

# Reference: https://www.virustotal.com/gui/ip-address/84.54.51.12/relations

modindia.link
in.modindia.link
gov.in.modindia.link
email.gov.in.modindia.link

# Reference: https://app.validin.com/detail?find=185.117.90.212&type=ip4&ref_id=1df5f665af8#tab=resolutions
# Reference: https://app.validin.com/detail?find=31.42.185.47&type=ip4&ref_id=d18562645f5#tab=resolutions

avtzyu.store
drdosurvey.info
indiangov.site
in.avtzyu.store
in.drdosurvey.info
in.indiangov.site
gov.in.avtzyu.store
gov.in.drdosurvey.info
gov.in.indiangov.site
email.gov.in.avtzyu.store
email.gov.in.drdosurvey.info
email.gov.in.indiangov.site

# Reference: https://x.com/PrakkiSathwik/status/1915761627552710795
# Reference: https://www.virustotal.com/gui/file/6fcbcdcafc5accf1b2b0453eccd93c203ab1dca9920521b107c9cff8c0236eb2/detection

93.127.133.58:1097
93.127.133.58:17241
93.127.133.58:19821
93.127.133.58:21817
93.127.133.58:23221
93.127.133.58:27425
kashmirattack.exposed
in.kashmirattack.exposed
gov.in.kashmirattack.exposed
jkpolice.gov.in.kashmirattack.exposed

# Reference: https://www.linkedin.com/posts/sathwik-ram-prakki-43770016a_apt36-phishing-crimsonrat-activity-7321587277455912961-ralC
# Reference: https://www.virustotal.com/gui/file/ab050e42f7c88da840ca37cd402be42b02f6e52a8cafa1376b7eddcacb1e2fcd/detection
# Reference: https://www.virustotal.com/gui/file/ae520a6e499ad39e64858200e21f7c54e590fca00aa5de5f5e32f016075e549f/detection
# Reference: https://www.virustotal.com/gui/file/7a2f7357ce5ebd03bbf10b856a30706f71eb1586c309aff9169fb5b056791741/detection

http://134.209.250.88
http://161.35.24.231
http://164.92.190.176
http://165.22.251.224
http://165.227.153.114
http://165.232.114.63
http://209.38.33.123

# Reference: https://x.com/blackorbird/status/1916841396792914357
# Reference: https://mp.weixin.qq.com/s/QD_MYIYivM_S1dr4vZxocg
# Reference: https://www.virustotal.com/gui/file/33feaee2039e28e252f7289ba9fc874f75a86078dd48727759316960404e94e5/detection
# Reference: https://www.virustotal.com/gui/file/fbde6f65c960c2469d957f1fdb6d7240bd6eec5e4f34b68e01dda85cb9bf6841/detection
# Reference: https://www.virustotal.com/gui/file/898eefa76adf40593c3e69fb1ec63715c15a61cf33cd0d18ddb69322dae4a975/detection
# Reference: https://www.virustotal.com/gui/file/de3932dc9570869e015bd3dcea0b429b53e13137f3c56c3859e4a420979f2592/detection

84.46.251.145:14862
84.46.251.145:901
ghmeetag.xyz
honeybeechatt.com
signalchat.chat
syntheticschoolsystem.com
vibechatt.chat
vibechatt.com
waqarawan.xyz
mail.waqarawan.xyz
vibechatt.signalchat.chat

# Reference: https://x.com/blackorbird/status/1917581986472026278
# Reference: https://www.virustotal.com/gui/file/eb03f0bd9edf20053a594b134fe7b69b0deec9fee7176105c366e5c5f11180a0/detection
# Reference: https://www.virustotal.com/gui/file/e3732e9d6bc1332313ac1925cbb5271787788dc887497dba9bfecea1f382a7b2/detection
# Reference: https://www.virustotal.com/gui/file/333b1e6113a537b5430e4330d01499a4b1d0c0899ed10b7d6610b2c5f296ce15/detection
# Reference: https://www.virustotal.com/gui/file/21aa51d3f7296df9b175fb27928b5b9ff6b81c1e0c50585216c0dcfdfec2da59/detection

185.174.102.21:15826
185.174.102.21:18232
185.174.102.21:22626
185.174.102.21:25819
185.174.102.21:27228
sharemaxme24.net

# Reference: https://x.com/solostalking/status/1918155338374680667

indiandefence.directory
in.indiandefence.directory
gov.in.indiandefence.directory
mod.gov.in.indiandefence.directory

# Reference: https://x.com/Cyberteam008/status/1918133325509870061
# Reference: https://www.virustotal.com/gui/file/47a6ea2947d46e9547989e9c8870805fb585d3ff16a4b9c7b6e8b4a322b61eb3/detection

185.235.137.195:3309
185.235.137.195:3311
securenesst.com
server1.securenesst.com
expressholidays.co.in/ups/r.php

# Reference: https://x.com/PrakkiSathwik/status/1919722443628806514
# Reference: https://www.virustotal.com/gui/file/9011883354aecb42135e1793f2b7f4329e97a4df84e072769301c13fb310464e/detection

gchindia.com/lib/pdf/Blackout-Rehearsal-Plan/wins/

# Reference: https://x.com/PrakkiSathwik/status/1919817162404880522
# Reference: https://www.virustotal.com/gui/file/8f0cd0a744dd8ab3723cf5cf51fbcc9ce47082ce3a68954f267f461a6689d0b3/detection
# Reference: https://www.virustotal.com/gui/file/72558ed8bd3f2ac5a4caa94cb8318328300cf27a453f10c8945725572740a282/detection
# Reference: https://www.virustotal.com/gui/file/3cf9c4baf9cb3c150c036e9c94de03b5fb6ecb2fefe7e39aa8ed3213420d0f6c/detection
# Reference: https://www.virustotal.com/gui/file/369904dc22cc1e8e274d40a64c0a6040d7a4cb5dc19489900520d67130095c0c/detection

96.47.232.202:16828
96.47.232.202:26120
96.47.232.202:24821
96.47.232.202:34426
96.47.232.202:6830
raf74.duckdns.org

# Reference: https://x.com/PrakkiSathwik/status/1919815291976163467
# Reference: https://www.virustotal.com/gui/file/5a2ec17c8dd5f37b2b04613a24c278a6cf140180709840e74435e319c5c8957c/detection
# Reference: https://www.virustotal.com/gui/file/41e49f62bdc1a53aa05b10b47ca497fcbb8ff93ca5a5f2416961529648799835/detection

96.47.234.145:14828
96.47.234.145:21821
96.47.234.145:28120
96.47.234.145:34422
96.47.234.145:7830

# Reference: https://x.com/TIntel2255/status/1920012934463324485
# Reference: https://x.com/TIntel2255/status/1920832585900413266
# Reference: https://x.com/PrakkiSathwik/status/1921138502915227752

indiandefence.services
in.indiandefence.services
mail.indiandefence.services
gov.in.indiandefence.services
mea.gov.in.indiandefence.services
mod.gov.in.indiandefence.services

# Reference: https://x.com/malwrhunterteam/status/1916176519866601725
# Reference: https://x.com/cyber_ra1/status/1920093689755599200
# Reference: https://www.virustotal.com/gui/file/8a35adede1f8936e75ae00f67ef5e58f38117d5f7e8e6adff9de850307a46ffc/detection
# Reference: https://www.virustotal.com/gui/file/bca5f50de8d565deb2bf7a3cc7d22fb743845135ab3195444365fcad2b12ea7a/detection

nationaldefencebackup.xyz
nationaldefensecollege.com

# Reference: https://x.com/ThreatBookLabs/status/1920489365408788746

kashmiraxxack.exposed

# Reference: https://x.com/Cyberteam008/status/1920423302683623728
# Reference: https://x.com/cyber_ra1/status/1920448288668725723
# Reference: https://x.com/IdaNotPro/status/1921271338959851527
# Reference: https://www.virustotal.com/gui/file/70427a5a7cee2a8da876be4ac74caf8888145972930968b7f4fb5932ecee5f31/detection
# Reference: https://www.virustotal.com/gui/file/a362a7393accb1f7318a3c92d4069c29a01f75216e88fcee7066d9dffa229b5f/detection
# Reference: https://www.virustotal.com/gui/file/0e7bdb5ecbd8f74f38d75df6f8d5ae7ed3290b5dcf41212ecd3c1281e8f71ae6/detection
# Reference: https://www.virustotal.com/gui/file/7129ad4ac19f03d6512d8ea3a4cf3373c52d30a982e4a3bba2a5357bcbdf7314/detection
# Reference: https://www.virustotal.com/gui/file/9b3f66b7cc7f00a1ff8f962f2a0f13765a8324d6b532be02dce14e0a0de7e723/detection

167.86.97.58:17854
185.235.137.237:24156
85.158.108.85:42368
zohidsindia.com

# Reference: https://x.com/IdaNotPro/status/1921124452122677253

apollokhos.co.in

# Reference: https://x.com/Cyberteam008/status/1922576157985096044
# Reference: https://www.virustotal.com/gui/file/2032a25e951f9bb6efca2d6df34bc40e82100613f83dd5ebd7e621256d3fabb6/detection
# Reference: https://www.virustotal.com/gui/file/b96704e1ad5c6a2dafcf63a7e0576b5a478d903b7f46bd5e5995eb3a85c52b51/detection
# Reference: https://www.virustotal.com/gui/file/106dd82a7091564781c01424d7810bfccb5e69740af046bd4c3503bb51101e81/detection

212.56.45.254:24224
212.56.45.254:28822
212.56.45.254:9525

# Reference: https://x.com/skocherhan/status/1923593417340158064

01411.club
130t.xyz
3a4p8gq8bojwn.xyz
5zbm0.cfd
66xq2.top
873013.xyz
8ln62.cfd
9882aa1216.autos
999game.website
9gi02.cfd
9ydygorig3l7z.xyz
aise-your-voice.sbs
akextow.net
anpack.shop
ardengoal.net
aser-skin-treatment-95250.bond
avakey.shop
ayarwarna21.live
ayeewenvqzqm.top
aysec.net
betka.xyz
cvaultshielded.live
elayrunway.shop
ellbar.shop
elvetvoiceskiresorts.website
enckubs.shop
erspacehealthandwellness.info
g1wszulqv7lc.xyz
gsp657.top
hagrinleemotooltechus.shop
hbnzk.cfd
iaolento12.sbs
igitalmilanolegacy.shop
inktrim.xyz
iralavinc.online
it4n1ar4t0k7o0.xyz
kfast.store
kpqh.town
looring-services329769.sbs
loud-sevice.click
lx2cbhe5vee0e1.xyz
movps.net
ndotoverf.pro
netuzio.xyz
nity-3d-development.dev
njjwh.info
olidspot.shop
ompanion.bio
onety.skin
pb79kasy.vip
phones-br.sbs
rog.top
rtelegans.art
ry-prodentims.shop
t775.top
teelpath.shop
tp-batik77-1.vip
tu1x120.top
tudiofoti.pro
uklor.shop
w-yudfjp.shop
x92q.top
xectgroup.net
xplosion-proof.lat

# Reference: https://x.com/suyog41/status/1919744048639967361
# Reference: https://www.virustotal.com/gui/file/72333de5a6cbdda61ce8891cda1a9f927bb8f9e0acd6239a1de9a03b4bbb66e9/detection
# Reference: https://www.virustotal.com/gui/file/50f30b78df1a225d9f99d036a8109d79af226b59ab735abb84fa042b93acccdd/detection
# Reference: https://www.virustotal.com/gui/file/9011883354aecb42135e1793f2b7f4329e97a4df84e072769301c13fb310464e/detection

amsisupport.com
sync.amsisupport.com
/dnammocmvitna

# Reference: https://x.com/ThreatBookLabs/status/1925555749415264567
# Reference: https://www.virustotal.com/gui/file/e9000239d7b63beb19c00caee1b9048a89575e80e920185cfa41a0586cad7802/detection

185.123.102.180:41452

# Reference: https://www.seqrite.com/blog/operation-sindoor-anatomy-of-a-digital-siege/

operationsindoor2025.in
pahalgamattack.com
sindoor.live
sindoor.website

# Reference: https://app.validin.com/detail?find=Supreme%20Court%20of%20India%20%7C%20India&type=raw#tab=host_pairs (# 2025-05-28)

indiasci.cc
supremecourtofindiagov.com

# Reference: https://x.com/skocherhan/status/1927793481805676587

supremecourtofindia.net
supremecourtpractice.com

# Reference: https://x.com/blackorbird/status/1928076030599909423

ministryofdefenseindia.link
in.ministryofdefenseindia.link
gov.in.ministryofdefenseindia.link
email.gov.in.ministryofdefenseindia.link

# Reference: https://x.com/PrakkiSathwik/status/1928798284056781029
# Reference: https://www.virustotal.com/gui/file/7b8ef47b1362bfddfbb1f736cf3d1afc67d7ac3d969746f6bf68963d1285f88c/detection
# Reference: https://www.virustotal.com/gui/file/85f79362d115e9f6dfca831bb4dd64e4a9713e9d8cb70699036dcab7c1e54223/detection
# Reference: https://www.virustotal.com/gui/file/1932c79ca5dbf54d786a2d307b18b3d7e2b6ceebca6a777578ebc9029527773b/detection
# Reference: https://www.virustotal.com/gui/file/9795a2539388212d9d3e4b2684efa0446ec6ce16061cccbdce9f1abda6db9bc3/detection

69.197.178.193:15642
69.197.178.193:16853
69.197.178.193:23867
69.197.178.193:26261
69.197.178.193:29426
asatvm.duckdns.org

# Reference: https://x.com/solostalking/status/1929463023313334771
# Reference: https://app.validin.com/detail?find=eb3f429628466bffb76bd984834ecd86&type=hash&ref_id=b27e120376f#tab=host_pairs (# 2025-06-04)
# Reference: https://www.virustotal.com/gui/file/bd5bad8ae151d32347eb6b06ee28f8a1ba6e1f80cd966ecb0f8fd23a7ee10b46/detection

cloudshare.digital
defencepersonnel.support
storagecloud.download
virtualeoffice.cloud
in.cloudshare.digital
in.defencepersonnel.support
in.storagecloud.download
in.virtualeoffice.cloud
gov.in.defencepersonnel.support
mgovcloud.in.cloudshare.digital
mgovcloud.in.storagecloud.download
mgovcloud.in.virtualeoffice.cloud
accounts.mgovcloud.in.cloudshare.digital
accounts.mgovcloud.in.storagecloud.download
accounts.mgovcloud.in.virtualeoffice.cloud
mod.gov.in.defencepersonnel.support

# Reference: https://x.com/solostalking/status/1929463023313334771
# Reference: https://www.cyberproof.com/blog/cyber-attacks-rise-as-tension-mounts-across-india-pakistan-border-post-terrorist-attack/

account.migration.jkpolice.gov.in.mgovcloud.de
accounts-migration.mgovcloud.de
accounts.mgovcloud.de
blackout-and-emergency.zip
coord-officer.in
cricket.tezzbuzz.com
cricketbuzz.ink
cricketbuzz.sport.blog
delivery.smartmfdpro.com
email.gov.in.ministryofdefence.cc
gourangashil.smartmfdpro.com
gov.in.accounts-migration.mgovcloud.de
gov.in.mgovcloud.de
gov.webmailinc.army
in.accounts-migration.mgovcloud.de
indianarmedforcesadventurestories.cricketbuzz.ink
jkpolice.gov.in.mgovcloud.de
mail-portal.in
mea.gov.in.accounts-migration.mgovcloud.de
mgovcloud.de
migration.jkpolice.gov.in.mgovcloud.de
sainik-sathi.in
securenessst.com
server1.securenessst.com
skodalifts.co.in
support-dept.in
support-office.in
webmailinc.army

# Reference: https://app.validin.com/detail?find=c72ce4fa1bca9a9c02ebdb45a6f7dc0e&type=hash#tab=host_pairs (# 2025-06-05)

advanceservice.in.103-160-106-28.cpanel.site
prajapatiprint.site
in.prajapatiprint.site
gov.in.prajapatiprint.site
crsorgi.gov.in.prajapatiprint.site
dc.crsorgi.gov.in.prajapatiprint.site

# Reference: https://app.validin.com/detail?find=557ce7f39601f6826788cda47f75df7c&type=hash#tab=host_pairs (# 2025-06-05)

http://144.24.109.1

# Reference: https://app.validin.com/detail?find=82.25.106.148&type=ip4&ref_id=9bd199165b9#tab=resolutions (# 2025-06-05)

appleblueltd.store
coord.site
govnic.site
guideevents.site
nicgov.site
playdashboard.store
playprotect.site
eoffice.coord.site

# Reference: https://app.validin.com/detail?find=3ce12827a69a7f00b514d7036a83db67afea26a3&type=hash&ref_id=eb75f7a99ec#tab=host_pairs (# 2025-06-05)

onlinesomadhan.in
dccrsorgi.onlinesomadhan.in

# Reference: https://x.com/malwrhunterteam/status/1930921144053383171
# Reference: https://www.virustotal.com/gui/file/3c012b14ad76bc2bd3a6e7c99c8f50a8c28c025750e32aea007978e8a1db703d/detection

http://138.197.163.42
http://142.93.38.174
http://143.110.184.169
http://64.227.134.175
376zbaqsnigt.com
rgzavr4awa.com
tjofxavif5b3q6ogz.com

# Reference: https://x.com/skocherhan/status/1932329311287083343
# Reference: https://app.validin.com/detail?find=Civil%20Registration%20System&type=raw&ref_id=8bc5484a9e7#tab=host_pairs (# 2025-06-10)

aadharpor.xyz
asdfghjkl2.online
birth.kajalroma.xyz
blrths.co.in
crsorgi.g0v.in.net
crsorgi.gov.in.cashwiz.site
crsorgi.gov.in.lndex.in.net
crsorgi.gov.in.onlineconvetar.in
crsorgi.gov.in.viewcerts.org
crsorgi.gov.in.web.index.php.bcerti.xyz
crsorgi.gov.in.web.index.php.indexco.info
crsorgi.shop
crsorgi.shop.headofharyana.com
crsorgigov.info
crsorgigove.com
crsorgingov.site
crsportal.cfd
crsprint.cam
crsprint.shop
crsrorgig.com
cscaadhar.xyz
dc-crsorgi-gov.sbs
dc.crsorgi.gov.in.lndex.in.net
dc.crsorgi.gov.in.onlineconvetar.in
dc.crsorgi.gov.in.viewcerts.org
dc.crsorgi.gov.in.web.index.php.indexco.info
dcalam.shop
g0v.in.net
gov.in.cashwiz.site
gov.in.lndex.in.net
gov.in.onlineconvetar.in
gov.in.viewcerts.org
gov.in.web.index.php.bcerti.xyz
gov.in.web.index.php.indexco.info
in.cashwiz.site
in.lndex.in.net
in.onlineconvetar.in
in.viewcerts.org
in.web.index.php.bcerti.xyz
in.web.index.php.indexco.info
janudajanudi.online
kajalroma.xyz
mail.dc-crsorgi-gov.sbs
onlinecer.top
viewscerti.xyz
vkprintportal.site

# Reference: https://x.com/PrakkiSathwik/status/1932691126022275294
# Reference: https://www.virustotal.com/gui/file/29291610808a53c43fd0d413ad9a57a9839258e17bca1c7b52c90ea9060dc8f2/detection

37.1.198.72:5863
educationportals.biz
dns.educationportals.biz

# Reference: https://x.com/PrakkiSathwik/status/1933503981017502103
# Reference: https://gist.githubusercontent.com/PSR009/e284fb4eed0338b5665ee9e3bfd8fe37/raw/d858cb20c7df146b3fc2af06558d87be7b82dd87/phishingList_onlinenic.txt

bcclweb.onlinenic.in.net
bih.nic.in.onlinenic.in.net
biharpolice.onlinenic.in.net
bpsc.bih.nic.in.onlinenic.in.net
bsedc.bihar.onlinenic.in.net
dda.onlinenic.in.net
employee.incometax.onlinenic.in.net
employee.onlinenic.in.net
fci.employee.onlinenic.in.net
gov.in.onlinenic.in.net
in.onlinenic.in.net
incometax.onlinenic.in.net
india.onlinenic.in.net
indiapostgds.onlinenic.in.net
maha.gov.in.onlinenic.in.net
maharashtra.onlinenic.in.net
mcgm.onlinenic.in.net
nic.in.onlinenic.in.net
nic.onlinenic.in.net
nrhm.maha.gov.in.onlinenic.in.net
onlinenic.in.net
samajkalyan.up.onlinenic.in.net
service.india.onlinenic.in.net
sjsa.maharashtra.onlinenic.in.net
ssc.nic.onlinenic.in.net
up.onlinenic.in.net
up.samajkalyan.onlinenic.in.net

# Reference: https://x.com/Cyberteam008/status/1935206757657362569
# Reference: https://www.virustotal.com/gui/file/167b387005d6d2a55ad282273c58d1786a2ee0fa3e7e0cb361d4d61d8618ee5f/detection
# Reference: https://www.virustotal.com/gui/file/014a14d46b83a2cca1267bedb1a02aa7fd50b90633009bd2d94b6a0158df8577/detection

101.99.92.182:11520
101.99.92.182:9080
defence-nic.3utilities.com
drdo-mss.serveirc.com
modgovin.onthewifi.com

# Reference: https://x.com/solostalking/status/1935222291375472707
# Reference: https://x.com/PrakkiSathwik/status/1935246089286046091
# Reference: https://x.com/PrakkiSathwik/status/1935342921127182548
# Reference: https://app.validin.com/detail?find=37.221.64.202&type=ip4&ref_id=f7397d12cac#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/a772aa59345a89c0ba56911487d5ec1b2088a8175239446a87de1db6d56d1bc5/detection

accinfo.live
aidfix.help
aidline.help
aidplus.help
aidsol.help
apccare.help
aplcare.help
ar2care.live
ar2help.live
armcare.help
as4care.help
as4care.live
asdcare.help
asonline.help
axrhelp.live
azzcare.help
bdcare.info
bdcare.live
bercare.help
bggcare.help
bmcare.live
bmecare.help
bnkcare.help
bocare.help
bookingcare.help
bookingteam.help
brsupport.help
bwsupport.live
carefix.help
carehub.help
carework.help
ccdesk.help
cchcare.help
cencare.help
cesupport.help
cgcare.help
checare.help
chicare.help
chmcare.help
chmecare.help
chmserv.help
ckcare.help
cpsupport.live
cryptohelp.live
csmhelp.live
csupport.help
cvcare.help
cvhelp.live
cxverify.help
d4net.info
d4support.help
d4support.live
daacare.help
dccare.help
depcare.help
desksol.help
dmsupport.live
dpcare.info
dpcare.live
dpsupport.help
dscare.live
dsrhelp.live
dvcare.info
epcare.help
epserv.help
ermcare.help
fercare.help
fgsupport.help
fmdcare.help
fpsupport.help
fstcare.help
gawcare.help
gedcare.help
gkcare.info
gksdesk.help
gscare.help
gsdesk.help
gservice.help
gsinfo.help
gtrcare.help
gvcare.help
h2support.help
h2support.live
hdesk.help
hdrcare.help
hdserv.help
helppl.live
helpserv.help
hiwcare.help
hrhcare.live
hrmcare.help
htsupport.help
i2secure.live
iercare.help
iglcare.help
ioscare.help
iossupport.live
ippcare.help
isdcare.help
ismcare.help
itmcare.help
iurcare.help
jmcare.help
jpncare.help
kercare.help
kkpcare.help
lddcare.help
lewcare.help
linkcare.help
livcare.help
livepc.info
livepcx.help
lysupport.help
m4support.help
m4support.live
mercare.help
mncare.help
mnscare.live
ms2help.live
ms4care.live
msinfo.help
mwcare.help
nedcare.help
netcare.help
nhrcare.help
ntsupport.help
nvdcare.help
oncare.help
oswcare.help
p2help.live
pcxcare.help
pdcare.help
pfhelp.info
pllcare.help
ppcare.help
ppcare.online
pplcare.help
pplhelp.info
pplserv.help
ppteam.help
ppvarify.help
ppverify.help
pqsupport.help
prscare.help
pylcare.help
pyphelp.live
pyplcare.help
pyteam.help
qbcare.help
qsupport.online
rbhhelp.live
rdcare.help
rebcare.help
reqcare.help
revcare.help
rfdcare.help
rp2help.live
rs2care.live
rwcare.help
s2support.help
s2support.live
serassist.help
sercare.help
servaid.help
servcare.help
servdesk.help
servteam.help
servyou.help
spsupport.help
ssdesk.help
ssrcare.help
supcare.help
support868.live
supportaid.help
sycare.help
syscare.help
terplus.help
umcare.help
varifysupport.live
vcare.live
verifyme.help
vmcare.help
wdcare.live
weserv.help
wsdcare.help
wservice.help
wsinfo.help
wzcare.help
xercare.help
yassist.help
ybassist.help
ybdcare.help
youserv.help
yrwcare.help
zxcare.live
modpersonnel.support
in.modpersonnel.support
pk.modpersonnel.support
gov.in.modpersonnel.support
mod.gov.in.modpersonnel.support
zahcomputers.pk.modpersonnel.support

# Reference: https://x.com/PrakkiSathwik/status/1935349973404762509
# Reference: https://www.virustotal.com/gui/file/4635eb6ab2fb781d12f8b7a160681a194d148062d4168a6bfcd54b2c11a050fc/detection
# Reference: https://www.virustotal.com/gui/file/61da538d9e48f058c0615f8b832418c8b81927f78b6d7a2ef58e8b9171146eb3/detection
# Reference: https://www.virustotal.com/gui/file/eb769d1e797de96297a9e477c39eb8ddbc705b095ad6e4aea23c0e2269795851/detection

185.174.101.86:15868
185.174.101.86:22528
185.174.101.86:26567
185.174.101.86:7523
185.174.101.86:8927
arvnd.duckdns.org

# Reference: https://x.com/PrakkiSathwik/status/1935717744525430870
# Reference: https://www.virustotal.com/gui/file/3032cccb84cbbaecf88acf53868962d10599abd864e37ecced55ec860f4890a8/detection

sorlastore.com
govin.sorlastore.com

# Reference: https://x.com/PrakkiSathwik/status/1935717747998265498
# Reference: https://www.virustotal.com/gui/file/e528799a29e9048c1e71b78223311cad2699d035a731d1a6664fc8ddd0642064/detection
# Reference: https://www.virustotal.com/gui/file/978b5e464a958a882a0146f8f33640300a06576b736c07088de3cbb158cd3cf1/detection
# Reference: https://www.virustotal.com/gui/file/167b387005d6d2a55ad282273c58d1786a2ee0fa3e7e0cb361d4d61d8618ee5f/detection

101.99.92.182:12520
45.141.59.44:8080

# Reference: https://x.com/ThreatBookLabs/status/1935850280463007912
# Reference: https://www.virustotal.com/gui/file/a9b253b7085c68493928888408eef8af66e8aa7ef38d4c36a52633b6ca8ef3c9/detection

185.123.102.59:21452
/api/root_78616337600736/hello
/api/root_78616337600736/upload

# Reference: https://x.com/suyog41/status/1937751476916621432
# Reference: https://www.virustotal.com/gui/file/b308f1b25c626ef8a2610e2f313dc9596a80255b1c1ddd4ccd687b214ca04b46/detection

http://209.38.203.53
/eXVndW5kdQ==/tcl-8.7
/eXVndW5kdQ==/

# Reference: https://www.cyfirma.com/research/apt36-phishing-campaign-targets-indian-defense-using-credential-stealing-malware/

advising-receipts.com
megasofteware.net
superprimeservices.com

# Reference: https://app.validin.com/detail?find=Civil%20Registration%20System&type=raw#tab=host_pairs (# 2025-06-25)

crsrorgog.com

# Reference: https://app.validin.com/detail?find=eb3f429628466bffb76bd984834ecd86&type=hash#tab=host_pairs (# 2025-06-25)

accinfo.live
ak-agstsbsvru.xyz
bwsupport.live
dmsupport.live
mnscare.live
supcare.help

# Reference: https://www.recordedfuture.com/research/drat-v2-updated-drat-emerges-tag-140s-arsenal
# Reference: https://www.virustotal.com/gui/file/c328cec5d6062f200998b7680fab4ac311eafaf805ca43c487cda43498479e60/detection
# Reference: https://www.virustotal.com/gui/file/830cd96aba6c328b1421bf64caa2b64f9e24d72c7118ff99d7ccac296e1bf13d/detection
# Reference: https://www.virustotal.com/gui/file/c73d278f7c30f8394aeb2ecbf8f646f10dcff1c617e1583c127e70c871e6f8b7/detection
# Reference: https://www.virustotal.com/gui/file/0d68012308ea41c6327eeb73eea33f4fb657c4ee051e0d40a3ef9fc8992ed316/detection

154.38.175.83:3232
178.18.248.36:6372
185.117.90.212:7771

# Reference: https://x.com/PrakkiSathwik/status/1940381036795609498
# Reference: https://www.virustotal.com/gui/file/a0fae6bc4e0e705d548e3dd227fa718f26492e9950e7d88a555aea75b9cd6c3c/detection

nominationdrdo.report
in.nominationdrdo.report
gov.in.nominationdrdo.report
drdo.gov.in.nominationdrdo.report

# Reference: https://x.com/soursecc/status/1945222303995883781

viewcarde.in
verifycertificate.php.viewcarde.in
in.verifycertificate.php.viewcarde.in
gov.in.verifycertificate.php.viewcarde.in
crsorgi.gov.in.verifycertificate.php.viewcarde.in
dc.crsorgi.gov.in.verifycertificate.php.viewcarde.in

# Reference: https://x.com/solostalking/status/1945762743090647217

indiagov.support
in.indiagov.support
mgovcloud.in.indiagov.support
accounts.mgovcloud.in.indiagov.support

# Reference: https://x.com/PrakkiSathwik/status/1946122496048329070
# Reference: https://www.virustotal.com/gui/file/daa42d2e7e27dea896db830dd3a692bc756664cfec3f686e385724cfe1dd6d26/detection

ompowerterminus.com/css/docs/Tour-Programme-Ayodhya/wince

# Reference: https://x.com/PrakkiSathwik/status/1946472607358017937
# Reference: https://www.virustotal.com/gui/file/fb9b96d9f51e814759062554e96b39b01ff076c30b058b066d6e47b5d7c339d0/detection

learned-shape-460306-e5.iam.gserviceaccount.com

# Reference: https://x.com/TIntel2255/status/1947897000156140017

mea-gov-in.com

# Reference: https://x.com/Cyberteam008/status/1950019927898837282
# Reference: https://x.com/volrant136/status/1950216274274881538
# Reference: https://www.virustotal.com/gui/file/0381bf35e3baec721253fdb2b6c3298d20efeaf0c11bd93eaf9334be9c826567/detection
# Reference: https://www.virustotal.com/gui/file/f0c1de5bd4e9797f0cc1c1260a0e78f58aac7a29ee0d3e9376057e47e6c6fd04/detection
# Reference: https://www.virustotal.com/gui/file/87a3a3cffe440e370d30f8bb50ef1266263f80dfbad1af48f1c2a05311055193/detection
# Reference: https://www.virustotal.com/gui/file/ece1620e218f2c8b68312c874697c183f400c72a42855d885fc00865e0ccc1a1/detection

filestore.space
trmm.space

# Reference: https://hunt.io/blog/apt36-india-infrastructure-attacks

37-221-64-252.cprapid.com
dayenter.shop
nic.in.nominationdrdo.report
indianarmy.nic.in.nominationdrdo.report

# Reference: https://x.com/PrakkiSathwik/status/1951235970701111492
# Reference: https://x.com/PrakkiSathwik/status/1951235973448425933
# Reference: https://www.virustotal.com/gui/file/62443c1bc9df7a59e3570fbf8ec18884ebf8d2d003ec1328a315eafb3a3c590e/detection
# Reference: https://www.virustotal.com/gui/file/8f8da8861c368e74b9b5c1c59e64ef00690c5eff4a95e1b4fcf386973895bef1/detection
# Reference: https://www.virustotal.com/gui/file/e689afee5f7bdbd1613bd9a3915ef2a185a05c72aaae4df3dee988fa7109cb0b/detection

kavach.space
modgovindia.space
securestore.cv
modindia.serveminecraft.net

# Reference: https://x.com/TIntel2255/status/1952603397536010609

indiandefenceforce.link
in.indiandefenceforce.link
gov.in.indiandefenceforce.link
email.gov.in.indiandefenceforce.link

# Reference: https://x.com/PrakkiSathwik/status/1952682759555776979
# Reference: https://www.virustotal.com/gui/file/2185e15486256a3bf16176f54e765a76fd9b96cb3800920402a137bdc698e7da/detection
# Reference: https://www.virustotal.com/gui/file/684d950494951cda868a6d1d83e2ab8baedb7b4f2e8b079ab94771fb4fabd09a/detection
# Reference: https://www.virustotal.com/gui/file/54fd53dde4954c499bb67577777fe0f0347f77d007e74aac9f1dfadcb222a525/detection

149.102.152.50:11475
/api/root_188224738941134/hello
/api/root_188224738941134/report
/api/root_188224738941134/upload
/api/root_112493791739904/hello
/api/root_112493791739904/report
/api/root_112493791739904/upload

# Reference: https://threatfox.abuse.ch/browse/malware/win.ares/ (# 2025-05-11)

141.98.11.95:5000
194.163.178.229:56325
2.58.113.190:8080
38.242.144.29:7049
84.247.172.112:12015
84.247.176.126:33548
92.84.154.5:6443
92.84.154.5:8443

# Reference: https://x.com/SinghSoodeep/status/1953011682382615008
# Reference: https://www.virustotal.com/gui/ip-address/45.141.58.199/relations
# Reference: https://www.virustotal.com/gui/file/499f16ed2def90b3d4c0de5ca22d8c8080c26a1a405b4078e262a0a34bcb1e31/detection

45.141.58.199:4000
solarwindturbine.site
sinjita.space
sinjita.store

# Reference: https://x.com/okx_VFJ_/status/1954193713321668867

support-win.duckdns.com
support-win.duckdns.org

# Reference: https://app.validin.com/detail?find=Civil%20Registration%20System&type=raw#tab=host_pairs (# 2025-08-09)

bc-dcrsorgi-in-gov-net.shop
vewecart.shop
mail.vewecart.shop
shop.bc-dcrsorgi-in-gov-net.shop

# Reference: https://app.validin.com/detail?find=Supreme%20Court%20of%20India%20%7C%20India&type=raw#tab=host_pairs (# 2025-08-09)

indiaifscente.com
indiascihub.cc
indiascihube.com
indiascihubs.com
indiascihubx.com
indiascihubxs.com
indiascihubxt.com
indiascihubxv.com
indiascihubxx.com
indiascihubxz.com
indiasciorg.com
indiasrcorg.com
sci-gov.site

# Reference: https://x.com/PrakkiSathwik/status/1954892768431813119
# Reference: https://www.virustotal.com/gui/file/b59334160a195d8d43e949978008f3a5c3bb72bcc0d486415fc3861428d54e63/detection
# Reference: https://www.virustotal.com/gui/file/edd965bbf5dbeb5f10bebac7bdb60dc54a1df2753e5174e7fc50bc51b2cffe0e/detection

93.127.142.140:24264
93.127.142.140:25871
93.127.142.140:34864
93.127.142.140:4821
93.127.142.140:9921

# Reference: https://x.com/SinghSoodeep/status/1955860231109665108
# Reference: https://www.virustotal.com/gui/file/678c7f9ff4ef0f1dbe5a07885e244e8730f41e145256e1c17b5fdcd9892c8bb0/detection

5.178.0.29:8080
discoverlive.site

# Reference: https://x.com/SinghSoodeep/status/1958122939062325300
# Reference: https://www.virustotal.com/gui/file/10b54abba525686869c9da223250f70270a742b1a056424c943cfc438c40cc50/detection

45.155.54.28:8080
seemysitelive.store

# Reference: https://app.validin.com/detail?find=3ce12827a69a7f00b514d7036a83db67afea26a3&type=hash#tab=host_pairs (# 2025-08-22)

findsiteabc.site
inii.shop
ncrs.site
sncrs.top
verifyn.site
best.inii.shop
crsportal.shop
c.verifyn.site
in.findsiteabc.site
in.ncrs.site
in.sncrs.top
in.verifyn.site
gov.in.findsiteabc.site
gov.in.ncrs.site
gov.in.sncrs.top
gov.in.verifyn.site
crsorgi.gov.in.findsiteabc.site
crsorgi.gov.in.ncrs.site
crsorgi.gov.in.sncrs.top
crsorgi.gov.in.verifyn.site
dc.c.verifyn.site
dc.crsorgi.gov.in.findsiteabc.site
dc.crsorgi.gov.in.ncrs.site
dc.crsorgi.gov.in.sncrs.top
dc.crsorgi.gov.in.verifyn.site

# Reference: https://x.com/okx_VFJ_/status/1960000808868851968

161.97.82.97:8080
164.215.103.55:8080
45.141.58.199:3389
45.141.58.199:4000
45.155.54.28:8080
chitauri-gateway.com
server.chitauri-gateway.com

# Reference: https://x.com/ThreatBookLabs/status/1960900638273101959
# Reference: https://www.virustotal.com/gui/file/8c158a09ac554f4fa161c75e72bb17858fcd54815395adff555195f9e7757f8c/detection

204.12.227.117:17891
204.12.227.117:25618
204.12.227.117:29242
204.12.227.117:35412
204.12.227.117:7944

# Reference: https://x.com/Cyberteam008/status/1960934160807420075
# Reference: https://www.virustotal.com/gui/file/e174146b0d15a14d46e2a6c71121351a1ff3a8c4a301747be15078c14fa84454/detection
# Reference: https://www.virustotal.com/gui/file/c8e879598568c6e4282b0bf93ed3898150319879a883d983741fcdc6d4ad9356/detection

209.145.61.131:25861
209.145.61.131:28126
209.145.61.131:6616
209.145.61.131:8645
77.93.154.222:18816
77.93.154.222:22826
77.93.154.222:7641

# Reference: https://www.nextron-systems.com/2025/08/29/sindoor-dropper-new-phishing-campaign/
# Reference: https://app.validin.com/detail?find=MeshCentralRoot-f41b30&type=raw&ref_id=66af08ef838#tab=host_pairs (# 2025-09-02)
# Reference: https://www.virustotal.com/gui/file/05b468fc24c93885cad40ff9ecb50594faa6c2c590e75c88a5e5f54a8b696ac8/detection

modcybercell.info
indianbosssystems.ddns.net
in.indianbosssystems.ddns.net
gov.in.indianbosssystems.ddns.net
boss-servers.gov.in.indianbosssystems.ddns.net

# Reference: https://x.com/solostalking/status/1962845037710245957
# Reference: https://urlscan.io/result/01990ac1-3c1d-703a-b854-38e4e38ba8c5/
# Reference: https://urlscan.io/result/01990ac2-dbe4-77c8-9ca8-ee5429d98069/

http://192.52.167.197
192.52.167.197:443
cgda.site
iconicloud.xyz
nicgov.cloud

# Reference: https://x.com/Cyberteam008/status/1963108119049064805
# Reference: https://www.virustotal.com/gui/file/7434a71a8302462d56fee876c74cf3595cba9f2ca6940b3a11ece8aa064fcbaa/detection

amazon-i-mod.s3.eu-north-1.amazonaws.com

# Reference: https://app.validin.com/lookalikes?limit=1000&lookback=90&depth=0&find=%2F%5Egov%5C.in%5C.%5Ba-z-_.%5D%2B%24%2F (# 2025-09-04)

ansupport.store
apiedigi.info
apnaservices.shop
arbajft.in
auths.site
avth.us
bcverify.in
bhulagan.co.in
buykarosanam.info
certifiicate.in
coolfilesearch.com
crov.info
crovimng.online
crs-verify.co.in
crs-verify.xyz
crs.directory
crsgoovi.xyz
crsindex.xyz
crsirg.bar
crso.xyz
crsoin.online
crsori.site
crsweb.shop
cscinfo.cfd
cscvles.shop
dc-p.xyz
dc-verifycertificate.info
dccertificate.in
dccertiflcate.xyz
dcoriginal.info
dcpoint.xyz
dcview.xyz
dybn.cn
edistrictservice.shop
elechem.in
emergingworld.net
employees.in
enjoybusiness.pw
expr.in
general-public.avth.us
getpass.ind.in
glacer.org
hrmspanel.online
hzero.org
icegate.in
idmitra.buzz
iiorg.dev
indexl.in
inrex.info
iserv.ltd
ismartucl.shop
jeddahtime.com
krishportal.xyz
lastoprinting.xyz
mehbulps.shop
mglo.xyz
mnhomeoutlet.com
myphp.shop
nashikparking.com
ngicrs.online
nicrs.info
nicrs.online
nsdl.in
ogri.shop
ogrl.live
online.in
org-certificate.xyz
phipi.info
phpii.info
pihp.info
prakasam.com
printpay.shop
saini.cam
scrachx.cloud
shree-ram.shop
smprint.online
smss.site
status.in
techhost.in
tripura.com
ve-vr.xyz
verefy.in
verfi.co.in
verfi.in
veriffy.info
verificertificate.site
verifycertificate.cloud
verifycertificate.digital
verifyi.site
verifyy.site
veriify.in
verrfy.info
verrfy.site
veryficertificate.info
viesw.site
viewcard.in
viewcarte.xyz
viewcer.in
viewpage.xyz
viewphoto.site
vill.live
virify.in
vjti.in
wa-e.in
wiev.xyz
xcrs.online
xyzportal.site
yavatmalpolice.in
in.web.crs.bcverify.in
in.shree-ram.shop
in.org-certificate.xyz
in.edistrictservice.shop
in.xyzportal.site
in.org-in.xyz
in.crs-verify.xyz
in.ismartucl.shop
in.crsindex.xyz
in.myphp.shop
in.crovimng.online
in.ogrl.live
in.glacer.org
in.verifycertificate.cloud
in.crs.index.php.viewcarte.xyz
in.crs.viewcarte.xyz
in.index.viewcarte.xyz
in.verfi.in
in.mglo.xyz
in.getpass.ind.in
in.in-dax.online.in
in.prakasam.com
in.phpii.info
in.emergingworld.in.net
in.ogri.shop
in.dcpoint.xyz
in.smss.site
in.web.certifiicate.in
in.mps.co.in
in.web.php.index.iiorg.dev
in.index.php.viewcarte.xyz
in.icegate.in
in.encroachment.long.in
in.nsdl.in
in.expr.in
in.employees.in
in.status.in
in.apnaservices.shop
in.vjti.in
in.pihp.info
in.dybn.cn
in.saini.cam
in.phipi.info
in.web.dccertificate.in
in.web.viewcard.in
in.viewpage.xyz
in.auths.site
in.tripura.com
in.crsori.site
in.inrex.info
in.citizen.bhulagan.co.in
in.apiedigi.info
in.enjoybusiness.pw
in.jeddahtime.com
in.web.dc-p.xyz
in.index.dc-p.xyz
in.crs-verify.co.in
in.buykarosanam.info
in.verifycertificate.digital
in.viewcer.in
in.crsweb.shop
in.checkbd.in.cscvles.shop
in.checkbd.in.printpay.shop
in.elechem.in
in.arbajft.in
in.smprint.online
in.index.auth.dc-verifycertificate.info
in.verify.dc-verifycertificate.info
in.dccertiflcate.xyz
in.cscinfo.cfd
in.orgixyz
in.yavatmalpolice.in
in.index.certificate-veryfied.dc-p.xyz
in.scrachx.cloud
in.web.verefy.in
in.nashikparking.com
in.udai.in
in.web.wiev.xyz
in.crsgoovi.xyz
in.krishportal.xyz
in.fasttag.getpass.ind.in
in.web.verrfy.info
in.index.view.certificate.mehbulps.shop
in.idmitra.buzz
in.crs.general-public.avth.us
in.mnhomeoutlet.com
in.verifyy.site
in.inexs.xcrs.online
in.dc.in.crov.info
in.verfi.co.in
in.crso.xyz
in.web.index.crso.xyz
in.web.verrfy.site
in.wa-e.in
in.verifyi.site
in.indexl.in.indexl.in
in.indexl.in
in.crs.index.avth.us
in.crs.ve-vr.xyz
in.ashop
in.web.index.auth.veryficertificate.info
in.v.crs.ve-vr.xyz
in.web.idex.php.auth.vill.live
in.web.index.php.auth.vill.live
in.web.indix.php.auth.vill.live
in.vill.live
in.web.index.crsoin.online
in.iserv.ltd
in.dcoriginal.info
in.crs.viewphoto.site
in.hzero.org
in.dcview.xyz
in.web.virify.in
in.crs.virify.in
in.auth.index.veriify.in
in.web.techhost.in
in.lastoprinting.xyz
in.coolfilesearch.com
in.web.veriffy.info
in.index.veriffy.info
in.ansupport.store
in.hrmspanel.online
in.viesw.site
in.web.nicrs.online
in.nicrs.info
in.in.web.index.nicrs.info
in.crs.directory
in.ngicrs.online
in.indeix.ngicrs.online
in.web.index.auth.verificertificate.site
in.crsirg.bar
in.crs.crsirg.bar
gov.in.agov.shop
gov.in.ansupport.store
gov.in.apiedigi.info
gov.in.apnaservices.shop
gov.in.arbajft.in
gov.in.auth.index.veriify.in
gov.in.auths.site
gov.in.buykarosanam.info
gov.in.checkbd.in.cscvles.shop
gov.in.checkbd.in.printpay.shop
gov.in.citizen.bhulagan.co.in
gov.in.coolfilesearch.com
gov.in.crovimng.online
gov.in.crs-verify.co.in
gov.in.crs-verify.xyz
gov.in.crs.crsirg.bar
gov.in.crs.directory
gov.in.crs.general-public.avth.us
gov.in.crs.index.avth.us
gov.in.crs.index.php.viewcarte.xyz
gov.in.crs.ve-vr.xyz
gov.in.crs.viewcarte.xyz
gov.in.crs.viewphoto.site
gov.in.crs.virify.in
gov.in.crsgoovi.xyz
gov.in.crsindex.xyz
gov.in.crsirg.bar
gov.in.crso.xyz
gov.in.crsori.site
gov.in.crsweb.shop
gov.in.cscinfo.cfd
gov.in.dc.gov.in.crov.info
gov.in.dccertiflcate.xyz
gov.in.dcoriginal.info
gov.in.dcpoint.xyz
gov.in.dcview.xyz
gov.in.dybn.cn
gov.in.edistrictservice.shop
gov.in.elechem.in
gov.in.emergingworld.in.net
gov.in.employees.in
gov.in.encroachment.long.in
gov.in.enjoybusiness.pw
gov.in.expr.in
gov.in.fasttag.getpass.ind.in
gov.in.getpass.ind.in
gov.in.glacer.org
gov.in.hrmspanel.online
gov.in.hzero.org
gov.in.icegate.in
gov.in.idmitra.buzz
gov.in.in-dax.online.in
gov.in.in.web.index.nicrs.info
gov.in.indeix.ngicrs.online
gov.in.index.auth.dc-verifycertificate.info
gov.in.index.certificate-veryfied.dc-p.xyz
gov.in.index.dc-p.xyz
gov.in.index.php.viewcarte.xyz
gov.in.index.veriffy.info
gov.in.index.view.certificate.mehbulps.shop
gov.in.index.viewcarte.xyz
gov.in.indexl.in
gov.in.indexl.in.indexl.in
gov.in.inexs.xcrs.online
gov.in.inrex.info
gov.in.iqc.in
gov.in.iserv.ltd
gov.in.ismartucl.shop
gov.in.jeddahtime.com
gov.in.krishportal.xyz
gov.in.lastoprinting.xyz
gov.in.loge.in
gov.in.mglo.xyz
gov.in.mnhomeoutlet.com
gov.in.mps.co.in
gov.in.myphp.shop
gov.in.nashikparking.com
gov.in.ngicrs.online
gov.in.nicrs.info
gov.in.nsdl.in
gov.in.ogri.shop
gov.in.ogrl.live
gov.in.org-certificate.xyz
gov.in.org-in.xyz
gov.in.orgigov.xyz
gov.in.phipi.info
gov.in.phpii.info
gov.in.pihp.info
gov.in.prakasam.com
gov.in.saini.cam
gov.in.scheme.in
gov.in.scrachx.cloud
gov.in.shree-ram.shop
gov.in.smprint.online
gov.in.smss.site
gov.in.status.in
gov.in.tripura.com
gov.in.udai.in
gov.in.upsc.in
gov.in.v.crs.ve-vr.xyz
gov.in.verfi.co.in
gov.in.verfi.in
gov.in.verify.dc-verifycertificate.info
gov.in.verifycertificate.cloud
gov.in.verifycertificate.digital
gov.in.verifyi.site
gov.in.verifyy.site
gov.in.viesw.site
gov.in.viewcer.in
gov.in.viewpage.xyz
gov.in.vill.live
gov.in.vjti.in
gov.in.wa-e.in
gov.in.web.certifiicate.in
gov.in.web.crs.bcverify.in
gov.in.web.dc-p.xyz
gov.in.web.dccertificate.in
gov.in.web.idex.php.auth.vill.live
gov.in.web.index.auth.verificertificate.site
gov.in.web.index.auth.veryficertificate.info
gov.in.web.index.crso.xyz
gov.in.web.index.crsoin.online
gov.in.web.index.php.auth.vill.live
gov.in.web.indix.php.auth.vill.live
gov.in.web.nicrs.online
gov.in.web.php.index.iiorg.dev
gov.in.web.techhost.in
gov.in.web.verefy.in
gov.in.web.veriffy.info
gov.in.web.verrfy.info
gov.in.web.verrfy.site
gov.in.web.viewcard.in
gov.in.web.virify.in
gov.in.web.wiev.xyz
gov.in.xyzportal.site
gov.in.yavatmalpolice.gov.in
gujarat.gov.in.scheme.in

# Reference: https://x.com/Cyberteam008/status/1966104749398245423
# Reference: https://www.virustotal.com/gui/file/cf39bb998db59d3db92114d2235770a4a6c9cbf6354462cfedd1df09e60fe007/detection
# Reference: https://www.virustotal.com/gui/file/3d50fa310314e124e6dcf24c2237c9b982ed19d8108f312d2ff67a5536f049fd/detection

5.178.0.29:8080
2ndline.cfd
cloudstore.cam

# Reference: https://x.com/Cyberteam008/status/1968203369060896865
# Reference: https://www.virustotal.com/gui/file/03edba9908a2f9e1012237d216e894029bd58f9121027e35f80d7b701d30ca95/detection

d2i8rh3pkr4ltc.cloudfront.net

# Reference: https://x.com/ThreatBookLabs/status/1968480138804477961
# Reference: https://www.virustotal.com/gui/file/17b7f9f5c6eaaa19a57890da4585cc25a86c2d007c2ea6c5f903c35bd0e06039/detection
# Reference: https://www.virustotal.com/gui/file/4df92d3c834aafd5e1ba3c7515a62b0bddd147c4b322401352dc63e46dca79c5/detection
# Reference: https://www.virustotal.com/gui/file/606889a66e21008ac15606ee34b5e81cbf46de15b6585b9351452716d8e3281d/detection
# Reference: https://www.virustotal.com/gui/file/daa42d2e7e27dea896db830dd3a692bc756664cfec3f686e385724cfe1dd6d26/detection

intelupates.com
backup.intelupates.com

# Reference: https://app.validin.com/detail?find=8d46b0ef0d23f1d5c0c21f88d483dfaf&type=hash&ref_id=7142f328aed#tab=host_pairs (# 2025-09-18)

aiabcd.xyz
aiview.org.in
allservice.live
allservices.club
amneupdate.in
aoth.in
apnawork.shop
auth.in.net
avth.info
basr.cam
bcverify.online
carit.icu
ceit.shop
crs-org.site
crs.homes
crsdc.online
crsigiv.in
crsigove.in
crsori.in
crsverifieds.site
crsverifieds.xyz
digital-csc.in
dobviwe.in
documentsubmit.site
esathi.live
eseva.buzz
firr.info
getprint.site
gov-crs.in.net
gov-csc.sbs
gsprint.xyz
iindex.in
indbith.site
indesx.fun
indexp.xyz
indexxi.site
indixx.xyz
indxn.xyz
inyex.co.in
iorg.ink
ja-ai.shop
jansevakendra.top
jdservicephp.com
jkhosting.xyz
mahacsc.top
makeeedocs.shop
manualorg.space
ngicrs.info
ogri.live
ogrii.live
orginall.xyz
orgiweb.in
origi.pro
panekycnsdl.in
pgoneindia.shop
phpi.cloud
phpii.site
phpt.info
pirint.icu
portalwalalive.in
qafila.fun
superfast.cyou
superfast.website
techdc.shop
verfiy.in
verificertificate.services
verificertificate.shop
verifycer.site
verifycertificate.fun
verilfy.info
verlfy.site
verrify.in
veryfy.website
viawcert.info
viewca.cam
viewcertificates.xyz
viewcertify.site
vipbirth.shop
vipcrs.info
webbirt.shop
webprint.site
zseva.site
in.aiabcd.xyz
in.allservice.live
in.allservices.club
in.amneupdate.in
in.auth.ogri.in.ogri.live
in.auth.ogri.live
in.basr.cam
in.birth.inyex.co.in
in.ceit.shop
in.co.ogri.live
in.crs-org.site
in.crs.bcverify.online
in.crs.getprint.site
in.crs.homes
in.crs.indexxi.site
in.crs.test.panekycnsdl.in
in.crs.verifycertifi.carit.icu
in.crs.viawcert.info
in.crs.web.superfast.cyou
in.crs.web.superfast.website
in.crs.web.website.superfast.website
in.crsdc.online
in.crsigiv.in
in.crsigove.in
in.crsorgi.gov.in.ngicrs.info
in.crsori.in
in.crsverifieds.site
in.crsverifieds.xyz
in.dccertificate.in.eseva.buzz
in.digital-csc.in
in.documentsubmit.site
in.esathi.live
in.getprint.site
in.gov-crs.in.net
in.gov-csc.sbs
in.gsprint.xyz
in.i.qafila.fun
in.iindex.in
in.in.ceit.shop
in.in.firr.info
in.in.inde.firr.info
in.indbith.site
in.indesx.fun
in.index-verify.index.qafila.fun
in.index.ogri.in.ogri.live
in.index.org.qafila.fun
in.index.origi.pro
in.index.vipbirth.shop
in.index.web.php.ceit.shop
in.index.zseva.site
in.indexp.xyz
in.indxn.xyz
in.iorg.ink
in.ja-ai.shop
in.jansevakendra.top
in.jdservicephp.com
in.mahacsc.top
in.makeeedocs.shop
in.manualorg.space
in.ngicrs.info
in.ogri.live
in.ogrii.live
in.orginall.xyz
in.pgoneindia.shop
in.phpt.info
in.portalwalalive.in
in.qafila.fun
in.techdc.shop
in.verfiy.in
in.verify.auth.in.net
in.verify.auth.index.apnawork.shop
in.verify.indixx.xyz
in.verifycer.site
in.verifycertificate.fun
in.verrify.in
in.veryfy.website
in.view.web.index.origi.pro
in.viewcart.indexxi.site
in.viewcertificates.xyz
in.viewcertify.site
in.web.auth.index.viewca.cam
in.web.indesx.verilfy.info
in.web.index.aiview.org.in
in.web.index.auth.pirint.icu
in.web.index.auth.verificertificate.services
in.web.index.auth.verificertificate.shop
in.web.index.dobviwe.in
in.web.index.max.qafila.fun
in.web.index.php.aoth.in
in.web.index.php.avth.info
in.web.index.php.verilfy.info
in.web.index.phpi.cloud
in.web.index.verilfy.info
in.web.index.verlfy.site
in.web.index.viewca.cam
in.web.phpii.site
in.web.pirint.icu
in.web.qafila.fun
in.web.view.index.orgiweb.in
in.web.vipcrs.info
in.webb.index.jkhosting.xyz
in.webbirt.shop
in.webprint.site
gov.in.aiabcd.xyz
gov.in.allservice.live
gov.in.allservices.club
gov.in.amneupdate.in
gov.in.auth.ogri.in.ogri.live
gov.in.auth.ogri.live
gov.in.basr.cam
gov.in.birth.inyex.co.in
gov.in.ceit.shop
gov.in.co.ogri.live
gov.in.crs-org.site
gov.in.crs.bcverify.online
gov.in.crs.getprint.site
gov.in.crs.homes
gov.in.crs.indexxi.site
gov.in.crs.test.panekycnsdl.in
gov.in.crs.verifycertifi.carit.icu
gov.in.crs.viawcert.info
gov.in.crs.web.superfast.cyou
gov.in.crs.web.superfast.website
gov.in.crs.web.website.superfast.website
gov.in.crsdc.online
gov.in.crsigiv.in
gov.in.crsigove.in
gov.in.crsorgi.gov.in.ngicrs.info
gov.in.crsori.in
gov.in.crsverifieds.site
gov.in.crsverifieds.xyz
gov.in.dccertificate.in.eseva.buzz
gov.in.digital-csc.in
gov.in.documentsubmit.site
gov.in.esathi.live
gov.in.getprint.site
gov.in.gov-crs.in.net
gov.in.gov-csc.sbs
gov.in.gsprint.xyz
gov.in.i.qafila.fun
gov.in.iindex.in
gov.in.in.ceit.shop
gov.in.in.firr.info
gov.in.in.inde.firr.info
gov.in.indbith.site
gov.in.indesx.fun
gov.in.index-verify.index.qafila.fun
gov.in.index.ogri.in.ogri.live
gov.in.index.org.qafila.fun
gov.in.index.origi.pro
gov.in.index.vipbirth.shop
gov.in.index.web.php.ceit.shop
gov.in.index.zseva.site
gov.in.indexp.xyz
gov.in.indxn.xyz
gov.in.iorg.ink
gov.in.ja-ai.shop
gov.in.jansevakendra.top
gov.in.jdservicephp.com
gov.in.mahacsc.top
gov.in.makeeedocs.shop
gov.in.manualorg.space
gov.in.ngicrs.info
gov.in.ogri.live
gov.in.ogrii.live
gov.in.orginall.xyz
gov.in.pgoneindia.shop
gov.in.phpt.info
gov.in.portalwalalive.in
gov.in.qafila.fun
gov.in.techdc.shop
gov.in.verfiy.in
gov.in.verify.auth.in.net
gov.in.verify.auth.index.apnawork.shop
gov.in.verify.indixx.xyz
gov.in.verifycer.site
gov.in.verifycertificate.fun
gov.in.verrify.in
gov.in.veryfy.website
gov.in.view.web.index.origi.pro
gov.in.viewcart.indexxi.site
gov.in.viewcertificates.xyz
gov.in.viewcertify.site
gov.in.web.auth.index.viewca.cam
gov.in.web.indesx.verilfy.info
gov.in.web.index.aiview.org.in
gov.in.web.index.auth.pirint.icu
gov.in.web.index.auth.verificertificate.services
gov.in.web.index.auth.verificertificate.shop
gov.in.web.index.dobviwe.in
gov.in.web.index.max.qafila.fun
gov.in.web.index.php.aoth.in
gov.in.web.index.php.avth.info
gov.in.web.index.php.verilfy.info
gov.in.web.index.phpi.cloud
gov.in.web.index.verilfy.info
gov.in.web.index.verlfy.site
gov.in.web.index.viewca.cam
gov.in.web.phpii.site
gov.in.web.pirint.icu
gov.in.web.qafila.fun
gov.in.web.view.index.orgiweb.in
gov.in.web.vipcrs.info
gov.in.webb.index.jkhosting.xyz
gov.in.webbirt.shop
gov.in.webprint.site
crsorgi.gov.in.allservice.live
crsorgi.gov.in.basr.cam
crsorgi.gov.in.ceit.shop
crsorgi.gov.in.crs.bcverify.online
crsorgi.gov.in.crs.homes
crsorgi.gov.in.crs.verifycertifi.carit.icu
crsorgi.gov.in.crsigove.in
crsorgi.gov.in.crsorgi.gov.in.ngicrs.info
crsorgi.gov.in.crsori.in
crsorgi.gov.in.iindex.in
crsorgi.gov.in.in.ceit.shop
crsorgi.gov.in.in.firr.info
crsorgi.gov.in.in.inde.firr.info
crsorgi.gov.in.indbith.site
crsorgi.gov.in.index.vipbirth.shop
crsorgi.gov.in.index.web.php.ceit.shop
crsorgi.gov.in.ja-ai.shop
crsorgi.gov.in.makeeedocs.shop
crsorgi.gov.in.ngicrs.info
crsorgi.gov.in.phpt.info
crsorgi.gov.in.portalwalalive.in
crsorgi.gov.in.qafila.fun
crsorgi.gov.in.techdc.shop
crsorgi.gov.in.verfiy.in
crsorgi.gov.in.verify.auth.in.net
crsorgi.gov.in.verify.auth.index.apnawork.shop
crsorgi.gov.in.verify.indixx.xyz
crsorgi.gov.in.verifycer.site
crsorgi.gov.in.verifycertificate.fun
crsorgi.gov.in.verrify.in
crsorgi.gov.in.veryfy.website
crsorgi.gov.in.view.web.index.origi.pro
crsorgi.gov.in.viewcart.indexxi.site
crsorgi.gov.in.viewcertificates.xyz
crsorgi.gov.in.viewcertify.site
crsorgi.gov.in.web.auth.index.viewca.cam
crsorgi.gov.in.web.indesx.verilfy.info
crsorgi.gov.in.web.index.aiview.org.in
crsorgi.gov.in.web.index.auth.pirint.icu
crsorgi.gov.in.web.index.auth.verificertificate.services
crsorgi.gov.in.web.index.auth.verificertificate.shop
crsorgi.gov.in.web.index.dobviwe.in
crsorgi.gov.in.web.index.max.qafila.fun
crsorgi.gov.in.web.index.php.aoth.in
crsorgi.gov.in.web.index.php.avth.info
crsorgi.gov.in.web.index.php.verilfy.info
crsorgi.gov.in.web.index.phpi.cloud
crsorgi.gov.in.web.index.verilfy.info
crsorgi.gov.in.web.index.verlfy.site
crsorgi.gov.in.web.index.viewca.cam
crsorgi.gov.in.web.phpii.site
crsorgi.gov.in.web.pirint.icu
crsorgi.gov.in.web.qafila.fun
crsorgi.gov.in.web.view.index.orgiweb.in
crsorgi.gov.in.web.vipcrs.info
crsorgi.gov.in.webb.index.jkhosting.xyz
crsorgi.gov.in.webbirt.shop
crsorgi.gov.in.webprint.site
dc.crsorgi.gov.in.aiabcd.xyz
dc.crsorgi.gov.in.allservice.live
dc.crsorgi.gov.in.allservices.club
dc.crsorgi.gov.in.amneupdate.in
dc.crsorgi.gov.in.auth.ogri.in.ogri.live
dc.crsorgi.gov.in.auth.ogri.live
dc.crsorgi.gov.in.basr.cam
dc.crsorgi.gov.in.birth.inyex.co.in
dc.crsorgi.gov.in.ceit.shop
dc.crsorgi.gov.in.co.ogri.live
dc.crsorgi.gov.in.crs-org.site
dc.crsorgi.gov.in.crs.bcverify.online
dc.crsorgi.gov.in.crs.getprint.site
dc.crsorgi.gov.in.crs.homes
dc.crsorgi.gov.in.crs.indexxi.site
dc.crsorgi.gov.in.crs.test.panekycnsdl.in
dc.crsorgi.gov.in.crs.verifycertifi.carit.icu
dc.crsorgi.gov.in.crs.viawcert.info
dc.crsorgi.gov.in.crs.web.superfast.cyou
dc.crsorgi.gov.in.crs.web.superfast.website
dc.crsorgi.gov.in.crs.web.website.superfast.website
dc.crsorgi.gov.in.crsdc.online
dc.crsorgi.gov.in.crsigiv.in
dc.crsorgi.gov.in.crsigove.in
dc.crsorgi.gov.in.crsorgi.gov.in.ngicrs.info
dc.crsorgi.gov.in.crsori.in
dc.crsorgi.gov.in.crsverifieds.site
dc.crsorgi.gov.in.crsverifieds.xyz
dc.crsorgi.gov.in.dccertificate.in.eseva.buzz
dc.crsorgi.gov.in.digital-csc.in
dc.crsorgi.gov.in.documentsubmit.site
dc.crsorgi.gov.in.esathi.live
dc.crsorgi.gov.in.getprint.site
dc.crsorgi.gov.in.gov-crs.in.net
dc.crsorgi.gov.in.gov-csc.sbs
dc.crsorgi.gov.in.gsprint.xyz
dc.crsorgi.gov.in.i.qafila.fun
dc.crsorgi.gov.in.iindex.in
dc.crsorgi.gov.in.in.ceit.shop
dc.crsorgi.gov.in.in.firr.info
dc.crsorgi.gov.in.in.inde.firr.info
dc.crsorgi.gov.in.indbith.site
dc.crsorgi.gov.in.indesx.fun
dc.crsorgi.gov.in.index-verify.index.qafila.fun
dc.crsorgi.gov.in.index.ogri.in.ogri.live
dc.crsorgi.gov.in.index.org.qafila.fun
dc.crsorgi.gov.in.index.origi.pro
dc.crsorgi.gov.in.index.vipbirth.shop
dc.crsorgi.gov.in.index.web.php.ceit.shop
dc.crsorgi.gov.in.index.zseva.site
dc.crsorgi.gov.in.indexp.xyz
dc.crsorgi.gov.in.indxn.xyz
dc.crsorgi.gov.in.iorg.ink
dc.crsorgi.gov.in.ja-ai.shop
dc.crsorgi.gov.in.jansevakendra.top
dc.crsorgi.gov.in.jdservicephp.com
dc.crsorgi.gov.in.mahacsc.top
dc.crsorgi.gov.in.makeeedocs.shop
dc.crsorgi.gov.in.manualorg.space
dc.crsorgi.gov.in.ngicrs.info
dc.crsorgi.gov.in.ogri.live
dc.crsorgi.gov.in.ogrii.live
dc.crsorgi.gov.in.orginall.xyz
dc.crsorgi.gov.in.pgoneindia.shop
dc.crsorgi.gov.in.phpt.info
dc.crsorgi.gov.in.portalwalalive.in
dc.crsorgi.gov.in.qafila.fun
dc.crsorgi.gov.in.techdc.shop
dc.crsorgi.gov.in.verfiy.in
dc.crsorgi.gov.in.verify.auth.in.net
dc.crsorgi.gov.in.verify.auth.index.apnawork.shop
dc.crsorgi.gov.in.verify.indixx.xyz
dc.crsorgi.gov.in.verifycer.site
dc.crsorgi.gov.in.verifycertificate.fun
dc.crsorgi.gov.in.verrify.in
dc.crsorgi.gov.in.veryfy.website
dc.crsorgi.gov.in.view.web.index.origi.pro
dc.crsorgi.gov.in.viewcart.indexxi.site
dc.crsorgi.gov.in.viewcertificates.xyz
dc.crsorgi.gov.in.viewcertify.site
dc.crsorgi.gov.in.web.auth.index.viewca.cam
dc.crsorgi.gov.in.web.indesx.verilfy.info
dc.crsorgi.gov.in.web.index.aiview.org.in
dc.crsorgi.gov.in.web.index.auth.pirint.icu
dc.crsorgi.gov.in.web.index.auth.verificertificate.services
dc.crsorgi.gov.in.web.index.auth.verificertificate.shop
dc.crsorgi.gov.in.web.index.dobviwe.in
dc.crsorgi.gov.in.web.index.max.qafila.fun
dc.crsorgi.gov.in.web.index.php.aoth.in
dc.crsorgi.gov.in.web.index.php.avth.info
dc.crsorgi.gov.in.web.index.php.verilfy.info
dc.crsorgi.gov.in.web.index.phpi.cloud
dc.crsorgi.gov.in.web.index.verilfy.info
dc.crsorgi.gov.in.web.index.verlfy.site
dc.crsorgi.gov.in.web.index.viewca.cam
dc.crsorgi.gov.in.web.phpii.site
dc.crsorgi.gov.in.web.pirint.icu
dc.crsorgi.gov.in.web.qafila.fun
dc.crsorgi.gov.in.web.view.index.orgiweb.in
dc.crsorgi.gov.in.web.vipcrs.info
dc.crsorgi.gov.in.webb.index.jkhosting.xyz
dc.crsorgi.gov.in.webbirt.shop
dc.crsorgi.gov.in.webprint.site

# Reference: https://app.validin.com/detail?find=6234cc6e529013e77f1e7f75a6ac2525&type=hash&ref_id=598e0568d50#tab=host_pairs (# 2025-09-22)

crsorgi-gov-web.shop
crsorgi.gov.in.web.index.dobview.in
crsorgi.gov.in.web.index.sbmb.pro
dc.crsorgi.gov.in.web.index.dobview.in
dc.crsorgi.gov.in.web.index.sbmb.pro
dobview.in
gov.in.web.index.dobview.in
gov.in.web.index.sbmb.pro
in.web.index.dobview.in
in.web.index.sbmb.pro
iphp.in
mail.crsorgi-gov-web.shop
mail.dobview.in
mail.sksewa.in
sbmb.pro
sksewa.in
web.index.dobview.in
web.index.sbmb.pro

# Reference: https://x.com/RedDrip7/status/1970750314044391427
# Reference: https://www.virustotal.com/gui/file/3243bedebce26f60f48835042d51242eebec1be97e0286901716790f4a1d974b/detection
# Reference: https://www.virustotal.com/gui/file/64f2a917271cbbb39d09f502e9afbadc1e99dfc8b029bd48adbbe87cdb277ea5/detection
# Reference: https://www.virustotal.com/gui/file/2c452c89eef048a02d878b90b3ac82ea3962b8c5528e80dd280a1a36c3df6bc6/detection
# Reference: https://www.virustotal.com/gui/file/9a4abaf9a48598f12230943c6a7d1481bc8957aca1ef2997031732f6fb72cbac/detection

77.93.155.106:15168
77.93.155.106:18689
77.93.155.106:26568
77.93.155.106:5698
77.93.155.106:8989

# Reference: https://x.com/suyog41/status/1971167969733738854
# Reference: https://x.com/PrakkiSathwik/status/1971192235954999531
# Reference: https://www.virustotal.com/gui/file/00b07bf3c861afd79be15b78b4423aaaf3b9df80ec92388ba001ac6e5076b680/detection

vetpharmaconsultant.in

# Reference: https://x.com/SinghSoodeep/status/1971563773270896885
# Reference: https://www.virustotal.com/gui/file/567dfbe825e155691329d74d015db339e1e6db73b704b3246b3f015ffd9f0b33/detection

147.93.155.118:8080
newforsomething.rest
seeconnectionalive.website

# TITLE-IP=Stealth Server - Login
# CLASS_0_HASH-IP=995d390e764d5c690d818c71f102ed3f

146.19.173.167:8080
45.155.54.122:8080

# Reference: https://x.com/SinghSoodeep/status/1973307376200720839
# Reference: https://www.virustotal.com/gui/file/43715401531e0060827d3dcfd406add434829192051fe76d5ffdbb22602cc136/detection

modgovindia.com

# Reference: https://x.com/Cyberteam008/status/1978823152118407431

146.19.173.109:8080
164.215.103.129:8080
37.221.64.202:443
45.155.54.62:8080
81.180.93.5:443
81.180.93.5:8080
37-221-64-202.cprapid.com
campindia.xyz
chuchuchacha.art
chuchuchacha.club
departmentofdefence.live
in.campindia.xyz
in.departmentofdefence.live
mgovcloud.in.departmentofdefence.live
accountsmgovcloud.in.campindia.xyz
accounts.mgovcloud.in.departmentofdefence.live

# Reference: https://x.com/blackorbird/status/1979122075873796342
# Reference: https://mp.weixin.qq.com/s/88VDPssTV3LG9MHgAG5VsQ

101.99.94.109:4000
101.99.94.109:8080
/ghg/Mt_dated_29.txt
/Mt_dated_29.txt

# Reference: https://x.com/PrakkiSathwik/status/1979162389061763260
# Reference: https://www.virustotal.com/gui/file/fdb2804a394065df893c95d8fed789e7f1fd783eabc4996212842beee802fe95/detection
# Reference: https://www.virustotal.com/gui/file/3624db27673e427d079b771f2cd6866d6ffc63fd2156c7a2031f769dde567b93/detection
# Reference: https://www.virustotal.com/gui/file/21f4f79abd1eb07cb5d1ddaa74600442637ac744ab2cd28123a20871a2973946/detection

securestore.it.com

# Reference: https://x.com/PrakkiSathwik/status/1979235334673363448

164.215.103.129:14500
cdsofficialgov.site

# Reference: https://x.com/PrakkiSathwik/status/1979514409551819168

zohmailcloud.com
/pakafghan/impactonnorthernborderindia.php
/impactonnorthernborderindia.php

# REGEX=/^dc\.crsorgi\.gov\.in\.[a-z]+\.[a-z]+$/ (# 2025-10-18)

apie.live
bestadhaarprint.in
certifly.live
crgi.shop
crgi.xyz
crsmitra.xyz
csucc.cfd
csuccc.cfd
dfone.shop
govindia.in
ogri.site
procrs.site
sscrs.site
veerrajput.xyz
verifycertificate.site
viaw.in
viewcert.buzz
in.apie.live
in.bestadhaarprint.in
in.certifly.live
in.crgi.shop
in.crgi.xyz
in.crsmitra.xyz
in.csucc.cfd
in.csuccc.cfd
in.dfone.shop
in.govindia.in
in.ogri.site
in.procrs.site
in.sscrs.site
in.veerrajput.xyz
in.verifycertificate.site
in.viaw.in
in.viewcert.buzz
gov.in.apie.live
gov.in.bestadhaarprint.in
gov.in.certifly.live
gov.in.crgi.shop
gov.in.crgi.xyz
gov.in.crsmitra.xyz
gov.in.csucc.cfd
gov.in.csuccc.cfd
gov.in.dfone.shop
gov.in.govindia.in
gov.in.ogri.site
gov.in.procrs.site
gov.in.sscrs.site
gov.in.veerrajput.xyz
gov.in.verifycertificate.site
gov.in.viaw.in
gov.in.viewcert.buzz
crsorgi.gov.in.apie.live
crsorgi.gov.in.bestadhaarprint.in
crsorgi.gov.in.certifly.live
crsorgi.gov.in.crgi.shop
crsorgi.gov.in.crgi.xyz
crsorgi.gov.in.crsmitra.xyz
crsorgi.gov.in.csucc.cfd
crsorgi.gov.in.csuccc.cfd
crsorgi.gov.in.dfone.shop
crsorgi.gov.in.govindia.in
crsorgi.gov.in.ogri.site
crsorgi.gov.in.procrs.site
crsorgi.gov.in.sscrs.site
crsorgi.gov.in.veerrajput.xyz
crsorgi.gov.in.verifycertificate.site
crsorgi.gov.in.viaw.in
crsorgi.gov.in.viewcert.buzz
dc.crsorgi.gov.in.apie.live
dc.crsorgi.gov.in.bestadhaarprint.in
dc.crsorgi.gov.in.certifly.live
dc.crsorgi.gov.in.crgi.shop
dc.crsorgi.gov.in.crgi.xyz
dc.crsorgi.gov.in.crsmitra.xyz
dc.crsorgi.gov.in.csucc.cfd
dc.crsorgi.gov.in.csuccc.cfd
dc.crsorgi.gov.in.dfone.shop
dc.crsorgi.gov.in.govindia.in
dc.crsorgi.gov.in.ogri.site
dc.crsorgi.gov.in.procrs.site
dc.crsorgi.gov.in.sscrs.site
dc.crsorgi.gov.in.veerrajput.xyz
dc.crsorgi.gov.in.verifycertificate.site
dc.crsorgi.gov.in.viaw.in
dc.crsorgi.gov.in.viewcert.buzz

# Generic

/h_ttp
/h_tt_p
/htt_p
/h_t_t_p
/h-xmlhttp/
/streamcmd?AV=
/classics/abnormal.php
/classifieds/classifieds.php
/classification/updatecs.php
/Armed-Forces-Spl-Allowance-Order/
/Defence-Production-Policy-2020/
/IMPL_OF_SPL_ALLCE_ORDER/
/ParaMil-Forces-Spl-Allowance-Order/
/mod.gov.in_dod_sites_default_files_Revisedrates/
