# Copyright (c) 2014-2026 Maltrail developers (https://github.com/stamparm/maltrail/)
# See the file 'LICENSE' for copying permission

# Aliases: apt-c-56, sidecopy, falseflag, apt36, mythic leopard, actionrat, elizarat, fetarat, scarimson, crimsonrat, seedoor, sindoor, getarat, reverserat, drat, tag-140, G0134, deskrat, curlbackrat

# Reference: https://twitter.com/Timele9527/status/1144069969845481474
# Reference: https://app.any.run/tasks/69351273-5fd3-4590-a5a5-da639f86f9ec/
# Reference: https://www.virustotal.com/gui/file/bf34be94275f5b05d82b3805bccb30f217020d88f501d156324f98b5eda9ba7e/detection
# Reference: https://www.virustotal.com/gui/file/071c2ac354452d484a37e7af15dd4685061dd4af93abad4308f41df673132ff0/detection

192.99.241.4:4915

# Reference: https://twitter.com/Timele9527/status/1130670958971215873
# Reference: https://www.virustotal.com/gui/file/386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/386ed7ba502e7bf0e60c546476c1c762cbc951eb2a2ba1f5b505be08d60310ef_Tencent%20HABO.html

95.168.176.141:4864
95.168.176.141:16672

# Reference: https://twitter.com/HONKONE_K/status/1122327639249698816
# Reference: https://www.freebuf.com/articles/network/197398.html

bdrive.club
bdrive.space
cloudserve.online
cynqms.com
data-backup.online
firebasebox.com
scan9t.com
tprlink.com

# Reference: https://twitter.com/Timele9527/status/1121607912676261890
# Reference: https://www.virustotal.com/gui/file/b80635fed8c7fce92385ddb66fb6f58337a8a150c4a1d158888adaa8db0cfebc/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/b80635fed8c7fce92385ddb66fb6f58337a8a150c4a1d158888adaa8db0cfebc_Tencent%20HABO.html

peechtrees.com

# Reference: https://twitter.com/HONKONE_K/status/1104951156730544128
# Reference: https://www.virustotal.com/gui/file/500f8798dd582b22928097f24d8516893beb84d155f5a2a6ebf30bbcf4d91dae/detection
# Reference: https://vtbehaviour.commondatastorage.googleapis.com/500f8798dd582b22928097f24d8516893beb84d155f5a2a6ebf30bbcf4d91dae_Tencent%20HABO.html

81.17.56.226:3864

# Reference: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf

178.238.228.113:7861
178.238.235.143:80
178.238.235.143:9001
193.37.152.28:9990
213.136.87.122:10001
5.189.143.225:11114
5.189.145.248:10032
5.189.145.248:1453
5.189.145.248:6318
62.4.23.46:1500
ad2.admart.tv
afgcloud7.com
avadhnama.com
bbmdroid.com
bbmsync2727.com
bhai123.no-ip.biz
bhai1.ddns.net
brooksidebiblefellowship.org
cdrfox.xyz
intribune.blogspot.com
lolxone.com
mvssync8767.com
ordering-checks.com
thefriendsmedia.com
sahirlodhi.com
sms.totalworthy.com
sudhir71nda.no-ip.org
winupdatess.no-ip.biz
comdtoscc.attachment.biz
ceengrmes.attachment.biz
email.attachment.biz
fileshare.attachment.biz

# Reference: https://twitter.com/Timele9527/status/1167626219916972032

kmcodecs.com

# Reference: https://twitter.com/Timele9527/status/1186816375857139712

isroddp.com
/rEmt1t_pE7o_pe0Ry/

# Reference: https://twitter.com/Arkbird_SOLG/status/1219769450989334528

198.46.177.73:6421
198.46.177.73:4920
198.46.177.73:10422
198.46.177.73:14823
198.46.177.73:16824

# Reference: https://twitter.com/_re_fox/status/1232402275181703169

185.136.163.197:4442

# Reference: https://twitter.com/_re_fox/status/1226344529046929408

awsyscloud.com
/E@t!aBbU0le8hiInks/
/H!pT0pNSc3nd/
/eNn!T5eals/
/Pon0N.php
/Cor2PoRJSet!On.php
/f3dlPr00f.php
/pR0T5o-Niums.php
/Dev3l2Nmpo7nt.php
/xwunThedic@t6.php

# Reference: https://twitter.com/spider_girl22/status/1246082462649683968
# Reference: https://twitter.com/teamcymru_S2/status/1382724143444004866
# Reference: https://www.virustotal.com/gui/file/94fc14e5c961c1dd8ff63330f0bdd11c8f5e1563468d7d35127ae486144c3dd2/detection
# Reference: https://www.virustotal.com/gui/file/736c9682399885ca1219cb10472b406d381ce66bd3a5cdc919cb28ee59b898fe/detection

107.175.1.103:14686
107.175.1.103:3268
107.175.1.103:5418
107.175.1.103:7646
107.175.1.103:9348

# Reference: https://twitter.com/ShadowChasing1/status/1250303709013147650
# Reference: https://www.virustotal.com/gui/file/3c7eb76db2a503d495d1332dc50acbcf511d56a6ff5a7f1a5f9c16c5efc10b5d/detection

64.188.25.205:3692

# Reference: https://twitter.com/ShadowChasing1/status/1257268847175860224
# Reference: https://twitter.com/KodaES/status/1257265452654497792
# Reference: https://app.any.run/tasks/250c2c2d-fdfb-4f46-8565-a9b2538c1ace/

107.175.64.251:6286

# Reference: https://twitter.com/_re_fox/status/1286826493335805953
# Reference: https://www.virustotal.com/gui/file/99b24003e4d5a19430653760db6492d920dfda94194ba8aaa9e82d2949aab740/detection

164.68.101.194:3312

# Reference: https://twitter.com/ShadowChasing1/status/1296988003911360516
# Reference: https://www.virustotal.com/gui/file/e91836bbf90b1eafd5cdcf8868408309470d4a06c5239dfee7dd74eca1a7f222/detection

64.188.12.126:4676

# Reference: https://securelist.com/transparent-tribe-part-2/98233/
# Reference: https://otx.alienvault.com/pulse/5f46861db7f081f8c83140dc

http://212.8.240.221
212.8.240.221:5987
sharemydrives.com
sharingmymedia.com
tryanotherhorse.com

# Reference: https://twitter.com/ShadowChasing1/status/1311590568674291712

servicesmail.site

# Reference: https://twitter.com/DeadlyLynn/status/1318006847949819912
# Reference: https://www.virustotal.com/gui/file/d4b36731cb37ad05b0b9678b568c10a56f2e84967b393b626afb19d2df41c9b9/detection

173.249.14.104:6630

# Reference: https://twitter.com/ShadowChasing1/status/1337000347810729984
# Reference: https://www.virustotal.com/gui/file/6257ab26547f390bfd67d60766a708a95998452eb487d6d7208a52dc3e9840e0/detection

198.12.90.116:3691

# Reference: https://twitter.com/ShadowChasing1/status/1338077086896963584
# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1338177112059088903
# Reference: https://www.virustotal.com/gui/file/2714b12d0c65cb6fe783571a2d103866c4059f40b2905f58a6cd5de80eefeb73/detection
# Reference: https://www.virustotal.com/gui/file/26a4d9bd2961d724ef07aaec5cbbd120891c600ab7932e5e4ddef38aa3ee9700/detection

89.249.65.206:4816
89.249.65.206:49483

# Reference: https://twitter.com/ShadowChasing1/status/1338507666373558273
# Reference: https://www.virustotal.com/gui/file/48f662986a80c5c73a878b0f46cd7e3a548e556ad9c3f76c4eb867968b240eaf/detection

172.217.15.110:4876

# Reference: https://twitter.com/ShadowChasing1/status/1360018043703762945
# Reference: https://www.virustotal.com/gui/file/86d43578ba26f02cf845f16a38ab29a48ad86c17f4a2ec3b69fc0d5fe82b4af7/detection

64.188.25.143:4586

# Reference: https://twitter.com/h2jazi/status/1367102521400053767
# Reference: https://twitter.com/h2jazi/status/1367105848544284676
# Reference: https://twitter.com/teamcymru_S2/status/1367436864941150208
# Reference: https://www.virustotal.com/gui/file/f6bec3c2d0503978f88734c6d52f2a01552c1d24b8e014ab835827ba3c9cc548/detection

23.254.119.118:11214
23.254.119.118:15822
23.254.119.118:17443
23.254.119.118:6128
23.254.119.118:8761

# Reference: https://twitter.com/InQuest/status/1368879546695618561
# Reference: https://twitter.com/ShadowChasing1/status/1368902119051325447
# Reference: https://www.virustotal.com/gui/file/d0a5ffa3b9c40eb1e4277e7c41a100b0836c9424b36fb9bbe281711c0b116883/detection

173.249.14.104:4568
templatesmanagersync.info

# Reference: https://twitter.com/modubyk/status/1215690858131066881
# Reference: https://www.virustotal.com/gui/file/3cbb07af5c85a539ba970bd831de6ad53473afe6d99b3cdbb963711e2b1ee9c3/detection
# Reference: https://www.virustotal.com/gui/file/fde8b0e2ce949e09070d6788194f63131070afab0ebd479bedd545091e7cc8aa/detection

cfrbackup.com
/P0urWa1t3_r!es/
/P0urWa1t3_r!es/iptonps.php

# Reference: https://twitter.com/h2jazi/status/1374754308676280323
# Reference: https://www.virustotal.com/gui/file/8bd2a1aa58cd9fb15ce499be7131e810abbdcc7770806ebfbd83b8e8f701c5e4/detection

75.119.139.169:4568

# Reference: https://twitter.com/ShadowChasing1/status/1374713010472685569

185.136.169.155:8761

# Reference: https://twitter.com/h2jazi/status/1385577616606961664
# Reference: https://www.virustotal.com/gui/file/f87d8b4376bdb341964801a836bb7ae4843351ded70801d401e951cbbe05d613/detection

167.160.166.177:4698

# Reference: https://team-cymru.com/blog/2021/04/16/transparent-tribe-apt-infrastructure-mapping/

134.119.181.15:6818
134.119.181.15:8561
134.119.181.15:8861
151.106.14.125:14618
151.106.14.125:16418
151.106.14.125:3468
151.106.14.125:8722
151.106.19.220:2682
172.245.247.112:11824
172.245.247.112:14624
172.245.247.112:8666
172.245.87.12:12447
172.245.87.12:18856
172.245.87.12:4586
172.245.87.12:8443
173.212.192.229:16564
173.249.22.30:10864
173.249.22.30:16582
173.249.22.30:4228
173.249.14.104:3312
173.249.14.104:9808
173.249.42.113:8148
185.136.169.155:11214
185.136.169.155:15882
185.136.169.155:17443
185.136.169.155:6128
185.174.102.105:54131
198.12.90.116:3691
198.12.90.116:4684
198.12.90.116:6582
23.254.119.11:3163
23.254.119.11:4828
23.254.119.11:5661
23.254.119.11:6614
45.32.151.155:11427
45.32.151.155:12835
45.77.246.69:16185
5.189.134.216:5156
64.188.12.126:12824
64.188.12.126:49747
64.188.12.126:9666
64.188.25.206:11422
64.188.25.206:16621
64.188.25.206:4125
64.188.25.206:6522
66.154.113.38:3878
66.154.113.38:8666

# Reference: https://twitter.com/ShadowChasing1/status/1385561727559864321
# Reference: https://www.virustotal.com/gui/file/fafcbb35db7cd2725d2f3f4268ffb32390f0e7602263841914fae72f37baca5b/detection

109.236.85.16:5987
myabcxyz1.ddns.net

# Reference: https://twitter.com/ShadowChasing1/status/1387357625013080064

167.86.89.53:1443
167.86.89.53:16688
167.86.89.53:24619
167.86.89.53:6118
167.86.89.53:8843

# Reference: https://twitter.com/cyber__sloth/status/1383394061965348867
# Reference: https://twitter.com/ShadowChasing1/status/1383217637853831169
# Reference: https://twitter.com/_re_fox/status/1383207625874083841
# Reference: https://www.seqrite.com/documents/en/white-papers/Seqrite-WhitePaper-Operation-SideCopy.pdf
# Reference: https://www.virustotal.com/gui/file/54759951089f44a3918e164b8bf29c8f388cfd41f9930f81b8103852947fed93/detection
# Reference: https://www.virustotal.com/gui/file/5bc838b11eadb3fec80a7e6bb46183b868096d8c2e499bedd9c976f3d70d41b1/detection

http://161.97.142.96/htt_p
http://173.212.224.110/h_ttp
144.91.65.100:6102
144.91.91.236:6102
164.68.108.22:6102
173.212.224.110:6102
173.249.50.230:3245
drivetoshare.com
mailfourms.com
iiieyehealth.com
socialistfourm.com
updatedportal.com
mfahost.ddns.net
newsindia.ddns.net
tor-relay2.innonetlife.com
vmi192147.contaboserver.net
vmi268056.contaboserver.net
vmi296708.contaboserver.net
vmi312537.contaboserver.net
vmi314646.contaboserver.net
demo.smart-hospital.in/uploads/staff_documents/18/html/
demo.smart-hospital.in/uploads/staff_documents/18/h-xmlhttp/
demo.smart-hospital.in/uploads/staff_documents/19/Armed-Forces-Spl-Allowance-Order/html/
demo.smart-hospital.in/uploads/staff_documents/19/Defence-Production-Policy-2020/html/
demo.smart-hospital.in/uploads/staff_documents/19/Images/8534
demo.smart-hospital.in/uploads/staff_documents/19/IncidentReport/html/
demo.smart-hospital.in/uploads/staff_documents/19/ParaMil-Forces-Spl-Allowance-Order/html/
demo.smart-hospital.in/uploads/staff_documents/19/Req-Data/html
demo.smart-hospital.in/uploads/staff_documents/19/Sheet_Roll/html
demo.smart-school.in/uploads/staff_documents/9/Sheet_Roll/html
demo.smart-school.in/uploads/student_documents/12/css/
drivetoshare.com/mod.gov.in_dod_sites_default_files_Revisedrates/html
sparc.org.in/wp-content/uploads/2020/06/now/rt.rtf

# Reference: https://twitter.com/ShadowChasing1/status/1391680709207609347

londonkids.in/preschool/video/Emergency_Vaccination/css/

# Reference: https://twitter.com/KseProso/status/1392063980961734657
# Reference: https://www.virustotal.com/gui/file/2491caddf4445d9297404493c7707b54591c989b94fd4634a7afdf54c0d22e9c/detection

vmi433658.contaboserver.net

# Reference: https://twitter.com/KseProso/status/1392063980961734657
# Reference: https://www.virustotal.com/gui/file/871cab3256acdbc3c27650adde878658568a85b87e85d3e3c137bdeb4592fb2c/detection

173.249.14.104:6140

# Reference: https://twitter.com/KseProso/status/1392064101103378437
# Reference: https://www.virustotal.com/gui/file/c7dbca435039a6148dc25208f04b734465e8b7c92010ede1401d88f5f8003f2d/detection

173.249.14.104:5670

# Reference: https://twitter.com/pollo290987/status/1564886555306692608
# Reference: https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
# Reference: https://otx.alienvault.com/pulse/609d7a98443a742cd63c2784
# Reference: https://www.virustotal.com/gui/file/ee4615ba6097bde423549aadac4caea4e74493f93c91ad6cfa3372f2d1fae04d/detection

139.28.36.141:6922
7thcpcupdates.info
armypostalservice.com
clawsindia.com
isroddp.com
larsentobro.com
millitarytocorp.com
pmayindia.com
tprlink.com
awsyscloud.com
cloudsbox.net
datacyncorize.com
digiphotostudio.live
drivestransfer.com
emailhost.network
file-attachment.com
filelinks.live
filestudios.net
hostflix.live
maildrive.email
mediabox.live
mediaclouds.live
mediadrive.cc
mediafiles.live
mediaflix.net
medialinks.cc
mediashare.cc
onedrives.cc
servicesmail.site
shareboxs.net
shareflix.co
sharemydrives.com
shareone.live
sharingmymedia.com
studioflix.net
templatesmanagersync.info
urservices.net
bjorn111.duckdns.org
micrsoft.ddns.net
newsupdates.myftp.org
share.medialinks.cc
social.medialinks.cc
systemsupdated.duckdns.org
tgservermax.duckdns.org
vmd41059.contaboserver.net
vmi433658.contaboserver.net
email.gov.in.attachment.drive.servicesmail.site
email.gov.in.maildrive.email
india.gov.in.attachments.downloads.7thcpcupdates.info
mail.clawsindia.com
mail.isroddp.com
mailer.pmayindia.com
mailout.pmayindia.com

# Reference: https://tria.ge/210514-fsd2fkks9a/behavioral1

5.189.134.216:12538
5.189.134.216:7218
5.189.134.216:9686

# Reference: https://twitter.com/ShadowChasing1/status/1394229310911762434
# Reference: https://www.virustotal.com/gui/file/7f800784b00354dd15eee129317a63bd3f7bb25622e898c873603e5b142cbb09/detection

5-135-125-106.cinfuserver.com

# Reference: https://twitter.com/ShadowChasing1/status/1399012433520324617
# Reference: https://www.virustotal.com/gui/file/71a8e488b3d142bfdfcc4092ac35cf32e7d5e55b68acd262d16707f6a09f9321/detection

134.119.181.142:6672

# Reference: https://twitter.com/bofheaded/status/1399384209353969667
# Reference: https://www.virustotal.com/gui/file/cad6dcfe6942bb5ac648fb25b8aa3359f1d30b6671c132ce8c7c8c3cd08e8825/detection

178.238.229.192:11884
178.238.229.192:15285
178.238.229.192:3687
178.238.229.192:6782
178.238.229.192:8529

# Reference: https://twitter.com/ShadowChasing1/status/1402526383293624323

http://167.86.75.119
selforder.in/wp-content/uploads/wp-commerce/04/05/

# Reference: https://www.virustotal.com/gui/file/d228c1186003ae37e6c9e26222782291fa97580a254e77f290b46c2376b712e4/detection

185.136.169.155:15822

# Reference: https://twitter.com/ShadowChasing1/status/1406962468010614785
# Reference: https://www.virustotal.com/gui/file/907f594f49e498f0526684e03afd76e953b46b2c4947dd260f90f2665b7ff875/detection

afghannewsnetwork.com
dadsasoa.in/font/js/images/files/My-CV/css

# Reference: https://www.virustotal.com/gui/ip-address/144.91.65.100/relations
# Reference: https://www.virustotal.com/gui/file/1ac0288aaebbe07b6145f20dc3ba2c0107ab00b47a4fe90215a784c887bad35d/detection

mmfaa.ddns.net

# Reference: https://www.virustotal.com/gui/file/149b121b8f5755bc841ddd38f8dbcb6f857b00c8943b446ab85e1706e2216bde/detection

http://144.91.65.100

# Reference: https://blog.lumen.com/suspected-pakistani-actor-compromises-indian-power-company-with-new-reverserat/
# Reference: https://otx.alienvault.com/pulse/60d2f18dfd693f4314446f84
# Reference: https://twitter.com/0xrb/status/1409729774956597250

ankaraembassy.hopto.org
certindia.chickenkiller.com
certindia.ignorelist.com
coronavirusupdate.ddns.net
coronavirusupdate.ddnsking.com
defencecyberorg.myddns.me
frankooxyz2.ddns.net
minofdefence.mooo.com
minofdefenceindia.ddns.net
pmreference.ddnsking.com
iiieyehealth.com/fonts/times/files/Call-for-Proposal-DGSP-COAS-Chair-Excellance/css/
ikiranastore.com/images/files/ist/doc/i.php
londonkids.in/echoolz/assets/css/front/hwo/DATE-OF-NEXT-INCREMENT-ON-UP-GRADATION-OF-PAY-ON-01-JAN-AND-01-JUL/css
londonkids.in/preschool/video/Emergency_Vaccination/css/
minervacollege.co.in/fonts/plugins/mrt/Image-7563/css2

# Reference: https://twitter.com/h2jazi/status/1407788867260923908
# Reference: https://www.virustotal.com/gui/file/aadaa8d23cc2e49f9f3624038566c3ebb38f5d955b031d47b79dcfc94864ce40/detection

5.189.170.84:3901

# Reference: https://www.virustotal.com/gui/file/2bb2a640376a52b1dc9c2b7560a027f07829ae9c5398506dc506063a3e334c3a/detection
# Reference: https://www.virustotal.com/gui/file/d2113b820db894f08c47aa905b6f643b1e6f38cce7adf7bf7b14d8308c3eaf6e/detection

5.189.170.84:3312
iwestcloud.com
/Pick@Whatsoever/Mac.php
/Pick@Whatsoever/Qu33nRocQCl!mbing.php
/Pick@Whatsoever/S3r&eryvUed.php
/Pick@Whatsoever/
/Qu33nRocQCl!mbing.php
/S3r&eryvUed.php

# Reference: https://twitter.com/ShadowChasing1/status/1410157094343364609
# Reference: https://www.virustotal.com/gui/file/af5dec1a8eed98bbab9c03dd76a980edc987347c43798d726b0ca538376f27be/detection

drigablockszip.sytes.net
medizz.co/wp-content/base/phr/shareddocuments/Agenda

# Reference: https://twitter.com/BaoshengbinCumt/status/1411963177626046467
# Reference: https://www.virustotal.com/gui/file/c3e56af0c0a13e8ab4e6f2269d1c15586e72f9b7a90c22980f976e6786388a03/detection

185.233.202.230:44567
templateworkshop.site
/template_storage/normal_template/template48.dot

# Reference: https://twitter.com/ShadowChasing1/status/1411991006489112582
# Reference: https://www.virustotal.com/gui/file/49387b1a799944bb19f5b83cd5a05e421bcaff8ddc59750aba800ec03c447245/detection

167.86.105.43:6588

# Reference: https://twitter.com/teamcymru_S2/status/1412397642286522368
# Reference: https://team-cymru.com/blog/2021/07/02/transparent-tribe-apt-infrastructure-mapping-2/

107.173.204.38:6576
107.173.204.38:8586

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt

digitalfilestores.com
filehubspot.com
freewindowssoftware.com
mailupdater.net
mfahost.ddns.net
mffatool.ddns.net
nscinfo.ddns.net
vmi240582.contaboserver.net
vmi281634.contaboserver.net
vmi312537.contaboserver.net
vmi369553.contaboserver.net
vmi388643.contaboserver.net
vmi420862.contaboserver.net
vmi475662.contaboserver.net
vmi489177.contaboserver.net
vmi512038.contaboserver.net
vmi532529.contaboserver.net

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/132870a1ae6a0bdecaa52c03cfe97a47df8786f148fa8ca113ac2a8d59e3624a/detection

173.249.50.230:1238
muzicmirchi.000webhostapp.com

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/71bbf2394fe4909a6ce0f7085ca41f21cf5e05e3d761620e4d7f307183fb1e1b/detection

167.86.70.194:9091

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/852612666095aec2e9f3456ec4f8a9566be2c690c8583aff6055d180507d5476/detection

167.86.70.194:9092

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/956f0f369082068ef24b76ec162cfc2119adbffda94e33e41b40f39d2f192ffe/detection

161.97.90.175:8080

# Reference: https://twitter.com/bofheaded/status/1420466901466030083
# Reference: https://twitter.com/teamcymru_S2/status/1423281518034575363
# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt
# Reference: https://www.virustotal.com/gui/file/57466da1095f6c28d5d7c56d171417bb796b153f1c545e846fee1743cacc15fc/detection
# Reference: https://www.virustotal.com/gui/file/772bc22f6238eb368c47f4d34fb98db9124a44b8443cee92d73c6086609fd2f1/detection

http://149.248.52.61
/vpn-update/vpn-update.php
/weisenborn/aziroboro.php

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt

144.91.65.100:3245
144.91.65.100:4145
144.91.91.236:4140
144.91.91.236:4145
149.248.52.61:2323
149.248.52.61:5656
149.248.52.61:87
149.248.52.61:89
149.248.52.61:8989
161.97.90.175:6666
164.68.104.126:3245
164.68.104.126:4140
173.212.224.110:4140
173.212.224.110:4145
173.249.50.230:1144
173.249.50.230:1244
173.249.50.230:1245
173.249.50.230:1289
173.249.50.230:3245
173.249.50.230:4145

# Reference: https://github.com/blackorbird/APT_REPORT/blob/master/SideCopy/Network_IOCs_list_for_coverage.txt

http://109.236.85.152
http://164.68.104.126
http://161.97.142.96
http://167.86.75.119
http://173.249.41.175

# Reference: https://twitter.com/Timele9527/status/1419853559860920320
# Reference: https://twitter.com/Timele9527/status/1419853918293544967
# Reference: https://www.virustotal.com/gui/file/8b20b81f05c0acebb97200b5cfa3bec23ddeb9f7307e47c9b942c6f9bee91b44/detection
# Reference: https://www.virustotal.com/gui/file/70fab64895bcfaf7e9bd713e3b3b4c354e19ff9d083285b791d43bb39c5d3253/detection
# Reference: https://www.virustotal.com/gui/file/670bf2bad23645b731a67e3299f4f1692da3bdaa711c588b17024ed916e55438/detection

122.166.149.57:8888
161.97.164.143:20121
161.97.164.143:2121
161.97.164.143:2123
161.97.164.143:2124
161.97.164.143:2122
161.97.164.143:2125
161.97.164.143:8011
161.97.164.143:9512
161.97.164.143:9515
182.188.181.224:2255
certindia.ignorelist.com
certindia.chickenkiller.com
defencecyberorg.myddns.me
email-govin.duia.eu
emailgov-in.sytes.net
kavachhost.ddns.net
nicindia.mywire.org
/005056A0A34C-X-061544/
/005056A052CF-X-445817/
/005056A05902-X-088753/
/005056A0A34C-X-061544/file.pdf
/005056A052CF-X-445817/fastag.jpg
/005056A05902-X-088753/fastag.jpg

# Reference: https://twitter.com/teamcymru_S2/status/1420446957961625602
# Reference: https://www.virustotal.com/gui/file/67a225feedc5ce4adf75acb41e8b0e746e7daaec779225cd72f860a263b92a6e/detection

191.101.172.44:11422
191.101.172.44:14624
191.101.172.44:16621
191.101.172.44:4125
191.101.172.44:6522
64.188.25.206:3389

# Reference: https://www.virustotal.com/gui/ip-address/104.227.146.200/relations

http://104.227.146.200
/KingEfulefu/
/KingEfulefu/login.php

# Reference: https://twitter.com/ShadowChasing1/status/1422452244079779841
# Reference: https://twitter.com/360CoreSec/status/1422403743354482692
# Reference: https://www.virustotal.com/gui/file/8554b5cace52a0fdf0fd3378e4df6606efb45b8ee686ed5b3c1657633405eb85/detection
# Reference: https://www.virustotal.com/gui/file/f5e7b8dddd4137ac008186a4c5e9cb644dc1bbddb61612c29c2087b1efe48974/detection
# Reference: https://www.virustotal.com/gui/file/bc3ff3fb73736649a9aad6ccb811819a912c03aaa9ec81c6fa733f1459e66af9/detection
# Reference: https://www.virustotal.com/gui/file/640ffa981ef531f5ceb98c59cfa1c65a9da9a088dc3157f78ffa0fa6cd5e8e02/detection
# Reference: https://www.virustotal.com/gui/file/72950c1a7d26f9bb6acc0e33d1cd65310db31f5b03c3b3e722ce216bb20f12fe/detection
# Reference: https://www.virustotal.com/gui/file/bc3ff3fb73736649a9aad6ccb811819a912c03aaa9ec81c6fa733f1459e66af9/detection

66.154.112.206:6188

# Reference: https://twitter.com/ShadowChasing1/status/1422914152381616134
# Reference: https://otx.alienvault.com/pulse/610baec1825b7a6f14ae8c21
# Reference: https://www.virustotal.com/gui/file/dc9002bc8fec5e678ae60285dd9fc303e87a9ea15b037be76285e41b50f62f8b/detection

149.248.52.61:91
149.248.52.61:92
149.248.52.61:93
bsnlplots.com/css/css/

# Reference: https://twitter.com/ShadowChasing1/status/1423194120512688133
# Reference: https://www.virustotal.com/gui/file/460c098565a7f5866bb96281ebada37d8e3a7f9e4112de663a05bba470e27929/detection

pafwa.info
independenceday.pafwa.info

# Reference: https://twitter.com/ShadowChasing1/status/1460614611200217093
# Reference: https://www.virustotal.com/gui/file/f79445105ab2dc3c3be899c1e1fd1adca60723f613c242ce4e0b95ee835ac82a/detection

isteandhrapradesh.in/NewSite/Admin/try/b/

# Reference: https://twitter.com/h2jazi/status/1460744936635224064
# Reference: https://twitter.com/h2jazi/status/1460744939105669132
# Reference: https://www.virustotal.com/gui/file/9836cfb7c54febcbbf2b252414dbdc95784ed429c228a363b65b7586ffcc3b0c/detection

194.233.67.90:6785
securedesk.one

# Reference: https://twitter.com/0xrb/status/1460900779175276550
# Reference: https://www.virustotal.com/gui/file/df87afed0b9bef37d4ff79b0065e95b65cb3ffd320dc258548a229720e4bf99f/detection
# Reference: https://www.virustotal.com/gui/file/ac80eb10f16f3da1651b8fcb7dbc714255f4ec9719e922baeeb3499d9bd89e23/detection

mojochamps.com
assessment.mojochamps.com

# Reference: https://twitter.com/RedDrip7/status/1486656925320183809
# Reference: https://www.virustotal.com/gui/file/476c183a7ac3435b0085d652c816b07910d081a92c83b85dfda7ba630cd4957f/detection

45.138.172.222:3691

# Reference: https://twitter.com/ShadowChasing1/status/1490988027354648576
# Reference: https://twitter.com/ShadowChasing1/status/1491261131800780810
# Reference: https://twitter.com/0xrb/status/1491021258741653511
# Reference: https://www.virustotal.com/gui/file/d15f76acb846b237956a6373bd6646ef804419dd9a9fd3c9501acc241fcddff9/detection
# Reference: https://www.virustotal.com/gui/file/46828fb51abae8b9ca21090f56d90d63270464318cd81235872a8fba35ce3064/detection

http://144.91.87.179
144.91.87.179:6659
softwiz.xyz
singleseller.blueappsoftware.com

# Reference: https://twitter.com/bofheaded/status/1491350274937868291
# Reference: https://www.virustotal.com/gui/file/14f4fe625daf1ac498d8557a4fddc67f8183f6a097e84b52f311bf436640d7cc/detection

5.189.182.93:6659

# Reference: https://twitter.com/0xrb/status/1491344919155589124
# Reference: https://www.virustotal.com/gui/file/0d7fdeea6cd1f7732db11f78c2dfd2c4bc5053b6f1bc590d3963705b4a256f22/detection

kokotech.xyz

# Reference: https://twitter.com/0xrb/status/1493801814005022723

161.97.85.89:12786
173.249.50.34:12182
198.12.91.240:18876
198.23.213.22:7776
198.23.213.22:7778
207.180.245.93:12184
209.127.19.241:10284

# Reference: https://blog.lumen.com/reverserat-reemerges-with-a-nightfury-new-campaign-and-new-developments-same-familiar-side-actor/ (# preBotHta)
# Reference: https://github.com/blacklotuslabs/IOCs/blob/main/ReverseRat2.0_NightFury_IoCs.txt

http://62.171.191.230
62.171.191.230:5310
zimbrasoft.ddns.net

# Reference: https://twitter.com/malwrhunterteam/status/1494655193002266625
# Reference: https://twitter.com/malwrhunterteam/status/1494655193002266625
# Reference: https://twitter.com/JAMESWT_MHT/status/1494664440175865865
# Reference: https://app.any.run/tasks/5dc8d5eb-b9c0-4c08-b2b1-ae80cd25da62/

160.20.147.202:7421
highexpresspass.zapto.org
/softwaredailyupdate

# Reference: https://twitter.com/h2jazi/status/1495825063299403785
# Reference: https://www.virustotal.com/gui/file/656124b7148dd8c72add0bfcc1a1ec856232c9e6dd13d8ea9d0f1d0a148889a4/detection
# Reference: https://www.virustotal.com/gui/file/7d834e9caaaadd4f7e43777873550dd195d552038e7bd7ce4319f5cd51ed5c9d/detection

107.150.18.166:6849

# Reference: https://twitter.com/s1ckb017/status/1499312004426870788
# Reference: https://www.virustotal.com/gui/file/f66c2e249931b4dfab9b79beb69b84b5c7c4a4e885da458bc10759c11a97108f/detection
# Reference: https://www.virustotal.com/gui/file/d9037f637566d20416c37bad76416328920997f22ffec9340610f2ea871522d8/detection

45.147.228.195:5524

# Reference: https://twitter.com/ShadowChasing1/status/1499704398284345345
# Reference: https://www.virustotal.com/gui/file/ec9b9a711f81df91d3b243c4e90d2f33abe2dffe4ebb2ed284bd6d0e11cdfb6c/detection

gdcrvpm.ac.in

# Reference: https://twitter.com/0xrb/status/1501061897604730881
# Reference: https://twitter.com/GGGGh0st/status/1513477203828559876
# Reference: https://www.virustotal.com/gui/file/d10e90484ebdeea8a5d2b15820d067f99139a76302e3cc558d942d77fe7fb9f3/detection
# Reference: https://www.virustotal.com/gui/file/bdeb9d019a02eb49c21f7c04169406ac586d630032a059f63c497951303b8d00/detection

161.97.176.42:10019
161.97.176.42:33009
161.97.176.42:47834
161.97.176.42:57000
161.97.176.42:35010
161.97.176.52:10015
161.97.176.52:47822
sunjaydut.ddns.net
swissaccount.ddns.net

# Reference: https://twitter.com/teamcymru_S2/status/1501955807499403270

194.163.139.250:3389

# Reference: https://twitter.com/ShadowChasing1/status/1505893006070583301
# Reference: https://www.virustotal.com/gui/file/94f50d46f72e533ffceb464f2824ef1e0bb2b6638de918ced25123e741339e40/detection

inapharma.in

# Reference: https://twitter.com/0xrb/status/1506155286289326085
# Reference: https://www.virustotal.com/gui/file/2e1ebb72b3b483797564fe541e4b0bb23ec57373a825a927407c17dc107c1888/detection
# Reference: https://www.virustotal.com/gui/file/2ace3b4ea7ecacb6ef8b4da7f5c315a31663523808a685d3600bc57571c1eb83/detection

209.145.55.95:3676

# Reference: https://www.virustotal.com/gui/file/7778f344aae32175751c4f3ec2c43abe637ff6aa67d2731dfa072fd86a9c9b47/detection

209.145.55.95:6659

# Reference: https://www.virustotal.com/gui/file/94f50d46f72e533ffceb464f2824ef1e0bb2b6638de918ced25123e741339e40/detection

209.145.55.95:443

# Reference: https://twitter.com/malwareforme/status/1505935361234677760

209.145.55.95:3285

# Reference: https://twitter.com/0xrb/status/1506879902146269184
# Reference: https://www.virustotal.com/gui/file/868b3d9c6431e57b5a10b04c2c385ee4e507395224e431fdef8012c1351d5325/detection
# Reference: https://www.virustotal.com/gui/file/694e9f128904c4e456c76cff2d7534d43afb53384999fd32e4f0b72dd078385e/detection

95.111.230.252:3349
95.111.230.252:4098

# Reference: https://ti.qianxin.com/blog/articles/transparent-tribe-and-sidecopy-share-infrastructure/ (Chinese)
# Reference: https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
# Reference: https://www.virustotal.com/gui/file/a0f6963845d7aeae328048da66059059fdbcb6cc30712fd10a34018caf0bd28a/detection
# Reference: https://www.virustotal.com/gui/file/45ed0b23cc90fbe8eade520bdc230e4103435c6e0d64f779b12da90bc1f1596f/detection

144.91.79.40:12427
194.163.129.89:14427
directfileshare.net
dsoi.info
kavach-app.in
otbmail.com
secure256.net
zoneflare.com
download.kavach-app.in
/C2L!Dem0&PeN/A@llPack3Ts/
/A@llPack3Ts/
/C2L!Dem0&PeN/
/C2L!Dem0&PeN/A@llPack3Ts/Cor2PoRJSet!On.php
/C2L!Dem0&PeN/A@llPack3Ts/Dev3l2Nmpo7nt.php
/C2L!Dem0&PeN/A@llPack3Ts/f3dlPr00f.php
/C2L!Dem0&PeN/A@llPack3Ts/xwunThedic@t6.php
/Pick@Whatsoever/Qu33nRocQCl!mbing.php
/Pick@Whatsoever/S3r&eryvUed.php
/R!bB0nBr3@k3r/FunBreaker.php
/R!bB0nBr3@k3r/tallerthanhills.php
/Pick@Whatsoever/
/R!bB0nBr3@k3r/

# Reference: https://twitter.com/h2jazi/status/1509887066204745743
# Reference: https://www.virustotal.com/gui/file/388f212dfca2bfb5db0a8b9958a43da6860298cdd4fcd53ed2c75e3b059ee622/detection
# Reference: https://www.virustotal.com/gui/file/e2cf71c78d198fdc0017b7bfd6ce8115301174302b3eaaf50cfc384db96bc573/detection

sunnyleone.ddns.net

# Reference: https://twitter.com/h2jazi/status/1513360845807534081
# Reference: https://www.virustotal.com/gui/file/bdeb9d019a02eb49c21f7c04169406ac586d630032a059f63c497951303b8d00/detection

studentsportal.live

# Reference: https://twitter.com/0xrb/status/1515979150515122178
# Reference: https://www.virustotal.com/gui/file/477147271a54e32ef184030393f17c30d68d4aeb8bd6202a225e354f1800b279/detection

66.154.112.251:5235

# Reference: https://twitter.com/0xrb/status/1517052777167732736
# Reference: https://www.virustotal.com/gui/file/4342dd4999d1247fc9032003bafb7d3d58d2cbefe1705d5d91e258d0ed1fef86/detection
# Reference: https://www.virustotal.com/gui/file/bc3441864f2e9276261733b35e2473b7beed0e6ed14ad8fa13d99d15ee5477b6/detection

185.197.249.247:16252
185.197.249.247:18696
185.197.249.247:20862
185.197.249.247:4858

# Reference: https://twitter.com/h2jazi/status/1518382259228844033
# Reference: https://www.virustotal.com/gui/file/b3f8e026f39056ec5e66700e03eeaf57454ee9c0bc1c719d74e10f5702957305/detection

sunnyleone.hopto.org

# Reference: https://www.virustotal.com/gui/file/4841e73697c846f33ffa09d38c0ce58e978b06e32c6807cd21c22dfeadbfd0fa/detection

206.189.185.75:8000
66.63.162.16:4788

# Reference: https://twitter.com/0xrb/status/1523929430238035968
# Reference: https://www.virustotal.com/gui/file/1e0fe0c057163e5cc1a2598b7de1adf06db8bfe814e172557383eea3acbf9a2b/detection
# Reference: https://www.virustotal.com/gui/file/5091ca8bcfee8d3980700de91d3b1f6286420f85be9069bde944ffceac2b02fd/detection
# Reference: https://www.virustotal.com/gui/file/b53e73189ad4db83a5891d0dd73fd86d290fb7de8ab9378a1b9f29cddfc14d8c/detection
# Reference: https://www.virustotal.com/gui/file/b9e1c9e0e8a169b7055d39720b862782922090f0a08cf73de730e2e6ce73eac8/detection

104.129.42.102:16862
104.129.42.102:21584
104.129.42.102:28184
104.129.42.102:6276
104.129.42.102:8891

# Reference: https://twitter.com/ShadowChasing1/status/1526583480867758084
# Reference: https://twitter.com/ShadowChasing1/status/1526583490732781568

indianblog.xyz
indiantrainer.in
dns1.indianblog.xyz

# Reference: https://twitter.com/RedDrip7/status/1533659387277221888
# Reference: https://www.virustotal.com/gui/file/0d61d5fe8dbf69c6e61771451212fc8e587d93246bd866adf1031147d6d4f8c2/detection
# Reference: https://www.virustotal.com/gui/file/f3a1ac021941b481ac7e2335b74ebf1e44728e8917381728f1f5b390c6f34706/detection
# Reference: https://www.virustotal.com/gui/file/fc34f9087ab199d0bac22aa97de48e5592dbf0784342b9ecd01b4a429272ab5b/detection

192.3.99.68:10268
192.3.99.68:16098
192.3.99.68:25822
192.3.99.68:28441
192.3.99.68:7514

# Reference: https://twitter.com/RedDrip7/status/1545363738991403009
# Reference: https://www.virustotal.com/gui/file/21721fe37e170ac53bcfe9dde528dad341dcce6df4abacbaacf50ba804108f2f/detection
# Reference: https://www.virustotal.com/gui/file/fa8c21188ab5a2425f7909d720c54fb1a86be418d1f69e92f5c7ee61af32cb6e/detection

38.74.14.137:12267
38.74.14.137:18197
38.74.14.137:25821
38.74.14.137:26442
38.74.14.137:7516

# Reference: https://www.virustotal.com/gui/file/2dd0416a1a530a56357887709cd37d691a32a30326b75218c5e92b34773d00f3/detection

http://167.86.97.221

# Reference: http://blog.talosintelligence.com/2022/07/transparent-tribe-targets-education.html

cloud-drive.store
drive-phone.online
geo-news.tv
studentsportal.co
studentsportal.website
user-onedrive.live
cloud-drive.geo-news.tv
drive-phone.geo-news.tv
studentsportal.geo-news.tv
user-onedrive.geo-news.tv

# Reference: https://twitter.com/bofheaded/status/1547801705198518272
# Reference: https://www.virustotal.com/gui/file/085f9bfbb1ff54afe4a562824470aeff4d69b1ce3eeeedd4dbef537d2015f627/detection

209.126.80.23:3281
209.126.80.23:6391

# Reference: https://twitter.com/souiten/status/1548952536257679361
# Reference: https://www.virustotal.com/gui/file/1db3adc06f4dccee2cc936333367f1e611092396a21102d9a54296c5a67c89af/detection
# Reference: https://www.virustotal.com/gui/file/ee4615ba6097bde423549aadac4caea4e74493f93c91ad6cfa3372f2d1fae04d/detection

207.180.221.51:5731
test1480.000webhostapp.com

# Reference: https://twitter.com/ShadowChasing1/status/1562072883580764165

ryanglobalschools.com/js/files/IMPL_OF_SPL_ALLCE_ORDER

# Reference: https://twitter.com/InQuest/status/1561659933808119810
# Reference: https://twitter.com/InQuest/status/1561999463933157377
# Reference: https://twitter.com/InQuest/status/1562019017879175169
# Reference: https://twitter.com/InQuest/status/1562043288860991489
# Reference: https://www.virustotal.com/gui/file/bc32040a1ebb05c38e9d564b576b158c71390011c4812aa8ba810e462f62d4d6/detection
# Reference: https://www.virustotal.com/gui/file/6cac8225634748e673e5ae53a14c3c8d403d7e979280874663cea129b0ee5849/detection

http://192.3.108.11
/https/www_a/
/https/www_b/
/https/www_c/
/https/www_d/
/https/www_e/
/https/www_f/
/https/www_g/
/https/www_h/
/https/www_i/
/https/www_j/
/https/www_k/
/https/www_l/
/https/www_m/
/https/www_n/
/https/www_o/
/https/www_p/
/https/www_q/
/https/www_r/
/https/www_s/
/https/www_t/
/https/www_u/
/https/www_v/
/https/www_w/
/https/www_x/
/https/www_y/
/https/www_z/
/www/https_a/
/www/https_b/
/www/https_c/
/www/https_d/
/www/https_e/
/www/https_f/
/www/https_g/
/www/https_h/
/www/https_i/
/www/https_j/
/www/https_k/
/www/https_l/
/www/https_m/
/www/https_n/
/www/https_o/
/www/https_p/
/www/https_q/
/www/https_r/
/www/https_s/
/www/https_t/
/www/https_u/
/www/https_v/
/www/https_w/
/www/https_x/
/www/https_y/
/www/https_z/

# Reference: https://twitter.com/0xrb/status/1577981859287293952
# Reference: https://www.virustotal.com/gui/file/ca74472613129855bd7fc79c4a245a2f27de85086cfd191506f1c9906b9ae460/detection
# Reference: https://www.virustotal.com/gui/file/905fb292dc983a9d731f4716aa2e1ee289975330d11e82df95491f5a9dd7e3ed/detection
# Reference: https://www.virustotal.com/gui/file/396a46e9595fe6bdae709ab3171900ebd4fd1c6e1cd8ad94d17d2dcacb6bf6b6/detection
# Reference: https://www.virustotal.com/gui/file/1c9024f2d696f949091be27aced113f4e98bc46c0580eb93e644a51b269c76e4/detection
# Reference: https://www.virustotal.com/gui/file/18029be2b0bf5284713f9cf61ba5e160ae10a581f346fdd396065d5728906768/detection

164.68.96.32:11232
164.68.96.32:15828
164.68.96.32:3468
164.68.96.32:8169

# Reference: https://twitter.com/h2jazi/status/1580302226597478401
# Reference: https://www.virustotal.com/gui/file/7658cc15e65b9000860658e8d2c7e6c305d972254d21072dfb4955e79649d1f9/detection
# Reference: https://www.virustotal.com/gui/file/0d865bdcd75c4ec6fc1e182c4e68fc34db36cde8467988221d742413609da8c3/detection
# Reference: https://www.virustotal.com/gui/file/77259c0d236c96450663fcf1d0837ebf4d10e024293cc89de1082a76e3e9ce10/detection

23.254.119.234:6178
23.254.119.234:8989

# Reference: https://twitter.com/Des00464472/status/1581873684478046208

161.97.119.238:7778

# Reference: https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations

http://139.59.23.88
http://139.59.79.86
acmarketsapp.com
gcloudsvc.com
kavach.mail.nic-updates.in
kavachauthentication.blogspot.com
kavachmail-govin.rf.gd
ncloudup.com
nic-updates.in
wzxdao.com

# Reference: https://twitter.com/0xrb/status/1589502482786713600
# Reference: https://www.virustotal.com/gui/file/5d2b37c02e60bbed036c9bb6e4f2c75de6e42c03b69c713c33d3b9325ed1b1ea/detection

154.127.54.168:35010
154.127.54.168:47834

# Reference: https://twitter.com/Des00464472/status/1597845527168970752
# Reference: https://www.virustotal.com/gui/file/46262d79b7e21b5536dc1910a78a6db2b11789503e44a6a89d22a1c169220426/detection

185.225.19.165:4862
185.225.19.165:5350
185.225.19.165:8419

# Reference: https://twitter.com/0xrb/status/1605485461874491393
# Reference: https://www.virustotal.com/gui/file/5e7edf2d81717a0c76e2ad426d1b5610566ef0d86c964a050866e50737660cef/detection
# Reference: https://www.virustotal.com/gui/file/db54820a956615536550e4f78085f23be65bc796d0a636632c9a328a50d97e20/detection

173.249.0.199:10484
173.249.0.199:14882

# Reference: https://twitter.com/SethKingHi/status/1613839332158361600
# Reference: https://www.virustotal.com/gui/file/0a6144cad9483d578d642ed6366afc36291562deb6fa9d4284ffee1d7e98c417/detection

kaspesrky.live

# Reference: https://twitter.com/Des00464472/status/1614174297962188802

194.9.178.85:51512

# Reference: https://twitter.com/suyog41/status/1788434198833045901
# Reference: https://www.virustotal.com/gui/file/8b87459483248d7b95424cd52b7d4f3031e89c6644adc2e167556e071d9ec3aa/detection
# Reference: https://www.virustotal.com/gui/file/0bec6c0c27cc25e96201f1fd4f3f81d4e912d1aaf963a74ec79a74c95af10425/detection

http://185.174.102.54
185.174.102.54:443
/-dsfjslkdjfweoirwsdfkjweirw

# Reference: https://www.virustotal.com/gui/file/73850abc86944209d17ade2b0942401f7c1d30372cf2da158d6019ef96a1a035/detection

sunriseschoolsystem.xyz

# Reference: https://twitter.com/souiten/status/1620629752863404032
# Reference: https://twitter.com/HaoZhixiang/status/1620716673543315464
# Reference: https://www.virustotal.com/gui/file/b277a824b2671f40298ce03586a2ccc0fca2a081a66230c57a3060c2028f13ee/detection

luckyoilpk.com
wellsfargopaymentservices.com

# Reference: https://twitter.com/0xrb/status/1620724303984721920

185.174.102.54:2121

# Reference: https://twitter.com/RedDrip7/status/1622908094606094338
# Reference: https://www.virustotal.com/gui/file/5046947524c39601b5e8e4d8772e4273a3618bba9ea609fd001660d152f3963a/detection
# Reference: https://www.virustotal.com/gui/file/6fb82ca662f7e3f55cdd0f930507f2add996eef09c0f60a9924f469648c915f8/detection

151.106.19.20:12197
151.106.19.20:16867
151.106.19.20:23123
151.106.19.20:24784
151.106.19.20:8248

# Reference: https://twitter.com/RedDrip7/status/1627503544130752513
# Reference: https://www.virustotal.com/gui/file/86f6738c27ca4195813ec1b84d70eaad00670ae043158885cf7a68ad6ba924b1/detection

172.245.80.12:14198
172.245.80.12:18818
172.245.80.12:24224
172.245.80.12:26781
172.245.80.12:8149

# Reference: https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/

meetup-chat.com
phone-drive.online
share-lienk.info
meetsapp.org

# Reference: https://twitter.com/StopMalvertisin/status/1634101674066448387
# Reference: https://www.virustotal.com/gui/file/ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6/detection

167.114.138.12:10614
167.114.138.12:14822
167.114.138.12:18443
167.114.138.12:6828
167.114.138.12:8661

# Reference: https://twitter.com/suyog41/status/1635983614906187778
# Reference: https://www.virustotal.com/gui/file/ba203358836bd59ffab1e993433765511844ffd3b0985b25e4772d37a28ecfa0/detection

84.46.250.78:8080
84.46.250.78:9812
kwalityproducts.com/bootstrap/jquery/files/details

# Reference: https://twitter.com/0xrb/status/1638049660895100928
# Reference: https://www.virustotal.com/gui/file/c89806e27ecefa3a05ba84b2dd46b148aef007ffa0ef80f6b34621d7777fbd65/detection
# Reference: https://www.virustotal.com/gui/file/bca2ae73987fd0f3f9c7cd984c55b3a0881333ced9a666f375d684d72f082acb/detection

185.229.119.60:9134
89.117.63.146:9921

# Reference: https://twitter.com/StopMalvertisin/status/1640798678649827329
# Reference: https://www.virustotal.com/gui/file/b74250a2259c947073225bbb24f11f4239d0ea4dabc45f4a40a4bbd46793fa6b/detection

richa-sharma.ddns.net

# Reference: https://twitter.com/StopMalvertisin/status/1645805949234597889
# Reference: https://www.virustotal.com/gui/file/c33ee5a2d9df04d07df9f02678f1f880d271dd4d21140f51468eb6affc38a8e8/detection

104.168.48.210:12267
104.168.48.210:18197
104.168.48.210:7516

# Reference: https://twitter.com/jaydinbas/status/1648246659170672640
# Reference: https://twitter.com/fr0s7_/status/1648697733182627841
# Reference: https://www.virustotal.com/gui/file/6d1d3801e227f99c75687b486d0b6879347d6b231de311ad6b5be8661d49d3a3/detection
# Reference: https://www.virustotal.com/gui/file/806c9f3f5ac1d04991776baa627161a1808166ca6d958de756c09f884cb2f000/detection

209.126.81.42:444
ssynergy.in

# Reference: https://www.team-cymru.com/post/allakore-d-the-sidecopy-train

144.91.72.17:9468
185.229.119.60:7469
66.219.22.252:3389
66.219.22.252:8080
66.219.22.252:82
66.219.22.252:9467
89.117.63.146:7439

# Reference: https://twitter.com/teamcymru_S2/status/1649417705269723140

38.242.207.36:2244
38.242.207.36:3764
38.242.207.36:9467

# Reference: https://twitter.com/suyog41/status/1646528247772110853
# Reference: https://twitter.com/suyog41/status/1650377206571618304
# Reference: https://www.virustotal.com/gui/file/5ecbc33fe3b345f2956cff566203e33b9390a3ed9923b990a46804880ae2f59b/detection
# Reference: https://www.virustotal.com/gui/file/efa5a2cbc174b0dba15a453e70f632a23f2213fa7e6473cb8fa66ed0dc8a3a15/detection

78.47.204.216:443
defenseinsight.in
insight.defenseinsight.in

# Reference: https://twitter.com/suyog41/status/1652927978802925568
# Reference: https://www.virustotal.com/gui/file/136fdbc6edec659ef19c4e57b2db005fe8e5a59bbe913f0603698699465e5589/detection

31.187.72.107:443

# Reference: https://www.virustotal.com/gui/file/f63c9c67ef1cc74f3936d637217b1812e04794316cc3895665688068cb31b50e/detection

144.91.65.100:3245

# Reference: https://www.virustotal.com/gui/file/4e110011e8467c77c2de3a335d291b45b24633b2d22169552c200a1095355111/detection

144.91.65.100:4145

# Reference: https://www.virustotal.com/gui/file/587f77cdd90078107928360213536ee69fd7164c4682d44a571bb469795ea06c/detection

144.126.143.138:8080
144.126.143.138:9813

# Reference: https://twitter.com/RedDrip7/status/1666624522408333313
# Reference: https://www.virustotal.com/gui/file/3656a664cde158cf5c3220fb2fdb468fbc8c4e4ff21b951259a9cc10e6bf5615/detection

64.188.21.102:12267
64.188.21.102:18197
64.188.21.102:25821
64.188.21.102:26442
64.188.21.102:7516

# Reference: https://twitter.com/StopMalvertisin/status/1676869449394327553
# Reference: https://www.virustotal.com/gui/file/3859ecfffaf16065a45fce44988e197cc56838a7f6bfb27cb4e8bdc5e43f87db/detection
# Reference: https://www.virustotal.com/gui/file/86eccc88dcae9d1890a43f35b1a30c63b19176f5bff371b21588ee4a7519ab56/detection
# Reference: https://www.virustotal.com/gui/file/f0176c4de5bdac87cc1db60abf64f0736ac101548417cba6a16f7481fccf907e/detection

173.232.44.69:9149

# Reference: https://twitter.com/StopMalvertisin/status/1676869451776671745
# Reference: https://www.virustotal.com/gui/file/c2342e96f7443a221336cd4ff46905a9c30ee54fc02f6c0da11b13b7503bdd53/detection
# Reference: https://www.virustotal.com/gui/file/c3497181b42c520ead76a8ced713c4a2b307f869903b288cc0528895bedf7fdf/detection

185.187.235.186:14198
185.187.235.186:18818
185.187.235.186:24224
185.187.235.186:26781
185.187.235.186:8149

# Reference: https://twitter.com/StopMalvertisin/status/1676869453987086341
# Reference: https://www.virustotal.com/gui/file/86f6738c27ca4195813ec1b84d70eaad00670ae043158885cf7a68ad6ba924b1/detection
# Reference: https://www.virustotal.com/gui/file/f77205a9238a123b74b764be6e2132777e1f3eda9c515f31219387c45629e3ea/detection
# Reference: https://www.virustotal.com/gui/file/6d372ac5ea7270b83a04ef72eaed5a87258cf612f4c52e4dd2a7e073e5913c5c/detection

172.245.80.12:14198
172.245.80.12:18818
172.245.80.12:24224
172.245.80.12:26781
172.245.80.12:8149

# Reference: https://twitter.com/suyog41/status/1677224671790473216
# Reference: https://www.virustotal.com/gui/file/19a5c5472d299f153bab581f4fba6d678ee3055b3d9c605c1467b9991b207087/detection

144.126.154.84:8080
144.126.154.84:9813
politicalclearance.serveftp.com

# Reference: https://twitter.com/StopMalvertisin/status/1677317772072693766
# Reference: https://twitter.com/StopMalvertisin/status/1677317776514375690

aadiloans.co.in/asset/css/cat/
aadiloans.co.in/asset/css/files/pre/
aadiloans.co.in/asset/js/files/pre/

# Reference: https://twitter.com/StopMalvertisin/status/1682064332547555328
# Reference: https://www.virustotal.com/gui/file/a9007c0f22dc7ef45ee7a4acea4d39af897642e618f3eb0c73da83887f3471ea/detection

http://211.135.21.210
185.136.163.197:10926
185.136.163.197:14286
185.136.163.197:443
185.136.163.197:6982

# Reference: https://twitter.com/StopMalvertisin/status/1680989559373582336
# Reference: https://www.virustotal.com/gui/file/9d2404b27788b96562a13cfddff8d66ef82b0b606d3db55c22f55d9f72445ddb/detection

104.168.48.210:25821
104.168.48.210:26442

# Reference: https://twitter.com/StopMalvertisin/status/1689669636940570624
# Reference: https://www.virustotal.com/gui/file/462fe328cb5cff68bea48c2a96896e998d238118f2b372ef444f9b4230e9eeb5/detection
# Reference: https://www.virustotal.com/gui/file/94b8a01ad4b53d202984afb6781d7f88cb5cd329349791516e985ea88e08ad66/detection
# Reference: https://www.virustotal.com/gui/file/7c744de5dcaa8cf88db4e852405ada4ac99bfd166d671f7c476cb2085c6438ed/detection

64.188.19.199:8158

# Reference: https://twitter.com/StopMalvertisin/status/1696155037758591159
# Reference: https://twitter.com/fr0s7_/status/1696161980887744961
# Reference: https://www.virustotal.com/gui/file/5427d381fead7350478cd36eb05d379d4a61b43276fb440525a040b34f784316/detection
# Reference: https://www.virustotal.com/gui/file/2947a56a5485ca6871e15a26b0e05f9623023cdd2d6b69e1915c60e5ea39b3b8/detection

207.180.194.63:8080
207.180.194.63:9813
isometricsindia.co.in
createdaliyplan.serveftp.com

# Reference: https://twitter.com/suyog41/status/1697568816862261250
# Reference: https://www.virustotal.com/gui/file/e4de853a5f51105586ebca91c6ef9927d689f3317b6dafcbdbe4903ded529328/detection

http://66.135.2.62
/rivoblog

# Reference: https://twitter.com/SinghSoodeep/status/1702071866750390512
# Reference: https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal
# Reference: https://www.virustotal.com/gui/ip-address/153.92.220.59/relations
# Reference: https://otx.alienvault.com/pulse/65081462b23b4d1d7d561645

http://134.209.159.9
http://64.227.138.127
http://64.227.133.222
103.2.232.82:8081
admin-br.in
admin-dept.in
admin-desk.in
adminbr.in
admincell.in
admindept.in
admindesk.in
adminsec.in
apkzones.com
baseuploads.com
ccmsnew.in
civillist.in
coordbr.in
coordbranch.in
cs1.in
e0ffice.in
email9ov.in
govdopt.in
indiauc.com
ndcdelhi.in
pcdapune.in
rsbpunjab.in
sapcs.in

# Reference: https://twitter.com/0xrb/status/1702542474911371578
# Reference: https://www.virustotal.com/gui/file/0decd978542b52e4fe2cca7f540887ed097e972264306afada649b7965c36bfe/detection
# Reference: https://www.virustotal.com/gui/file/3c31ac10af1a3273041d897bfa25f0ceed2949f2f672d8d95ea4ccfe96d37e50/detection
# Reference: https://www.virustotal.com/gui/file/8fec0edf8264b4aae46e448d81bd8f29246f6dcd150ec89a2ea0f34764c4fa5d/detection

64.188.25.43:16868
64.188.25.43:20851
64.188.25.43:26150
64.188.25.43:30486
64.188.25.43:6816

# Reference: https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/
# Reference: https://www.virustotal.com/gui/file/f2d43369016b6c106f07cb214afdfb9807b808fc5fe6fd6cf7a6405271cafdd5/detection
# Reference: https://www.virustotal.com/gui/file/c3776e1e1b82e3e07fd94b7b9090d29c3410371c0d61d27301d38daf4a1f2c4d/detection
# Reference: https://www.virustotal.com/gui/file/c3776e1e1b82e3e07fd94b7b9090d29c3410371c0d61d27301d38daf4a1f2c4d/detection
# Reference: https://www.virustotal.com/gui/file/9fdbe6f05d2ce4baa7819a0789caa3b49a835093193370ba49bdc4dfd4d9c7c7/detection
# Reference: https://www.virustotal.com/gui/file/8cb542f5793279b8a11af28e9352f41d400856a28e40ed1daa323b47f9ea3e3c/detection
# Reference: https://www.virustotal.com/gui/file/2259c89d2c5e1d8324f075135b03492f393860b9911855e84f50ed6b3699ac4d/detection

209.127.19.241:10284
95.111.247.73:18892
newsbizshow.net
ptzbubble.shop

# Reference: https://twitter.com/suyog41/status/1683440871260188672
# Reference: https://www.virustotal.com/gui/file/bdee4edbe7adf842b519a47d964e64b219700b2ba1d7faf4b899e34bd63006b7/detection
# Reference: https://www.virustotal.com/gui/file/bbe0fa619435a89b6c054d9ef84574e05cb1ae76dd707d6c27155bf6951a01e5/detection

6jxbmkpe.torontobotdns.com
8tqxpf27.torontobotdns.com
cangpeitaoke.oss-cn-hangzhou.aliyuncs.com

# Reference: https://twitter.com/suyog41/status/1704368376456610172
# Reference: https://www.virustotal.com/gui/file/4662be09fce319b69ed4365e2e4fb3654ae9f597bb060cf2a0cc8b567f445848/detection

http://151.236.218.158

# Reference: https://twitter.com/0xrb/status/1704827410695528554
# Reference: https://www.virustotal.com/gui/file/e34a7a3f2204fb292b2c9a9d5526f440ba6b31cf0bc8171d2874f25d372b8774/detection

162.245.190.24:10108
162.245.190.24:16197
162.245.190.24:18968
162.245.190.24:20103
162.245.190.24:26784

# Reference: https://twitter.com/ginkgo_g/status/1711284161712124079
# Reference: https://www.virustotal.com/gui/file/a833dbdc5c2113da51bf778351834682bc6220461394050e04592cd9096e0aba/detection
# Reference: https://www.virustotal.com/gui/file/2110af4e9c7a4f7a39948cdd696fcd8b4cdbb7a6a5bf5c5a277b779cc1bf8577/detection

162.245.191.217:15198
162.245.191.217:17818
162.245.191.217:27781
162.245.191.217:29224
162.245.191.217:9149
210.115.11.107:15198
210.115.11.107:17818
210.115.11.107:27781
210.115.11.107:29224
210.115.11.107:9149

# Reference: https://twitter.com/suyog41/status/1713820527209680985
# Reference: https://www.virustotal.com/gui/file/435f3d02d94628698034f511e5e25f5996a977b6094e28f787e470a671d2f6a3/detection
# Reference: https://www.virustotal.com/gui/file/ba77adcff701f6c6116a6be12d127f43b82c7229c1bb6a172f9b8b2f25c91f70/detection
# Reference: https://www.virustotal.com/gui/file/60fbdc3d9404f9577848e5fc9137df0d63186d250ce132df5e1ef89f4ff3fca0/detection

mazagondoc.com
vocport.com
/khalistanLeaderprotest

# Reference: https://twitter.com/k3yp0d/status/1716386958253985927
# Reference: https://twitter.com/k3yp0d/status/1721490170027839638
# Reference: https://twitter.com/suyog41/status/1721762652366454788
# Reference: https://twitter.com/d1spat0h/status/1730106955195363573
# Reference: https://www.virustotal.com/gui/ip-address/162.241.85.104/relations
# Reference: https://www.virustotal.com/gui/file/32c629af8f602f18b9bf4b557e9ecf6cfd81c62dc1fa103e269a3fa1e7233526/detection
# Reference: https://www.virustotal.com/gui/file/47358f1f45fcf25b33d79ebf23770afd5cf6217fd58b44a87e9ff62db8c703a1/detection
# Reference: https://www.virustotal.com/gui/file/6beaf25f0fbe83e64d5f5271a1ed5320f8d8740c468f072d93e29e482cb0ec6f/detection
# Reference: https://www.virustotal.com/gui/file/324ab6f36d61a5a89992a267271f2b433e1cd595a54e262e04f91c0230c4be23/detection

185.213.27.94:8080
185.213.27.94:9813
inniaromas.com
masterrealtors.in
sunfireglobal.in
basicdailywork.webhop.me

# Reference: https://twitter.com/suyog41/status/1716709552543162496
# Reference: https://www.virustotal.com/gui/file/fa6aa00418f7c7e2c8c840f89acee25dac55e0623e7e5e6641880ffa3dd161ec/detection

tx.welxin.cn

# Reference: https://twitter.com/ginkgo_g/status/1719193143785259030
# Reference: https://www.virustotal.com/gui/file/29465f87bd3e6731668f3d3020924db55dae04d8cec335088d49072013900685/detection
# Reference: https://www.virustotal.com/gui/file/6935999ee4b2f88cf74ec299c24a212a2c4b0f95105fb773e920d88153eab3c3/detection

207.180.192.77:6023
futureuniform.ca/wp/wp-content/files/01/

# Reference: https://twitter.com/ginkgo_g/status/1720277345876262975
# Reference: https://www.virustotal.com/gui/file/fa48fbe37d6172bfb3c3bda961c7024ec41f5c3b2bbe0decd9dbf34f15127db1/detection

185.187.235.185:8896

# Reference: https://twitter.com/k3yp0d/status/1722213819681017947
# Reference: https://www.seqrite.com/blog/sidecopys-multi-platform-onslaught-leveraging-winrar-zero-day-and-linux-variant-of-ares-rat/
# Reference: https://www.virustotal.com/gui/file/5893b58d6a6a772f8ecd491a4dace11007fd1aac90e5f4a0363288d1376e1ce5/detection

207.180.220.55:8015
38.242.149.89:9828
elfinindia.com
occoman.com

# Reference: https://twitter.com/k3yp0d/status/1722217627328897057
# Reference: https://www.virustotal.com/gui/file/00fed27ac3b5b4703266c15f43841ab2cb8e85f61f790c51c1fb019ec4295ecf/detection

185.217.125.195:7208

# Reference: https://twitter.com/StopMalvertisin/status/1722948447689695235
# Reference: https://www.virustotal.com/gui/file/a0632cecfd478fbef1a69daae3d760041c6af2cc88965633d3837e076793cc82/detection

64.188.21.202:6826
tugpisacrev.com

# Reference: https://twitter.com/0xrb/status/1729787008954819065
# Reference: https://twitter.com/PrakkiSathwik/status/1729915833886085136
# Reference: https://www.virustotal.com/gui/ip-address/64.188.13.140/detection

64.188.13.140:18917
64.188.13.140:9649

# Reference: https://twitter.com/BaoshengbinCumt/status/1740666203679732077
# Reference: https://www.virustotal.com/gui/ip-address/195.35.38.44/relations

zomatofoods.info

# Reference: https://twitter.com/ginkgo_g/status/1719193850395369545
# Reference: https://www.virustotal.com/gui/file/9645299e58c7521d811fbdcdbd57db45160191db7c7b73eae5d97e4530136da8/detection

38.242.220.166:9012
rockwellroyalhomes.com
/api/root_149371139681480/hello
/api/root_168683512566649/hello
/api/root_149371139681480/upload
/api/root_168683512566649/upload
/api/root_149371139681480/
/api/root_168683512566649/

# Reference: https://www.virustotal.com/gui/file/61b898f4254d8c6d3d375584a1109367f9e86d221e2d404bf6768fb81b1b48b5/detection

161.97.151.220:7015
/api/root_36854582802642/hello
/api/root_36854582802642/upload
/api/root_36854582802642/

# Reference: https://twitter.com/PrakkiSathwik/status/1742161478021743080
# Reference: https://www.virustotal.com/gui/file/03888813079d01e1ba2d2675cf35724e529d58a78b9efd8161c746e8e33c643d/detection
# Reference: https://www.virustotal.com/gui/file/35eeba173fb481ac30c40c1659ccc129eae2d4d922e27cf071047698e8d95aea/detection

164.68.127.81:8149
riddhifoods.in
/api/root_228574257745523/hello
/api/root_228574257745523/upload
/api/root_228574257745523/

# Reference: https://twitter.com/h2jazi/status/1745544900106424336
# Reference: https://www.virustotal.com/gui/file/51a372fee89f885741515fa6fdf0ebce860f98145c9883f2e3e35c0fe4432885/detection

clawsindia.in

# Reference: https://twitter.com/Cyberteam008/status/1746030429856235837
# Reference: https://www.virustotal.com/gui/ip-address/142.11.216.84/relations
# Reference: https://www.virustotal.com/gui/ip-address/31.220.103.127/relations

govn-in.site
email.govn-in.site

# Reference: https://twitter.com/ginkgo_g/status/1753326069359460471
# Reference: https://www.virustotal.com/gui/file/e87978f0af9bb550ab4686a7d3657e6cbfd92347744dfce8ff2321781ac2eee0/detection
# Reference: https://www.virustotal.com/gui/file/c59b2d6a70bc5b84998aebb2d21241a8adef33724838e92db4dee36a1ce46f43/detection

164.68.122.64:11128
164.68.122.64:18187
164.68.122.64:19986
164.68.122.64:25123
164.68.122.64:27684
mus09.duckdns.org

# Reference: https://twitter.com/Cyberteam008/status/1757378890631406027
# Reference: https://www.virustotal.com/gui/ip-address/74.50.94.41/relations

casedetail.info
casedetails.info
casesnews.info
casesreports.info
corruptioncase.info
corruptioncasedetails.info
corruptioncases.in
detailscases.info
detailsreport.info
harassmentcases.info
reportdetail.info
reportsdetail.info
supoortwindownlinux.cyou
mfa.gov.ir.corruptioncase.info
mod.gov.in.harassmentcases.info
nia.gov.in.casedetail.info
nia.gov.in.casedetails.info
nia.gov.in.casesnews.info
nia.gov.in.casesreports.info
nia.gov.in.detailscases.info
nia.gov.in.detailsreport.info
nia.gov.in.reportsdetail.info

# Reference: https://twitter.com/PrakkiSathwik/status/1770447142357741737

164.68.102.44:6663
164.68.102.44:9828

# Reference: https://twitter.com/PrakkiSathwik/status/1771846752489841135
# Reference: https://www.virustotal.com/gui/ip-address/162.241.85.104/relations
# Reference: https://www.virustotal.com/gui/domain/smokeworld.in/relations

joyworld.in
joyworldjw.in
maidmart.in
smokeworld.in
whm.maidmart.in

# Reference: https://twitter.com/Cyberteam008/status/1770748710567153783
# Reference: https://pastebin.com/058WtrX2

http://176.57.189.202
http://185.161.208.100
http://185.20.184.6
http://193.42.33.59
http://45.12.253.35
http://45.66.230.167
http://66.23.229.245
http://79.110.48.64
http://91.92.241.198
http://91.92.252.90
176.57.189.202:443
185.161.208.100:443
185.20.184.6:443
193.42.33.59:443
45.12.253.35:443
45.66.230.167:443
66.23.229.245:443
79.110.48.64:443
91.92.241.198:443
91.92.252.90:443
case-detail.info
casereported.info
harassmentcase.info
preventivemeasures.info
publicationsinfo.cyou
in.casereported.info
gov.in.casereported.info
ddp.gov.in.case-detail.info
dod.gov.in.publicationsinfo.cyou
mail.harassmentcase.info
mod.gov.in.casereported.info
mod.gov.in.harassmentcase.info
mod.gov.in.preventivemeasures.info
mod.gov.in.reportcases.info

# Reference: https://twitter.com/Cyberteam008/status/1773208866441851277

awarenessprogram.info
casesdetails.info
casesreport.info
harassmentcases.cyou
csk.gov.in.awarenessprogram.info
gov.in.awarenessprogram.info
gov.in.casesdetails.info
gov.in.casesreport.info
gov.in.harassmentcases.cyou
mod.gov.in.casesdetails.info
mod.gov.in.casesreport.info
modgov.in.casesreport.info
nia.gov.in.case-detail.info
nia.gov.in.harassmentcases.cyou

# Reference: https://app.validin.com/detail?find=casesdetail.info&type=dom#tab=subdomains

casesdetail.info
gov.in.casesdetail.info
in.casesdetail.info
mod.gov.in.casesdetail.info
nia.gov.in.casesdetail.info
niagov.in.casesdetail.info

# Reference: https://app.validin.com/detail?find=casesdetails.cyou&type=dom#tab=subdomains

casesdetails.cyou
gov.in.casesdetails.cyou
in.casesdetails.cyou
nia.gov.in.casesdetails.cyou

# Reference: https://twitter.com/MichalKoczwara/status/1774454226044817798

casereport.cyou
casereports.cyou
casereports.info
casesreported.info
cbi.gov.in.casereport.cyou
dgqa.gov.in.casereport.cyou
gov.in.casereport.cyou
gov.in.casereports.cyou
gov.in.casereports.info
gov.in.casesreported.info
mea.gov.in.casereports.info
mod.gov.in.casereport.cyou
mod.gov.in.casesreported.info
nia.gov.in.casereport.cyou
nia.gov.in.casereports.cyou

# Reference: https://www.virustotal.com/gui/ip-address/198.54.116.114/relations
# Reference: https://www.virustotal.com/gui/ip-address/79.110.62.89/relations

accountsinfo.site
in.accountsinfo.site
gov.in.accountsinfo.site
dod.gov.in.accountsinfo.site
mail.gov.in.accountsinfo.site
kavach.mail.gov.in.accountsinfo.site

# Reference: https://app.validin.com/detail?type=dom&find=harassmentreports.info#tab=subdomains

harassmentreports.info
in.harassmentreports.info
gov.in.harassmentreports.info
mod.gov.in.harassmentreports.info

# Reference: https://twitter.com/Cyberteam008/status/1774723849403449523
# Reference: https://www.virustotal.com/gui/ip-address/68.65.121.178/relations

aiapplication.chat
in.aiapplication.chat
gov.in.aiapplication.chat
drdo.gov.in.aiapplication.chat

# Reference: https://twitter.com/Cyberteam008/status/1775469548566937667
# Reference: https://twitter.com/bofheaded/status/1775527176710099220
# Reference: https://www.virustotal.com/gui/ip-address/35.154.100.195/relations
# Reference: https://www.virustotal.com/gui/ip-address/52.66.136.7/relations

caselist.vip
cbigov-in.cc
cbigov-in.com
cbigov-in.net
cbigov-in.site
dailycourt.in
mainscigv.in
scigovt-in.cc
api.caselist.vip
api.cbigov-in.com
casedetails.dailycourt.in
sci.goovv.in
scigovt.caselist.vip
main.sci.goovv.in

# Reference: https://twitter.com/Cyberteam008/status/1775485100534423613
# Reference: https://www.virustotal.com/gui/ip-address/118.107.41.11/relations

caseinfo.in
caseinspection.in
caselist.in
caselists.top
casesubmit.in
caseterms.in
courtdelhi.in
courtpublic.in
judicature.in
justiceorder.in
scigovt.in
ad.caselist.in
api.caseinfo.in
api.caselist.in
api.caselists.top
api.caseterms.in
api.justiceorder.in
scigovt.caseinfo.in
scigovt.caseinspection.in
scigovt.caselist.in
scigovt.caselists.top
scigovt.casesubmit.in
scigovt.caseterms.in
scigovt.courtdelhi.in
scigovt.courtpublic.in
scigovt.judicature.in
scigovt.justiceorder.in
scigovt.maincases.in
scigovt.supremeorders.in
supreme.scigovt.in
supremeorders.in
main.scigovt.maincases.in
main.supreme.scigovt.in

# Reference: https://www.virustotal.com/gui/ip-address/13.126.2.62/relations
# Reference: https://www.virustotal.com/gui/ip-address/172.67.134.15/relations

detailscheck.in
reportstatus.in
api.detailscheck.in
api.reportstatus.in
scigovt.detailscheck.in
scigovt.reportstatus.in

# Reference: https://app.validin.com/detail?find=casedetails.in&type=dom#tab=subdomains

casedetails.in
api.casedetails.in

# Reference: https://www.virustotal.com/gui/ip-address/172.67.217.169/relations

scigv.in
cbins.scigv.in

# Reference: https://twitter.com/Cyberteam008/status/1777531938552914291
# Reference: https://www.virustotal.com/gui/ip-address/91.225.217.103/relations

check-suspicious-activity-on-account.support
in.check-suspicious-activity-on-account.support
gov.in.check-suspicious-activity-on-account.support
cert-in.org.in.check-suspicious-activity-on-account.support
mail.gov.in.check-suspicious-activity-on-account.support
kavach.mail.gov.in.check-suspicious-activity-on-account.support

# Reference: https://twitter.com/PrakkiSathwik/status/1778300773912231966

vparking.online

# Reference: https://www.virustotal.com/gui/file/02f409e239ceeb38adf50bd878b7479c341752f3a37469a4735caefffafcc1f1/detection

ivinfotech.com

# Reference: https://twitter.com/PrakkiSathwik/status/1778392598421332212
# Reference: https://www.virustotal.com/gui/file/a9dce1db2cc56d9ea3ad6c1a53f42d43564ff042c48342f22082ffeb5037cde9/detection
# Reference: https://www.virustotal.com/gui/file/500502342f3d4fee9a415798af83e1d63129d70034b4b269a649ee275f08f5ac/detection
# Reference: https://www.virustotal.com/gui/file/cb2ba7b9aedb38a6ae248e9f54ccce781b62829b3670238268e6e942571bdcdd/detection

204.44.124.134:15597
204.44.124.134:18518
204.44.124.134:26791
204.44.124.134:28329
204.44.124.134:9149

# Reference: https://twitter.com/Cyberteam008/status/1778648573967847710
# Reference: https://www.virustotal.com/gui/file/a2d1e37fac01d2f72e51181b2e79ecfda2c6569346c5d67dc8af6c772cfe236f/detection
# Reference: https://www.virustotal.com/gui/file/3925dd34feb2d1b3eb24cb07564b0e2a2d81722a3891b4c7379d2f0c7a04f182/detection

162.245.191.214:909
176.107.182.55:909
juichangchi.online

# Reference: https://www.virustotal.com/gui/file/bc7fe650362c72b8de1fb2235d2607ac90eec14fe165151210ba96115959dd04/detection

155.94.209.4:8888

# Reference: https://www.seqrite.com/blog/pakistani-apts-escalate-attacks-on-indian-gov-seqrite-labs-unveils-threats-and-connections/

155.94.209.4:33678
155.94.209.4:9009
176.107.182.55:121
176.107.182.55:65
176.107.182.55:67

# Reference: https://twitter.com/Cyberteam008/status/1786247582005793091
# Reference: https://pastebin.com/KpS9FG8L

http://78.40.117.141
http://78.40.117.194
http://78.40.117.207
http://78.40.117.208
http://78.40.117.98
78.40.117.141:443
78.40.117.194:443
78.40.117.207:443
78.40.117.208:443
78.40.117.98:443
detailedcases.info
detailedreport.info
reportedcase.info
reportedcases.info
gov.in.detailedcases.info
gov.in.detailedreport.info
gov.in.reportedcase.info
gov.in.reportedcases.info
in.detailedcases.info
in.detailedreport.info
in.reportedcase.info
in.reportedcases.info
mod.gov.in.detailedcases.info
mod.gov.in.detailedreport.info
mod.gov.in.reportedcase.info
mod.gov.in.reportedcases.info

# Reference: https://twitter.com/ginkgo_g/status/1789235055417843988
# Reference: https://www.virustotal.com/gui/file/bc1acdca196f1ff72722243be2afe1429b88122afb9d4852d6d6e57689411d3d/detection
# Reference: https://www.virustotal.com/gui/file/81038a217237afd16d80da7fc9219cbd145f9698bb512e2b625559a47ba73fec/detection
# Reference: https://www.virustotal.com/gui/file/d777bcb6fba73faf96cb422383404c3b81a8afa5aebbc8ed70076081de7daa0c/detection
# Reference: https://www.virustotal.com/gui/file/116589b0ef0a11f5012ea80cfbcd8bcbe85116e515a05f77e2b86e533cad5ba4/detection

64.188.27.144:5863
reviewassignment.in
reviewassignment.online
checkdailytips.servehttp.com

# Reference: https://twitter.com/PrakkiSathwik/status/1789619166460178694

62.169.30.39:6660
62.169.30.39:7884
springfielduniversity.info

# Reference: https://twitter.com/PrakkiSathwik/status/1789989542621004049

84.247.170.237:8080
84.247.170.237:9813
ddbl.co.uk/js/files/autz/ctr/

# Reference: https://twitter.com/Cyberteam008/status/1790334538436194622

reportdetails.info
in.reportdetails.info
gov.in.reportdetails.info
mod.gov.in.reportdetails.info

# Reference: https://twitter.com/Jane_0sint/status/1714636442482176274
# Reference: https://app.any.run/tasks/4c9948bb-9599-4fd7-9d30-c2e2ed685741/
# Reference: https://www.virustotal.com/gui/file/fa86b5bc5343ca92c235304b8dcbcf4188c6be7d4621c625564bebd5326ed850/detection
# Reference: https://www.virustotal.com/gui/file/c328cec5d6062f200998b7680fab4ac311eafaf805ca43c487cda43498479e60/detection
# Reference: https://www.virustotal.com/gui/file/6ffed1bb706a5eb205294f9287a9182d71e293b3b131415bfbe24b99e28ccd67/detection

38.242.149.89:61101

# Reference: https://x.com/DmitriyMelikov/status/1793346094048461014
# Reference: https://blogs.blackberry.com/en/2024/05/transparent-tribe-targets-indian-government-defense-and-aerospace-sectors
# Reference: https://www.virustotal.com/gui/file/320a792ff9efcdaf56bdc828d0b352221f3e3c0f89192e17648768aa9f51dff7/detection
# Reference: https://www.virustotal.com/gui/file/544f7462dc0d61491b7502df6836692dff680a6a562ba2d8b81c127c355be840/detection
# Reference: https://www.virustotal.com/gui/file/f516c70f9c52aa2ed7ed14e87435d9b13ef1f1b3a9ae9651b14afb935a359f63/detection

admincoord.in
apsdelhicantt.in
awesindia.online
certdehli.in
coordoffice.in
coordsec2.in
emailnic-tech.email
eoffice-sparrow.online
estbsec.in
esttsec.in
infosec2.in
publicinfo.in
secy-org.in
tensupports.com
tpt123.com
twff247.cloud
warfarestudies.in
winp247.cloud
zedcinema.com
files.tpt123.com

# Reference: https://x.com/ValidinLLC/status/1793379580117745788
# Reference: https://www.virustotal.com/gui/ip-address/158.220.93.96/relations

aaloochaat.com
supportuploads.info
tensupports.com
zedcinema.com
zedsinema.com

# Reference: https://x.com/suyog41/status/1793547347877892448
# Reference: https://x.com/Cyberteam008/status/1795715878228832263
# Reference: https://www.virustotal.com/gui/file/dde5bae636602527eda591be7e45510996c2e56ad51ea7f61d3932a9a388647e/detection
# Reference: https://www.virustotal.com/gui/file/eb0b75756287fb3038fbcd2cc4cd261ec83dd8fd0fca3acabb12d4565ba8cddd/detection
# Reference: https://www.virustotal.com/gui/file/6bcc3e6c23017d7246352c2db0eb13bde264a7252a3ec6ae6e44714c1cbbd970/detection

104.223.106.8:11248
94.72.105.227:11248
94.72.105.227:16896
waqers.duckdns.org

# Reference: https://x.com/PrakkiSathwik/status/1795075152343908743
# Reference: https://x.com/PrakkiSathwik/status/1795082594037469349
# Reference: https://www.virustotal.com/gui/file/d0aef9bd02b6dfdaf6e71a485057728b55c8336391f1fbaa414d06f66c593329/detection

66.63.163.148:10168
66.63.163.148:12258
66.63.163.148:14267
66.63.163.148:16686
66.63.163.148:34153
qheelsec.duckdns.org

# Reference: https://x.com/PrakkiSathwik/status/1797634685302178167
# Reference: https://www.virustotal.com/gui/file/708e5d06a457bba1adb5b4cf81214ea4c7f73a813c86c0d2cec99ba54968f228/detection

162.218.122.3:12228
162.218.122.3:16897
162.218.122.3:18986
162.218.122.3:22665
162.218.122.3:26823
govsec.duckdns.org

# Reference: https://x.com/Cyberteam008/status/1798902051793174567
# Reference: https://www.virustotal.com/gui/ip-address/185.196.10.80/relations

investigationreport.info
reportscases.info
gov.in.investigationreport.info
gov.in.reportscases.info
in.investigationreport.info
in.reportscases.info
mod.gov.in.reportscases.info
nia.gov.in.investigationreport.info

# Reference: https://x.com/PrakkiSathwik/status/1799103555619672315
# Reference: https://www.virustotal.com/gui/file/2e8e1a221ed40614d1d1f28c6d37e1f3991169967aadab0ccb4e7756ec77bcbe/detection

utkalsevasamitikanjurmarg.in/assets/
windowupdatecache.in
defender.windowupdatecache.in
utkalsevasamitikanjurmarg.in.aintssa.in/assets/

# Reference: https://x.com/Cyberteam008/status/1800351661837390076
# Reference: https://x.com/akaclandestine/status/1800651122291478530
# Reference: https://pastebin.com/x13K7XWC

http://152.42.162.105
http://161.35.207.209
http://165.22.221.71
http://178.128.166.148
marketing11.porcmtecnologia.com
segmail54.laonwona.com

# Reference: https://x.com/PrakkiSathwik/status/1800933629012447376
# Reference: https://www.virustotal.com/gui/ip-address/84.247.170.237/relations
# Reference: https://www.virustotal.com/gui/file/e7d7d45677d1552950f74dbb72f214995382baaffea9465da1a412108210335d/detection
# Reference: https://www.virustotal.com/gui/file/683c61f8dda90ea3b1e76f2ff5ad78dc03ebe3827d56536988a9c5e4490eabd2/detection

84.247.170.237:4858
dipl.site
supplyprodaily.servehttp.com

# Reference: https://x.com/Cyberteam008/status/1806529081732694202
# Reference: https://pastebin.com/w0F6pVa7
# Reference: https://www.virustotal.com/gui/ip-address/154.12.41.46/relations
# Reference: https://www.virustotal.com/gui/file/6724ab0e718cd422dd2d2bf6a3244996cc35000253ea725dfbe474901e4279c7/detection

34667.fun
56184.fun
78990.fun
89204.fun
88c.34667.fun
903.78990.fun
9123.89204.fun
cbigovin.site
cbigovin.top
cbigovins.site
cbigovins.top

# Reference: https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/
# Reference: https://www.virustotal.com/gui/file/5cc20a3be2265c52eccf36a6d0a8d0a0fd90ab2cb6d7c65204ef2c487e38a8c3/detection
# Reference: https://www.virustotal.com/gui/file/7f981fc12dcb4621ac2a8c4f3882d24f113ac98fe4fb24207743ae24be762978/detection
# Reference: https://www.virustotal.com/gui/file/9f12f0bf13ff9a15e65065bc1fd95cdacb0072e0765aa781c920cfdd3506bde6/detection
# Reference: https://www.virustotal.com/gui/file/a1836f86daa774e0c9718343dbc2466c4851b86631dfd199e39a656404c237ac/detection

173.212.206.227:18582
173.249.50.243:18582

# Reference: https://x.com/ValidinLLC/status/1810978537517494672

casesreported.cc
incidentreports.info
incidentsreports.info
in.casesreported.cc
in.incidentreports.info
in.incidentsreports.info
gov.in.casesreported.cc
gov.in.incidentreports.info
gov.in.incidentsreports.info
nia.gov.in.casesreported.cc
nia.gov.in.incidentreports.info
nia.gov.in.incidentsreports.info

# Reference: https://x.com/ValidinLLC/status/1810980371850265046

danidns.com
deputation.info
hqrihq.cc
niapublication.cyou
niapublications.cyou
reportcases.info
reportsdetail.cyou
in.danidns.com
in.deputation.info
in.hqrihq.cc
in.niapublication.cyou
in.niapublications.cyou
in.reportcases.info
in.reportsdetail.cyou
gov.in.danidns.com
gov.in.deputation.info
gov.in.hqrihq.cc
gov.in.niapublication.cyou
gov.in.niapublications.cyou
gov.in.reportcases.info
gov.in.reportsdetail.cyou
nia.gov.in.danidns.com
nia.gov.in.deputation.info
nia.gov.in.hqrihq.cc
nia.gov.in.niapublication.cyou
nia.gov.in.niapublications.cyou
nia.gov.in.reportcases.info
nia.gov.in.reportsdetail.cyou
nia2.broadwayinfotech.net.au
nia4.broadwayinfotech.net.au

# Reference: https://x.com/Cyberteam008/status/1814126506899325309
# Reference: https://www.virustotal.com/gui/file/7ae13cf9080a0903670e6e6371d3625e3852b1a03bddebac68aa3b91a13ba0bf/detection

googleservices.live
/dakshf_upload.php

# Reference: https://x.com/PrakkiSathwik/status/1813934519231357159
# Reference: https://www.virustotal.com/gui/file/0993c7d97646641c7685000a045fbf04ac90568b3b785cdcb40522d5f9654a75/detection

66.154.103.133:11248
66.154.103.133:16896
66.154.103.133:18868
66.154.103.133:22245
66.154.103.133:26424
suwaq.duckdns.org

# Reference: https://x.com/NSFOCUS_Intl/status/1816009178298868140
# Reference: https://x.com/ValidinLLC/status/1816159394494660832
# Reference: https://www.virustotal.com/gui/ip-address/111.90.156.191/relations
# Reference: https://www.virustotal.com/gui/ip-address/179.43.170.230/relations
# Reference: https://www.virustotal.com/gui/ip-address/78.40.117.194/relations
# Reference: https://nsfocusglobal.com/transparenttribes-spear-phishing-targeting-indian-government-departments/

64.188.21.202:18828
64.188.21.202:22821
64.188.21.202:28120
confidentialreports.info
meacases.report
in.confidentialreports.info
in.meacases.report
gov.in.confidentialreports.info
gov.in.meacases.report
mea.gov.in.confidentialreports.info
mea.gov.in.meacases.report

# Reference: https://www.virustotal.com/gui/ip-address/198.187.31.100/relations

onedrive-storage.in
in.onedrive-storage.in
gov.in.onedrive-storage.in
mea.gov.in.onedrive-storage.in

# Reference: https://x.com/PrakkiSathwik/status/1816500997457375424
# Reference: https://www.virustotal.com/gui/file/ac63594e5040fc6a001791ef4a67f0de4ff7a2991cb99095733ce7067abf6948/detection
# Reference: https://www.virustotal.com/gui/file/69424ccb2129cc51348f4fe5e39b746c68190773ea4bb55e812808a1d0de65e9/detection
# Reference: https://www.virustotal.com/gui/file/5bfb024d5323b715db6c27ac59b768ed7df94d4e07dbc5aec2770edfdcf4c8d8/detection

http://157.245.100.177
http://159.223.224.93
http://159.65.146.80
http://165.232.177.53

# Reference: https://www.seqrite.com/blog/umbrella-of-pakistani-threats-converging-tactics-of-cyber-operations-targeting-india/

http://149.28.95.195
campusportals.in

# Reference: https://x.com/ValidinLLC/status/1819072543850221625
# Reference: https://x.com/raghav127001/status/1835203246480408951
# Reference: https://app.validin.com/detail?type=ip&find=185.196.9.113#tab=resolutions

aboutcase.nl
army.aboutcase.nl
in.aboutcase.nl
in.army.aboutcase.nl
gov.in.aboutcase.nl
gov.in.army.aboutcase.nl
mod.gov.in.aboutcase.nl
mod.gov.in.army.aboutcase.nl

# Reference: https://x.com/ValidinLLC/status/1819074034526548244
# Reference: https://x.com/Cyberteam008/status/1819226280509747419
# Reference: https://www.virustotal.com/gui/ip-address/78.40.117.194/relations

armycases.report
updater-cloud.us
in.armycases.report
gov.in.armycases.report
mea.gov.in.armycases.report
mod.gov.in.armycases.report

# Reference: https://x.com/k3yp0d/status/1822511399337165225
# Reference: https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations
# Reference: https://www.virustotal.com/gui/file/9393842b3738281fb1d200fdb1ac328157e7d70e571f94533c7e18a8f7234bce/detection

185.137.122.247:3389
get-kavach.in
getkavach.com
kavach-app.com
kavachdownload.in
kavachguide.com
kavachsupport.com
/C2L!Dem0&PeN/A@llPack3Ts/Cert.php

# Reference: https://x.com/TIntel2255/status/1822978019478454652
# Reference: https://x.com/Malwar3Ninja/status/1823043571383173444
# Reference: https://x.com/Malwar3Ninja/status/1823043724156559526

aboutcase.nl
admin-mcas-df.ms
crsorgi-goy.in
mcas-df.ms
orgi.live
in.aboutcase.nl
in.admin-mcas-df.ms
in.crsorgi-goy.in
in.mcas-df.ms
in.mcas.ms
in.orgi.live
gov.in.admin-mcas-df.ms
gov.in.admin-mcas.ms
gov.in.crsorgi-goy.in
gov.in.mcas-df.ms
gov.in.mcas.ms
gov.in.orgi.live
nic.in.aboutcase.nl
nic.in.admin-mcas-df.ms
nic.in.mcas-df.ms
nic.in.mcas.ms
amssdelhi.gov.in.admin-mcas-df.ms
amssdelhi.gov.in.admin-mcas.ms
amssdelhi.gov.in.mcas-df.ms
amssdelhi.gov.in.mcas.ms
crsorgi.gov.in.crsorgi-goy.in
crsorgi.gov.in.orgi.live
indiacode.nic.in.admin-mcas-df.ms
indiacode.nic.in.admin-mcas.ms
indiacode.nic.in.mcas-df.ms
indiacode.nic.in.mcas.ms
indianarmy.nic.in.aboutcase.nl
sebi.gov.in.admin-mcas-df.ms
sebi.gov.in.admin-mcas.ms
sebi.gov.in.mcas-df.ms
sebi.gov.in.mcas.ms

# Reference: https://x.com/Huntio/status/1823470041624666376

indiagstgov.org
services.indiagstgov.org

# Reference: https://x.com/Malwar3Ninja/status/1825115113361420548

ashifdigitalseva.xyz
birthdeath.in
counciling.com
gov-certificate.com
nbssedelhi.org
nimsme.org
verifycertificate.info
viewss.click

# Reference: https://x.com/k3yp0d/status/1825505181951316093
# Reference: https://www.virustotal.com/gui/file/de0edf22fbd5758ca9118e029802c09f8394abea3b58af4446611529b9bb2a9b/detection
# Reference: https://www.virustotal.com/gui/file/c12708e6829d7207b16a4fccf65ed05758c676cd70d3e9746c375f5d27bff501/detection

157.173.198.190:15124
swachbharat.xyz

# Reference: https://x.com/PrakkiSathwik/status/1826238464222011661
# Reference: https://www.virustotal.com/gui/file/18ade2d13833dc1054e0d16ad03f56bb2f67b3009f178a326d397ec42f4731bf/detection
# Reference: https://www.virustotal.com/gui/file/2019fec607e8955b79d194e1c6408e5c50269dac60b6f5864f36814774713361/detection
# Reference: https://www.virustotal.com/gui/file/5f607374431d77a7398927f45c5d1efc57513250622e23535dbc0a0a0584c3a1/detection

http://138.68.134.123
http://165.232.138.173
http://170.64.132.144
http://64.23.138.81

# Reference: https://x.com/Cyberteam008/status/1827913665539952755
# Reference: https://www.virustotal.com/gui/file/2e6bc46b4a5959dcba2791b68cdb70a938cf974a4153f2ec13390bc8c5761de2/detection
# Reference: https://www.virustotal.com/gui/file/7486ff26c68a4362572accab3308bc81cc45b121b31366173dbc71a4e7fc3af5/detection

154.216.18.90:67
154.216.18.90:909

# Reference: https://x.com/PrakkiSathwik/status/1831368562742882598
# Reference: https://www.virustotal.com/gui/file/7eb32944ecbcf386aeff5b9ac5276b4e8e7280346d9a14faae233a6d16eca852/detection
# Reference: https://www.virustotal.com/gui/file/48b8c5703ff73125cb373b9a05e959ea467038a1391f368a863b7734b92f44ae/detection

http://72.11.156.132
72.11.156.132:5863

# Reference: https://x.com/PrakkiSathwik/status/1833113297278644602
# Reference: https://www.virustotal.com/gui/file/3326ba81b48ab03f7f49d2da70d3bbe4ea0e163d33e7399d528152b7c3da9170/detection

http://143.198.64.151
http://157.245.139.146
http://159.89.165.86
http://206.189.134.185

# Reference: https://app.validin.com/detail?find=%2FC%3D--%2FST%3DSomeState%2FL%3DSomeCity%2FO%3DSomeOrganization%2FOU%3DSomeOrganizationalUnit%2FCN%3Dganditghal.com%2FemailAddress%3Droot%40ganditghal.com&type=raw&ref_id=b03d0e384b6#tab=host_pairs_v2

http://78.40.117.108
http://78.40.117.146
http://78.40.117.168
http://78.40.117.202
http://78.40.117.229
http://78.40.117.244
http://78.40.117.245
http://78.40.117.30
http://78.40.117.37
http://78.40.117.41
http://78.40.117.70
78.40.117.108:443
78.40.117.146:443
78.40.117.168:443
78.40.117.202:443
78.40.117.229:443
78.40.117.244:443
78.40.117.245:443
78.40.117.30:443
78.40.117.37:443
78.40.117.41:443
78.40.117.70:443

# Reference: https://x.com/Cyberteam008/status/1835514106641600734
# Reference: https://x.com/iam_rajhans/status/1835935106734694589
# Reference: https://en.fofa.info/result?qbase64=dGl0bGU9PSJTdXByZW1lIENvdXJ0IG9mIEluZGlhIHwgSW5kaWEi
# Reference: https://app.validin.com/detail?type=raw&find=Supreme+Court+of+India+%7C+India#tab=host_pairs_v2

http://103.231.254.55
http://129.227.206.99
http://198.252.103.101
http://207.148.99.243
http://43.228.125.28
http://45.115.39.3
http://45.115.39.69
http://47.246.50.178
http://47.76.72.16
http://65.2.164.102
http://79.133.176.214
103.231.254.55:443
129.227.206.99:443
198.252.103.101:443
207.148.99.243:443
43.228.125.28:443
45.115.39.3:443
45.115.39.69:443
47.246.50.178:443
47.76.72.16:443
79.133.176.214:443
acml-ai.com
acml-ltd.com
acml-vip.com
acml-web.com
incicourtgov.com
incourtsci.com
laoy-ajab.top
lx-yindu.top
mfpa.hk
phimp3.com
saxojp.com
sci-dailyorderssecurelogin.in 
scicourtgov.com
scicourtin.com
scidailyordercure-login.in
scigov.cc
scigov.cn
scigov.online
scigovin.com
scigovs.in
scingov.com
scingovin.com
scoi-qov.in
supreme-court-of-india.com
supremejudical.in
yindu4.top
sci.supremejudical.in
api.yindu4.top
test.yindu4.top
43-228-125-28.cprapid.com
mail.43-228-125-28.cprapid.com
mail.cocojojo-pet.com
webmail.cocojojo-pet.com

# Reference: https://x.com/Cyberteam008/status/1835875339425222966
# Reference: https://www.virustotal.com/gui/file/41accf41733ddcd65dc479a0c369f90894870ce10e4410ea2ffa7ce0f51672d9/detection
# Reference: https://www.virustotal.com/gui/file/4f946de9b5ebcc003274ad95125d80a805c5359643074fc6e756a08303d673e5/detection

http://139.59.34.138
http://165.232.180.251

# Reference: https://x.com/malwrhunterteam/status/1836835278348243086
# Reference: https://x.com/StrikeReadyLabs/status/1836841368875835575
# Reference: https://app.validin.com/detail?find=78.40.116.210&type=ip4&ref_id=422094cf4f4#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/5a06b3dc09b3a2c309d0f20536e1a11f168ff76d96d15a3233ede322788ab280/detection

http://78.40.116.210
78.40.116.210:443
briefreport.nl
casereports.nl
publications.ltd
webiaf.link
in.briefreport.nl
in.casereports.nl
in.webiaf.link
in.publications.ltd
gov.in.briefreport.nl
gov.in.casereports.nl
gov.in.publications.ltd
gov.in.webiaf.link
email.gov.in.briefreport.nl
email.gov.in.publications.ltd
email.gov.in.webiaf.link
jkpolice.gov.in.casereports.nl

# Reference: https://x.com/Cyberteam008/status/1859873454805458996
# Reference: https://app.validin.com/detail?find=Email%20Web%20Client%20Sign%20In&type=raw&ref_id=fbd42482808#tab=host_pairs_v2

email-gov.icu
email-gov-in.a5e1.com
indiagov.pw
indiagov.ws
in.indiagov.pw
in.indiagov.ws
gov.in.indiagov.pw
gov.in.indiagov.ws
email.gov.in.indiagov.pw
email.gov.in.indiagov.ws

# Reference: https://x.com/Cyberteam008/status/1838407864961892569
# Reference: https://x.com/Aarn63373424/status/1838464659428655505
# Reference: https://www.zoomeye.hk/searchResult?q=%22%5Cx0c%5Cx00%5Cx00%5Cx00%5Cx00info%3Dcommand%22&page=2&pageSize=10

134.119.181.142:10443
161.97.119.238:7776
172.245.244.42:14443
198.23.213.44:7778
207.180.245.93:7788
64.188.25.143:8529
75.119.133.15:7788

# Referecne: https://x.com/PrakkiSathwik/status/1839967368493068733
# Reference: https://www.virustotal.com/gui/file/690cb1f68b15a54438509e1ec1ce57bd1c617ce6c429a62a694b85da9c09542c/detection

64.188.21.199:14257
64.188.21.199:16267
64.188.21.199:22682
64.188.21.199:26153
64.188.21.199:6257

# Reference: https://x.com/Malwar3Ninja/status/1845062755843440807

cscegov.org
crsorgigov.site
crsorgigoovi.live
auth.crsorgigoovi.live
crsorgi-gov-com.fastportal.cloud
crsorgi-gov.co
crsorgi-gvo.tech
crsorgi.g0v.site
crsorgi.gov.in.amvvd0kewrewreowkjk4elkwrmpwkkkyzz093d3d.live
crsorgi.gov.in.apib.ltd
crsorgi.gov.in.verificationbwf4vexrzc9gtnhbwkhtztnrdwhuzz09.com
crsorgi.gov.in.web.index.php.viewcerti.xyz
crsorgi.gov.orgi.indnd.xyz
crsorgi.gpov.in
crsorgi.gov.in.aut.printh.shop
crsorgi.gov.in.coorv.org
crsorgi.gov.in.crs.verifycertificate.inoex.in
crsorgi.gov.in.index-csc.shop
crsorgi.gov.in.indexin.me
crsorgi.gov.in.inoex.in.birthportal.life
crsorgi.gov.in.inoex.in.inoex.in
crsorgi.gov.in.print.shop
crsorgi.gov.in.servicecertificate.in.net
crsorgi.gov.in.web.printh.shop
crsorgi.gov.in.dashboardbirth.in.net
crsorgigoov.co.in
crsorgigoovi.live
crsorgidc.co.in
dc.crsorgi.gov.in.aut.printh.shop
dc.crsorgi.gov.in.coorv.org
dc.crsorgi.gov.in.crs.verifycertificate.inoex.in
dc.crsorgi.gov.in.index-csc.shop
dc.crsorgi.gov.in.indexin.me
dc.crsorgi.gov.in.inoex.in.birthportal.life
dc.crsorgi.gov.in.inoex.in.inoex.in
dc.crsorgi.gov.in.print.shop
dc.crsorgi.gov.in.servicecertificate.in.net
dc.crsorgi.gov.in.web.printh.shop
dc.crsorgi.gov.in.dashboardbirth.in.net
dkprintportal.xyz.crsorgidc.co.in

# Reference: https://x.com/suyog41/status/1849420956114022526
# Reference: https://x.com/PrakkiSathwik/status/1849423423052620023
# Reference: https://www.virustotal.com/gui/file/2cf03b9eb39a6a17f83dbbce249acd7a284dc53ab687f3bb6323ae57bce77bac/detection

http://178.128.246.38
http://178.128.89.173
/libyajl2
/libxfixes3

# Reference: https://x.com/malwrhunterteam/status/1850821170032984194
# Reference: https://www.virustotal.com/gui/file/0cd4dbd246ef2e1e157f899c52ebc409a157507722ada5222da53883b135e928/detection

indianarmy.pl
in.indianarmy.pl
gov.in.indianarmy.pl
email.gov.in.indianarmy.pl

# Reference: https://twitter.com/bofheaded/status/1577197626852003840
# Reference: https://www.virustotal.com/gui/ip-address/173.249.18.251/relations
# Reference: https://www.virustotal.com/gui/file/e5ca4a6c4d2dbd0343cf59d7eb7fb034f45b86c13c8d80b92f289b464828d3bf/detection
# Reference: https://www.virustotal.com/gui/file/7034fd95d764429b5b4b84fc7e63fa259879c10a7c0786fa47e86f911970614e/detection

http://173.249.18.251
drivebrox.xyz
vaultsecure.xyz

# Reference: https://x.com/Cyberteam008/status/1851127191578288218
# Reference: https://www.virustotal.com/gui/file/72987ad4dd79861c3edab1125342f41beefa7e796b50d125c21eac0dde729590/detection
# Reference: https://www.virustotal.com/gui/file/e1d01b57e90312803b2d707fcf7d2e4dac44ea562d9b6680347d816a3bfb8f6b/detection

173.249.18.251:3945

# Reference: https://x.com/Cyberteam008/status/1851127191578288218
# Reference: https://www.virustotal.com/gui/file/99ee9f703b9fbac1d1e980cd32ce37fc8e2d0068b301aff44c05bf02a65612b9/detection
# Reference: https://www.virustotal.com/gui/file/b74e17337ea9be338bbac6022eafc63a3ba3a961bf8a4d9848ee9b6c24beedf6/detection

173.249.18.251:6659

# Reference: https://x.com/Cyberteam008/status/1851127191578288218
# Reference: https://www.virustotal.com/gui/file/2383289c1f14cbc7de650f5f79c8b3ff7b737f93179dfb5cfd5c583ce9653f42/detection

173.249.18.251:9794

# Reference: https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/

http://143.110.179.176
http://38.54.84.83
http://64.227.134.248
http://83.171.248.67
84.247.135.235:8080

# Reference: https://x.com/bofheaded/status/1855017264980148711
# Reference: https://app.validin.com/detail?find=Supreme%20Court%20of%20India%20%7C%20India&type=raw&ref_id=026d14c44ed#tab=host_pairs (# 2025-06-25)

indiajudicialinfo.com
indiajudiciallive.cc
indiajudiciallive.com
indiascihub.com
judicialsearchinia.com
sciinfo.cc
scindia.info
supremecourt.sc

# Reference: https://app.validin.com/detail?find=Email%20Web%20Client%20Sign%20In&type=raw#tab=host_pairs (# 2024-11-09)

indianarmy.ml
in.indianarmy.ml
gov.in.indianarmy.ml
email.gov.in.indianarmy.ml
nobooks.online
putir.shop
mail.putir.shop
webmail.putir.shop

# Reference: https://x.com/raghav127001/status/1853625255484633381

courtfiles.net
hotel99world.com
india-sci.com
india-sci.in
india-sci.net
indiasci.net
indiasci.org
sci-gov-in.com
sci-gov-in.net
sci-gov.net
smlgo.vb-in.cfd
smlgo.vb-in.top
smlgo.vb-in.xyz
smlgovb-in.cc
smlgovb-in.com
vb-in.cfd
vb-in.top
vb-in.xyz

# Reference: https://x.com/PrakkiSathwik/status/1855224137871978808

158.220.94.60:9813
pmshriggssssiwan.in
vmi1529454.contaboserver.net
vmi1877385.contaboserver.net

# Reference: https://x.com/bofheaded/status/1858780617493934279

scigove.com

# Reference: https://x.com/Cyberteam008/status/1859067522043322663

kavachapp.io

# Reference: https://x.com/Cyberteam008/status/1860987009910853898
# Reference: https://www.virustotal.com/gui/file/8941dead07922712a56bc8a891714657726cc8b63d2cf27f59d337672c3669ab/detection
# Reference: https://www.virustotal.com/gui/file/58a7bb1c4534b2ab9d967c4fd05a0b48797665bca3e874d32b18213a0414bbff/detection
# Reference: https://www.virustotal.com/gui/file/3e8c155ff5bfedceb60892f30e819ead65ca276b4553cd43bed47ad71c5d6cbf/detection

167.160.167.18:12165
167.160.167.18:14268
167.160.167.18:16265
167.160.167.18:18626
167.160.167.18:32123
qhev18.duckdns.org

# Reference: https://twitter.com/Antelox/status/768023996923277312

193.164.131.58:10000

# Reference: https://twitter.com/James_inthe_box/status/1080521422823337984

193.42.107.7:3687

# Reference: https://twitter.com/ostinjohn/status/994560995615039488
# Reference: https://www.hybrid-analysis.com/sample/3aca697f1ac623ac970764dd1b248339d03f18acd5ba1b4a443ff9d5016f8e4e/5af3d6237ca3e179812bdfc5

178.238.230.52:3828
178.238.230.52:6828
178.238.230.52:11226 

# Reference: https://twitter.com/Antelox/status/810488762140684288
# Reference: https://www.virustotal.com/gui/file/f0b27a8c47f6d9f82489e0e5fba75f70fab8acdbb63b05c93cb3cceec90295ae/community

37.48.84.229:9901

# Reference: https://twitter.com/Antelox/status/770613975662796803
# Reference: https://www.virustotal.com/gui/file/c88095a28fea80409da7b2fc601b4c68828f0d31b7faebe4453217887f9e3241/community

5.189.161.200:7865

# Reference: https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf (# Crimson C&C)

bhai123.no-ip.biz
bhai1.ddns.net
sudhir71nda.no-ip.org
178.238.228.113:7861
193.37.152.28:9990
213.136.87.122:10001
5.189.143.225:11114

# Reference: https://twitter.com/killamjr/status/1190456533588598784

139.28.36.82:53631

# Reference: https://twitter.com/DynamicAnalysis/status/1197938882026901504

5.196.210.44:33401

# Reference: https://twitter.com/DeadlyLynn/status/1213338265308155904
# Reference: https://www.virustotal.com/gui/file/6078b55381e39779f915032533a93d725bab98982b303998fa8ba2ecfc675737/detection
# Reference: https://www.virustotal.com/gui/file/ecd7d7a27a2a043919a233bb91e3b009c05b7c81ff132a7c29228e1c45d2b6a6/detection

167.114.138.12:6828

# Reference: https://twitter.com/DynamicAnalysis/status/1220432888019214337
# Reference: https://medium.com/@dinu135dk/revive-of-crimson-rat-6b8838920c02

160.20.147.59:2987
bjorn111.duckdns.org
newsupdates.myftp.org

# Reference: https://www.virustotal.com/gui/file/d27474625cdc0c3456918edfa58bfaf910c8b98c6168a506ac14afc1a41fb58f/detection

192.169.69.25:2987

# Reference: https://app.any.run/tasks/9ca972d6-3574-4d85-bd68-a9cd26c203ee/

185.140.53.91:6711

# Reference: https://twitter.com/malwrhunterteam/status/1229780080517357568

64.188.25.232:3263

# Reference: https://twitter.com/w3ndige/status/1235184651699998721
# Reference: https://www.virustotal.com/gui/file/370a108b98b8652aacd4acec5d140cab685291ad77e2a4a0821734aad614eb6a/detection

185.174.100.63:34891
185.174.100.63:3920
transfer-shopping-malls.webredirect.org

# Reference: https://app.any.run/tasks/8527edcf-6459-48f6-aee2-85eaf817571c/

198.46.177.73:6421

# Reference: https://twitter.com/killamjr/status/1232071072096239617
# Reference: https://app.any.run/tasks/2eeeb372-d6ba-4f9f-add7-8b1532f938ec/

alrazi-pharrna.com

# Reference: https://twitter.com/_re_fox/status/1236483115037704192

198.46.168.28:2581

# Reference: https://twitter.com/_re_fox/status/1235941826634354688
# Reference: https://app.any.run/tasks/d8b93681-2730-4d03-b796-c52562260328/

181.215.47.169:3368

# Reference: https://twitter.com/_re_fox/status/1232493185475104771

107.175.64.209:6728

# Reference: https://twitter.com/_re_fox/status/1232402275181703169

185.136.163.197:4442

# Reference: https://twitter.com/srcr/status/1232288977790668801

185.244.30.102:4590

# Reference: https://twitter.com/killamjr/status/1232071072096239617

185.244.30.102:4950

# Reference: https://twitter.com/_re_fox/status/1237740569293701120

64.188.25.205:3692

# Reference: https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/
# Reference: https://otx.alienvault.com/pulse/5e6fa2a12088756147d24648

email.gov.in.maildrive.email

# Reference: https://app.any.run/tasks/7fe802ae-9d74-4e40-91e3-bb65cd06a458/

107.175.95.107:6790
westvalleyhospicecare.theworkpc.com

# Reference: https://www.virustotal.com/gui/file/9f7bc1ac97d28d614f9b1965709a284511b9b13f3bd9685707f8f377b949efe5/detection

78.159.131.80:10001
superingtest.zapto.org

# Reference: https://app.any.run/tasks/250c2c2d-fdfb-4f46-8565-a9b2538c1ace/

107.175.64.251:6286

# Reference: https://twitter.com/_re_fox/status/1280221170307137538
# Reference: https://app.any.run/tasks/3b6fa50a-2496-400e-b7cf-fd2d4d48f405/

173.212.226.184:3169

# Reference: https://app.any.run/tasks/26933c3a-127f-4b12-8396-8684d7bdec44/

185.136.161.124:8761

# Reference: https://twitter.com/JAMESWT_MHT/status/1290952335192195072
# Reference: https://www.virustotal.com/gui/file/f2e2cb71a06ac2a95a02168fc3d91f160e6e07ca19c5e6d3d708a9a486dd3f92/detection

193.142.59.56:1131
lawdvmercy.site

# Reference: https://www.virustotal.com/gui/file/6d3982d6c6ca753d6d1daa71d88678c07718dd1919a874959a0c7975619c37fc/detection

151.106.56.32:3561

# Reference: https://www.virustotal.com/gui/file/db37f6755e954367a3365c3264e3916e5fd00c4c3e4c609515fa8599d36ca681/detection

64.188.26.219:4820

# Reference: https://securelist.com/transparent-tribe-part-1/98127/
# Reference: https://www.virustotal.com/gui/file/a860ba3861df2ae0add2b695071c04468f83c0973525519d62679dd4cd4d0026/detection
# Reference: https://www.virustotal.com/gui/file/59c6721a5ec5f97ef9b35e17057a5edb4f0075d1430c0cbd3eecfd44ccfe272c/detection
# Reference: https://www.virustotal.com/gui/file/e4d1f8ff1282ac60adc0134aec2420aa652250ac8ddafe866e56d2fab165a132/detection
# Reference: https://www.virustotal.com/gui/file/d2cc95b72c3e72b3888e9fa35f6fe0563f9dbbd08b76d0c3546065ceca3c5961/detection

173.212.192.229:3364
173.212.192.229:8264
173.249.14.119:6865
newsbizupdates.net
uronlinestores.net

# Reference: https://twitter.com/ShadowChasing1/status/1298268550340067329
# Reference: https://twitter.com/CyS_Centrum/status/1298565025985069057

209.127.16.126:4768
209.127.16.126:6758
209.127.16.126:11066
209.127.16.126:14824
209.127.16.126:18614

# Reference: https://twitter.com/ShadowChasing1/status/1304347789917212672
# Reference: https://www.virustotal.com/gui/file/9e305566f7d342adc8eaf30471aa3eb95c049acffc742ae23a5830a44f96e51d/detection

185.174.102.105:2991
tasnimnewstehran.club

# Reference: https://www.virustotal.com/gui/file/a5f02bb70acdf335bed9c0fc8439ab3a220027a28c7eb44f459afda0ec7b62eb/detection

151.106.14.125:6818

# Reference: https://www.virustotal.com/gui/file/137c059adda4df22eb29785fada54ebc00a22d150bfdc423f87ff1f6093bd827/detection

185.136.161.124:11614

# Reference: https://www.virustotal.com/gui/file/87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad/detection

185.136.161.124:6128

# Reference: https://www.virustotal.com/gui/file/60d46513d3473c2cb4fdfcf64229f4e99d1e202a2f840503d77fa07978dcb025/detection

104.227.97.53:2548

# Reference: https://twitter.com/mg2_tracy1/status/1314754343124365312
# Reference: https://www.virustotal.com/gui/file/dba5d00a87ad96b74d234d1415ca5172285cd7d781556d45b6609fd738bfc747/detection

172.245.247.112:3878
172.245.247.112:5648

# Reference: https://www.virustotal.com/gui/file/e3fe87254b405fa132a52daf1651d2ff11296691131956bf3f0059031135dcdd/detection

45.147.231.191:3626

# Reference: https://twitter.com/_re_fox/status/1317499039932362753
# Reference: https://app.any.run/tasks/355396a2-6711-4750-98ec-e492625d4d54/

45.147.231.191:8226

# Reference: https://twitter.com/c3rb3ru5d3d53c/status/1338192738135789570
# Reference: https://www.virustotal.com/gui/file/47b99e50430e9abad7326d1837ecdda5f995112b0b12406d23df5ef603d52a4e/detection
# Reference: https://www.virustotal.com/gui/file/b9446d663f2aef34efdb579ae02e62923b5c3bc02b9d0fe537f5974ae439a422/detection
# Reference: https://www.virustotal.com/gui/file/5a449782c6d286a5af7fd5cbab5d5d46dd4dd153cbc46e4aeae0ea54f2785980/detection

64.188.12.126:6658

# Reference: https://app.any.run/tasks/b129aead-e7cb-4ba7-ba72-842644cf7c97/

173.212.246.247:4368

# Reference: https://twitter.com/_re_fox/status/1337411756818395136
# Reference: https://www.virustotal.com/gui/file/5920a3300107b7b1cf8c230a071a0e5f2f5ff5941a5c450ef911582a7ce08346/detection

45.32.151.155:6126

# Reference: https://twitter.com/ShadowChasing1/status/1369196724544106504
# Reference: https://www.virustotal.com/gui/file/4c8e0459524380a9f00ffc58913f461c3e1d8737dd18252881f09e2d416e4f73/detection

172.245.87.12:6276

# Reference: https://twitter.com/ShadowChasing1/status/1397419326160793600
# Reference: https://www.virustotal.com/gui/file/eb7c34343944a6ae52b052bb263d29e2c627368aeee2080da0481f33a72f2085/detection

142.105.157.110:8181

# Reference: https://twitter.com/teamcymru_S2/status/1402607930046832645

185.136.169.139:14565
185.136.169.139:20555
185.136.169.139:28443
185.136.169.139:4561

# Reference: https://www.virustotal.com/gui/file/5f736d23d5d7f7382afb78acdc3b125ec101c0629327fb9a7fc5545b32ec0c38/detection

167.160.166.80:12214
167.160.166.80:16441
167.160.166.80:18822
167.160.166.80:6288
167.160.166.80:8868

# Reference: https://www.virustotal.com/gui/file/e052a90bdb716da64928b1286d86b3670efe5192115175ba25bf0c191398323d/detection

104.144.198.105:12816
104.144.198.105:14572
104.144.198.105:16286
104.144.198.105:4289
104.144.198.105:6722

# Reference: https://www.virustotal.com/gui/file/899a755ff675dbbf66d8bbcf6300bca7aa0c13d794430a1173f6fdc5cb87bd66/detection

178.238.239.176:7624

# Reference: https://www.virustotal.com/gui/file/0335de8eadbbd5dc7cbe92ef869bcea6f6596ac39a38680142c982ec6e97ecde/detection

185.136.161.124:15822
185.136.161.124:17443

# Reference: https://twitter.com/RedDrip7/status/1486997244310351873
# Reference: https://www.virustotal.com/gui/file/cffb0b0695abe36c0d23894650214f9329c530703f52cf44bc8853ca79a107cf/detection

96.47.234.102:12961
96.47.234.102:20886
96.47.234.102:22668
96.47.234.102:5898
96.47.234.102:8796

# Reference: https://twitter.com/James_inthe_box/status/1488987814066753538
# Reference: https://app.any.run/tasks/c1ccd827-a257-4598-aa9b-5872cdc44a40/

92.12.144.246:5321

# Reference: https://twitter.com/0xrb/status/1491665998382247938
# Reference: https://www.virustotal.com/gui/file/d5484ddde1ea4aefcbf40f9845f911b059818ec0bb57d0d48922ed25d161e0ea/detection

78.138.107.166:16864

# Reference: https://twitter.com/0xrb/status/1492030514035060741

161.97.164.144:9168
164.68.108.169:16292
164.68.108.169:16484
164.68.108.169:6681
164.68.112.101:20864
164.68.96.32:8543
168.119.98.243:12184
173.249.14.119:12865
173.249.19.32:8866
173.249.50.243:22464
173.249.50.243:9248
185.136.161.169:18556
185.136.161.169:28443
185.136.169.214:11262
185.136.169.214:3561
185.136.169.214:8164
185.197.249.247:8543
207.180.227.55:10666
5.189.170.4:4268
5.189.170.4:8843
5.189.176.185:12262
75.119.133.15:10101
75.119.133.15:4401
75.119.133.15:8832
79.143.177.122:10468
79.143.177.122:14486
95.111.230.252:1051

# Reference: https://twitter.com/0xrb/status/1493467587619221507

139.28.36.77:2012

# Reference: https://twitter.com/PrakkiSathwik/status/1733923613437460525
# Reference: https://www.virustotal.com/gui/file/da298e4d09a9e151c6bf60e8ebfdd8fc2e633d078c705db768e3284acdad0678/detection

204.44.124.81:19182
204.44.124.81:20917
204.44.124.81:28791
204.44.124.81:26376
204.44.124.81:9159
adiptv.duckdns.org

# Reference: https://www.virustotal.com/gui/file/8ff61163c7b74653da80dd1990123dd1977a5ec4e774f0c2f47d37f1360a6a9d/detection

95.119.198.38:3898
r6xyvcqm04wp1i4p.myfritz.net

# Reference: https://www.virustotal.com/gui/file/ffa0b1fcdf51cc0851a0b878df16577ea180a9d245e31166d81670372bc8b338/detection
# Reference: https://www.virustotal.com/gui/file/feda78f1dff8bd9d850a154a627bcfb4041dc36c325be0db436ca85fe565f767/detection
# Reference: https://www.virustotal.com/gui/file/b922698e7884f524cee2dd334f611b0cac193568c9de9f8073ef9c637f5833f0/detection
# Reference: https://www.virustotal.com/gui/file/b5db0dd322656c19a05bc78f3ce1d8bed30e72fb8c1ac5071fce4afa720f2696/detection
# Reference: https://www.virustotal.com/gui/file/7a07fbc4903e443f237fc7c99976a8cdb751a983860ea17b891a8c617a820ad0/detection
# Reference: https://www.virustotal.com/gui/file/2ab7a3c53e31187bab9675b184bf1e891bd76ceb2967b609a6aa66c4e7626419/detection

173.212.228.121:12460
173.212.228.121:16484
173.212.228.121:2836
173.212.228.121:5638
173.212.228.121:8626

# Reference: https://threatfox.abuse.ch/browse/malware/win.crimson/ (# 2024-01-01)

107.172.76.170:11408
119.157.27.213:16780
144.91.125.70:8489
144.91.72.22:8484
154.127.54.168:10019
160.20.147.56:6582
161.97.139.248:12262
161.97.139.248:8143
161.97.176.42:12184
161.97.176.52:12468
161.97.176.52:18584
164.68.112.101:14684
164.68.96.32:12861
167.86.71.146:3482
168.119.111.43:12184
173.249.0.199:12168
173.249.14.119:3285
173.249.50.57:2642
178.238.235.88:12536
185.137.122.104:8484
185.161.208.57:1912
194.163.139.252:4698
194.61.120.134:999
194.9.178.85:9109
198.23.144.126:10480
198.23.145.12:10480
198.23.210.211:4898
198.23.213.44:7776
23.226.132.105:6959
38.242.211.87:8143
45.14.194.253:10243
5.189.183.63:16568
62.171.130.47:2201
62.171.135.174:8589
66.154.103.101:9108
66.235.175.91:1051
66.235.175.91:23001
79.143.177.122:8682
79.143.181.178:8861
84.46.251.145:1717
84.46.251.145:901
91.229.77.1:999

# Reference: https://www.virustotal.com/gui/file/3cd76330e2cbcf7c37d6fc9d21779c60fd3552ba5d777a32ba49ca949379019f/detection

185.161.208.46:909
indiamails.info

# Reference: https://x.com/Cyberteam008/status/1867403358086013034
# Reference: https://www.virustotal.com/gui/file/5c0b5c2805dc1c22b86c6289f57207a34c4b345324d7459c1534549531634ef7/detection

mailindia.one
in.mailindia.one
gov.in.mailindia.one
email.gov.in.mailindia.one

# Reference: https://x.com/TIntel2255/status/1872524302157070579

kavach-nic.in

# Reference: https://x.com/Cyberteam008/status/1872467826881232901
# Reference: https://www.virustotal.com/gui/file/22b043bbf8fd39dc3433b1b54b8a78b70f44000e97711244f6f915b418cb56a3/detection

indiandefence.link
in.indiandefence.link
gov.in.indiandefence.link
email.gov.in.indiandefence.link

# Reference: https://x.com/PrakkiSathwik/status/1872727076954075316
# Reference: https://www.virustotal.com/gui/ip-address/157.20.51.28/relations
# Reference: https://www.virustotal.com/gui/file/7fb2ab732966e984b009880d116c16c08a57c10ad2400f619076e38444b7397c/detection
# Reference: https://www.virustotal.com/gui/file/a0dcf5d5c1bac633d44c99d43f3032ad5d9ae48814fc5a43e8edc2123da91742/detection

dssworld.in
egovservice.in
npvadgaon.in
rtsnmmconline.in
forest.dssworld.in
gadchiroli.egovservice.in
mail.egovservice.in
pakora.egovservice.in
pen.egovservice.in
trade.npvadgaon.in

# Reference: https://x.com/StrikeReadyLabs/status/1874099228881850620
# Reference: https://x.com/PrakkiSathwik/status/1874158663260418480
# Reference: https://www.seqrite.com/blog/goodbye-hta-hello-msi-new-ttps-and-clusters-of-an-apt-driven-by-multi-platform-attacks/
# Reference: https://www.virustotal.com/gui/file/b5a2949defda9a282aa307580118f929dd208a56e8cfbf5012c290e4cfac1ced/detection
# Reference: https://www.virustotal.com/gui/file/c717c6ce4304eb3e1454440c82b3d38d11bee98af530274fd4a6b99e4ab58749/detection
# Reference: https://www.virustotal.com/gui/file/541039d4eb67935884830657213991ba5da85f0650df6329c7153702a577a26a/detection
# Reference: https://www.virustotal.com/gui/file/cc90bf946b495aec9133f6c970dc873977592277d003248361cfea1d0706c811/detection

biossysinternal.com
widgetservicecenter.com
updates.biossysinternal.com
updates.widgetservicecenter.com
nhp.mowr.gov.in/NHPMIS/TrainingMaterial/aspx/Security-Guidelines/wont/
/antivmcommand

# Reference: https://x.com/TIntel2255/status/1876924224121479303
# Reference: https://x.com/Cyberteam008/status/1881174353376874861

indiandefence.nl
in.indiandefence.nl
in.martinsecompanhia.pt
gov.in.indiandefence.nl
gov.in.martinsecompanhia.pt
email.gov.in.indiandefence.nl
email.gov.in.martinsecompanhia.pt

# Reference: https://app.validin.com/detail?find=Supreme%20Court%20of%20India%20%7C%20India&type=raw#tab=host_pairs (# 2025-01-09)

cbisci.com
cbisciingov.com
sci-govven.com
scibovven.com
scicbi.com
scicbiovven.com
scigoin.com
scigoinvon.com
scigoinxon.com
thescoi.com
informationjudicial.com
sci.informationjudicial.com
spcourt-in.bounceme.net
spcourt-in.myvnc.com

# Reference: https://x.com/StrikeReadyLabs/status/1877444649721168029

8thpaycomission.cloud
in.8thpaycomission.cloud
gov.in.8thpaycomission.cloud
cgda.gov.in.8thpaycomission.cloud

# Reference: https://x.com/TIntel2255/status/1877791874263515562
# Reference: https://x.com/mal_analysis136/status/1878041395820200069

ail-govs.icu
govs.info

# Reference: https://x.com/TIntel2255/status/1877803513561882712
# Reference: https://app.validin.com/detail?find=Central%20Bureau%20of%20Investigation&type=raw&ref_id=0d272c0f3e2#tab=host_pairs (# 2025-01-09)

76767.icu
cbigov.site
ac.76767.icu
bs.76767.icu
aa.76767.icu
bb.76767.icu

# Reference: https://x.com/TIntel2255/status/1878174095600193716

157.173.122.139:443
157.173.122.139:60477

# Reference: https://x.com/suyog41/status/1878706537176457643
# Reference: https://www.virustotal.com/gui/file/67386fad18d548de90d13095d273de163acdd99e068cc52ca7a1d69eb5b38fcf/detection
# Reference: https://www.virustotal.com/gui/file/b805d4ae4a66c33175659a214554471dd296427a1c0d330494f41a48e8d3dc80/detection
# Reference: https://www.virustotal.com/gui/file/1a590332bfad8f37935669914b5cf5be99b029d74f9b11e27d3d0abae2344ba8/detection

209.145.52.172:6789
209.145.52.172:8816
sub172.duckdns.org

# Reference: https://x.com/StrikeReadyLabs/status/1879904120926240773
# Reference: https://www.virustotal.com/gui/file/e3d2cf307b2ca718bf9e28e6c95921b5b08092175e8c6252bb2e61eb4c9ca289/detection

modspaceinterior.com

# Reference: https://x.com/PrakkiSathwik/status/1879947131336945740
# Reference: https://www.seqrite.com/blog/goodbye-hta-hello-msi-new-ttps-and-clusters-of-an-apt-driven-by-multi-platform-attacks/

79.141.161.58:1256
79.141.161.58:56777

# Reference: https://app.validin.com/detail?find=Email%20Web%20Client%20Sign%20In&type=raw#tab=host_pairs (# 2025-01-19)

ministryofdefenceindia.link
in.ministryofdefenceindia.link
gov.in.ministryofdefenceindia.link
email.gov.in.ministryofdefenceindia.link

# Reference: https://app.validin.com/detail?find=Supreme%20Court%20of%20India%20%7C%20India&type=raw#tab=host_pairs (# 2025-01-19)

supremecourt-india.com

# Reference: https://x.com/skocherhan/status/1881031569223074137

scigovn-in.cc
scigovss.net
soi-qov.in
scis.scigovss.net

# Reference: https://x.com/TIntel2255/status/1882497021569044881

departmentofdefence.cc
in.departmentofdefence.cc
gov.in.departmentofdefence.cc
email.gov.in.departmentofdefence.cc

# Reference: https://x.com/TIntel2255/status/1882503330041352635

mail-gov-in.firebaseapp.com

# Reference: https://x.com/TIntel2255/status/1882504911688171621

cscvle.space
in.cscvle.space
gov.in.cscvle.space
crsorgi.gov.in.cscvle.space
serviceonline.gov.in.cscvle.space

# Reference: https://x.com/TIntel2255/status/1884471358484255051
# Reference: https://app.validin.com/detail?find=Defence%20Sector%20Pay%20Scale%20Updates&type=raw&ref_id=d269ae1304f#tab=host_pairs (# 2025-01-29)

cleverhandy.store
webmailnic.army
in.webmailnic.army
mail.cleverhandy.store
gov.in.webmailnic.army
pcdaopune.gov.in.webmailnic.army

# Reference: https://x.com/TIntel2255/status/1884554148785664166

devilwork.site
in.devilwork.site
gov.in.devilwork.site
crsorgi.gov.in.devilwork.site
dc.crsorgi.gov.in.devilwork.site

# Reference: https://app.validin.com/detail?find=3ce12827a69a7f00b514d7036a83db67afea26a3&type=hash&ref_id=cb626166f0b#tab=host_pairs (# 2025-01-29)

advanceservice.in
akhilbirth.xyz
aryanprint.site
biharbourd.xyz
crsargi.life
crsorg.in
dc-crsorgi-gov.shop
dsprint.site
dsprint24.xyz
eduvisions.in
kgn-e-birth.xyz
linkuclmp.xyz
mahakalwebhost.xyz
omsai.site
sindex.in
sindex.site
sindexcrs.xyz
sindexcrsx.xyz
smartbabul.xyz
svlprint.site
verifycertificatecrs.live
dccrsorgi.eduvisions.in
mail.advanceservice.in
mail.akhilbirth.xyz
veiwcertificate.mahakalwebhost.xyz
in.veiwcertificate.mahakalwebhost.xyz
in.aryanprint.site
in.crsargi.life
in.crsorg.in
in.sindex.in
in.sindex.site
in.sindexcrs.xyz
in.sindexcrsx.xyz
in.smartbabul.xyz
in.svlprint.site
in.verifycertificatecrs.live
gov.in.veiwcertificate.mahakalwebhost.xyz
gov.in.aryanprint.site
gov.in.crsargi.life
gov.in.crsorg.in
gov.in.sindex.in
gov.in.sindex.site
gov.in.sindexcrs.xyz
gov.in.sindexcrsx.xyz
gov.in.smartbabul.xyz
gov.in.svlprint.site
gov.in.verifycertificatecrs.live
crsorg.gov.in.veiwcertificate.mahakalwebhost.xyz
crsorgi.gov.in.aryanprint.site
crsorgi.gov.in.crsargi.life
crsorg.gov.in.crsorg.in
crsorgi.gov.in.sindex.in
crsorgi.gov.in.sindex.site
crsorgi.gov.in.sindexcrs.xyz
crsorgi.gov.in.sindexcrsx.xyz
crsorgi.gov.in.smartbabul.xyz
crsorgi.gov.in.svlprint.site
crsorgi.gov.in.verifycertificatecrs.live
dc.crsorg.gov.in.veiwcertificate.mahakalwebhost.xyz
dc.crsorgi.gov.in.aryanprint.site
dc.crsorgi.gov.in.crsargi.life
dc.crsorg.gov.in.crsorg.in
dc.crsorgi.gov.in.sindex.in
dc.crsorgi.gov.in.sindex.site
dc.crsorgi.gov.in.sindexcrs.xyz
dc.crsorgi.gov.in.sindexcrsx.xyz
dc.crsorgi.gov.in.smartbabul.xyz
dc.crsorgi.gov.in.svlprint.site
dc.crsorgi.gov.in.verifycertificatecrs.live

# Reference: https://app.validin.com/detail?type=raw&find=Login+Basic+-+Pages+%7C+Sneat+-+Bootstrap+5+HTML+Admin+Template+-+Pro (# 2025-01-29)

ccrssorgi.co.in
crsgoive.co.in
crsoorgii.in
crsorgi-gov.life
crsorginal.site
crsorgi.rest
cscprintportal2.xyz
in-crs.info
crsorgi.gov.rituji.fun
crs.org.govi.in.devgatyservice.xyz
crsorgi.g.onlline.in
crsorgi.gov.in.api1.ltd
crsorgi.gov.in.crs.vearify.site
crsorgi.gov.in.crsbestvery.site
crsorgi.gov.in.cscprintportal2.xyz
crsorgi.gov.in-crs.info
crsorgi.gov.in.index.ds.suvidhaprint.site
crsorgi.gov.in.m.ogri.in
crsorgi.gov.in.myanu.life
crsorgi.gov.in.orjinaal.site
crsorgi.gov.in.viesx.site
crsorgi.gov.in.web.index.auths.uclservice.org
crsorgi.gov.in.web.inbexin.shop
crsorgigovt.space
crsorgis.best
crsorgoi.gov.in.cxrsmm.site
dc-crsorgi.lindex-php.in
dc-crsorgi.inindex.co.in
dc.ccrssorgi.co.in
dc.crs.org.govi.in.devgatyservice.xyz
dc.crs.rituji.fun
dc.crsorgi.g.onlline.in
dc.crsorgi.gov.in-crs.info
dc.crsorgi.gov.in.api1.ltd
dc.crsorgi.gov.in.crsbestvery.site
dc.crsorgi.gov.in.cscprintportal2.xyz
dc.crsorgi.gov.in.index.ds.suvidhaprint.site
dc.crsorgi.gov.in.m.mahirhd.xyz
dc.crsorgi.gov.in.m.ogri.in
dc.crsorgi.gov.in.orjinaal.site
dc.crsorgi.gov.in.viesx.site
dc.crsorgi.gov.in.web.index.auths.uclservice.org
dc.crsorgi.gov.rituji.fun
dccrsorgi-govv.live
dccrsorgigov.store
dcrsorrg.shop
devgatyservice.xyz
gov.in.api1.ltd
gov.in.crs.vearify.site
gov.in.crsbestvery.site
gov.in.cscprintportal2.xyz
gov.in.cxrsmm.site
gov.in-crs.info
gov.in.index.ds.suvidhaprint.site
gov.in.m.mahirhd.xyz
gov.in.m.ogri.in
gov.in.myanu.life
gov.in.orjinaal.site
gov.in.rpt.qrcodeaspx.info
gov.in.viesx.site
gov.in.web.index.auths.uclservice.org
gov.in.web.inbexin.shop
govi.in.devgatyservice.xyz
gov.rituji.fun
gp.mahaegram.co.in.vlewcert.info
mail.crsoorgii.in
mail.crsorginal.site
mail.dcrsorrg.shop
mail.dc.ccrssorgi.co.in
org.govi.in.devgatyservice.xyz
pehchan.rajasthan.gov.in.rpt.qrcodeaspx.info
rtps.dccrsorgi-govv.live
verifycertificate.crsorgi.gov.in.crs.vearify.site

# Reference: https://x.com/fibanocci3/status/1884835706645663960

departmentofdefence.link
in.departmentofdefence.link
gov.in.departmentofdefence.link
email.gov.in.departmentofdefence.link

# Reference: # Reference: https://app.validin.com/detail?find=Email%20Web%20Client%20Sign%20In&type=raw&ref_id=fbd42482808#tab=host_pairs_v2 (# 2025-02-06)

email-govs.click
email-govs.icu
email-nic.site
defenceindia.link
in.defenceindia.link
gov.in.defenceindia.link
email.gov.in.defenceindia.link

# Reference: https://app.validin.com/detail?find=Supreme%20Court%20of%20India%20%7C%20India&type=raw#tab=host_pairs (# 2025-02-18)

sp-court-in.com
spcourt-in.com

# Reference: https://x.com/fibanocci3/status/1888895170449686775

indiandefenceforces.link
in.indiandefenceforces.link
gov.in.indiandefenceforces.link
email.gov.in.indiandefenceforces.link

# Reference: https://x.com/fibanocci3/status/1887816636608176618

nrsec-gov-in.online
nrsecbihar.co.in

# Reference: https://x.com/raghav127001/status/1848610638307701163

athu.world
awsgust.xyz
biharibabu.xyz
coorv.xyz
crsor.xyz
cstelecom.xyz
e-prints.xyz
findtec.xyz
imgpdf.xyz
indexview.xyz
lnde.xyz
oneepson.xyz
onlineuclshop.xyz
printsportal.xyz
uclchild.xyz
verfiy.xyz
viecard.xyz
viewcertificate.xyz
viewcertify.xyz
viewdob.xyz
worksirf.xyz
in.athu.world
in.biharibabu.xyz
in.coorv.xyz
in.crsor.xyz
in.cstelecom.xyz
in.findtec.xyz
in.imgpdf.xyz
in.indexview.xyz
in.lnde.xyz
in.oneepson.xyz
in.onlineuclshop.xyz
in.printsportal.xyz
in.uclchild.xyz
in.viecard.xyz
in.viewcertificate.xyz
in.viewcertify.xyz
in.viewdob.xyz
in.web.e-prints.xyz
in.web.in.awsgust.xyz
in.web.verfiy.xyz
in.worksirf.xyz
gov.in.athu.world
gov.in.biharibabu.xyz
gov.in.coorv.xyz
gov.in.crsor.xyz
gov.in.cstelecom.xyz
gov.in.findtec.xyz
gov.in.imgpdf.xyz
gov.in.indexview.xyz
gov.in.lnde.xyz
gov.in.oneepson.xyz
gov.in.onlineuclshop.xyz
gov.in.printsportal.xyz
gov.in.uclchild.xyz
gov.in.viecard.xyz
gov.in.viewcertificate.xyz
gov.in.viewcertify.xyz
gov.in.viewdob.xyz
gov.in.web.e-prints.xyz
gov.in.web.in.awsgust.xyz
gov.in.web.verfiy.xyz
gov.in.worksirf.xyz
crsorgi.gov.in.athu.world
crsorgi.gov.in.biharibabu.xyz
crsorgi.gov.in.coorv.xyz
crsorgi.gov.in.crsor.xyz
crsorgi.gov.in.cstelecom.xyz
crsorgi.gov.in.findtec.xyz
crsorgi.gov.in.imgpdf.xyz
crsorgi.gov.in.indexview.xyz
crsorgi.gov.in.lnde.xyz
crsorgi.gov.in.oneepson.xyz
crsorgi.gov.in.onlineuclshop.xyz
crsorgi.gov.in.printsportal.xyz
crsorgi.gov.in.uclchild.xyz
crsorgi.gov.in.viecard.xyz
crsorgi.gov.in.viewcertificate.xyz
crsorgi.gov.in.viewcertify.xyz
crsorgi.gov.in.viewdob.xyz
crsorgi.gov.in.web.e-prints.xyz
crsorgi.gov.in.web.in.awsgust.xyz
crsorgi.gov.in.web.verfiy.xyz
crsorgi.gov.in.worksirf.xyz
dc.crsorgi.gov.in.athu.world
dc.crsorgi.gov.in.biharibabu.xyz
dc.crsorgi.gov.in.coorv.xyz
dc.crsorgi.gov.in.crsor.xyz
dc.crsorgi.gov.in.cstelecom.xyz
dc.crsorgi.gov.in.findtec.xyz
dc.crsorgi.gov.in.imgpdf.xyz
dc.crsorgi.gov.in.indexview.xyz
dc.crsorgi.gov.in.lnde.xyz
dc.crsorgi.gov.in.oneepson.xyz
dc.crsorgi.gov.in.onlineuclshop.xyz
dc.crsorgi.gov.in.printsportal.xyz
dc.crsorgi.gov.in.uclchild.xyz
dc.crsorgi.gov.in.viecard.xyz
dc.crsorgi.gov.in.viewcertificate.xyz
dc.crsorgi.gov.in.viewcertify.xyz
dc.crsorgi.gov.in.viewdob.xyz
dc.crsorgi.gov.in.web.e-prints.xyz
dc.crsorgi.gov.in.web.in.awsgust.xyz
dc.crsorgi.gov.in.web.verfiy.xyz
dc.crsorgi.gov.in.worksirf.xyz

# Reference: https://x.com/PrakkiSathwik/status/1891203264626020406
# Reference: https://www.virustotal.com/gui/file/3217397c6b12d88b5039a4c42848d8a6b03c37ecf322d9cf0836eebacc81149f/detection
# Reference: https://www.virustotal.com/gui/file/947e75dc1f9b8a6d74a6d55afa7513ed86db907965cf0935ebb26c17f0ec6c5d/detection
# Reference: https://www.virustotal.com/gui/file/b5c8e2afa1091e9513da06cfaa1ceed25e091692cdfe7f304e367c58957e2d63/detection
# Reference: https://www.virustotal.com/gui/file/db2328a4c6f74c29670d87f90fc23fe46559b9d6f64e3ad685acb7a538835bad/detection

209.127.18.107:15493
209.127.18.107:22861
209.127.18.107:26184
209.127.18.107:6859
209.127.18.107:8718

# Reference: https://app.validin.com/detail?find=Email%20Web%20Client%20Sign%20In&type=raw#tab=host_pairs (# 2025-02-28)
# Reference: https://www.virustotal.com/gui/file/d0c30db4a14943bb9d94f577b4cd515f9ce6a49a30c55d63a848103754f40439/detection
# Reference: https://www.virustotal.com/gui/file/b56a0aeb468371e63608d14c47804a79f326879052001afd5996ffd7bb7881d8/detection

departmentofdefenceindia.link
indiadefencedepartment.link
in.departmentofdefenceindia.link
in.indiadefencedepartment.link
gov.in.departmentofdefenceindia.link
gov.in.indiadefencedepartment.link
email.gov.in.departmentofdefenceindia.link
email.gov.in.indiadefencedepartment.link

# Reference: https://labs.k7computing.com/index.php/exposing-the-deceit-phishing-sites-impersonating-government-entities/
# Reference: https://app.validin.com/detail?find=557ce7f39601f6826788cda47f75df7c&type=hash&ref_id=5d617c1c8ee#tab=host_pairs

http://129.154.249.114
http://140.245.30.252
http://141.148.193.77
http://141.148.195.37
http://141.148.199.161
http://141.148.199.227
http://144.24.114.19
http://146.56.50.80
http://45.202.35.172
http://47.76.72.16
http://80.225.193.92
http://93.157.106.19
129.154.249.114:443
140.245.30.252:443
141.148.193.77:443
141.148.195.37:443
141.148.199.161:443
141.148.199.227:443
141.148.199.227:8443
144.24.114.19:443
146.56.50.80:443
146.56.50.80:8443
45.202.35.172:443
47.76.72.16:443
80.225.193.92:443
80.225.193.92:8443
93.157.106.19:443

# Reference: https://app.validin.com/detail?find=178.63.172.30&type=ip4&ref_id=c8cf1bc5da0#tab=resolutions

email-gov-in.cdu.cm

# Misc.

crsorg.buzz
crsorgi.solutions
crsorgioi.online
gov-in.cloud
govi.site
dc.crsorgi.gov.in.admin.onlline.com.onlline.in
dc.crsorgi.gov.in.aoth.xyz
dc.crsorgi.gov.in.apnaedistrict.site
dc.crsorgi.gov.in.auth.fizaprint.xyz
dc.crsorgi.gov.in.auth.pdfview.in
dc.crsorgi.gov.in.biharibabu.site
dc.crsorgi.gov.in.biharibabu.top
dc.crsorgi.gov.in.birthvew.online
dc.crsorgi.gov.in.birthwala.site
dc.crsorgi.gov.in.bithprint.site
dc.crsorgi.gov.in.certificateonline.agency
dc.crsorgi.gov.in.certificateverify.in
dc.crsorgi.gov.in.certifiicate.in
dc.crsorgi.gov.in.cphp.info
dc.crsorgi.gov.in.crs.c.verifycerlificate.in
dc.crsorgi.gov.in.crs.certificate-verify.site
dc.crsorgi.gov.in.crs.certificate.veraify.site
dc.crsorgi.gov.in.crs.certificate.verify.ceart.site
dc.crsorgi.gov.in.crs.dcseo.online
dc.crsorgi.gov.in.crs.dcseo.online.dcseo.online
dc.crsorgi.gov.in.crs.indaxs.in
dc.crsorgi.gov.in.crs.inedx.in
dc.crsorgi.gov.in.crs.verafy.site
dc.crsorgi.gov.in.crs.verify.verifycerlificate.in
dc.crsorgi.gov.in.crs.verifyc.id-php.in
dc.crsorgi.gov.in.crs.verifycertifi.carit.site
dc.crsorgi.gov.in.crs.verifycertificate.droft.shop
dc.crsorgi.gov.in.crs.web.auth.dc-crs.store
dc.crsorgi.gov.in.crs.web.auth.indax.space
dc.crsorgi.gov.in.crsorg.buzz
dc.crsorgi.gov.in.crsorgi.solutions
dc.crsorgi.gov.in.crssg.shop
dc.crsorgi.gov.in.cscprintportal2.xyz
dc.crsorgi.gov.in.cscvle.shop
dc.crsorgi.gov.in.cxrsmm.site
dc.crsorgi.gov.in.dc-verify.info
dc.crsorgi.gov.in.dcbirth.fun
dc.crsorgi.gov.in.dcbirth.in
dc.crsorgi.gov.in.dccrs.in.net
dc.crsorgi.gov.in.dcert.ink
dc.crsorgi.gov.in.dclink.shop
dc.crsorgi.gov.in.dcverfy.in
dc.crsorgi.gov.in.endex.site
dc.crsorgi.gov.in.endx.xyz
dc.crsorgi.gov.in.fastprintseva.site
dc.crsorgi.gov.in.gavi.in.net
dc.crsorgi.gov.in.gcbs.site
dc.crsorgi.gov.in.gov-in.cloud
dc.crsorgi.gov.in.govi.site
dc.crsorgi.gov.in.hostingbest.live
dc.crsorgi.gov.in.igaxis.site
dc.crsorgi.gov.in.imgpdf.top
dc.crsorgi.gov.in.in.crsorgioi.online
dc.crsorgi.gov.in.in.viwe.life
dc.crsorgi.gov.in.ind2.xyz
dc.crsorgi.gov.in.indecx.site
dc.crsorgi.gov.in.indesx.cloud
dc.crsorgi.gov.in.index-ds.in-n.site
dc.crsorgi.gov.in.index.birth.onlline.in
dc.crsorgi.gov.in.index.in.suvidhaprint.site
dc.crsorgi.gov.in.index.php.oneepson.xyz
dc.crsorgi.gov.in.index.suvidhaprint.site
dc.crsorgi.gov.in.index.verifycertificate.info
dc.crsorgi.gov.in.index.viewscrit.org
dc.crsorgi.gov.in.indexe.cloud
dc.crsorgi.gov.in.indx.viwe.life
dc.crsorgi.gov.in.infhop.in
dc.crsorgi.gov.in.inix.live
dc.crsorgi.gov.in.logln.in
dc.crsorgi.gov.in.mrraj.shop
dc.crsorgi.gov.in.myadhaar.xyz
dc.crsorgi.gov.in.mycsccenter.top
dc.crsorgi.gov.in.nat.verifycertificatecrs.live
dc.crsorgi.gov.in.nest.verifycertificatecrs.live
dc.crsorgi.gov.in.or-ai.site
dc.crsorgi.gov.in.osolution.in
dc.crsorgi.gov.in.pdfverify.in
dc.crsorgi.gov.in.rmssolutionprint.xyz
dc.crsorgi.gov.in.rpjnsdl.co.in
dc.crsorgi.gov.in.shahji.cam
dc.crsorgi.gov.in.skfastportal.site
dc.crsorgi.gov.in.sm.smmi.in.net
dc.crsorgi.gov.in.smfind.shop
dc.crsorgi.gov.in.unqtech.xyz
dc.crsorgi.gov.in.veernishad.online
dc.crsorgi.gov.in.verfiycerti.co.in
dc.crsorgi.gov.in.verify.certificata.online
dc.crsorgi.gov.in.verify.gsaddartps.xyz
dc.crsorgi.gov.in.verify.indaxs.in
dc.crsorgi.gov.in.verifycerlificate.in
dc.crsorgi.gov.in.verifycerti.online
dc.crsorgi.gov.in.verifycertificate.buzz
dc.crsorgi.gov.in.verifycertificate.gsaddaprint.xyz
dc.crsorgi.gov.in.verifycertificate.xyz
dc.crsorgi.gov.in.verifycertificatecrs.verifycertificatecrs.live
dc.crsorgi.gov.in.verifycertificates.site
dc.crsorgi.gov.in.verifycsc.shop
dc.crsorgi.gov.in.verifyin.live
dc.crsorgi.gov.in.view.certificatepdf.in
dc.crsorgi.gov.in.viewcrsn.site
dc.crsorgi.gov.in.viewert.cloud
dc.crsorgi.gov.in.viewert.cloud.88-99-15-159.cprapid.com
dc.crsorgi.gov.in.viewpdfb.in.net
dc.crsorgi.gov.in.viewpfd.in
dc.crsorgi.gov.in.vipcrs.info
dc.crsorgi.gov.in.vivwcert.info
dc.crsorgi.gov.in.vlew.tech.aoth.xyz
dc.crsorgi.gov.in.vlew.xyz
dc.crsorgi.gov.in.vlewcert.info
dc.crsorgi.gov.in.w3standard.com
dc.crsorgi.gov.in.web-c.phpi.cloud
dc.crsorgi.gov.in.web-index.cloud
dc.crsorgi.gov.in.web.aoth.xyz
dc.crsorgi.gov.in.web.cloued.in
dc.crsorgi.gov.in.web.crsorgioi.online
dc.crsorgi.gov.in.web.i.ogii.in
dc.crsorgi.gov.in.web.in.ogii.in
dc.crsorgi.gov.in.web.indax.auth.dc-verifycertificate.info
dc.crsorgi.gov.in.web.index.auth.dc-verifycertificate.info
dc.crsorgi.gov.in.web.index.auth.verifycerti.online
dc.crsorgi.gov.in.web.index.auth.verifycertiificate.live
dc.crsorgi.gov.in.web.index.auth.verifyphpi.info
dc.crsorgi.gov.in.web.index.auth.weiw.site
dc.crsorgi.gov.in.web.index.auth.weiws.site
dc.crsorgi.gov.in.web.index.birtht.shop
dc.crsorgi.gov.in.web.index.dc-verify.info
dc.crsorgi.gov.in.web.index.ex7ucl.in
dc.crsorgi.gov.in.web.index.indaxs.in
dc.crsorgi.gov.in.web.index.phei.info
dc.crsorgi.gov.in.web.index.php.aothi.info
dc.crsorgi.gov.in.web.index.php.carit.site
dc.crsorgi.gov.in.web.index.php.ogii.in
dc.crsorgi.gov.in.web.index.phpi.dc-verify.info
dc.crsorgi.gov.in.web.index.rautenterprises.in
dc.crsorgi.gov.in.web.index.verify.royalucl.in
dc.crsorgi.gov.in.web.index.verify.uniquesewa.site
dc.crsorgi.gov.in.web.index.wiew.in
dc.crsorgi.gov.in.web.inoex.cloud
dc.crsorgi.gov.in.web.lndax.xyz
dc.crsorgi.gov.in.web.load.phpe.xyz
dc.crsorgi.gov.in.web.ogii.in
dc.crsorgi.gov.in.web.org.crsorgi.solutions
dc.crsorgi.gov.in.web.org.royalprintportal.xyz
dc.crsorgi.gov.in.web.phei.info
dc.crsorgi.gov.in.web.php.inbexx.site
dc.crsorgi.gov.in.web.php.lndax.xyz
dc.crsorgi.gov.in.web.verfycertificate.live
dc.crsorgi.gov.in.web.viewcerty.in
dc.crsorgi.gov.in.web.vle.site.vlecert.site
dc.crsorgi.gov.in.web.weiw.site
dc.crsorgi.gov.in.wiev.xyz
dc.crsorgi.gov.in.xpsdigi.solutions

# Reference: https://x.com/Fact_Finder03/status/1896113309319119185

http://91.211.248.245
http://92.119.114.57
91.211.248.245:443
92.119.114.57:443

# Reference: https://x.com/Cyberteam008/status/1896755260116578340
# Reference: https://www.virustotal.com/gui/file/9025f0bb681f73741a8ddf5cdccf44074d6271b0c03b42fa92dca3e32484879c/detection
# Reference: https://www.virustotal.com/gui/file/b5ab88485cbfca8a978bd4d858d3518d59ccc43cb8272dcae23b6ce80bc8bdf2/detection

185.174.101.108:12866
185.174.101.108:24124
185.174.101.108:24861
185.174.101.108:6515
185.174.101.108:7818
185.174.101.108:8817
185.174.101.147:12866
185.174.101.147:24124
185.174.101.147:24861
185.174.101.147:6515
185.174.101.147:7818
185.174.101.147:8817

# Reference: https://www.uptycs.com/blog/threat-research-report-team/cyber-espionage-in-india-decoding-apt-36-new-linux-malware
# Reference: https://www.virustotal.com/gui/file/cc53c74a8be261fab1f231e20d127cb815787ff3437daff8162855130f8ff271/detection

http://70.34.214.252
70.34.223.234:8001
govscholarships.in
supremo-portal.in
tt1.apktrial.com

# Reference: https://x.com/fibanocci3/status/1899344194235515091
# Reference: https://app.validin.com/detail?find=45.141.59.72&type=ip4&ref_id=35a07a5c4df#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/5815e06deb5ea6f7ce82690b80828546c48a7a06f1ebceaac896565f4bf9f479/detection

defencedept.work
indiandefence.work
in.defencedept.work
in.indiandefence.work
gov.in.defencedept.work
gov.in.indiandefence.work
email.gov.in.defencedept.work
email.gov.in.indiandefence.work

# Reference: https://x.com/solostalking/status/1899401046956679217
# Reference: https://app.validin.com/detail?type=ip&find=88.222.245.211#tab=resolutions
# Reference: https://app.validin.com/detail?find=153.92.210.104&type=ip4&ref_id=e8913126e78#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/cbf74574278a22f1c38ca922f91548596630fc67bb234834d52557371b9abf5d/detection

88.222.245.211:6969
analytics-metrics-gstaticplay.store
circularadmin.in
postindia.site
gov-in.mywire.org
in.gov-in.mywire.org
gov.in.gov-in.mywire.org
email.gov.in.gov-in.mywire.org

# Reference: https://x.com/TIntel2255/status/1899796191950377237

account-recovery.com
airforce-update.net
alert-notification.com
army-alert.net
brief-report.nl
briefreport.com
briefreport.ml
cgda-alert.com
confirm-identity.net
data-storage.services
datastorage.online
datastorage.services
defence-update.com
defencedept.work
department-of-defence.cc
department-of-defence.link
departmentofdefecce.cc
departmentofdefence.cc.login.secure.nl
departmentofdefence.com
departmentofdefence.ml
departmentofdefence.net
departmentofdefence.nl
departmentofdefence.online
departmentofdefence.pl
departmentofdefenceindia.cc
drdo-update.net
dvia.eu
egov-update.net
eids.email.gov.in.indiatop5.in
email-gov-in-access.com
email-gov-in-access.net
email-gov-in-access.org
email-gov-in-account.com
email-gov-in-account.net
email-gov-in-account.org
email-gov-in-alert.com
email-gov-in-alert.net
email-gov-in-alert.org
email-gov-in-confirm.com
email-gov-in-confirm.net
email-gov-in-confirm.org
email-gov-in-gov-in.in
email-gov-in-login.com
email-gov-in-login.net
email-gov-in-login.org
email-gov-in-official.com
email-gov-in-official.net
email-gov-in-official.org
email-gov-in-recovery.com
email-gov-in-recovery.net
email-gov-in-recovery.org
email-gov-in-reset.com
email-gov-in-reset.net
email-gov-in-reset.org
email-gov-in-security.com
email-gov-in-security.net
email-gov-in-security.org
email-gov-in-update.com
email-gov-in-update.net
email-gov-in-update.org
email-gov-in-verify.com
email-gov-in-verify.net
email-gov-in-verify.org
email-gov-in.account-recovery.com
email-gov-in.alert-notification.com
email-gov-in.confirm-identity.net
email-gov-in.official-login.net
email-gov-in.reset-password.com
email-gov-in.secure-access.net
email-gov-in.secure-login.com
email-gov-in.security-update.org
email-gov-in.verify-account.net
email-gov-in.verify-credentials.com
email-hw3b.gov.in.defenceindia.link
email.gov.in.account-recovery.com
email.gov.in.admin-mcas-df.ms
email.gov.in.airforce-update.net
email.gov.in.alert-notification.com
email.gov.in.army-alert.net
email.gov.in.brief-report.nl
email.gov.in.briefreport.com
email.gov.in.briefreport.ml
email.gov.in.cgda-alert.com
email.gov.in.cloud
email.gov.in.co
email.gov.in.confirm-identity.net
email.gov.in.data-storage.services
email.gov.in.datastorage.com
email.gov.in.datastorage.online
email.gov.in.datastorage.services
email.gov.in.defence-update.com
email.gov.in.defence.link
email.gov.in.defencedept.work
email.gov.in.department-of-defence.cc
email.gov.in.department-of-defence.link
email.gov.in.departmentofdefecce.cc
email.gov.in.departmentofdefence.cc.login.secure.nl
email.gov.in.departmentofdefence.com
email.gov.in.departmentofdefence.ml
email.gov.in.departmentofdefence.net
email.gov.in.departmentofdefence.nl
email.gov.in.departmentofdefence.online
email.gov.in.departmentofdefence.pl
email.gov.in.departmentofdefenceindia.cc
email.gov.in.drdo-update.net
email.gov.in.dvia.eu
email.gov.in.egov-update.net
email.gov.in.estbec.in
email.gov.in.governmentmail.link
email.gov.in.i-gov.ink
email.gov.in.icu
email.gov.in.id
email.gov.in.igov.com
email.gov.in.india-gov.pw
email.gov.in.indiadefence.link
email.gov.in.indiadefence.nl
email.gov.in.indiagov.com
email.gov.in.indiagov.mailindia.one
email.gov.in.indiagov.online
email.gov.in.indiagov.ps
email.gov.in.indiagov.site
email.gov.in.indian-army.ml
email.gov.in.indian-army.pl
email.gov.in.indian-defence.link
email.gov.in.indianarmy.com
email.gov.in.indianarmy.gov
email.gov.in.indianarmy.net
email.gov.in.indiandefence.com
email.gov.in.indiandefence.in
email.gov.in.indiandefence.link.verify.online
email.gov.in.indiandefence.work
email.gov.in.indiandence.nl
email.gov.in.indiatop5.in
email.gov.in.information.services
email.gov.in.link
email.gov.in.live
email.gov.in.login-secure.com
email.gov.in.mailgov.in
email.gov.in.mailgovin.com
email.gov.in.mailindia.ministryofdefenceindia.link
email.gov.in.martinseceompanhia.pt
email.gov.in.mcas-df.ms
email.gov.in.ministroyofdefenceindia.link
email.gov.in.misc.casacam.net
email.gov.in.modindia.link.com
email.gov.in.mygov.pw
email.gov.in.mygov.site
email.gov.in.parichay.link
email.gov.in.parichay.online
email.gov.in.publications.cc
email.gov.in.publications.ltd.publications.ltd
email.gov.in.publications.ltda.ms
email.gov.in.publications.ltdclawsindia.com
email.gov.in.publications.one
email.gov.in.publications.online
email.gov.in.reset-password.com
email.gov.in.support
gov.in.account-recovery.com
gov.in.airforce-update.net
gov.in.alert-notification.com
gov.in.army-alert.net
gov.in.brief-report.nl
gov.in.briefreport.com
gov.in.briefreport.ml
gov.in.cgda-alert.com
gov.in.cloud
gov.in.confirm-identity.net
gov.in.data-storage.services
gov.in.datastorage.com
gov.in.datastorage.online
gov.in.datastorage.services
gov.in.defence-update.com
gov.in.defence.link
gov.in.defencedept.work
gov.in.department-of-defence.cc
gov.in.department-of-defence.link
gov.in.departmentofdefecce.cc
gov.in.departmentofdefence.cc.login.secure.nl
gov.in.departmentofdefence.com
gov.in.departmentofdefence.ml
gov.in.departmentofdefence.net
gov.in.departmentofdefence.nl
gov.in.departmentofdefence.online
gov.in.departmentofdefence.pl
gov.in.departmentofdefenceindia.cc
gov.in.drdo-update.net
gov.in.dvia.eu
gov.in.egov-update.net
gov.in.email
gov.in.estbec.in
gov.in.governmentmail.link
gov.in.i-gov.ink
gov.in.india-gov.pw
gov.in.indiadefence.link
gov.in.indiadefence.nl
gov.in.indiagov.com
gov.in.indiagov.mailindia.one
gov.in.indiagov.online
gov.in.indiagov.ps
gov.in.indiagov.site
gov.in.indian-army.ml
gov.in.indian-army.pl
gov.in.indian-defence.link
gov.in.indianarmy.com
gov.in.indianarmy.gov
gov.in.indianarmy.net
gov.in.indiandefence.com
gov.in.indiandefence.in
gov.in.indiandefence.link.verify.online
gov.in.indiandefence.work
gov.in.indiandence.nl
gov.in.indiatop5.in
gov.in.information.services
gov.in.link
gov.in.live
gov.in.login-secure.com
gov.in.mailgov.in
gov.in.mailgovin.com
gov.in.mailindia.ministryofdefenceindia.link
gov.in.martinseceompanhia.pt
gov.in.ministroyofdefenceindia.link
gov.in.misc.casacam.net
gov.in.modindia.link.com
gov.in.mygov.pw
gov.in.mygov.site
gov.in.parichay.link
gov.in.parichay.online
gov.in.publications.cc
gov.in.publications.ltd.publications.ltd
gov.in.publications.ltda.ms
gov.in.publications.ltdclawsindia.com
gov.in.publications.one
gov.in.publications.online
gov.in.reset-password.com
governmentmail.link
i-gov.ink
in.account-recovery.com
in.airforce-update.net
in.alert-notification.com
in.army-alert.net
in.brief-report.nl
in.briefreport.com
in.briefreport.ml
in.cgda-alert.com
in.confirm-identity.net
in.data-storage.services
in.datastorage.com
in.datastorage.online
in.datastorage.services
in.defence-update.com
in.defence.link
in.defencedept.work
in.department-of-defence.cc
in.department-of-defence.link
in.departmentofdefecce.cc
in.departmentofdefence.cc.login.secure.nl
in.departmentofdefence.com
in.departmentofdefence.ml
in.departmentofdefence.net
in.departmentofdefence.nl
in.departmentofdefence.online
in.departmentofdefence.pl
in.departmentofdefenceindia.cc
in.drdo-update.net
in.dvia.eu
in.egov-update.net
in.estbec.in
in.governmentmail.link
in.i-gov.ink
in.india-gov.pw
in.indiadefence.link
in.indiadefence.nl
in.indiagov.com
in.indiagov.mailindia.one
in.indiagov.online
in.indiagov.ps
in.indiagov.site
in.indian-army.ml
in.indian-army.pl
in.indian-defence.link
in.indianarmy.com
in.indianarmy.gov
in.indianarmy.net
in.indiandefence.com
in.indiandefence.in
in.indiandefence.work
in.indiandence.nl
in.indiatop5.in
india-gov.pw
indiadefence.link
indiadefence.nl
indiagov.com
indiagov.mailindia.one
indiagov.online
indiagov.ps
indiagov.site
indian-army.ml
indian-army.pl
indian-defence.link
indianarmy.com
indianarmy.gov
indianarmy.net
indiandefence.com
indiandefence.in
indiandefence.work
indiandence.nl
indiapost.gov.in.email
indiatop5.in
mailindia.ministryofdefenceindia.link
martinseceompanhia.pt
ministroyofdefenceindia.link
mygov.pw
mygov.site
parichay.link
parichay.online
publications.cc
publications.ltda.ms
publications.ltdclawsindia.com
publications.one
publications.online
reset-password.com

# Reference: https://x.com/solostalking/status/1903785739764285529

pnpsmm.in
print.pnpsmm.in

# Reference: https://x.com/PrakkiSathwik/status/1906046098948661366
# Reference: https://app.validin.com/detail?type=raw&find=Saada+C2+-+Login#tab=host_pairs (# 2025-03-29)
# Reference: https://app.validin.com/detail?find=13.53.214.28&type=ip4&ref_id=8ee0ade942c#tab=resolutions
# Reference: https://app.validin.com/detail?type=ip&find=145.223.103.223#tab=resolutions

1s1.accesscam.org
414.camdvr.org
415.mywire.org
419.theworkpc.com
aws-vpn-hub-mggppgcnmv.dynamic-m.com
fur.monster
saadac2.mywire.org
saadac3.accesscam.org

# Reference: https://www.seqrite.com/blog/goodbye-hta-hello-msi-new-ttps-and-clusters-of-an-apt-driven-by-multi-platform-attacks/

educationportals.in
drjagrutichavan.com

# Reference: https://x.com/malwrhunterteam/status/1909710022919307317
# Reference: https://www.virustotal.com/gui/file/5c3472163ad4c1adcfebe15d1016058a5f020100f872ddcc3e692286abbae405/detection

http://134.122.73.171
http://167.99.66.81
http://178.128.246.187
http://64.227.121.136
/root-kin
/suko-vin

# Reference: https://app.validin.com/detail?find=SCI%20App&type=raw&ref_id=17eb19466ef#tab=host_pairs (# 2025-04-18)
# Reference: https://app.validin.com/detail?find=fe0a9bcacd3b3d185209dff67d7fda10&type=hash&ref_id=584d48afe02#tab=host_pairs (# 2025-04-18)
# Reference: https://www.virustotal.com/gui/file/10650a3376a1db207e07697f58e906c14ec67757364686f39e154c7cb6053601/detection
# Reference: https://www.virustotal.com/gui/file/47010225586861faba1575370bf83cc06b12355edea6b9f6075819cd05db7281/detection

main-sci.app
v8s.co
mail.main-sci.app
mail.v8s.co

# Reference: https://x.com/PrakkiSathwik/status/1913243880259993881
# Reference: https://www.virustotal.com/gui/file/f04acb3414c0f8eaf24e5cce18fc6fc800c4080fc20a470718392c536f5505e8/detection
# Reference: https://www.virustotal.com/gui/file/d1a1eaefe6bd2e245bba369e966d7a8eab9ed6ad1fa827321e5889cc8d43f976/detection

104.129.27.14:16197
104.129.27.14:19867
104.129.27.14:28784
104.129.27.14:30123
104.129.27.14:8108

# Reference: https://x.com/Cyberteam008/status/1915192345852596511
# Reference: https://www.virustotal.com/gui/ip-address/176.65.143.215/relations
# Reference: https://www.virustotal.com/gui/file/6c69e5353fe0420844fbc6ba6d8b3854a7fd57dcec5b2a3f3fafce8874bc042a/detection

departmentofdefence.de
ministryofdefenceindia.org
iaf.nic.in.ministryofdefenceindia.org
indianarmy.nic.in.departmentofdefence.de
indianarmy.nic.in.ministryofdefenceindia.org

# Reference: https://app.validin.com/detail?find=45.141.58.224&type=ip4&ref_id=f804e76536d#tab=resolutions

briefcases.email
defenceindia.ltd
departmentofspace.info
in.briefcases.email
in.defenceindia.ltd
in.departmentofdefence.de
in.departmentofspace.info
in.ministryofdefenceindia.org
gov.in.briefcases.email
gov.in.defenceindia.ltd
gov.in.departmentofdefence.de
gov.in.departmentofspace.info
gov.in.ministryofdefenceindia.org
email.gov.in.briefcases.email
email.gov.in.defenceindia.ltd
email.gov.in.departmentofdefence.de
email.gov.in.departmentofspace.info
email.gov.in.ministryofdefenceindia.org

# Reference: https://x.com/TIntel2255/status/1920726992367829117
# Reference: https://app.validin.com/detail?find=45.141.58.33&type=ip4&ref_id=f804e76536d#tab=resolutions

indiangov.download
indiangovt.download
in.indiangov.download
in.indiangovt.download
gov.in.indiangov.download
gov.in.indiangovt.download
email.gov.in.indiangov.download
email.gov.in.indiangovt.download

# Reference: https://www.virustotal.com/gui/ip-address/84.54.51.12/relations

modindia.link
in.modindia.link
gov.in.modindia.link
email.gov.in.modindia.link

# Reference: https://app.validin.com/detail?find=185.117.90.212&type=ip4&ref_id=1df5f665af8#tab=resolutions
# Reference: https://app.validin.com/detail?find=31.42.185.47&type=ip4&ref_id=d18562645f5#tab=resolutions

avtzyu.store
drdosurvey.info
indiangov.site
in.avtzyu.store
in.drdosurvey.info
in.indiangov.site
gov.in.avtzyu.store
gov.in.drdosurvey.info
gov.in.indiangov.site
email.gov.in.avtzyu.store
email.gov.in.drdosurvey.info
email.gov.in.indiangov.site

# Reference: https://x.com/PrakkiSathwik/status/1915761627552710795
# Reference: https://www.virustotal.com/gui/file/6fcbcdcafc5accf1b2b0453eccd93c203ab1dca9920521b107c9cff8c0236eb2/detection

93.127.133.58:1097
93.127.133.58:17241
93.127.133.58:19821
93.127.133.58:21817
93.127.133.58:23221
93.127.133.58:27425
kashmirattack.exposed
in.kashmirattack.exposed
gov.in.kashmirattack.exposed
jkpolice.gov.in.kashmirattack.exposed

# Reference: https://www.linkedin.com/posts/sathwik-ram-prakki-43770016a_apt36-phishing-crimsonrat-activity-7321587277455912961-ralC
# Reference: https://www.virustotal.com/gui/file/ab050e42f7c88da840ca37cd402be42b02f6e52a8cafa1376b7eddcacb1e2fcd/detection
# Reference: https://www.virustotal.com/gui/file/ae520a6e499ad39e64858200e21f7c54e590fca00aa5de5f5e32f016075e549f/detection
# Reference: https://www.virustotal.com/gui/file/7a2f7357ce5ebd03bbf10b856a30706f71eb1586c309aff9169fb5b056791741/detection

http://134.209.250.88
http://161.35.24.231
http://164.92.190.176
http://165.22.251.224
http://165.227.153.114
http://165.232.114.63
http://209.38.33.123

# Reference: https://x.com/blackorbird/status/1916841396792914357
# Reference: https://mp.weixin.qq.com/s/QD_MYIYivM_S1dr4vZxocg
# Reference: https://www.virustotal.com/gui/file/33feaee2039e28e252f7289ba9fc874f75a86078dd48727759316960404e94e5/detection
# Reference: https://www.virustotal.com/gui/file/fbde6f65c960c2469d957f1fdb6d7240bd6eec5e4f34b68e01dda85cb9bf6841/detection
# Reference: https://www.virustotal.com/gui/file/898eefa76adf40593c3e69fb1ec63715c15a61cf33cd0d18ddb69322dae4a975/detection
# Reference: https://www.virustotal.com/gui/file/de3932dc9570869e015bd3dcea0b429b53e13137f3c56c3859e4a420979f2592/detection

84.46.251.145:14862
84.46.251.145:901
ghmeetag.xyz
honeybeechatt.com
signalchat.chat
syntheticschoolsystem.com
vibechatt.chat
vibechatt.com
waqarawan.xyz
mail.waqarawan.xyz
vibechatt.signalchat.chat

# Reference: https://x.com/blackorbird/status/1917581986472026278
# Reference: https://www.virustotal.com/gui/file/eb03f0bd9edf20053a594b134fe7b69b0deec9fee7176105c366e5c5f11180a0/detection
# Reference: https://www.virustotal.com/gui/file/e3732e9d6bc1332313ac1925cbb5271787788dc887497dba9bfecea1f382a7b2/detection
# Reference: https://www.virustotal.com/gui/file/333b1e6113a537b5430e4330d01499a4b1d0c0899ed10b7d6610b2c5f296ce15/detection
# Reference: https://www.virustotal.com/gui/file/21aa51d3f7296df9b175fb27928b5b9ff6b81c1e0c50585216c0dcfdfec2da59/detection

185.174.102.21:15826
185.174.102.21:18232
185.174.102.21:22626
185.174.102.21:25819
185.174.102.21:27228
sharemaxme24.net

# Reference: https://x.com/solostalking/status/1918155338374680667

indiandefence.directory
in.indiandefence.directory
gov.in.indiandefence.directory
mod.gov.in.indiandefence.directory

# Reference: https://x.com/Cyberteam008/status/1918133325509870061
# Reference: https://www.virustotal.com/gui/file/47a6ea2947d46e9547989e9c8870805fb585d3ff16a4b9c7b6e8b4a322b61eb3/detection

185.235.137.195:3309
185.235.137.195:3311
securenesst.com
server1.securenesst.com
expressholidays.co.in/ups/r.php

# Reference: https://x.com/PrakkiSathwik/status/1919722443628806514
# Reference: https://www.virustotal.com/gui/file/9011883354aecb42135e1793f2b7f4329e97a4df84e072769301c13fb310464e/detection

gchindia.com/lib/pdf/Blackout-Rehearsal-Plan/wins/

# Reference: https://x.com/PrakkiSathwik/status/1919817162404880522
# Reference: https://www.virustotal.com/gui/file/8f0cd0a744dd8ab3723cf5cf51fbcc9ce47082ce3a68954f267f461a6689d0b3/detection
# Reference: https://www.virustotal.com/gui/file/72558ed8bd3f2ac5a4caa94cb8318328300cf27a453f10c8945725572740a282/detection
# Reference: https://www.virustotal.com/gui/file/3cf9c4baf9cb3c150c036e9c94de03b5fb6ecb2fefe7e39aa8ed3213420d0f6c/detection
# Reference: https://www.virustotal.com/gui/file/369904dc22cc1e8e274d40a64c0a6040d7a4cb5dc19489900520d67130095c0c/detection

96.47.232.202:16828
96.47.232.202:26120
96.47.232.202:24821
96.47.232.202:34426
96.47.232.202:6830
raf74.duckdns.org

# Reference: https://x.com/PrakkiSathwik/status/1919815291976163467
# Reference: https://www.virustotal.com/gui/file/5a2ec17c8dd5f37b2b04613a24c278a6cf140180709840e74435e319c5c8957c/detection
# Reference: https://www.virustotal.com/gui/file/41e49f62bdc1a53aa05b10b47ca497fcbb8ff93ca5a5f2416961529648799835/detection

96.47.234.145:14828
96.47.234.145:21821
96.47.234.145:28120
96.47.234.145:34422
96.47.234.145:7830

# Reference: https://x.com/TIntel2255/status/1920012934463324485
# Reference: https://x.com/TIntel2255/status/1920832585900413266
# Reference: https://x.com/PrakkiSathwik/status/1921138502915227752

indiandefence.services
in.indiandefence.services
mail.indiandefence.services
gov.in.indiandefence.services
mea.gov.in.indiandefence.services
mod.gov.in.indiandefence.services

# Reference: https://x.com/malwrhunterteam/status/1916176519866601725
# Reference: https://x.com/cyber_ra1/status/1920093689755599200
# Reference: https://www.virustotal.com/gui/file/8a35adede1f8936e75ae00f67ef5e58f38117d5f7e8e6adff9de850307a46ffc/detection
# Reference: https://www.virustotal.com/gui/file/bca5f50de8d565deb2bf7a3cc7d22fb743845135ab3195444365fcad2b12ea7a/detection

nationaldefencebackup.xyz
nationaldefensecollege.com

# Reference: https://x.com/ThreatBookLabs/status/1920489365408788746

kashmiraxxack.exposed

# Reference: https://x.com/Cyberteam008/status/1920423302683623728
# Reference: https://x.com/cyber_ra1/status/1920448288668725723
# Reference: https://x.com/IdaNotPro/status/1921271338959851527
# Reference: https://www.virustotal.com/gui/file/70427a5a7cee2a8da876be4ac74caf8888145972930968b7f4fb5932ecee5f31/detection
# Reference: https://www.virustotal.com/gui/file/a362a7393accb1f7318a3c92d4069c29a01f75216e88fcee7066d9dffa229b5f/detection
# Reference: https://www.virustotal.com/gui/file/0e7bdb5ecbd8f74f38d75df6f8d5ae7ed3290b5dcf41212ecd3c1281e8f71ae6/detection
# Reference: https://www.virustotal.com/gui/file/7129ad4ac19f03d6512d8ea3a4cf3373c52d30a982e4a3bba2a5357bcbdf7314/detection
# Reference: https://www.virustotal.com/gui/file/9b3f66b7cc7f00a1ff8f962f2a0f13765a8324d6b532be02dce14e0a0de7e723/detection

167.86.97.58:17854
185.235.137.237:24156
85.158.108.85:42368
zohidsindia.com

# Reference: https://x.com/IdaNotPro/status/1921124452122677253

apollokhos.co.in

# Reference: https://x.com/Cyberteam008/status/1922576157985096044
# Reference: https://www.virustotal.com/gui/file/2032a25e951f9bb6efca2d6df34bc40e82100613f83dd5ebd7e621256d3fabb6/detection
# Reference: https://www.virustotal.com/gui/file/b96704e1ad5c6a2dafcf63a7e0576b5a478d903b7f46bd5e5995eb3a85c52b51/detection
# Reference: https://www.virustotal.com/gui/file/106dd82a7091564781c01424d7810bfccb5e69740af046bd4c3503bb51101e81/detection

212.56.45.254:24224
212.56.45.254:28822
212.56.45.254:9525

# Reference: https://x.com/skocherhan/status/1923593417340158064

01411.club
130t.xyz
3a4p8gq8bojwn.xyz
5zbm0.cfd
66xq2.top
873013.xyz
8ln62.cfd
9882aa1216.autos
999game.website
9gi02.cfd
9ydygorig3l7z.xyz
aise-your-voice.sbs
akextow.net
anpack.shop
ardengoal.net
aser-skin-treatment-95250.bond
avakey.shop
ayarwarna21.live
ayeewenvqzqm.top
aysec.net
betka.xyz
cvaultshielded.live
elayrunway.shop
ellbar.shop
elvetvoiceskiresorts.website
enckubs.shop
erspacehealthandwellness.info
g1wszulqv7lc.xyz
gsp657.top
hagrinleemotooltechus.shop
hbnzk.cfd
iaolento12.sbs
igitalmilanolegacy.shop
inktrim.xyz
iralavinc.online
it4n1ar4t0k7o0.xyz
kfast.store
kpqh.town
looring-services329769.sbs
loud-sevice.click
lx2cbhe5vee0e1.xyz
movps.net
ndotoverf.pro
netuzio.xyz
nity-3d-development.dev
njjwh.info
olidspot.shop
ompanion.bio
onety.skin
pb79kasy.vip
phones-br.sbs
rog.top
rtelegans.art
ry-prodentims.shop
t775.top
teelpath.shop
tp-batik77-1.vip
tu1x120.top
tudiofoti.pro
uklor.shop
w-yudfjp.shop
x92q.top
xectgroup.net
xplosion-proof.lat

# Reference: https://x.com/suyog41/status/1919744048639967361
# Reference: https://www.virustotal.com/gui/file/72333de5a6cbdda61ce8891cda1a9f927bb8f9e0acd6239a1de9a03b4bbb66e9/detection
# Reference: https://www.virustotal.com/gui/file/50f30b78df1a225d9f99d036a8109d79af226b59ab735abb84fa042b93acccdd/detection
# Reference: https://www.virustotal.com/gui/file/9011883354aecb42135e1793f2b7f4329e97a4df84e072769301c13fb310464e/detection

amsisupport.com
sync.amsisupport.com
/dnammocmvitna

# Reference: https://x.com/ThreatBookLabs/status/1925555749415264567
# Reference: https://www.virustotal.com/gui/file/e9000239d7b63beb19c00caee1b9048a89575e80e920185cfa41a0586cad7802/detection

185.123.102.180:41452

# Reference: https://www.seqrite.com/blog/operation-sindoor-anatomy-of-a-digital-siege/

operationsindoor2025.in
pahalgamattack.com
sindoor.live
sindoor.website

# Reference: https://app.validin.com/detail?find=Supreme%20Court%20of%20India%20%7C%20India&type=raw#tab=host_pairs (# 2025-05-28)

indiasci.cc
supremecourtofindiagov.com

# Reference: https://x.com/skocherhan/status/1927793481805676587

supremecourtofindia.net
supremecourtpractice.com

# Reference: https://x.com/blackorbird/status/1928076030599909423

ministryofdefenseindia.link
in.ministryofdefenseindia.link
gov.in.ministryofdefenseindia.link
email.gov.in.ministryofdefenseindia.link

# Reference: https://x.com/PrakkiSathwik/status/1928798284056781029
# Reference: https://www.virustotal.com/gui/file/7b8ef47b1362bfddfbb1f736cf3d1afc67d7ac3d969746f6bf68963d1285f88c/detection
# Reference: https://www.virustotal.com/gui/file/85f79362d115e9f6dfca831bb4dd64e4a9713e9d8cb70699036dcab7c1e54223/detection
# Reference: https://www.virustotal.com/gui/file/1932c79ca5dbf54d786a2d307b18b3d7e2b6ceebca6a777578ebc9029527773b/detection
# Reference: https://www.virustotal.com/gui/file/9795a2539388212d9d3e4b2684efa0446ec6ce16061cccbdce9f1abda6db9bc3/detection

69.197.178.193:15642
69.197.178.193:16853
69.197.178.193:23867
69.197.178.193:26261
69.197.178.193:29426
asatvm.duckdns.org

# Reference: https://x.com/solostalking/status/1929463023313334771
# Reference: https://app.validin.com/detail?find=eb3f429628466bffb76bd984834ecd86&type=hash&ref_id=b27e120376f#tab=host_pairs (# 2025-06-04)
# Reference: https://www.virustotal.com/gui/file/bd5bad8ae151d32347eb6b06ee28f8a1ba6e1f80cd966ecb0f8fd23a7ee10b46/detection

cloudshare.digital
defencepersonnel.support
storagecloud.download
virtualeoffice.cloud
in.cloudshare.digital
in.defencepersonnel.support
in.storagecloud.download
in.virtualeoffice.cloud
gov.in.defencepersonnel.support
mgovcloud.in.cloudshare.digital
mgovcloud.in.storagecloud.download
mgovcloud.in.virtualeoffice.cloud
accounts.mgovcloud.in.cloudshare.digital
accounts.mgovcloud.in.storagecloud.download
accounts.mgovcloud.in.virtualeoffice.cloud
mod.gov.in.defencepersonnel.support

# Reference: https://x.com/solostalking/status/1929463023313334771
# Reference: https://www.cyberproof.com/blog/cyber-attacks-rise-as-tension-mounts-across-india-pakistan-border-post-terrorist-attack/

account.migration.jkpolice.gov.in.mgovcloud.de
accounts-migration.mgovcloud.de
accounts.mgovcloud.de
blackout-and-emergency.zip
coord-officer.in
cricket.tezzbuzz.com
cricketbuzz.ink
cricketbuzz.sport.blog
delivery.smartmfdpro.com
email.gov.in.ministryofdefence.cc
gourangashil.smartmfdpro.com
gov.in.accounts-migration.mgovcloud.de
gov.in.mgovcloud.de
gov.webmailinc.army
in.accounts-migration.mgovcloud.de
indianarmedforcesadventurestories.cricketbuzz.ink
jkpolice.gov.in.mgovcloud.de
mail-portal.in
mea.gov.in.accounts-migration.mgovcloud.de
mgovcloud.de
migration.jkpolice.gov.in.mgovcloud.de
sainik-sathi.in
securenessst.com
server1.securenessst.com
skodalifts.co.in
support-dept.in
support-office.in
webmailinc.army

# Reference: https://app.validin.com/detail?find=c72ce4fa1bca9a9c02ebdb45a6f7dc0e&type=hash#tab=host_pairs (# 2025-06-05)

advanceservice.in.103-160-106-28.cpanel.site
prajapatiprint.site
in.prajapatiprint.site
gov.in.prajapatiprint.site
crsorgi.gov.in.prajapatiprint.site
dc.crsorgi.gov.in.prajapatiprint.site

# Reference: https://app.validin.com/detail?find=557ce7f39601f6826788cda47f75df7c&type=hash#tab=host_pairs (# 2025-06-05)

http://144.24.109.1

# Reference: https://app.validin.com/detail?find=82.25.106.148&type=ip4&ref_id=9bd199165b9#tab=resolutions (# 2025-06-05)

appleblueltd.store
coord.site
govnic.site
guideevents.site
nicgov.site
playdashboard.store
playprotect.site
eoffice.coord.site

# Reference: https://app.validin.com/detail?find=3ce12827a69a7f00b514d7036a83db67afea26a3&type=hash&ref_id=eb75f7a99ec#tab=host_pairs (# 2025-06-05)

onlinesomadhan.in
dccrsorgi.onlinesomadhan.in

# Reference: https://x.com/malwrhunterteam/status/1930921144053383171
# Reference: https://www.virustotal.com/gui/file/3c012b14ad76bc2bd3a6e7c99c8f50a8c28c025750e32aea007978e8a1db703d/detection

http://138.197.163.42
http://142.93.38.174
http://143.110.184.169
http://64.227.134.175
376zbaqsnigt.com
rgzavr4awa.com
tjofxavif5b3q6ogz.com

# Reference: https://x.com/skocherhan/status/1932329311287083343
# Reference: https://app.validin.com/detail?find=Civil%20Registration%20System&type=raw&ref_id=8bc5484a9e7#tab=host_pairs (# 2025-06-10)

aadharpor.xyz
asdfghjkl2.online
birth.kajalroma.xyz
blrths.co.in
crsorgi.g0v.in.net
crsorgi.gov.in.cashwiz.site
crsorgi.gov.in.lndex.in.net
crsorgi.gov.in.onlineconvetar.in
crsorgi.gov.in.viewcerts.org
crsorgi.gov.in.web.index.php.bcerti.xyz
crsorgi.gov.in.web.index.php.indexco.info
crsorgi.shop
crsorgi.shop.headofharyana.com
crsorgigov.info
crsorgigove.com
crsorgingov.site
crsportal.cfd
crsprint.cam
crsprint.shop
crsrorgig.com
cscaadhar.xyz
dc-crsorgi-gov.sbs
dc.crsorgi.gov.in.lndex.in.net
dc.crsorgi.gov.in.onlineconvetar.in
dc.crsorgi.gov.in.viewcerts.org
dc.crsorgi.gov.in.web.index.php.indexco.info
dcalam.shop
g0v.in.net
gov.in.cashwiz.site
gov.in.lndex.in.net
gov.in.onlineconvetar.in
gov.in.viewcerts.org
gov.in.web.index.php.bcerti.xyz
gov.in.web.index.php.indexco.info
in.cashwiz.site
in.lndex.in.net
in.onlineconvetar.in
in.viewcerts.org
in.web.index.php.bcerti.xyz
in.web.index.php.indexco.info
janudajanudi.online
kajalroma.xyz
mail.dc-crsorgi-gov.sbs
onlinecer.top
viewscerti.xyz
vkprintportal.site

# Reference: https://x.com/PrakkiSathwik/status/1932691126022275294
# Reference: https://www.virustotal.com/gui/file/29291610808a53c43fd0d413ad9a57a9839258e17bca1c7b52c90ea9060dc8f2/detection

37.1.198.72:5863
educationportals.biz
dns.educationportals.biz

# Reference: https://x.com/PrakkiSathwik/status/1933503981017502103
# Reference: https://gist.githubusercontent.com/PSR009/e284fb4eed0338b5665ee9e3bfd8fe37/raw/d858cb20c7df146b3fc2af06558d87be7b82dd87/phishingList_onlinenic.txt

bcclweb.onlinenic.in.net
bih.nic.in.onlinenic.in.net
biharpolice.onlinenic.in.net
bpsc.bih.nic.in.onlinenic.in.net
bsedc.bihar.onlinenic.in.net
dda.onlinenic.in.net
employee.incometax.onlinenic.in.net
employee.onlinenic.in.net
fci.employee.onlinenic.in.net
gov.in.onlinenic.in.net
in.onlinenic.in.net
incometax.onlinenic.in.net
india.onlinenic.in.net
indiapostgds.onlinenic.in.net
maha.gov.in.onlinenic.in.net
maharashtra.onlinenic.in.net
mcgm.onlinenic.in.net
nic.in.onlinenic.in.net
nic.onlinenic.in.net
nrhm.maha.gov.in.onlinenic.in.net
onlinenic.in.net
samajkalyan.up.onlinenic.in.net
service.india.onlinenic.in.net
sjsa.maharashtra.onlinenic.in.net
ssc.nic.onlinenic.in.net
up.onlinenic.in.net
up.samajkalyan.onlinenic.in.net

# Reference: https://x.com/Cyberteam008/status/1935206757657362569
# Reference: https://www.virustotal.com/gui/file/167b387005d6d2a55ad282273c58d1786a2ee0fa3e7e0cb361d4d61d8618ee5f/detection
# Reference: https://www.virustotal.com/gui/file/014a14d46b83a2cca1267bedb1a02aa7fd50b90633009bd2d94b6a0158df8577/detection

101.99.92.182:11520
101.99.92.182:9080
defence-nic.3utilities.com
drdo-mss.serveirc.com
modgovin.onthewifi.com

# Reference: https://x.com/solostalking/status/1935222291375472707
# Reference: https://x.com/PrakkiSathwik/status/1935246089286046091
# Reference: https://x.com/PrakkiSathwik/status/1935342921127182548
# Reference: https://app.validin.com/detail?find=37.221.64.202&type=ip4&ref_id=f7397d12cac#tab=resolutions
# Reference: https://www.virustotal.com/gui/file/a772aa59345a89c0ba56911487d5ec1b2088a8175239446a87de1db6d56d1bc5/detection

accinfo.live
aidfix.help
aidline.help
aidplus.help
aidsol.help
apccare.help
aplcare.help
ar2care.live
ar2help.live
armcare.help
as4care.help
as4care.live
asdcare.help
asonline.help
axrhelp.live
azzcare.help
bdcare.info
bdcare.live
bercare.help
bggcare.help
bmcare.live
bmecare.help
bnkcare.help
bocare.help
bookingcare.help
bookingteam.help
brsupport.help
bwsupport.live
carefix.help
carehub.help
carework.help
ccdesk.help
cchcare.help
cencare.help
cesupport.help
cgcare.help
checare.help
chicare.help
chmcare.help
chmecare.help
chmserv.help
ckcare.help
cpsupport.live
cryptohelp.live
csmhelp.live
csupport.help
cvcare.help
cvhelp.live
cxverify.help
d4net.info
d4support.help
d4support.live
daacare.help
dccare.help
depcare.help
desksol.help
dmsupport.live
dpcare.info
dpcare.live
dpsupport.help
dscare.live
dsrhelp.live
dvcare.info
epcare.help
epserv.help
ermcare.help
fercare.help
fgsupport.help
fmdcare.help
fpsupport.help
fstcare.help
gawcare.help
gedcare.help
gkcare.info
gksdesk.help
gscare.help
gsdesk.help
gservice.help
gsinfo.help
gtrcare.help
gvcare.help
h2support.help
h2support.live
hdesk.help
hdrcare.help
hdserv.help
helppl.live
helpserv.help
hiwcare.help
hrhcare.live
hrmcare.help
htsupport.help
i2secure.live
iercare.help
iglcare.help
ioscare.help
iossupport.live
ippcare.help
isdcare.help
ismcare.help
itmcare.help
iurcare.help
jmcare.help
jpncare.help
kercare.help
kkpcare.help
lddcare.help
lewcare.help
linkcare.help
livcare.help
livepc.info
livepcx.help
lysupport.help
m4support.help
m4support.live
mercare.help
mncare.help
mnscare.live
ms2help.live
ms4care.live
msinfo.help
mwcare.help
nedcare.help
netcare.help
nhrcare.help
ntsupport.help
nvdcare.help
oncare.help
oswcare.help
p2help.live
pcxcare.help
pdcare.help
pfhelp.info
pllcare.help
ppcare.help
ppcare.online
pplcare.help
pplhelp.info
pplserv.help
ppteam.help
ppvarify.help
ppverify.help
pqsupport.help
prscare.help
pylcare.help
pyphelp.live
pyplcare.help
pyteam.help
qbcare.help
qsupport.online
rbhhelp.live
rdcare.help
rebcare.help
reqcare.help
revcare.help
rfdcare.help
rp2help.live
rs2care.live
rwcare.help
s2support.help
s2support.live
serassist.help
sercare.help
servaid.help
servcare.help
servdesk.help
servteam.help
servyou.help
spsupport.help
ssdesk.help
ssrcare.help
supcare.help
support868.live
supportaid.help
sycare.help
syscare.help
terplus.help
umcare.help
varifysupport.live
vcare.live
verifyme.help
vmcare.help
wdcare.live
weserv.help
wsdcare.help
wservice.help
wsinfo.help
wzcare.help
xercare.help
yassist.help
ybassist.help
ybdcare.help
youserv.help
yrwcare.help
zxcare.live
modpersonnel.support
in.modpersonnel.support
pk.modpersonnel.support
gov.in.modpersonnel.support
mod.gov.in.modpersonnel.support
zahcomputers.pk.modpersonnel.support

# Reference: https://x.com/PrakkiSathwik/status/1935349973404762509
# Reference: https://www.virustotal.com/gui/file/4635eb6ab2fb781d12f8b7a160681a194d148062d4168a6bfcd54b2c11a050fc/detection
# Reference: https://www.virustotal.com/gui/file/61da538d9e48f058c0615f8b832418c8b81927f78b6d7a2ef58e8b9171146eb3/detection
# Reference: https://www.virustotal.com/gui/file/eb769d1e797de96297a9e477c39eb8ddbc705b095ad6e4aea23c0e2269795851/detection

185.174.101.86:15868
185.174.101.86:22528
185.174.101.86:26567
185.174.101.86:7523
185.174.101.86:8927
arvnd.duckdns.org

# Reference: https://x.com/PrakkiSathwik/status/1935717744525430870
# Reference: https://www.virustotal.com/gui/file/3032cccb84cbbaecf88acf53868962d10599abd864e37ecced55ec860f4890a8/detection

sorlastore.com
govin.sorlastore.com

# Reference: https://x.com/PrakkiSathwik/status/1935717747998265498
# Reference: https://www.virustotal.com/gui/file/e528799a29e9048c1e71b78223311cad2699d035a731d1a6664fc8ddd0642064/detection
# Reference: https://www.virustotal.com/gui/file/978b5e464a958a882a0146f8f33640300a06576b736c07088de3cbb158cd3cf1/detection
# Reference: https://www.virustotal.com/gui/file/167b387005d6d2a55ad282273c58d1786a2ee0fa3e7e0cb361d4d61d8618ee5f/detection

101.99.92.182:12520
45.141.59.44:8080

# Reference: https://x.com/ThreatBookLabs/status/1935850280463007912
# Reference: https://www.virustotal.com/gui/file/a9b253b7085c68493928888408eef8af66e8aa7ef38d4c36a52633b6ca8ef3c9/detection

185.123.102.59:21452
/api/root_78616337600736/hello
/api/root_78616337600736/upload

# Reference: https://x.com/suyog41/status/1937751476916621432
# Reference: https://www.virustotal.com/gui/file/b308f1b25c626ef8a2610e2f313dc9596a80255b1c1ddd4ccd687b214ca04b46/detection

http://209.38.203.53
/eXVndW5kdQ==/tcl-8.7
/eXVndW5kdQ==/

# Reference: https://www.cyfirma.com/research/apt36-phishing-campaign-targets-indian-defense-using-credential-stealing-malware/

advising-receipts.com
megasofteware.net
superprimeservices.com

# Reference: https://app.validin.com/detail?find=Civil%20Registration%20System&type=raw#tab=host_pairs (# 2025-06-25)

crsrorgog.com

# Reference: https://app.validin.com/detail?find=eb3f429628466bffb76bd984834ecd86&type=hash#tab=host_pairs (# 2025-06-25)

accinfo.live
ak-agstsbsvru.xyz
bwsupport.live
dmsupport.live
mnscare.live
supcare.help

# Reference: https://www.recordedfuture.com/research/drat-v2-updated-drat-emerges-tag-140s-arsenal
# Reference: https://www.virustotal.com/gui/file/c328cec5d6062f200998b7680fab4ac311eafaf805ca43c487cda43498479e60/detection
# Reference: https://www.virustotal.com/gui/file/830cd96aba6c328b1421bf64caa2b64f9e24d72c7118ff99d7ccac296e1bf13d/detection
# Reference: https://www.virustotal.com/gui/file/c73d278f7c30f8394aeb2ecbf8f646f10dcff1c617e1583c127e70c871e6f8b7/detection
# Reference: https://www.virustotal.com/gui/file/0d68012308ea41c6327eeb73eea33f4fb657c4ee051e0d40a3ef9fc8992ed316/detection

154.38.175.83:3232
178.18.248.36:6372
185.117.90.212:7771

# Reference: https://x.com/PrakkiSathwik/status/1940381036795609498
# Reference: https://www.virustotal.com/gui/file/a0fae6bc4e0e705d548e3dd227fa718f26492e9950e7d88a555aea75b9cd6c3c/detection

nominationdrdo.report
in.nominationdrdo.report
gov.in.nominationdrdo.report
drdo.gov.in.nominationdrdo.report

# Reference: https://x.com/soursecc/status/1945222303995883781

viewcarde.in
verifycertificate.php.viewcarde.in
in.verifycertificate.php.viewcarde.in
gov.in.verifycertificate.php.viewcarde.in
crsorgi.gov.in.verifycertificate.php.viewcarde.in
dc.crsorgi.gov.in.verifycertificate.php.viewcarde.in

# Reference: https://x.com/solostalking/status/1945762743090647217

indiagov.support
in.indiagov.support
mgovcloud.in.indiagov.support
accounts.mgovcloud.in.indiagov.support

# Reference: https://x.com/PrakkiSathwik/status/1946122496048329070
# Reference: https://www.virustotal.com/gui/file/daa42d2e7e27dea896db830dd3a692bc756664cfec3f686e385724cfe1dd6d26/detection

ompowerterminus.com/css/docs/Tour-Programme-Ayodhya/wince

# Reference: https://x.com/PrakkiSathwik/status/1946472607358017937
# Reference: https://www.virustotal.com/gui/file/fb9b96d9f51e814759062554e96b39b01ff076c30b058b066d6e47b5d7c339d0/detection

learned-shape-460306-e5.iam.gserviceaccount.com

# Reference: https://x.com/TIntel2255/status/1947897000156140017

mea-gov-in.com

# Reference: https://x.com/Cyberteam008/status/1950019927898837282
# Reference: https://x.com/volrant136/status/1950216274274881538
# Reference: https://www.virustotal.com/gui/file/0381bf35e3baec721253fdb2b6c3298d20efeaf0c11bd93eaf9334be9c826567/detection
# Reference: https://www.virustotal.com/gui/file/f0c1de5bd4e9797f0cc1c1260a0e78f58aac7a29ee0d3e9376057e47e6c6fd04/detection
# Reference: https://www.virustotal.com/gui/file/87a3a3cffe440e370d30f8bb50ef1266263f80dfbad1af48f1c2a05311055193/detection
# Reference: https://www.virustotal.com/gui/file/ece1620e218f2c8b68312c874697c183f400c72a42855d885fc00865e0ccc1a1/detection

filestore.space
trmm.space

# Reference: https://hunt.io/blog/apt36-india-infrastructure-attacks

37-221-64-252.cprapid.com
dayenter.shop
nic.in.nominationdrdo.report
indianarmy.nic.in.nominationdrdo.report

# Reference: https://x.com/PrakkiSathwik/status/1951235970701111492
# Reference: https://x.com/PrakkiSathwik/status/1951235973448425933
# Reference: https://www.virustotal.com/gui/file/62443c1bc9df7a59e3570fbf8ec18884ebf8d2d003ec1328a315eafb3a3c590e/detection
# Reference: https://www.virustotal.com/gui/file/8f8da8861c368e74b9b5c1c59e64ef00690c5eff4a95e1b4fcf386973895bef1/detection
# Reference: https://www.virustotal.com/gui/file/e689afee5f7bdbd1613bd9a3915ef2a185a05c72aaae4df3dee988fa7109cb0b/detection

kavach.space
modgovindia.space
securestore.cv
modindia.serveminecraft.net

# Reference: https://x.com/TIntel2255/status/1952603397536010609

indiandefenceforce.link
in.indiandefenceforce.link
gov.in.indiandefenceforce.link
email.gov.in.indiandefenceforce.link

# Reference: https://x.com/PrakkiSathwik/status/1952682759555776979
# Reference: https://www.virustotal.com/gui/file/2185e15486256a3bf16176f54e765a76fd9b96cb3800920402a137bdc698e7da/detection
# Reference: https://www.virustotal.com/gui/file/684d950494951cda868a6d1d83e2ab8baedb7b4f2e8b079ab94771fb4fabd09a/detection
# Reference: https://www.virustotal.com/gui/file/54fd53dde4954c499bb67577777fe0f0347f77d007e74aac9f1dfadcb222a525/detection

149.102.152.50:11475
/api/root_188224738941134/hello
/api/root_188224738941134/report
/api/root_188224738941134/upload
/api/root_112493791739904/hello
/api/root_112493791739904/report
/api/root_112493791739904/upload

# Reference: https://threatfox.abuse.ch/browse/malware/win.ares/ (# 2025-05-11)

141.98.11.95:5000
194.163.178.229:56325
2.58.113.190:8080
38.242.144.29:7049
84.247.172.112:12015
84.247.176.126:33548
92.84.154.5:6443
92.84.154.5:8443

# Reference: https://x.com/SinghSoodeep/status/1953011682382615008
# Reference: https://www.virustotal.com/gui/ip-address/45.141.58.199/relations
# Reference: https://www.virustotal.com/gui/file/499f16ed2def90b3d4c0de5ca22d8c8080c26a1a405b4078e262a0a34bcb1e31/detection

45.141.58.199:4000
solarwindturbine.site
sinjita.space
sinjita.store

# Reference: https://x.com/okx_VFJ_/status/1954193713321668867

support-win.duckdns.com
support-win.duckdns.org

# Reference: https://app.validin.com/detail?find=Civil%20Registration%20System&type=raw#tab=host_pairs (# 2025-08-09)

bc-dcrsorgi-in-gov-net.shop
vewecart.shop
mail.vewecart.shop
shop.bc-dcrsorgi-in-gov-net.shop

# Reference: https://app.validin.com/detail?find=Supreme%20Court%20of%20India%20%7C%20India&type=raw#tab=host_pairs (# 2025-08-09)

65.2.19.211:443
95.101.74.198:443
indiaifscente.com
indiascihub.cc
indiascihube.com
indiascihubs.com
indiascihubx.com
indiascihubxs.com
indiascihubxt.com
indiascihubxv.com
indiascihubxx.com
indiascihubxz.com
indiasciorg.com
indiasrcorg.com
sci-gov.site

# Reference: https://x.com/PrakkiSathwik/status/1954892768431813119
# Reference: https://www.virustotal.com/gui/file/b59334160a195d8d43e949978008f3a5c3bb72bcc0d486415fc3861428d54e63/detection
# Reference: https://www.virustotal.com/gui/file/edd965bbf5dbeb5f10bebac7bdb60dc54a1df2753e5174e7fc50bc51b2cffe0e/detection

93.127.142.140:24264
93.127.142.140:25871
93.127.142.140:34864
93.127.142.140:4821
93.127.142.140:9921

# Reference: https://x.com/SinghSoodeep/status/1955860231109665108
# Reference: https://www.virustotal.com/gui/file/678c7f9ff4ef0f1dbe5a07885e244e8730f41e145256e1c17b5fdcd9892c8bb0/detection

5.178.0.29:8080
discoverlive.site

# Reference: https://x.com/SinghSoodeep/status/1958122939062325300
# Reference: https://www.virustotal.com/gui/file/10b54abba525686869c9da223250f70270a742b1a056424c943cfc438c40cc50/detection

45.155.54.28:8080
seemysitelive.store

# Reference: https://app.validin.com/detail?find=3ce12827a69a7f00b514d7036a83db67afea26a3&type=hash#tab=host_pairs (# 2025-08-22)

findsiteabc.site
inii.shop
ncrs.site
sncrs.top
verifyn.site
best.inii.shop
crsportal.shop
c.verifyn.site
in.findsiteabc.site
in.ncrs.site
in.sncrs.top
in.verifyn.site
gov.in.findsiteabc.site
gov.in.ncrs.site
gov.in.sncrs.top
gov.in.verifyn.site
crsorgi.gov.in.findsiteabc.site
crsorgi.gov.in.ncrs.site
crsorgi.gov.in.sncrs.top
crsorgi.gov.in.verifyn.site
dc.c.verifyn.site
dc.crsorgi.gov.in.findsiteabc.site
dc.crsorgi.gov.in.ncrs.site
dc.crsorgi.gov.in.sncrs.top
dc.crsorgi.gov.in.verifyn.site

# Reference: https://x.com/okx_VFJ_/status/1960000808868851968

161.97.82.97:8080
164.215.103.55:8080
45.141.58.199:3389
45.141.58.199:4000
45.155.54.28:8080
chitauri-gateway.com
server.chitauri-gateway.com

# Reference: https://x.com/ThreatBookLabs/status/1960900638273101959
# Reference: https://www.virustotal.com/gui/file/8c158a09ac554f4fa161c75e72bb17858fcd54815395adff555195f9e7757f8c/detection

204.12.227.117:17891
204.12.227.117:25618
204.12.227.117:29242
204.12.227.117:35412
204.12.227.117:7944

# Reference: https://x.com/Cyberteam008/status/1960934160807420075
# Reference: https://www.virustotal.com/gui/file/e174146b0d15a14d46e2a6c71121351a1ff3a8c4a301747be15078c14fa84454/detection
# Reference: https://www.virustotal.com/gui/file/c8e879598568c6e4282b0bf93ed3898150319879a883d983741fcdc6d4ad9356/detection

209.145.61.131:25861
209.145.61.131:28126
209.145.61.131:6616
209.145.61.131:8645
77.93.154.222:18816
77.93.154.222:22826
77.93.154.222:7641

# Reference: https://www.nextron-systems.com/2025/08/29/sindoor-dropper-new-phishing-campaign/
# Reference: https://app.validin.com/detail?find=MeshCentralRoot-f41b30&type=raw&ref_id=66af08ef838#tab=host_pairs (# 2025-09-02)
# Reference: https://www.virustotal.com/gui/file/05b468fc24c93885cad40ff9ecb50594faa6c2c590e75c88a5e5f54a8b696ac8/detection

modcybercell.info
indianbosssystems.ddns.net
in.indianbosssystems.ddns.net
gov.in.indianbosssystems.ddns.net
boss-servers.gov.in.indianbosssystems.ddns.net

# Reference: https://x.com/solostalking/status/1962845037710245957
# Reference: https://urlscan.io/result/01990ac1-3c1d-703a-b854-38e4e38ba8c5/
# Reference: https://urlscan.io/result/01990ac2-dbe4-77c8-9ca8-ee5429d98069/

http://192.52.167.197
192.52.167.197:443
cgda.site
iconicloud.xyz
nicgov.cloud

# Reference: https://x.com/Cyberteam008/status/1963108119049064805
# Reference: https://www.virustotal.com/gui/file/7434a71a8302462d56fee876c74cf3595cba9f2ca6940b3a11ece8aa064fcbaa/detection

amazon-i-mod.s3.eu-north-1.amazonaws.com

# Reference: https://app.validin.com/lookalikes?limit=1000&lookback=90&depth=0&find=%2F%5Egov%5C.in%5C.%5Ba-z-_.%5D%2B%24%2F (# 2025-09-04)

ansupport.store
apiedigi.info
apnaservices.shop
arbajft.in
auths.site
avth.us
bcverify.in
bhulagan.co.in
buykarosanam.info
certifiicate.in
coolfilesearch.com
crov.info
crovimng.online
crs-verify.co.in
crs-verify.xyz
crs.directory
crsgoovi.xyz
crsindex.xyz
crsirg.bar
crso.xyz
crsoin.online
crsori.site
crsweb.shop
cscinfo.cfd
cscvles.shop
dc-p.xyz
dc-verifycertificate.info
dccertificate.in
dccertiflcate.xyz
dcoriginal.info
dcpoint.xyz
dcview.xyz
dybn.cn
edistrictservice.shop
elechem.in
emergingworld.net
employees.in
enjoybusiness.pw
expr.in
general-public.avth.us
getpass.ind.in
glacer.org
hrmspanel.online
hzero.org
icegate.in
idmitra.buzz
iiorg.dev
indexl.in
inrex.info
iserv.ltd
ismartucl.shop
jeddahtime.com
krishportal.xyz
lastoprinting.xyz
mehbulps.shop
mglo.xyz
mnhomeoutlet.com
myphp.shop
nashikparking.com
ngicrs.online
nicrs.info
nicrs.online
nsdl.in
ogri.shop
ogrl.live
online.in
org-certificate.xyz
phipi.info
phpii.info
pihp.info
prakasam.com
printpay.shop
saini.cam
scrachx.cloud
shree-ram.shop
smprint.online
smss.site
status.in
techhost.in
tripura.com
ve-vr.xyz
verefy.in
verfi.co.in
verfi.in
veriffy.info
verificertificate.site
verifycertificate.cloud
verifycertificate.digital
verifyi.site
verifyy.site
veriify.in
verrfy.info
verrfy.site
veryficertificate.info
viesw.site
viewcard.in
viewcarte.xyz
viewcer.in
viewpage.xyz
viewphoto.site
vill.live
virify.in
vjti.in
wa-e.in
wiev.xyz
xcrs.online
xyzportal.site
yavatmalpolice.in
in.web.crs.bcverify.in
in.shree-ram.shop
in.org-certificate.xyz
in.edistrictservice.shop
in.xyzportal.site
in.org-in.xyz
in.crs-verify.xyz
in.ismartucl.shop
in.crsindex.xyz
in.myphp.shop
in.crovimng.online
in.ogrl.live
in.glacer.org
in.verifycertificate.cloud
in.crs.index.php.viewcarte.xyz
in.crs.viewcarte.xyz
in.index.viewcarte.xyz
in.verfi.in
in.mglo.xyz
in.getpass.ind.in
in.in-dax.online.in
in.prakasam.com
in.phpii.info
in.emergingworld.in.net
in.ogri.shop
in.dcpoint.xyz
in.smss.site
in.web.certifiicate.in
in.mps.co.in
in.web.php.index.iiorg.dev
in.index.php.viewcarte.xyz
in.icegate.in
in.encroachment.long.in
in.nsdl.in
in.expr.in
in.employees.in
in.status.in
in.apnaservices.shop
in.vjti.in
in.pihp.info
in.dybn.cn
in.saini.cam
in.phipi.info
in.web.dccertificate.in
in.web.viewcard.in
in.viewpage.xyz
in.auths.site
in.tripura.com
in.crsori.site
in.inrex.info
in.citizen.bhulagan.co.in
in.apiedigi.info
in.enjoybusiness.pw
in.jeddahtime.com
in.web.dc-p.xyz
in.index.dc-p.xyz
in.crs-verify.co.in
in.buykarosanam.info
in.verifycertificate.digital
in.viewcer.in
in.crsweb.shop
in.checkbd.in.cscvles.shop
in.checkbd.in.printpay.shop
in.elechem.in
in.arbajft.in
in.smprint.online
in.index.auth.dc-verifycertificate.info
in.verify.dc-verifycertificate.info
in.dccertiflcate.xyz
in.cscinfo.cfd
in.orgixyz
in.yavatmalpolice.in
in.index.certificate-veryfied.dc-p.xyz
in.scrachx.cloud
in.web.verefy.in
in.nashikparking.com
in.udai.in
in.web.wiev.xyz
in.crsgoovi.xyz
in.krishportal.xyz
in.fasttag.getpass.ind.in
in.web.verrfy.info
in.index.view.certificate.mehbulps.shop
in.idmitra.buzz
in.crs.general-public.avth.us
in.mnhomeoutlet.com
in.verifyy.site
in.inexs.xcrs.online
in.dc.in.crov.info
in.verfi.co.in
in.crso.xyz
in.web.index.crso.xyz
in.web.verrfy.site
in.wa-e.in
in.verifyi.site
in.indexl.in.indexl.in
in.indexl.in
in.crs.index.avth.us
in.crs.ve-vr.xyz
in.ashop
in.web.index.auth.veryficertificate.info
in.v.crs.ve-vr.xyz
in.web.idex.php.auth.vill.live
in.web.index.php.auth.vill.live
in.web.indix.php.auth.vill.live
in.vill.live
in.web.index.crsoin.online
in.iserv.ltd
in.dcoriginal.info
in.crs.viewphoto.site
in.hzero.org
in.dcview.xyz
in.web.virify.in
in.crs.virify.in
in.auth.index.veriify.in
in.web.techhost.in
in.lastoprinting.xyz
in.coolfilesearch.com
in.web.veriffy.info
in.index.veriffy.info
in.ansupport.store
in.hrmspanel.online
in.viesw.site
in.web.nicrs.online
in.nicrs.info
in.in.web.index.nicrs.info
in.crs.directory
in.ngicrs.online
in.indeix.ngicrs.online
in.web.index.auth.verificertificate.site
in.crsirg.bar
in.crs.crsirg.bar
gov.in.agov.shop
gov.in.ansupport.store
gov.in.apiedigi.info
gov.in.apnaservices.shop
gov.in.arbajft.in
gov.in.auth.index.veriify.in
gov.in.auths.site
gov.in.buykarosanam.info
gov.in.checkbd.in.cscvles.shop
gov.in.checkbd.in.printpay.shop
gov.in.citizen.bhulagan.co.in
gov.in.coolfilesearch.com
gov.in.crovimng.online
gov.in.crs-verify.co.in
gov.in.crs-verify.xyz
gov.in.crs.crsirg.bar
gov.in.crs.directory
gov.in.crs.general-public.avth.us
gov.in.crs.index.avth.us
gov.in.crs.index.php.viewcarte.xyz
gov.in.crs.ve-vr.xyz
gov.in.crs.viewcarte.xyz
gov.in.crs.viewphoto.site
gov.in.crs.virify.in
gov.in.crsgoovi.xyz
gov.in.crsindex.xyz
gov.in.crsirg.bar
gov.in.crso.xyz
gov.in.crsori.site
gov.in.crsweb.shop
gov.in.cscinfo.cfd
gov.in.dc.gov.in.crov.info
gov.in.dccertiflcate.xyz
gov.in.dcoriginal.info
gov.in.dcpoint.xyz
gov.in.dcview.xyz
gov.in.dybn.cn
gov.in.edistrictservice.shop
gov.in.elechem.in
gov.in.emergingworld.in.net
gov.in.employees.in
gov.in.encroachment.long.in
gov.in.enjoybusiness.pw
gov.in.expr.in
gov.in.fasttag.getpass.ind.in
gov.in.getpass.ind.in
gov.in.glacer.org
gov.in.hrmspanel.online
gov.in.hzero.org
gov.in.icegate.in
gov.in.idmitra.buzz
gov.in.in-dax.online.in
gov.in.in.web.index.nicrs.info
gov.in.indeix.ngicrs.online
gov.in.index.auth.dc-verifycertificate.info
gov.in.index.certificate-veryfied.dc-p.xyz
gov.in.index.dc-p.xyz
gov.in.index.php.viewcarte.xyz
gov.in.index.veriffy.info
gov.in.index.view.certificate.mehbulps.shop
gov.in.index.viewcarte.xyz
gov.in.indexl.in
gov.in.indexl.in.indexl.in
gov.in.inexs.xcrs.online
gov.in.inrex.info
gov.in.iqc.in
gov.in.iserv.ltd
gov.in.ismartucl.shop
gov.in.jeddahtime.com
gov.in.krishportal.xyz
gov.in.lastoprinting.xyz
gov.in.loge.in
gov.in.mglo.xyz
gov.in.mnhomeoutlet.com
gov.in.mps.co.in
gov.in.myphp.shop
gov.in.nashikparking.com
gov.in.ngicrs.online
gov.in.nicrs.info
gov.in.nsdl.in
gov.in.ogri.shop
gov.in.ogrl.live
gov.in.org-certificate.xyz
gov.in.org-in.xyz
gov.in.orgigov.xyz
gov.in.phipi.info
gov.in.phpii.info
gov.in.pihp.info
gov.in.prakasam.com
gov.in.saini.cam
gov.in.scheme.in
gov.in.scrachx.cloud
gov.in.shree-ram.shop
gov.in.smprint.online
gov.in.smss.site
gov.in.status.in
gov.in.tripura.com
gov.in.udai.in
gov.in.upsc.in
gov.in.v.crs.ve-vr.xyz
gov.in.verfi.co.in
gov.in.verfi.in
gov.in.verify.dc-verifycertificate.info
gov.in.verifycertificate.cloud
gov.in.verifycertificate.digital
gov.in.verifyi.site
gov.in.verifyy.site
gov.in.viesw.site
gov.in.viewcer.in
gov.in.viewpage.xyz
gov.in.vill.live
gov.in.vjti.in
gov.in.wa-e.in
gov.in.web.certifiicate.in
gov.in.web.crs.bcverify.in
gov.in.web.dc-p.xyz
gov.in.web.dccertificate.in
gov.in.web.idex.php.auth.vill.live
gov.in.web.index.auth.verificertificate.site
gov.in.web.index.auth.veryficertificate.info
gov.in.web.index.crso.xyz
gov.in.web.index.crsoin.online
gov.in.web.index.php.auth.vill.live
gov.in.web.indix.php.auth.vill.live
gov.in.web.nicrs.online
gov.in.web.php.index.iiorg.dev
gov.in.web.techhost.in
gov.in.web.verefy.in
gov.in.web.veriffy.info
gov.in.web.verrfy.info
gov.in.web.verrfy.site
gov.in.web.viewcard.in
gov.in.web.virify.in
gov.in.web.wiev.xyz
gov.in.xyzportal.site
gov.in.yavatmalpolice.gov.in
gujarat.gov.in.scheme.in

# Reference: https://x.com/Cyberteam008/status/1966104749398245423
# Reference: https://www.virustotal.com/gui/file/cf39bb998db59d3db92114d2235770a4a6c9cbf6354462cfedd1df09e60fe007/detection
# Reference: https://www.virustotal.com/gui/file/3d50fa310314e124e6dcf24c2237c9b982ed19d8108f312d2ff67a5536f049fd/detection

5.178.0.29:8080
2ndline.cfd
cloudstore.cam

# Reference: https://x.com/Cyberteam008/status/1968203369060896865
# Reference: https://www.virustotal.com/gui/file/03edba9908a2f9e1012237d216e894029bd58f9121027e35f80d7b701d30ca95/detection

d2i8rh3pkr4ltc.cloudfront.net

# Reference: https://x.com/ThreatBookLabs/status/1968480138804477961
# Reference: https://www.virustotal.com/gui/file/17b7f9f5c6eaaa19a57890da4585cc25a86c2d007c2ea6c5f903c35bd0e06039/detection
# Reference: https://www.virustotal.com/gui/file/4df92d3c834aafd5e1ba3c7515a62b0bddd147c4b322401352dc63e46dca79c5/detection
# Reference: https://www.virustotal.com/gui/file/606889a66e21008ac15606ee34b5e81cbf46de15b6585b9351452716d8e3281d/detection
# Reference: https://www.virustotal.com/gui/file/daa42d2e7e27dea896db830dd3a692bc756664cfec3f686e385724cfe1dd6d26/detection

intelupates.com
backup.intelupates.com

# Reference: https://app.validin.com/detail?find=8d46b0ef0d23f1d5c0c21f88d483dfaf&type=hash&ref_id=7142f328aed#tab=host_pairs (# 2025-09-18)

aiabcd.xyz
aiview.org.in
allservice.live
allservices.club
amneupdate.in
aoth.in
apnawork.shop
auth.in.net
avth.info
basr.cam
bcverify.online
carit.icu
ceit.shop
crs-org.site
crs.homes
crsdc.online
crsigiv.in
crsigove.in
crsori.in
crsverifieds.site
crsverifieds.xyz
digital-csc.in
dobviwe.in
documentsubmit.site
esathi.live
eseva.buzz
firr.info
getprint.site
gov-crs.in.net
gov-csc.sbs
gsprint.xyz
iindex.in
indbith.site
indesx.fun
indexp.xyz
indexxi.site
indixx.xyz
indxn.xyz
inyex.co.in
iorg.ink
ja-ai.shop
jansevakendra.top
jdservicephp.com
jkhosting.xyz
mahacsc.top
makeeedocs.shop
manualorg.space
ngicrs.info
ogri.live
ogrii.live
orginall.xyz
orgiweb.in
origi.pro
panekycnsdl.in
pgoneindia.shop
phpi.cloud
phpii.site
phpt.info
pirint.icu
portalwalalive.in
qafila.fun
superfast.cyou
superfast.website
techdc.shop
verfiy.in
verificertificate.services
verificertificate.shop
verifycer.site
verifycertificate.fun
verilfy.info
verlfy.site
verrify.in
veryfy.website
viawcert.info
viewca.cam
viewcertificates.xyz
viewcertify.site
vipbirth.shop
vipcrs.info
webbirt.shop
webprint.site
zseva.site
in.aiabcd.xyz
in.allservice.live
in.allservices.club
in.amneupdate.in
in.auth.ogri.in.ogri.live
in.auth.ogri.live
in.basr.cam
in.birth.inyex.co.in
in.ceit.shop
in.co.ogri.live
in.crs-org.site
in.crs.bcverify.online
in.crs.getprint.site
in.crs.homes
in.crs.indexxi.site
in.crs.test.panekycnsdl.in
in.crs.verifycertifi.carit.icu
in.crs.viawcert.info
in.crs.web.superfast.cyou
in.crs.web.superfast.website
in.crs.web.website.superfast.website
in.crsdc.online
in.crsigiv.in
in.crsigove.in
in.crsorgi.gov.in.ngicrs.info
in.crsori.in
in.crsverifieds.site
in.crsverifieds.xyz
in.dccertificate.in.eseva.buzz
in.digital-csc.in
in.documentsubmit.site
in.esathi.live
in.getprint.site
in.gov-crs.in.net
in.gov-csc.sbs
in.gsprint.xyz
in.i.qafila.fun
in.iindex.in
in.in.ceit.shop
in.in.firr.info
in.in.inde.firr.info
in.indbith.site
in.indesx.fun
in.index-verify.index.qafila.fun
in.index.ogri.in.ogri.live
in.index.org.qafila.fun
in.index.origi.pro
in.index.vipbirth.shop
in.index.web.php.ceit.shop
in.index.zseva.site
in.indexp.xyz
in.indxn.xyz
in.iorg.ink
in.ja-ai.shop
in.jansevakendra.top
in.jdservicephp.com
in.mahacsc.top
in.makeeedocs.shop
in.manualorg.space
in.ngicrs.info
in.ogri.live
in.ogrii.live
in.orginall.xyz
in.pgoneindia.shop
in.phpt.info
in.portalwalalive.in
in.qafila.fun
in.techdc.shop
in.verfiy.in
in.verify.auth.in.net
in.verify.auth.index.apnawork.shop
in.verify.indixx.xyz
in.verifycer.site
in.verifycertificate.fun
in.verrify.in
in.veryfy.website
in.view.web.index.origi.pro
in.viewcart.indexxi.site
in.viewcertificates.xyz
in.viewcertify.site
in.web.auth.index.viewca.cam
in.web.indesx.verilfy.info
in.web.index.aiview.org.in
in.web.index.auth.pirint.icu
in.web.index.auth.verificertificate.services
in.web.index.auth.verificertificate.shop
in.web.index.dobviwe.in
in.web.index.max.qafila.fun
in.web.index.php.aoth.in
in.web.index.php.avth.info
in.web.index.php.verilfy.info
in.web.index.phpi.cloud
in.web.index.verilfy.info
in.web.index.verlfy.site
in.web.index.viewca.cam
in.web.phpii.site
in.web.pirint.icu
in.web.qafila.fun
in.web.view.index.orgiweb.in
in.web.vipcrs.info
in.webb.index.jkhosting.xyz
in.webbirt.shop
in.webprint.site
gov.in.aiabcd.xyz
gov.in.allservice.live
gov.in.allservices.club
gov.in.amneupdate.in
gov.in.auth.ogri.in.ogri.live
gov.in.auth.ogri.live
gov.in.basr.cam
gov.in.birth.inyex.co.in
gov.in.ceit.shop
gov.in.co.ogri.live
gov.in.crs-org.site
gov.in.crs.bcverify.online
gov.in.crs.getprint.site
gov.in.crs.homes
gov.in.crs.indexxi.site
gov.in.crs.test.panekycnsdl.in
gov.in.crs.verifycertifi.carit.icu
gov.in.crs.viawcert.info
gov.in.crs.web.superfast.cyou
gov.in.crs.web.superfast.website
gov.in.crs.web.website.superfast.website
gov.in.crsdc.online
gov.in.crsigiv.in
gov.in.crsigove.in
gov.in.crsorgi.gov.in.ngicrs.info
gov.in.crsori.in
gov.in.crsverifieds.site
gov.in.crsverifieds.xyz
gov.in.dccertificate.in.eseva.buzz
gov.in.digital-csc.in
gov.in.documentsubmit.site
gov.in.esathi.live
gov.in.getprint.site
gov.in.gov-crs.in.net
gov.in.gov-csc.sbs
gov.in.gsprint.xyz
gov.in.i.qafila.fun
gov.in.iindex.in
gov.in.in.ceit.shop
gov.in.in.firr.info
gov.in.in.inde.firr.info
gov.in.indbith.site
gov.in.indesx.fun
gov.in.index-verify.index.qafila.fun
gov.in.index.ogri.in.ogri.live
gov.in.index.org.qafila.fun
gov.in.index.origi.pro
gov.in.index.vipbirth.shop
gov.in.index.web.php.ceit.shop
gov.in.index.zseva.site
gov.in.indexp.xyz
gov.in.indxn.xyz
gov.in.iorg.ink
gov.in.ja-ai.shop
gov.in.jansevakendra.top
gov.in.jdservicephp.com
gov.in.mahacsc.top
gov.in.makeeedocs.shop
gov.in.manualorg.space
gov.in.ngicrs.info
gov.in.ogri.live
gov.in.ogrii.live
gov.in.orginall.xyz
gov.in.pgoneindia.shop
gov.in.phpt.info
gov.in.portalwalalive.in
gov.in.qafila.fun
gov.in.techdc.shop
gov.in.verfiy.in
gov.in.verify.auth.in.net
gov.in.verify.auth.index.apnawork.shop
gov.in.verify.indixx.xyz
gov.in.verifycer.site
gov.in.verifycertificate.fun
gov.in.verrify.in
gov.in.veryfy.website
gov.in.view.web.index.origi.pro
gov.in.viewcart.indexxi.site
gov.in.viewcertificates.xyz
gov.in.viewcertify.site
gov.in.web.auth.index.viewca.cam
gov.in.web.indesx.verilfy.info
gov.in.web.index.aiview.org.in
gov.in.web.index.auth.pirint.icu
gov.in.web.index.auth.verificertificate.services
gov.in.web.index.auth.verificertificate.shop
gov.in.web.index.dobviwe.in
gov.in.web.index.max.qafila.fun
gov.in.web.index.php.aoth.in
gov.in.web.index.php.avth.info
gov.in.web.index.php.verilfy.info
gov.in.web.index.phpi.cloud
gov.in.web.index.verilfy.info
gov.in.web.index.verlfy.site
gov.in.web.index.viewca.cam
gov.in.web.phpii.site
gov.in.web.pirint.icu
gov.in.web.qafila.fun
gov.in.web.view.index.orgiweb.in
gov.in.web.vipcrs.info
gov.in.webb.index.jkhosting.xyz
gov.in.webbirt.shop
gov.in.webprint.site
crsorgi.gov.in.allservice.live
crsorgi.gov.in.basr.cam
crsorgi.gov.in.ceit.shop
crsorgi.gov.in.crs.bcverify.online
crsorgi.gov.in.crs.homes
crsorgi.gov.in.crs.verifycertifi.carit.icu
crsorgi.gov.in.crsigove.in
crsorgi.gov.in.crsorgi.gov.in.ngicrs.info
crsorgi.gov.in.crsori.in
crsorgi.gov.in.iindex.in
crsorgi.gov.in.in.ceit.shop
crsorgi.gov.in.in.firr.info
crsorgi.gov.in.in.inde.firr.info
crsorgi.gov.in.indbith.site
crsorgi.gov.in.index.vipbirth.shop
crsorgi.gov.in.index.web.php.ceit.shop
crsorgi.gov.in.ja-ai.shop
crsorgi.gov.in.makeeedocs.shop
crsorgi.gov.in.ngicrs.info
crsorgi.gov.in.phpt.info
crsorgi.gov.in.portalwalalive.in
crsorgi.gov.in.qafila.fun
crsorgi.gov.in.techdc.shop
crsorgi.gov.in.verfiy.in
crsorgi.gov.in.verify.auth.in.net
crsorgi.gov.in.verify.auth.index.apnawork.shop
crsorgi.gov.in.verify.indixx.xyz
crsorgi.gov.in.verifycer.site
crsorgi.gov.in.verifycertificate.fun
crsorgi.gov.in.verrify.in
crsorgi.gov.in.veryfy.website
crsorgi.gov.in.view.web.index.origi.pro
crsorgi.gov.in.viewcart.indexxi.site
crsorgi.gov.in.viewcertificates.xyz
crsorgi.gov.in.viewcertify.site
crsorgi.gov.in.web.auth.index.viewca.cam
crsorgi.gov.in.web.indesx.verilfy.info
crsorgi.gov.in.web.index.aiview.org.in
crsorgi.gov.in.web.index.auth.pirint.icu
crsorgi.gov.in.web.index.auth.verificertificate.services
crsorgi.gov.in.web.index.auth.verificertificate.shop
crsorgi.gov.in.web.index.dobviwe.in
crsorgi.gov.in.web.index.max.qafila.fun
crsorgi.gov.in.web.index.php.aoth.in
crsorgi.gov.in.web.index.php.avth.info
crsorgi.gov.in.web.index.php.verilfy.info
crsorgi.gov.in.web.index.phpi.cloud
crsorgi.gov.in.web.index.verilfy.info
crsorgi.gov.in.web.index.verlfy.site
crsorgi.gov.in.web.index.viewca.cam
crsorgi.gov.in.web.phpii.site
crsorgi.gov.in.web.pirint.icu
crsorgi.gov.in.web.qafila.fun
crsorgi.gov.in.web.view.index.orgiweb.in
crsorgi.gov.in.web.vipcrs.info
crsorgi.gov.in.webb.index.jkhosting.xyz
crsorgi.gov.in.webbirt.shop
crsorgi.gov.in.webprint.site
dc.crsorgi.gov.in.aiabcd.xyz
dc.crsorgi.gov.in.allservice.live
dc.crsorgi.gov.in.allservices.club
dc.crsorgi.gov.in.amneupdate.in
dc.crsorgi.gov.in.auth.ogri.in.ogri.live
dc.crsorgi.gov.in.auth.ogri.live
dc.crsorgi.gov.in.basr.cam
dc.crsorgi.gov.in.birth.inyex.co.in
dc.crsorgi.gov.in.ceit.shop
dc.crsorgi.gov.in.co.ogri.live
dc.crsorgi.gov.in.crs-org.site
dc.crsorgi.gov.in.crs.bcverify.online
dc.crsorgi.gov.in.crs.getprint.site
dc.crsorgi.gov.in.crs.homes
dc.crsorgi.gov.in.crs.indexxi.site
dc.crsorgi.gov.in.crs.test.panekycnsdl.in
dc.crsorgi.gov.in.crs.verifycertifi.carit.icu
dc.crsorgi.gov.in.crs.viawcert.info
dc.crsorgi.gov.in.crs.web.superfast.cyou
dc.crsorgi.gov.in.crs.web.superfast.website
dc.crsorgi.gov.in.crs.web.website.superfast.website
dc.crsorgi.gov.in.crsdc.online
dc.crsorgi.gov.in.crsigiv.in
dc.crsorgi.gov.in.crsigove.in
dc.crsorgi.gov.in.crsorgi.gov.in.ngicrs.info
dc.crsorgi.gov.in.crsori.in
dc.crsorgi.gov.in.crsverifieds.site
dc.crsorgi.gov.in.crsverifieds.xyz
dc.crsorgi.gov.in.dccertificate.in.eseva.buzz
dc.crsorgi.gov.in.digital-csc.in
dc.crsorgi.gov.in.documentsubmit.site
dc.crsorgi.gov.in.esathi.live
dc.crsorgi.gov.in.getprint.site
dc.crsorgi.gov.in.gov-crs.in.net
dc.crsorgi.gov.in.gov-csc.sbs
dc.crsorgi.gov.in.gsprint.xyz
dc.crsorgi.gov.in.i.qafila.fun
dc.crsorgi.gov.in.iindex.in
dc.crsorgi.gov.in.in.ceit.shop
dc.crsorgi.gov.in.in.firr.info
dc.crsorgi.gov.in.in.inde.firr.info
dc.crsorgi.gov.in.indbith.site
dc.crsorgi.gov.in.indesx.fun
dc.crsorgi.gov.in.index-verify.index.qafila.fun
dc.crsorgi.gov.in.index.ogri.in.ogri.live
dc.crsorgi.gov.in.index.org.qafila.fun
dc.crsorgi.gov.in.index.origi.pro
dc.crsorgi.gov.in.index.vipbirth.shop
dc.crsorgi.gov.in.index.web.php.ceit.shop
dc.crsorgi.gov.in.index.zseva.site
dc.crsorgi.gov.in.indexp.xyz
dc.crsorgi.gov.in.indxn.xyz
dc.crsorgi.gov.in.iorg.ink
dc.crsorgi.gov.in.ja-ai.shop
dc.crsorgi.gov.in.jansevakendra.top
dc.crsorgi.gov.in.jdservicephp.com
dc.crsorgi.gov.in.mahacsc.top
dc.crsorgi.gov.in.makeeedocs.shop
dc.crsorgi.gov.in.manualorg.space
dc.crsorgi.gov.in.ngicrs.info
dc.crsorgi.gov.in.ogri.live
dc.crsorgi.gov.in.ogrii.live
dc.crsorgi.gov.in.orginall.xyz
dc.crsorgi.gov.in.pgoneindia.shop
dc.crsorgi.gov.in.phpt.info
dc.crsorgi.gov.in.portalwalalive.in
dc.crsorgi.gov.in.qafila.fun
dc.crsorgi.gov.in.techdc.shop
dc.crsorgi.gov.in.verfiy.in
dc.crsorgi.gov.in.verify.auth.in.net
dc.crsorgi.gov.in.verify.auth.index.apnawork.shop
dc.crsorgi.gov.in.verify.indixx.xyz
dc.crsorgi.gov.in.verifycer.site
dc.crsorgi.gov.in.verifycertificate.fun
dc.crsorgi.gov.in.verrify.in
dc.crsorgi.gov.in.veryfy.website
dc.crsorgi.gov.in.view.web.index.origi.pro
dc.crsorgi.gov.in.viewcart.indexxi.site
dc.crsorgi.gov.in.viewcertificates.xyz
dc.crsorgi.gov.in.viewcertify.site
dc.crsorgi.gov.in.web.auth.index.viewca.cam
dc.crsorgi.gov.in.web.indesx.verilfy.info
dc.crsorgi.gov.in.web.index.aiview.org.in
dc.crsorgi.gov.in.web.index.auth.pirint.icu
dc.crsorgi.gov.in.web.index.auth.verificertificate.services
dc.crsorgi.gov.in.web.index.auth.verificertificate.shop
dc.crsorgi.gov.in.web.index.dobviwe.in
dc.crsorgi.gov.in.web.index.max.qafila.fun
dc.crsorgi.gov.in.web.index.php.aoth.in
dc.crsorgi.gov.in.web.index.php.avth.info
dc.crsorgi.gov.in.web.index.php.verilfy.info
dc.crsorgi.gov.in.web.index.phpi.cloud
dc.crsorgi.gov.in.web.index.verilfy.info
dc.crsorgi.gov.in.web.index.verlfy.site
dc.crsorgi.gov.in.web.index.viewca.cam
dc.crsorgi.gov.in.web.phpii.site
dc.crsorgi.gov.in.web.pirint.icu
dc.crsorgi.gov.in.web.qafila.fun
dc.crsorgi.gov.in.web.view.index.orgiweb.in
dc.crsorgi.gov.in.web.vipcrs.info
dc.crsorgi.gov.in.webb.index.jkhosting.xyz
dc.crsorgi.gov.in.webbirt.shop
dc.crsorgi.gov.in.webprint.site

# Reference: https://app.validin.com/detail?find=6234cc6e529013e77f1e7f75a6ac2525&type=hash&ref_id=598e0568d50#tab=host_pairs (# 2025-09-22)

crsorgi-gov-web.shop
crsorgi.gov.in.web.index.dobview.in
crsorgi.gov.in.web.index.sbmb.pro
dc.crsorgi.gov.in.web.index.dobview.in
dc.crsorgi.gov.in.web.index.sbmb.pro
dobview.in
gov.in.web.index.dobview.in
gov.in.web.index.sbmb.pro
in.web.index.dobview.in
in.web.index.sbmb.pro
iphp.in
mail.crsorgi-gov-web.shop
mail.dobview.in
mail.sksewa.in
sbmb.pro
sksewa.in
web.index.dobview.in
web.index.sbmb.pro

# Reference: https://x.com/RedDrip7/status/1970750314044391427
# Reference: https://www.virustotal.com/gui/file/3243bedebce26f60f48835042d51242eebec1be97e0286901716790f4a1d974b/detection
# Reference: https://www.virustotal.com/gui/file/64f2a917271cbbb39d09f502e9afbadc1e99dfc8b029bd48adbbe87cdb277ea5/detection
# Reference: https://www.virustotal.com/gui/file/2c452c89eef048a02d878b90b3ac82ea3962b8c5528e80dd280a1a36c3df6bc6/detection
# Reference: https://www.virustotal.com/gui/file/9a4abaf9a48598f12230943c6a7d1481bc8957aca1ef2997031732f6fb72cbac/detection

77.93.155.106:15168
77.93.155.106:18689
77.93.155.106:26568
77.93.155.106:5698
77.93.155.106:8989

# Reference: https://x.com/suyog41/status/1971167969733738854
# Reference: https://x.com/PrakkiSathwik/status/1971192235954999531
# Reference: https://www.virustotal.com/gui/file/00b07bf3c861afd79be15b78b4423aaaf3b9df80ec92388ba001ac6e5076b680/detection

vetpharmaconsultant.in

# Reference: https://x.com/SinghSoodeep/status/1971563773270896885
# Reference: https://www.virustotal.com/gui/file/567dfbe825e155691329d74d015db339e1e6db73b704b3246b3f015ffd9f0b33/detection

147.93.155.118:8080
newforsomething.rest
seeconnectionalive.website

# TITLE-IP=Stealth Server - Login
# CLASS_0_HASH-IP=995d390e764d5c690d818c71f102ed3f

146.19.173.167:8080
45.155.54.122:8080

# Reference: https://x.com/SinghSoodeep/status/1973307376200720839
# Reference: https://www.virustotal.com/gui/file/43715401531e0060827d3dcfd406add434829192051fe76d5ffdbb22602cc136/detection

modgovindia.com

# Reference: https://x.com/Cyberteam008/status/1978823152118407431

146.19.173.109:8080
164.215.103.129:8080
37.221.64.202:443
45.155.54.62:8080
81.180.93.5:443
81.180.93.5:8080
37-221-64-202.cprapid.com
campindia.xyz
chuchuchacha.art
chuchuchacha.club
departmentofdefence.live
in.campindia.xyz
in.departmentofdefence.live
mgovcloud.in.departmentofdefence.live
accountsmgovcloud.in.campindia.xyz
accounts.mgovcloud.in.departmentofdefence.live

# Reference: https://x.com/solostalking/status/1981304762751426717
# Reference: https://www.virustotal.com/gui/ip-address/45.155.53.233/relations

2.59.219.206:5000
chuchuchacha.site
chuchuchacha.space
datatodownload.shop
letmeseethis.shop
newdomainforuse.bond
trmm.store
whyareyouseeing.shop

# Reference: https://x.com/blackorbird/status/1979122075873796342
# Reference: https://mp.weixin.qq.com/s/88VDPssTV3LG9MHgAG5VsQ

101.99.94.109:4000
101.99.94.109:8080
/ghg/Mt_dated_29.txt
/Mt_dated_29.txt

# Reference: https://x.com/PrakkiSathwik/status/1979162389061763260
# Reference: https://www.virustotal.com/gui/file/fdb2804a394065df893c95d8fed789e7f1fd783eabc4996212842beee802fe95/detection
# Reference: https://www.virustotal.com/gui/file/3624db27673e427d079b771f2cd6866d6ffc63fd2156c7a2031f769dde567b93/detection
# Reference: https://www.virustotal.com/gui/file/21f4f79abd1eb07cb5d1ddaa74600442637ac744ab2cd28123a20871a2973946/detection

securestore.it.com

# Reference: https://x.com/PrakkiSathwik/status/1979235334673363448

164.215.103.129:14500
cdsofficialgov.site

# Reference: https://x.com/PrakkiSathwik/status/1979514409551819168

zohmailcloud.com
/pakafghan/impactonnorthernborderindia.php
/impactonnorthernborderindia.php

# REGEX=/^dc\.crsorgi\.gov\.in\.[a-z]+\.[a-z]+$/ (# 2025-11-01)

aadharsewa.site
aadperson.xyz
amrjeetservicenet.xyz
apie.live
apiwala.space
apnacsc.xyz
apnafind.shop
ardhsanikcanteen.in
authxweb.in
bestadhaarprint.in
bestonline.digital
bestprint.cfd
bhawishyanidhi.in
certifly.live
certview.in
certviw.in
crasverify.cfd
crgi.shop
crgi.xyz
crs.wtf
crsa.site
crsapna.shop
crsmitra.xyz
crso.site
crsor.info
crsverify.com
crsweb.xyz
cscdigital.xyz
cscinto.cfd
csssuu.cfd
csucc.cfd
csuccc.cfd
dcoriginal.online
dcrs.in
dfone.shop
dgct.site
ditasol.xyz
edgeworking.shop
emitra.cam
freshseva.icu
gfh.wtf
govaco.shop
gove.info
govindia.in
gstech.cam
indexphp.info
indexx.store
indxe.info
irxi.in
jantaweb.site
livereport.icu
lndex.online
ncrs.fun
ogri.site
omsaicomputerucl.site
orgi.online
orjinaal.xyz
orroi.shop
pdfn.site
photosupload.xyz
phptt.online
portalwalamanual.shop
printhh.shop
procrs.site
rkprint.xyz
royalservice.shop
serviscart.shop
sscrs.site
txprint.xyz
veerrajput.xyz
vefiy.in
vefry.in
verfiys.in
verfly.in
verfry.in
verfy.cc
verifycert.shop
verifycertificate.biz
verifycertificate.site
verifyd.xyz
verifyinfo.xyz
verifyy.in
veriy.in
veriye.in
verlfy.online
viaw.in
viewcert.buzz
viewcerts.fun
viewd.in
vkbestprint.com
vlewcert.shop
webl.info
webxcoder.sbs
in.aadharsewa.site
in.aadperson.xyz
in.amrjeetservicenet.xyz
in.apie.live
in.apiwala.space
in.apnacsc.xyz
in.apnafind.shop
in.ardhsanikcanteen.in
in.authxweb.in
in.bestadhaarprint.in
in.bestonline.digital
in.bestprint.cfd
in.bhawishyanidhi.in
in.certifly.live
in.certview.in
in.certviw.in
in.crasverify.cfd
in.crgi.shop
in.crgi.xyz
in.crs.wtf
in.crsa.site
in.crsapna.shop
in.crsmitra.xyz
in.crso.site
in.crsor.info
in.crsorgin.xyz
in.crsverify.com
in.crsweb.xyz
in.cscdigital.xyz
in.cscinto.cfd
in.csssuu.cfd
in.csucc.cfd
in.csuccc.cfd
in.dcoriginal.online
in.dcrs.in
in.dfone.shop
in.dgct.site
in.ditasol.xyz
in.edgeworking.shop
in.emitra.cam
in.freshseva.icu
in.gfh.wtf
in.govaco.shop
in.gove.info
in.govindia.in
in.gstech.cam
in.indexin.shop
in.indexphp.info
in.indexx.store
in.indxe.info
in.irxi.in
in.jantaweb.site
in.livereport.icu
in.lndex.online
in.ncrs.fun
in.ogri.site
in.omsaicomputerucl.site
in.orgi.online
in.orjinaal.xyz
in.orroi.shop
in.pdfn.site
in.photosupload.xyz
in.phptt.online
in.portalwalamanual.shop
in.printhh.shop
in.procrs.site
in.rkprint.xyz
in.royalservice.shop
in.serviscart.shop
in.sscrs.site
in.txprint.xyz
in.veerrajput.xyz
in.vefiy.in
in.vefry.in
in.verfiys.in
in.verfly.in
in.verfry.in
in.verfy.cc
in.verifycert.shop
in.verifycertificate.biz
in.verifycertificate.site
in.verifyd.xyz
in.verifyinfo.xyz
in.verifyy.in
in.veriy.in
in.veriye.in
in.verlfy.online
in.viaw.in
in.viewcert.buzz
in.viewcerts.fun
in.viewd.in
in.vkbestprint.com
in.vlewcert.shop
in.webl.info
in.webxcoder.sbs
gov.in.aadharsewa.site
gov.in.aadperson.xyz
gov.in.amrjeetservicenet.xyz
gov.in.apie.live
gov.in.apiwala.space
gov.in.apnacsc.xyz
gov.in.apnafind.shop
gov.in.ardhsanikcanteen.in
gov.in.authxweb.in
gov.in.bestadhaarprint.in
gov.in.bestonline.digital
gov.in.bestprint.cfd
gov.in.bhawishyanidhi.in
gov.in.certifly.live
gov.in.certview.in
gov.in.certviw.in
gov.in.crasverify.cfd
gov.in.crgi.shop
gov.in.crgi.xyz
gov.in.crs.wtf
gov.in.crsa.site
gov.in.crsapna.shop
gov.in.crsmitra.xyz
gov.in.crso.site
gov.in.crsor.info
gov.in.crsorgin.xyz
gov.in.crsverify.com
gov.in.crsweb.xyz
gov.in.cscdigital.xyz
gov.in.cscinto.cfd
gov.in.csssuu.cfd
gov.in.csucc.cfd
gov.in.csuccc.cfd
gov.in.dcoriginal.online
gov.in.dcrs.in
gov.in.dfone.shop
gov.in.dgct.site
gov.in.ditasol.xyz
gov.in.edgeworking.shop
gov.in.emitra.cam
gov.in.freshseva.icu
gov.in.gfh.wtf
gov.in.govaco.shop
gov.in.gove.info
gov.in.govindia.in
gov.in.gstech.cam
gov.in.indexin.shop
gov.in.indexphp.info
gov.in.indexx.store
gov.in.indxe.info
gov.in.irxi.in
gov.in.jantaweb.site
gov.in.livereport.icu
gov.in.lndex.online
gov.in.ncrs.fun
gov.in.ogri.site
gov.in.omsaicomputerucl.site
gov.in.orgi.online
gov.in.orjinaal.xyz
gov.in.orroi.shop
gov.in.pdfn.site
gov.in.photosupload.xyz
gov.in.phptt.online
gov.in.portalwalamanual.shop
gov.in.printhh.shop
gov.in.procrs.site
gov.in.rkprint.xyz
gov.in.royalservice.shop
gov.in.serviscart.shop
gov.in.sscrs.site
gov.in.txprint.xyz
gov.in.veerrajput.xyz
gov.in.vefiy.in
gov.in.vefry.in
gov.in.verfiys.in
gov.in.verfly.in
gov.in.verfry.in
gov.in.verfy.cc
gov.in.verifycert.shop
gov.in.verifycertificate.biz
gov.in.verifycertificate.site
gov.in.verifyd.xyz
gov.in.verifyinfo.xyz
gov.in.verifyy.in
gov.in.veriy.in
gov.in.veriye.in
gov.in.verlfy.online
gov.in.viaw.in
gov.in.viewcert.buzz
gov.in.viewcerts.fun
gov.in.viewd.in
gov.in.vkbestprint.com
gov.in.vlewcert.shop
gov.in.webl.info
gov.in.webxcoder.sbs
crsorgi.gov.in.aadharsewa.site
crsorgi.gov.in.aadperson.xyz
crsorgi.gov.in.amrjeetservicenet.xyz
crsorgi.gov.in.apie.live
crsorgi.gov.in.apiwala.space
crsorgi.gov.in.apnacsc.xyz
crsorgi.gov.in.apnafind.shop
crsorgi.gov.in.ardhsanikcanteen.in
crsorgi.gov.in.authxweb.in
crsorgi.gov.in.bestadhaarprint.in
crsorgi.gov.in.bestonline.digital
crsorgi.gov.in.bestprint.cfd
crsorgi.gov.in.bhawishyanidhi.in
crsorgi.gov.in.certifly.live
crsorgi.gov.in.certview.in
crsorgi.gov.in.certviw.in
crsorgi.gov.in.crasverify.cfd
crsorgi.gov.in.crgi.shop
crsorgi.gov.in.crgi.xyz
crsorgi.gov.in.crs.wtf
crsorgi.gov.in.crsa.site
crsorgi.gov.in.crsapna.shop
crsorgi.gov.in.crsmitra.xyz
crsorgi.gov.in.crso.site
crsorgi.gov.in.crsor.info
crsorgi.gov.in.crsorgin.xyz
crsorgi.gov.in.crsverify.com
crsorgi.gov.in.crsweb.xyz
crsorgi.gov.in.cscdigital.xyz
crsorgi.gov.in.cscinto.cfd
crsorgi.gov.in.csssuu.cfd
crsorgi.gov.in.csucc.cfd
crsorgi.gov.in.csuccc.cfd
crsorgi.gov.in.dcoriginal.online
crsorgi.gov.in.dcrs.in
crsorgi.gov.in.dfone.shop
crsorgi.gov.in.dgct.site
crsorgi.gov.in.ditasol.xyz
crsorgi.gov.in.edgeworking.shop
crsorgi.gov.in.emitra.cam
crsorgi.gov.in.freshseva.icu
crsorgi.gov.in.gfh.wtf
crsorgi.gov.in.govaco.shop
crsorgi.gov.in.gove.info
crsorgi.gov.in.govindia.in
crsorgi.gov.in.gstech.cam
crsorgi.gov.in.indexin.shop
crsorgi.gov.in.indexphp.info
crsorgi.gov.in.indexx.store
crsorgi.gov.in.indxe.info
crsorgi.gov.in.irxi.in
crsorgi.gov.in.jantaweb.site
crsorgi.gov.in.livereport.icu
crsorgi.gov.in.lndex.online
crsorgi.gov.in.ncrs.fun
crsorgi.gov.in.ogri.site
crsorgi.gov.in.omsaicomputerucl.site
crsorgi.gov.in.orgi.online
crsorgi.gov.in.orjinaal.xyz
crsorgi.gov.in.orroi.shop
crsorgi.gov.in.pdfn.site
crsorgi.gov.in.photosupload.xyz
crsorgi.gov.in.phptt.online
crsorgi.gov.in.portalwalamanual.shop
crsorgi.gov.in.printhh.shop
crsorgi.gov.in.procrs.site
crsorgi.gov.in.rkprint.xyz
crsorgi.gov.in.royalservice.shop
crsorgi.gov.in.serviscart.shop
crsorgi.gov.in.sscrs.site
crsorgi.gov.in.txprint.xyz
crsorgi.gov.in.veerrajput.xyz
crsorgi.gov.in.vefiy.in
crsorgi.gov.in.vefry.in
crsorgi.gov.in.verfiys.in
crsorgi.gov.in.verfly.in
crsorgi.gov.in.verfry.in
crsorgi.gov.in.verfy.cc
crsorgi.gov.in.verifycert.shop
crsorgi.gov.in.verifycertificate.biz
crsorgi.gov.in.verifycertificate.site
crsorgi.gov.in.verifyd.xyz
crsorgi.gov.in.verifyinfo.xyz
crsorgi.gov.in.verifyy.in
crsorgi.gov.in.veriy.in
crsorgi.gov.in.veriye.in
crsorgi.gov.in.verlfy.online
crsorgi.gov.in.viaw.in
crsorgi.gov.in.viewcert.buzz
crsorgi.gov.in.viewcerts.fun
crsorgi.gov.in.viewd.in
crsorgi.gov.in.vkbestprint.com
crsorgi.gov.in.vlewcert.shop
crsorgi.gov.in.webl.info
crsorgi.gov.in.webxcoder.sbs
dc.crsorgi.gov.in.aadharsewa.site
dc.crsorgi.gov.in.aadperson.xyz
dc.crsorgi.gov.in.amrjeetservicenet.xyz
dc.crsorgi.gov.in.apie.live
dc.crsorgi.gov.in.apiwala.space
dc.crsorgi.gov.in.apnacsc.xyz
dc.crsorgi.gov.in.apnafind.shop
dc.crsorgi.gov.in.ardhsanikcanteen.in
dc.crsorgi.gov.in.authxweb.in
dc.crsorgi.gov.in.bestadhaarprint.in
dc.crsorgi.gov.in.bestonline.digital
dc.crsorgi.gov.in.bestprint.cfd
dc.crsorgi.gov.in.bhawishyanidhi.in
dc.crsorgi.gov.in.certifly.live
dc.crsorgi.gov.in.certview.in
dc.crsorgi.gov.in.certviw.in
dc.crsorgi.gov.in.crasverify.cfd
dc.crsorgi.gov.in.crgi.shop
dc.crsorgi.gov.in.crgi.xyz
dc.crsorgi.gov.in.crs.wtf
dc.crsorgi.gov.in.crsa.site
dc.crsorgi.gov.in.crsapna.shop
dc.crsorgi.gov.in.crsmitra.xyz
dc.crsorgi.gov.in.crso.site
dc.crsorgi.gov.in.crsor.info
dc.crsorgi.gov.in.crsorgin.xyz
dc.crsorgi.gov.in.crsverify.com
dc.crsorgi.gov.in.crsweb.xyz
dc.crsorgi.gov.in.cscdigital.xyz
dc.crsorgi.gov.in.cscinto.cfd
dc.crsorgi.gov.in.csssuu.cfd
dc.crsorgi.gov.in.csucc.cfd
dc.crsorgi.gov.in.csuccc.cfd
dc.crsorgi.gov.in.dcoriginal.online
dc.crsorgi.gov.in.dcrs.in
dc.crsorgi.gov.in.dfone.shop
dc.crsorgi.gov.in.dgct.site
dc.crsorgi.gov.in.ditasol.xyz
dc.crsorgi.gov.in.edgeworking.shop
dc.crsorgi.gov.in.emitra.cam
dc.crsorgi.gov.in.freshseva.icu
dc.crsorgi.gov.in.gfh.wtf
dc.crsorgi.gov.in.govaco.shop
dc.crsorgi.gov.in.gove.info
dc.crsorgi.gov.in.govindia.in
dc.crsorgi.gov.in.gstech.cam
dc.crsorgi.gov.in.indexin.shop
dc.crsorgi.gov.in.indexphp.info
dc.crsorgi.gov.in.indexx.store
dc.crsorgi.gov.in.indxe.info
dc.crsorgi.gov.in.irxi.in
dc.crsorgi.gov.in.jantaweb.site
dc.crsorgi.gov.in.livereport.icu
dc.crsorgi.gov.in.lndex.online
dc.crsorgi.gov.in.ncrs.fun
dc.crsorgi.gov.in.ogri.site
dc.crsorgi.gov.in.omsaicomputerucl.site
dc.crsorgi.gov.in.orgi.online
dc.crsorgi.gov.in.orjinaal.xyz
dc.crsorgi.gov.in.orroi.shop
dc.crsorgi.gov.in.pdfn.site
dc.crsorgi.gov.in.photosupload.xyz
dc.crsorgi.gov.in.phptt.online
dc.crsorgi.gov.in.portalwalamanual.shop
dc.crsorgi.gov.in.printhh.shop
dc.crsorgi.gov.in.procrs.site
dc.crsorgi.gov.in.rkprint.xyz
dc.crsorgi.gov.in.royalservice.shop
dc.crsorgi.gov.in.serviscart.shop
dc.crsorgi.gov.in.sscrs.site
dc.crsorgi.gov.in.txprint.xyz
dc.crsorgi.gov.in.veerrajput.xyz
dc.crsorgi.gov.in.vefiy.in
dc.crsorgi.gov.in.vefry.in
dc.crsorgi.gov.in.verfiys.in
dc.crsorgi.gov.in.verfly.in
dc.crsorgi.gov.in.verfry.in
dc.crsorgi.gov.in.verfy.cc
dc.crsorgi.gov.in.verifycert.shop
dc.crsorgi.gov.in.verifycertificate.biz
dc.crsorgi.gov.in.verifycertificate.site
dc.crsorgi.gov.in.verifyd.xyz
dc.crsorgi.gov.in.verifyinfo.xyz
dc.crsorgi.gov.in.verifyy.in
dc.crsorgi.gov.in.veriy.in
dc.crsorgi.gov.in.veriye.in
dc.crsorgi.gov.in.verlfy.online
dc.crsorgi.gov.in.viaw.in
dc.crsorgi.gov.in.viewcert.buzz
dc.crsorgi.gov.in.viewcerts.fun
dc.crsorgi.gov.in.viewd.in
dc.crsorgi.gov.in.vkbestprint.com
dc.crsorgi.gov.in.vlewcert.shop
dc.crsorgi.gov.in.webl.info
dc.crsorgi.gov.in.webxcoder.sbs

# Reference: https://x.com/PrakkiSathwik/status/1980995689208590764
# Reference: https://www.virustotal.com/gui/file/3268b1f2b88d6ca62f3577fc1ee83671423a265afc011659f086c895186eb52b/detection

164.215.103.231:8621
riastaging.ryangroup.org

# Reference: https://x.com/PrakkiSathwik/status/1980957118560960714
# Reference: https://www.virustotal.com/gui/file/e5f5776bea549fecb9f8fb04c1251c7b4465c32ce10d6e9135da3bdc87fa6a40/detection
# Reference: https://www.virustotal.com/gui/file/0992fa72ad9bd8457e4a310bc7609c88308fb3f9ef9aea24ea6efdb7da71cfcf/detection

79.141.165.62:6663

# Reference: https://x.com/PrakkiSathwik/status/1981305618343612825
# Reference: https://www.virustotal.com/gui/file/3268b1f2b88d6ca62f3577fc1ee83671423a265afc011659f086c895186eb52b/detection

65.109.190.120:8951

# Reference: https://x.com/PrakkiSathwik/status/1981989525011485095
# Reference: https://www.virustotal.com/gui/file/f2d919204782aa35485a14b63c04500ed3018a1c7695ba576fbdd20d120a73ed/detection

5.149.252.227:26358
cloudovmail.com
/api/root_272106455244419/hello
/api/root_272106455244419/report
/api/root_272106455244419/upload
/uploads/jsair_226226911383169/mozella.sh
/uploads/jsair_226226911383169/mozella
/api/root_272106455244419/
/uploads/jsair_226226911383169/

# Reference: https://x.com/PrakkiSathwik/status/1982004229876433325

185.123.102.33:29852
accountmail.in
mgovcloud.accountmail.in
/uploads/root_345042545272/avlim.sh
/uploads/root_345042545272/avlim
/uploads/root_345042545272/

# Reference: https://x.com/PrakkiSathwik/status/1983186379388661854
# Reference: https://www.virustotal.com/gui/file/bf2a6f5cb6b7698f31748ee14279158e0efa5392c6449e32b1f83d0c6833d83a/detection

146.19.173.109:17500

# Reference: https://x.com/PrakkiSathwik/status/1984509996294631439
# Reference: https://www.virustotal.com/gui/file/7ba946c2f82438db907e4eafe56873abad6fa6d704d1dbd20200c636d2504ed5/detection
# Reference: https://www.virustotal.com/gui/file/8d39c29ce28f81eb9b3bdadc92b2679d843d73f857fc9818f2d32e27355ce165/detection
# Reference: https://www.virustotal.com/gui/file/6b83f4fc2e8bf8d913ed90344ee0b8408ed19e31993ce77d34e216d527365667/detection
# Reference: https://www.virustotal.com/gui/file/34e9bd70599532a3a54ec4441c5ac95dcbe2f97411b27cf7d4de2e2b70b70e94/detection

93.127.134.155:16643
93.127.134.155:18853
93.127.134.155:24861
93.127.134.155:28262
93.127.134.155:32621

# Reference: https://x.com/kaushikkpal/status/1985690995560960079

45.155.54.22:3000
45.155.54.22:8080
45.155.54.22:8888
digitalarena.space

# Reference: https://x.com/PrakkiSathwik/status/1988966650293747851
# Reference: https://www.virustotal.com/gui/file/6898fa164271170bed069152016e8914964c2a378f8c01a9b9276c429e64dc42/detection

aryterrimerikeri.space
echs.online

# Reference: https://x.com/PrakkiSathwik/status/1990738847844470844
# Reference: https://www.virustotal.com/gui/file/7b55d5ed121f6891272f412cf047dd5939a65d5820e2af37940f99c01a07e27a/detection

155.117.42.144:11636
155.117.42.144:14523
155.117.42.144:16167
155.117.42.144:26762
155.117.42.144:28867
93.127.128.118:15248
93.127.128.118:17898
93.127.128.118:19869
93.127.128.118:23241
93.127.128.118:29421

# Reference: https://x.com/PrakkiSathwik/status/1991112929375338841
# Reference: https://www.virustotal.com/gui/file/40a59422fa486c7ae214d6e816c2fd00bf4d75c081993a49c4bc22bb0165b7fe/detection
# Reference: https://www.virustotal.com/gui/file/5ff9777aac434cae5995bf26979b892197e3f0e521c73f127c2e2628e84ef509/detection
# Reference: https://www.virustotal.com/gui/file/04ef2bd123c6b73e9ba71c0219bf4e4502de2258a380649033fa749eca26c023/detection

185.235.137.90:32587
lionsdenim.xyz
/api/root_252166884813241/hello
/api/root_252166884813241/report
/api/root_252166884813241/upload
/api/root_252166884813241/

# Reference: https://x.com/PrakkiSathwik/status/1991453042454196244
# Reference: https://www.virustotal.com/gui/file/01e30dcf71af4e5c8e2210c0656e3e53934aed9f58916be6bb0b067cca0161e8/detection
# Reference: https://www.virustotal.com/gui/file/f52fc437aad277a4f338a74819e43a93deecf58c82467bf875b24a6c6ca7bbf6/detection

windowsdns.com
microsoft.windowsdns.com
query.windowsdns.com
sync.windowsdns.com
/dnammoc_teg

# Reference: https://x.com/PrakkiSathwik/status/1991504149419287009
# Reference: https://www.virustotal.com/gui/file/bbcbce9a08d971a4bbcd9a0af3576f1e0aa0dad1b3cf281c139b7a8dd8147605/detection
# Reference: https://www.virustotal.com/gui/file/580d6401775cd9dbd029893a97d0523315b7ccf70feaa9383bd1a67bf2016ab6/detection
# Reference: https://www.virustotal.com/gui/file/597aa58166a9db1cd10d3f53be1c8f375b9069fd356de66095d6d27088464aba/detection

aeroclubofindia.co.in
wmiprovider.com
dns.wmiprovider.com
update.wmiprovider.com

# Reference: https://x.com/PrakkiSathwik/status/1991559485903802392
# Reference: https://www.virustotal.com/gui/file/2932cb92262eb399be9fc56a3e875fbfaab6fee9277e40cead3bda1716d1c210/detection

teamindia.quest

# Reference: https://x.com/RedDrip7/status/1991331260200108412
# Reference: https://www.virustotal.com/gui/file/8accc5fb18780747bccbd0f042f686c5191e2f782ee32b97cfa0786f04ab2283/detection

69.30.204.65:22224
69.30.204.65:25866
69.30.204.65:31824
69.30.204.65:6827
69.30.204.65:8927
sharemaxme66.net

# Reference: https://x.com/malwrhunterteam/status/1998750026898579556
# Reference: https://www.virustotal.com/gui/file/b4c4e5e3d334ca1dc4f64435656f0aa011c8651cd4343707d0397ee9dc6c41e5/detection
# Reference: https://www.virustotal.com/gui/file/2592a19569dc0635adb175b8e3732b1c0aa43a3055227b10be98760cfbea43fa/detection
# Reference: https://www.virustotal.com/gui/file/4a091d21c18682b1fcb5d9bc097eb57d546be09cdf3594da159c4551cbe7dbe8/detection

164.215.103.230:20145
innlive.in
/api/root_203935053923298/hello
/api/root_203935053923298/upload
/api/root_238910151231166/hello
/api/root_238910151231166/upload
/api/root_246015588091410/hello
/api/root_246015588091410/upload
/api/root_47914265627968/hello
/api/root_47914265627968/upload
/api/root_203935053923298/
/api/root_238910151231166/
/api/root_246015588091410/
/api/root_47914265627968/

# Reference: https://x.com/RedDrip7/status/1999311448552710501
# Reference: https://www.virustotal.com/gui/file/95cf02a68dcc20569823e5af4dae98e1c3a8d6e0c6b2a302f872a52cf4fb4f6f/detection
# Reference: https://www.virustotal.com/gui/file/09ef53876f1d5d5dfb97a9291e96f6869a3e94f07e5ef4534c37122fc1a41e66/detection

indiancyberteam.website

# Reference: https://x.com/suyog41/status/1999366858387128363
# Reference: https://www.virustotal.com/gui/file/3d06a17127cea0e05d750f0e42fb46fdbd166c1086a63aeea9abe5b2328de55b/detection

/kalasadhu420-om/

# Reference: https://x.com/malwrhunterteam/status/2000669858501943747
# Reference: https://www.virustotal.com/gui/ip-address/198.54.115.74/relations
# Reference: https://www.virustotal.com/gui/file/83029e4f7ec1e4566745606b62e6b6c03114417ee0fdd50c3415f7c8af7f50a5/detection

87.120.244.111:3000
87.120.244.111:8080
chuchuchacha.online
chuchuchacha.shop
chuchuchacha.xyz
chuchuchachawin.bond
chuchuchachawin.sbs
longliveindia.xyz

# Reference: https://x.com/PrakkiSathwik/status/2002433971712635041

http://162.232.180.50
http://165.232.180.50
http://172.232.116.205

# Reference: https://x.com/PrakkiSathwik/status/2006420575011688482
# Reference: https://www.virustotal.com/gui/file/472e2e521564294aebac529f1dbf2ac0b05818fadaf9146f101504e6a29611e6/detection

146.19.173.57:14500
certstorein.shop
workplacegov.online

# Reference: https://x.com/PrakkiSathwik/status/2006431447759073484
# Reference: https://www.virustotal.com/gui/file/ef5d63a638e5b96f7026cad397f76ea40a8b745b4156ddb78ebcdeaa8aeea2ed/detection
# Reference: https://www.virustotal.com/gui/file/e0fddb9adeeb04d5f47beae0e878ef04495b97386cda0efa689435f239e1c99e/detection

2.56.10.57:8621
sifi.co.in/assets/js/mor/bs/thr/

# Reference: https://x.com/PrakkiSathwik/status/2007457956636590184

146.19.173.32:8621
149.3.170.72:8621
2.56.10.121:52145
2.56.10.86:8621

# Reference: https://x.com/PrakkiSathwik/status/2008193887140278421
# Reference: https://www.virustotal.com/gui/file/1092761df305e910f806834fb774dfb09dc64a4d399d578a0d1bf1dd5daf0f98/detection

93.127.133.9:18661
93.127.133.9:20856
93.127.133.9:26868
93.127.133.9:29261
93.127.133.9:36628
sharmaxme11.org

# Reference: https://x.com/PrakkiSathwik/status/2010753188895605012
# Reference: https://www.virustotal.com/gui/file/5129056b8b50c6983c04ed4be2d17f5486825705d3c42b0c70e2bbfd44c9949d/detection

85.158.110.134:2468

# Reference: https://x.com/ThreatBookLabs/status/2010905606505263499
# Reference: https://www.virustotal.com/gui/file/3d06a17127cea0e05d750f0e42fb46fdbd166c1086a63aeea9abe5b2328de55b/detection
# Reference: https://www.virustotal.com/gui/file/98e0fc65546d4099c7c3db747d2244ae7ddaf9cb0e28ea951f112c0c7c77c9a2/detection

http://165.22.217.186

# Reference: https://x.com/PrakkiSathwik/status/2012039541516091768

sgblranchi.com

# Reference: https://x.com/malwrhunterteam/status/1998871280301588649
# Reference: https://x.com/PrakkiSathwik/status/2013216779242217614
# Reference: https://www.virustotal.com/gui/file/479eb5558b756e45975920568f54893b9ac3435bd63f2663a16533db0eebb6eb/detection
# Reference: https://www.virustotal.com/gui/file/d6acbb255dae2cc36c158aeb475c6cabf57610794037ad8ed7e372c392a57f8c/detection

204.12.245.189:19662
204.12.245.189:24858
204.12.245.189:29865
204.12.245.189:31262
204.12.245.189:36721
ntpmanager.com
ongc.ntpmanager.com
gomtinagar.lpsc.co.in

# Referecce: https://x.com/malwrhunterteam/status/2013258002199990731
# Reference: https://www.virustotal.com/gui/file/2fcdab3bfac7be6c6e3698c7f0d5cf15e32f4cfb0ac2e3e889a8a58ceba7ab76/detection
# Reference: https://www.virustotal.com/gui/file/4569a94e001a046d0751226d5bfc16333b7b5478272b43f055d00d5b88e98d09/detection
# CLASS_0_HASH-HOST=d7cd3b06a1de02aa1cacce11758c246c
# FAVICON_HASH-HOST=c96476eb0938bdf99090201641d6415a

93.127.136.237:18585
arystore.in
arystore.in.ayonstore.com
ayonstore.com
beycloud.com
dardarbusiness.com
gin.ayonstore.com
gov.laurashope.org
govin.storeslines.com
gsstoreltd.com
in.storeslines.com
inqilabeislamipak.com
isep-edu.org
isep-edu.org.gsstoreltd.com
itcstore.org
itcstore.org.ayonstore.com
jessemccaul.com
jsastore.org
laurashope.org
luxuryproconstruction.com
m.nflstores.org
mail.nflstores.org
nflstores.org
org.ayonstore.com
pictures.gsstoreltd.com
rastore.org
rastore.org.ayonstore.com
samshop.org
secucloud.org
songs.gsstoreltd.com
storeslines.com
successociety.pro
timesofmanna.com
vspcloud.com
wap.nflstores.org
webrastore.org

# Reference: https://x.com/ElementalX2/status/2014249049260691727
# Reference: https://www.virustotal.com/gui/file/9706d9fdb663b21d03ccbf2cabde375418e76a1066d4cf5491eccac5cc304d6d/detection

hostmysite.website

# Reference: https://x.com/Gulsher82522472/status/2014260594493596100
# Reference: https://www.virustotal.com/gui/file/851b97f5419f3735f872eb59a12ca7ef2f50ae1d8386ac38f2706bb49f25777c/detection
# Reference: https://www.virustotal.com/gui/file/f5888c5e87d95ff494573ffb1a7f637dbf69c0a94c001f889cda58da054a32e5/detection

149.3.170.165:6357
chandigarh.guru

# Reference: https://x.com/PrakkiSathwik/status/2014336038358184179
# Reference: https://www.virustotal.com/gui/file/7ebc695c079914cc61160aaed43efbafa9dc659b2ddcab58d5c76b9d474ccc67/detection

defenceindia.site

# Reference: https://x.com/PrakkiSathwik/status/2014604136269152501
# Reference: https://www.virustotal.com/gui/file/62319e21008852533e0a1e68e17e3d8e2fcb952998d64bc7fbe68cd975584148/detection
# Reference: https://www.virustotal.com/gui/file/65a2bbcbec3dc6248cd4847ff760ef30f6f0a43dac283978bc142224edca930f/detection
# Reference: https://www.virustotal.com/gui/file/1bbc2985d58873779982ca795fd89a1031f2e680d5597b19125bacc5583ddde4/detection
# Reference: https://www.virustotal.com/gui/file/a0b8b1f27ec578fa5aab58bdfb19a2fe02eec063fd55e0013e7c7bd96124ac44/detection

91.205.173.181:11100
91.205.173.181:17868
91.205.173.181:28168
91.205.173.181:30821
91.205.173.181:6896
91.205.173.181:9826
93.127.130.89:6896
sharemaxme126.net

# Reference: https://www.zscaler.com/blogs/security-research/apt-attacks-target-indian-government-using-sheetcreep-firepower-and

coadelhi.in
hciaccounts.in
hcidelhi.in
hcisupport.in
gov-service-in-default-rtdb.firebaseio.com
govs-services-in-default-rtdb.firebaseio.com
webdevurl-cc389-default-rtdb.firebaseio.com

# Reference: https://x.com/PrakkiSathwik/status/2021465566910075152
# Reference: https://www.virustotal.com/gui/file/5294335645605429e30ebe5cecc144387ec5e424aa0661e8e615edc358afde14/detection

santepluspharma.com

# Reference: https://x.com/PrakkiSathwik/status/2024110560527134737
# Reference: https://www.virustotal.com/gui/file/3b0df07b01b05707e79050d2c09196128b5ed2fd9796c33ea29c73ad0a9cc92c/detection
# Reference: https://www.virustotal.com/gui/file/0eacb011fbd5f2a33e7233f3bc9561dd0a6b87fd650ecd34041cef097253d9e6/detection

204.12.218.202:14955
204.12.218.202:18961
204.12.218.202:25226
204.12.218.202:37822
204.12.218.202:9916

# Reference: https://x.com/PrakkiSathwik/status/2024733574738624758
# Reference: https://www.virustotal.com/gui/file/3cde6cadb45fb695dbe297d433e1b28cc2b4ed0fcbde2c480d7a2c723e4e236a/detection

93.127.132.112:26861
93.127.132.112:29223
93.127.132.112:35826
93.127.132.112:7522
93.127.132.112:9621
worldclasssynergies.com

# Reference: https://x.com/PrakkiSathwik/status/2025262544144007630
# Reference: https://www.virustotal.com/gui/file/2db0e3553d980225d7cd47765b6a6d236d0df41223f006305cd928556a4d60e7/detection
# Reference: https://www.virustotal.com/gui/file/8cd527c72e075bf7c95f39edcc4fbdf713e0c9bacb2105854ba8d1e91ceb7ad7/detection

172.86.122.203:5863
sysdllfile.site
dns.sysdllfile.site

# Reference: https://x.com/PrakkiSathwik/status/2029570673795113416

144.172.89.29:5941
45.61.157.22:5863
documentcentre.in
docsportal.in
sysdllt.xyz
dns.sysdllt.xyz

# Reference: https://x.com/PrakkiSathwik/status/2029926054098522578

93.127.133.106:19821
93.127.133.106:28168
93.127.133.106:35821
93.127.133.106:6898
93.127.133.106:9626
dwdada.xyz
sharemaxme28.net

# Reference: https://x.com/PrakkiSathwik/status/2029945617687138348
# Reference: https://www.virustotal.com/gui/file/dd76fa4057fe80097239ce1083ad02470c95f8cc6f46f45625bea944d195f456/detection

85.137.249.243:3000
85.137.249.243:8080
cisf.ink

# Reference: https://x.com/PrakkiSathwik/status/2030343602229199279
# Reference: https://www.virustotal.com/gui/file/d7872ff7d02010eb94182d81c1a6756994c53266fc1efffcd98f5913b1e4df13/detection

2.56.10.101:6357
ashraagrotech.com

# Reference: https://x.com/SinghSoodeep/status/2031326993455755618
# Reference: https://www.virustotal.com/gui/file/8587a778e3bae0fb664e598bcc54eb11fb90926c2fdf4d012960fdbabda0d92f/detection
# CLASS_0_HASH-HOST=caf4c7945ae8294f34999a1904c5ebf6

5.161.159.119:8951
8fold.space
acemastersat.com
acescricket.com
achaoblog.org
advisor-resort.com
aerivoro.com
alenderplay.com
alerenesgame.com
all-cricketers.com
allstarwicketleague.com
alphacloudpro.com
anifines.com
antasypitch-play.com
apostasboom.com
appared.space
apy-game.com
arcadeboostzone.com
arendysnavers.com
armyoffootballers.com
asbestosontario.com
asot-game.com
autodoj.com
avencouria.com
avrekleyfanty.com
aweeter.com
ayonerplayers.com
azuprox-bio.com
azure-menu.com
backseyw.com
bafiobask.com
bailybuzz.com
ballfxpert.com
ballkickk.com
ballmagicians.com
barge-masters.com
barge-mastr.com
barges-master.com
barlanesys.com
baselinekingsat.com
basket-times.com
basketballdreamleagues.com
basketballexperiences.com
basketballkeep.com
basketballoutgoing.com
basketballsides.com
basketballspheres.com
basketfanty.com
basketleaguechampions.com
basketoracles.com
baskfantasy.com
baskfoun.com
baskgasin.com
basklegi.com
basklou.com
baskninza.com
baskori.com
baskutin.com
bat-and-ballfantasy.com
batsymagic.com
beelregruse.com
berebentyl.com
besfantasycricket.com
bezaleelian.com
bikepz.com
binbumbasket.com
bineny.com
binihy.com
bioztl.com
bitrelay-gazette.com
bitstream-hq.com
biumnetsers.com
blastgamis.com
blinkappmlb.com
blitzbrigade.com
bllfanf.com
block-mosaic.com
blocknova-hq.com
blocksignals-hq.com
bnfantasycricket.com
bogozago.com
boikdercourt.com
bookabr.com
bookabx.com
bookabz.com
bookazp.com
bookcz.com
bookdz.com
bookfj.com
bookfv.com
bookjl.com
booklj.com
booklp.com
booklz.com
booknook-at.com
bookofwins.com
bookpz.com
bookqmf.com
bookqx.com
bookrty.com
bookrz.com
booktn.com
booktyz.com
bookvf.com
bookwmz.com
bookwpr.com
bookxn.com
bookzix.com
bookzpl.com
bookzt.com
bookzyv.com
bopuva.com
borohempco.com
boulindas.com
boundarydraftworld.com
bourendgame.com
breanch.com
bricklled.com
bridepinp.com
brightsminds.org
bsk-fantasysport.com
buccherow.com
budyhe.com
bugupi.com
bupsersand.com
bytefluxandvyromel.com
cacricketfantasies.com
cakashtr.com
canadasocialsclubs.com
canasina.com
caniberic.com
cardenfenty.com
cardgoyle.com
carhel.com
carloj.com
carneekume.com
carpev.com
carpte.com
carqep.com
carswashess.com
cartersygame.com
carvesters-in.com
carvye.com
carzaq.com
case-banlte.com
casinohoteljans.com
casinohotellifes.com
casinohotelvibes.com
casinoresortdreams.com
casinoresortexperience.com
casinoresortfan.com
casinoresortgog.com
casinoresortjonk.com
casinoresortonis.com
casualplaycrew.com
catmzo.com
catqet.com
catqwe.com
cazeqy.com
cazinouriselecte.com
cehihy.com
cempakakuning.space
ceneecert.com
centralavenues.com
cervulude.com
chabdocoesite.com
chain-pulses.com
chainflux-hq.com
champ-draft.com
champion-basketball.com
championbatters.com
charminghotelcasino.com
chatabx.com
chatfusionhub.com
chatgamelink.com
chathappyhub.com
chatnjoyzone.com
chatsteam.xyz
chatterflowz.com
chatterzone.space
chessboardzone.com
chessmaniahub.com
chessmasterspros.com
chessplayhub.com
chessplayzone.com
chillgameroom.com
chillplaynet.com
cimersenoo.com
cirywi.com
clariventas.com
clarivento.com
clarvexa.com
classiesty.com
cleanttelite.com
clearbytehub.com
clearsbrok.com
clearwavecarwash25.com
click-and-cluck.com
clickfunpath.com
clickgamehub.com
clickgatherplay.com
clickmostb.com
clicknfunplay.com
clicknjoygames.com
clicknplaysgame.com
clickrelaxplay.com
clicktoplayhub.com
clicktoplaynow.com
cloudgamesfun.com
cloudhubfun.space
cloudiscode.com
cocasinotops.com
codeplm.com
colnsaramvewat.com
colnsdecemben.com
colnsspeedrout.com
colnweertyop.com
connectfunnet.com
connectnchat.com
connectplayhub.com
connecttribe.xyz
connectwave.space
connectwaves.xyz
constittu.com
cookpl.com
cooktw.com
coolssport.com
coolws.com
coregameshub.com
cosmicfunzone.com
courtlegendsb.com
cozycornergames.com
cozyplayroom.com
cricdynastyz.com
crick-time.com
crickbat-ball.com
cricket-arenaplay.com
cricket-dreamsplay.com
cricket-master-play.com
cricket-players.com
cricket-realm-play.com
cricket-runners.com
cricket-sphere-play.com
cricket1.shop
cricketaveto.com
cricketblitzxi.com
cricketcore-in.com
cricketfantasyheroes1.com
cricketfantasynetwork.com
cricketfiesta.com
cricketglw.com
cricketkingsfantasy24.com
cricketlaced.com
cricketlauner.com
cricketmatchet.com
cricketners.com
cricketpzs.com
crickets-ball.com
cricketsade.com
cricketsfive.com
cricketstormfantasy.com
cricketworld-play.com
cricketygame.com
cricktimegame.com
crikupfantasy.com
crovonta.com
crowdmates.site
crowdplayhub.site
crypto-joint.com
crypto-shard.com
crypto-trails.com
cryptogrid-hq.com
cucypu.com
cunetsballs.com
cunetstwo.com
cupqwe.com
dakergame.com
dakyji.com
dansktopspil.com
dapp-gazette.com
darkcartx-admin.com
datqwe.com
davinresfan.com
davintra.com
deeberyteam.com
deelsayrhub.com
dejyla.com
delerissport.com
dellyplayers.com
denilsers.com
denlyfsyename.com
deylabehub.com
deyversfantasy.com
diamondbaseballpro.com
dilonaplay.com
dimyri.com
documz.com
doganm.com
dogpwe.com
dogquiv.com
dogqwer.com
dograz.com
dogvta.com
dogwxyz.com
dogxpo.com
domingsoteam.com
doolnesgame.com
dopersygame.com
dota-2digital.com
dota-community.com
doxyje.com
draftfootballchamps.com
dreamcup.org
dreamlineupcricket.com
dreamlotto-au.com
dreampuckleague.com
dreamteamball-hoops.com
dreamworlds.space
dreamxifantasy24.com
dujkercricket.com
dunkchampions.com
dunkfantasy.com
e-buydeals.com
easyclickgames.com
easyjoyhub.com
easyplayfield.com
easytapgame.com
ecilsfantasy.com
egrefuster.com
eguanateam.com
elcasinoscom.com
elcosinosco.com
elegantcasinoresort.com
elenriusters.com
elenvoria.space
elinasterboom.com
elinerteplay.com
elitecasinohotelat.com
elitefantasycricket.com
elnyrsoul.com
elyphic.pro
emeraldresortcasino.com
endzoneelitepl.com
euaibridgeclub.com
euro.top10casino-pl.pl
eventrysgame.com
eviewnweb.com
evylerseds.com
ewebbuilders.com
fairwayclash.com
faltyswended.com
famtreez.com
fanbasketball-in.com
fanbox.space
fandarmels.com
fanfballe.com
fanfbll.com
fanfplay.com
fanlesstys.com
fannycrick.com
fantasendy.com
fantasfutb.com
fantasy-basketballer.com
fantasy-basketballpro.com
fantasy-pitch.com
fantasy-wicket-play.com
fantasy-wicketplay.com
fantasybasketball20-24.com
fantasybasketballarena.com
fantasybasketballmaster.com
fantasybatandball.com
fantasybatsmanpro.com
fantasybound-play.com
fantasyboundaryleague.com
fantasycricguru.com
fantasycrickclash.com
fantasycricket-play.com
fantasycricket254.com
fantasycricket77.com
fantasycricketarcade.com
fantasycricketarens.com
fantasycricketbattle24.com
fantasycricketbyms.com
fantasycricketchilen.com
fantasycricketdashboard.com
fantasycricketdream.com
fantasycricketelevation.com
fantasycricketempire.com
fantasycricketfun.com
fantasycricketgalaxyin24.com
fantasycricketgas.com
fantasycricketguro.com
fantasycricketjoen.com
fantasycricketlive.com
fantasycricketmatch.com
fantasycricketmin.com
fantasycricketosi.com
fantasycricketoverdrive.com
fantasycricketplayn.com
fantasycricketpremier.com
fantasycricketpros24in.com
fantasycricketques.com
fantasycricketroyal.com
fantasycricketruns.com
fantasycricketslog.com
fantasycricketunit.com
fantasycricketworldi.com
fantasycricketyn.com
fantasycrickleaguetrophy.com
fantasycrickstrategies.com
fantasydunkers24.com
fantasyesportebr.com
fantasygoalblasters.com
fantasygoalsrush.com
fantasyhardwood.com
fantasyhockeylegends.com
fantasyhockeyoniu.com
fantasyindiacricket.com
fantasyindiasporten.com
fantasyleagueball.com
fantasyleaguechampions.com
fantasyleagueshub.com
fantasylineupplay.com
fantasynbarevolution.com
fantasyperformancehub.com
fantasypowercricket.com
fantasyproleague.com
fantasyrools.com
fantasyrunsleague.com
fantasyrunstorm.com
fantasysagacr.com
fantasyshub.com
fantasysixers.com
fantasyslamdunk.com
fantasyslamhoops.com
fantasysport-nhl.com
fantasysport007.com
fantasysport45.com
fantasysportbim.com
fantasysportbon.com
fantasysportchampi.com
fantasysportdend.com
fantasysporten.com
fantasysporten24.com
fantasysporter2024.com
fantasysportgamen.com
fantasysportgn.com
fantasysporthj.com
fantasysportik.com
fantasysportin.com
fantasysportlend.com
fantasysportmen.com
fantasysportonli.com
fantasysportorins.com
fantasysportpt.com
fantasysports48.com
fantasysports72.com
fantasysportsagari.com
fantasysportsclubin.com
fantasysportsfusion.com
fantasysportsgamen.com
fantasysportsgamese.com
fantasysportsin.com
fantasysportskarm.com
fantasysportslaims.com
fantasysportslasi.com
fantasysportslaun.com
fantasysportsofau.com
fantasysportsomien.com
fantasysportsonion.com
fantasysportsorim.com
fantasysportssarin.com
fantasysportsvaulin.com
fantasysportswaron.com
fantasysportsyau.com
fantasysportszonf.com
fantasysportyn.com
fantasysportynt.com
fantasysportzonez.com
fantasystrikers25.com
fantasyteamss.com
fantasytournamentcricket.com
fantasywicketkeeper.com
fantasyworld-in.com
fantawicket.com
fantelsorplay.com
fantfbal.com
fantftbl.com
fanthope.com
fantroza.com
fantysland.com
fanzyftbl.com
farmzu.com
fast-serveone.com
fastactive-store.com
fastbreaklegends.com
fastexgel.com
fastpacefantasy.com
fastplayarenas.com
fastplwr.com
favoritegame-in.com
fballf.com
fballfant.com
fballhfant.com
fbjourneyfantasy.com
fctopfantasy.com
fendirahub.com
fentfootbal.com
fieldforheroes.com
fieldofdreamss.com
finlandsocialfun.com
finlota.com
fishjkl.com
fishlu.com
fishqrl.com
fishqwe.com
fishrew.com
fishrtk.com
fishtrz.com
fishuq.com
fishuv.com
fishvad.com
fishvbn.com
fishvbnm.com
fishyop.com
fishzuo.com
fitadela.com
fitfezra.com
fitgqer.com
fitoxp.com
fitqwe.com
fitwavmz.com
fixluxx.com
flashsgamezones.com
flexipoint.org
flyoxen.com
fobepu.com
foodasd.com
foodexmz.com
foodhyr.com
foodivz.com
foodjb.com
foodjl.com
foodklm.com
foodlpv.com
foodmpz.com
foodnp.com
foodpq.com
foodpql.com
foodpz.com
foodqt.com
foodqw.com
foodqwe.com
foodrexr.com
foodrt.com
foodrz.com
foodvl.com
foodvwe.com
foodwv.com
foodwzr.com
foodyzx.com
foodzm.com
foodzpl.com
foodzxv.com
football-presents.com
footballgives.com
footballillusion.com
footballmanagerhub.com
footballtimesbit.com
footballvibeszone.com
footballwinnersfantasy.com
footballyhits.com
footballzoneslife.com
footfantsply.com
footsidegoal.com
forestrow.online
forgamenhl.com
forsihockey.com
fortunapaalace.com
fortunehotelcasino.com
foxertw.com
foxkprl.com
foxrpk.com
foxrty.com
fragtrailhub.com
freeplayclick.com
freshzty.com
friendfunarena.com
friendgamelounge.com
friendjoynet.com
friendloopplay.com
friendlyfunhub.com
friendlyfunland.com
friendlyfunplay.com
friendlyplayzone.com
friendorbit.space
friendplayconnect.com
friendplayroom.com
friendsvibeplay.com
friendtapfun.com
friendtapzone.com
frostbladesh.com
frozenfantasy1.com
frozenfantasyleague.com
frugalcordcutter.com
fsyfootb.com
ftbfant.com
ftblfnzy.com
ftbollfan.com
fudefy.com
fullcourtdraft.com
fullcourtkings24.com
fumigator.space
fun-spiret.com
funandplaygames.com
funansgame.com
funaroid.com
funaviatorgame.com
funaviatorplay.com
funblastzones.com
funclicksplay.com
funclique.space
funclixspace.com
funcluster.site
funclusterzone.com
funconnecthub.com
funconnectplay.com
funconnects.xyz
funcrewconnect.com
funcrewspot.com
funcrewzone.com
funetrix.com
funevoo.com
funevro.org
funforgroup.com
fungameplaycity.com
fungamevibezone.com
fungexo.com
funhub.icu
funifyspaces.com
funityxs.com
funjoinnow.com
funlabgames.com
funlandclick.com
funlandtogether.com
funlinehub.com
funlinkarena.com
funlinkcircle.com
funlinkclub.com
funlinkmates.com
funlira.org
funloopers.com
funloopworld.com
funmatchclub.com
funmatchroom.com
funmatesconnect.com
funmateshub.com
funmatesplay.com
funmatesworld.com
funmeetgames.com
funmeetupzone.com
funmixers.com
funmoro.com
funnetgames.com
funnylows.com
funorbit.sbs
funorbit.site
funorbitclub.com
funpiroa.org
funpiroo.org
funpiroq.com
funplayclubs.xyz
funplayfield.xyz
funplaygamezones.com
funplaylands.com
funplaysworlds.com
funqari.com
funqaro.org
funquestsworlds.com
funquestworlds.com
funquro.com
funravo.org
funriseplanet.com
funrisezones.com
funrova.com
funscrates.com
funsharingclub.com
funshiftgamese.com
funsplayhubs.com
funspotgroup.com
funszone.space
funteamzone.com
funtopcricket.com
funtribe.space
funtribeclub.com
funtribeconnect.com
funtribehub.com
funventureszones.com
funvexo.com
funvibespot.com
funwavezoneplay.com
funwithclicks.com
funxyk.com
funzari.com
funzonearea.com
funzoneblast.com
funzonecircle.com
fusionplayzone.com
futbien.com
futboj.com
futbons.com
futusrevisions.space
fuvale.com
galaxygameshub.com
galaxyofgamese.com
galdeenslok.com
game-nv.com
game-toor.com
game-z-y.com
gameandfuns.com
gamebonding.com
gamebuddybox.com
gamebuddyconnect.com
gamechatbase.com
gamechatfun.com
gameclicksnet.com
gamecliquez.com
gamecloudly.com
gameclr.com
gameconnectse.com
gamecorehubs.com
gamedocky.com
gamedrz.com
gamedtr.com
gamefgh.com
gameflowfun.com
gameforge-tr.com
gamefriendsclub.com
gamefriendshub.com
gamefriendsnet.com
gamefunclubs.com
gamefunmania.com
gamefunpark.com
gamefunplays.com
gamefunshouses.com
gamefunverse.site
gamefusioners.com
gamefusions.xyz
gamegalaxyzones.com
gamehangouthub.com
gamehjk.com
gamehubster.com
gameincrew.com
gamejier.com
gamejkl.com
gamejkp.com
gamejoinnow.com
gamejointhub.com
gameklm.com
gamekls.com
gameklt.com
gamelandfun.com
gamelazo.space
gamelazos.space
gamelink.sbs
gamelink.space
gamelinkeds.com
gamelinks.xyz
gamelinos.com
gamelmn.com
gameloungeclub.com
gameloversworld.com
gamelynxnetworks.com
gamempq.com
gamenbask.com
gamenconnect.com
gamenjoyzone.com
gamenplayfun.com
gameonlinefunny.com
gameonstorm.com
gameonstorms.com
gameorbiters.com
gameoryla.com
gamepalsconnect.com
gamepinghive.com
gameplayclubs.com
gameplayfuns.com
gameplaylands.com
gameplaypartys.xyz
gameplayvibes.com
gameplayzones.com
gameplazahub.com
gameplo.com
gameplv.com
gamepopq.com
gamepqr.com
gamepulsesproo.com
gamepuzzlehub.com
gameqrs.com
gameqwr.com
gameralliess.com
gamerasbask.com
gamerinf.com
gamerisonk.com
gamersaloons.com
gamersocialzone.com
gamerzt.com
gamesbento.com
gamescrazeworld.com
gamesharemates.com
gamesofruns.com
gamesoftskills.com
gamesqv.com
gamesscricket.com
gamessflow.xyz
gamestars.space
gamestormzones.com
gamestreamerz.com
gamestreamly.com
gamesurfzone.com
gametaparea.com
gameterjoyfun.com
gametideplay.com
gametimecircle.com
gametimesportsbarat.com
gametogetherz.com
gametrajo.space
gametraze.com
gametrazi.com
gametrazi.space
gametribex.com
gametronverse.com
gametwz.com
gamevibers.com
gamevibesonly.com
gamevlu.com
gamevorao.space
gamevoraq.com
gamevtr.com
gamevxz.com
gamewer.com
gamewithsmile.com
gamewpo.com
gamewqp.com
gamexira.space
gamezioxs.com
gamezoneplace.com
gamezoneroom.com
gamezons.org
gamezrt.com
gamezyplace.com
gamforgen.com
gamivoice.com
gamolto.com
gamonto.com
gamorp.com
gamusinoft.com
gamvaultin.com
gamysplays.com
gatewaytospacee.com
gazette-orbit.com
gearupv.com
gederiolosted.com
gettraxx.com
gewinonline.com
geyzersindia.com
gigacashgarszone.com
gilderysgame.com
gilondserwoos.com
gindersgame.com
giquja.com
giqyme.com
girrendreal.com
global-inns.com
globalauthnetwork.com
globalchesszone.com
globalfantasycricket.com
globalgoall.com
globalindex.space
globalplayarena.com
globalsportin.com
glossyglove.com
glucoberry-uno.com
glutenfreegreen.com
goalforbasketball.com
goalgofantasy.com
goalgurusf.com
goalhunterfantasy.com
goalieglory.com
goalieguardians.com
goallegends.com
goalnetplay.com
goalofcricket.com
goandplaynows.com
gobestwins.com
godot.space
gofingame.com
gofunplayzone.com
gogamin.com
goldcasinohotel.com
goldencrowncasinohotel.com
goldenovers.com
goldensoccerf.com
goldyjackpot.com
goodbyefiverr.com
goodbyeupwork.com
goodsaygame.com
goplayboard.com
goplaychiland.com
goplaycircle.com
goplayfunhub.com
goplayjoy.com
goplaymatch.com
gran-slam.com
grandcasinohotel25.com
grandshotelcasino.com
grandslampickspl.com
grandvistacasinohotel.com
gravintra.com
greatbritainslots.com
green-players.com
greenbmr.com
greenfj.com
greenmk.com
greenpq.com
greenqz.com
greikolfgame.com
gridentra.space
gridirongamers.com
gridirongurusat.com
grindvaultpro.com
griventra.com
grounder-ai.com
groundfold.com
groundnode.org
groupclickfun.com
groupclickplay.com
groupfunclick.com
groupfunfield.com
groupfunnest.com
groupfunplace.com
groupfunplay.com
groupfunplayhub.com
groupfunroom.com
groupfunvibe.com
groupgamearea.com
groupgamefriends.com
groupgamego.com
groupgamejoy.com
groupgamelink.com
groupgoplay.com
groupjoyclub.com
groupjoyhub.com
groupjoyland.com
groupjoynet.com
groupjoytap.com
groupjoyzone.com
groupplayarea.com
groupplaycircle.com
groupplayfunny.com
groupplayhub.com
groupplayline.com
groupplaymatch.com
groupplaynet.com
groupplaysline.com
groupplaytogether.com
grouptapzone.com
groupvibeplay.com
gucajo.com
guhyca.com
guxipe.com
gymnasticsgymmy.com
gymtophouse.com
gywope.com
gyziqu.com
haduje.com
hagibi.com
halalwriter.com
halelrays.com
hangoutfunplay.com
hank-over.com
hashmorph-hq.com
hashrealm-hq.com
hashsphere-hq.com
hashwave-hq.com
hasiten.com
hattrickheroes24.com
hd-playnest.com
healthpj.com
healthzt.com
heeldcricket.com
helveticswissgames.com
heroesofthepitch.com
herwoost.com
hetmerworlds.com
hewaqu.com
heynergills.com
hidegaming.com
highballhemp.com
hk-fantasy.com
hljrdly.com
hobyxo.com
hoceynice.com
hocirt.com
hockey-zones.com
hockeyboarding.com
hockeyfantasyhub.com
hockeygan.com
hockeykeeps.com
hockeylifes.com
hockeylisty.com
hockeyrealm.com
hockeyrunning.com
hockeysmeeting.com
hockeysplayers.com
hockeytimezone.com
hockeyvas.com
hockeyxfantasy.com
hockypresents.com
hokeynds.com
holt-tennis.com
homeew.com
homejrt.com
homepoi.com
homepz.com
homerunlegendspl.com
homewv.com
homeylr.com
homezqs.com
homezyb.com
hoolsendy.com
hoopdraftcentral.com
hoopmasteron.com
hoopschampionspl.com
hoopschampionss.com
hoopsdominators.com
hoopsfantasyleague.com
hoopshq24.com
hopegamezone.com
horseracingpremier.com
hotel-korsals.com
hotelcasinobeauty.com
hotelcasinodanis.com
hotelcasinokalio.com
hotelcasinonova.com
hotelcasinoparadise.com
hotelcasinorion.com
hotelcasinoworld.com
hotelgocasino.com
hotelymeet.com
housecricket-in.com
hubconnectes.com
huborahub.com
hufyho.com
huger-club.com
huhici.com
hunnefsheel.com
huntylfoon.com
hurevy.com
hushed-riddle.com
huzyfo.com
hvacmaintenance.site
hy-fantasy.com
icefantasyhub.com
icestormngl.com
icewithhockey.com
igame-top.com
ilborgonline.com
indialortys.com
indianfantasyplay.com
indianogame.com
ingame-gr.com
instantfunplay.com
instantfunroom.com
instantplayhubs.com
instantplayworlds.com
insulevel-store.com
insuprox.com
ironcoregym25.com
ironehills.com
ironslef.org
jackpotez.com
jackpotpath-au.com
jaenique.com
jangersyplay.com
jasbask.com
jasdhero.com
jentresdy.com
jepypu.com
jeuplusmax.com
jeuxasino.com
jeuxdelitehub.com
jicybe.com
jogafantasybr.com
jogomagnet.com
joinandplayhub.com
joinbuzzers.com
joincloudes.com
joinersclub.com
joinfunarcade.com
joinfunboard.com
joinfuncircle.com
joinfuncommunity.com
joinfunmatch.com
joinfunroom.com
joinfunway.com
joinityfun.com
joinjoyplay.com
joinourplay.com
joinplayfun.com
joinplaymates.com
joinplayzone.com
jointribeplay.com
joinusplay.com
jokigamos.com
jolertionew.com
joolsery.com
joulishnow.com
jovintra.com
joycircle.space
joycircle.xyz
joycirclehub.com
joyclanplay.com
joyclickgroup.com
joyclickroom.com
joyclickworld.com
joyclickzone.com
joydock.space
joyfusions.org
joygamecircle.com
joygameconnect.com
joygamesrealm.com
joygametime.com
joygardenhub.com
joyground.xyz
joygrounds.com
joygrounds.space
joygroupgame.com
joygroupplay.com
joyhousehub.com
joyhubgames.com
joylands.xyz
joylinkplay.com
joyplayconnect.com
joyplayhub.xyz
joyplayroom.com
joyplayteam.com
joypqrs.com
joysconnect.com
joysocialers.com
joyspherehub.com
joystationhub.com
joytapfun.com
joytaplink.com
joytapworld.com
joyverse.space
juegayganaaco.com
jugarganarcol.com
jugarganarcom.com
junglezonegamese.com
justchillplay.com
justforfunplays.com
justhitplasy.com
justplaytodays.com
juvernysrools.com
jyfupy.com
kadersented.com
kalseygame.com
kamowy.com
kangaroocasinohotels.com
kasiobask.com
kazinodigoplay.com
kelferdoov.com
kenllyteam.com
kentrysplay.com
keroplesteam.com
kerrelsteam.com
keviho.com
kexyzu.com
keykleindia.com
keylenzyrplay.com
keyofcricket.com
killendourf.com
kilonserted.com
kindfootball.com
kingcrelite.com
kingonfield.com
kingplaypro.com
kingsoficeandfantasy.com
kiwibetes.com
kolupleset.com
koockretcool.com
kooldegent.com
koonerteam.com
kooplenryplay.com
kortellyfun.com
kozeso.com
kreatyvnatsiatko.com
kupiesim.com
kurdesworld.com
kyhuge.com
kyliru.com
kyponi.com
labjin.com
labross.com
labubu-gcc.com
lacrossebim.com
lafigame.com
lakemx.com
lamaisondejeu.com
lampgon.com
lampjvq.com
lampqwe.com
lapemi.com
laraerdos.com
largecasinoresort.com
latinosnet.com
laxovtra.com
layra-scent.com
layversindia.com
leafjq.com
leafmz.com
leafnz.com
leanonsfeel.com
learnmetal.com
leeldyrn.com
leelsenty.com
leferionry.com
legendarnaarena.com
legendsballpro.com
legendsrins.com
leonardocricket.com
lerennsauto.com
letschillgame.com
letsjoinplay.com
letsplaylight.com
letstapgame.com
levelcorehq.com
leveldock.com
leveliogame.com
librentys.com
lightgameplay.com
likarencia.com
likedcasinoresort.com
linkbuzzhub.com
linkchatzone.com
linkcirclehub.com
linkfusion.xyz
linkfusionhub.com
linkfusions.xyz
linknestplay.com
linkstreamers.com
linktribe.xyz
linkwaves.space
livehere-now.com
livontra.com
lixorot.com
lmaostickers.com
locketsoul.com
lootportalzone.com
lorventra.space
lottohug.com
lottoquest-au.com
lousycoder.com
lovealina.com
lovecasinoresort.com
lsgunderground.com
lucidgamespace.com
luckyouland.com
luckystakeuk.com
luckystreakhotel.com
ludoonezone.com
luepqr.com
lukbersb-in.com
lumivexo.com
lunaria-milan.com
lusterjackpot.com
luxhotelcasino.com
luxurycasinohotel25.com
luxurycasinoohotels.com
lysyho.com
magiccourt.com
magicinthemiddlecr.com
magicsovers.com
magicsplayrooms.com
magowieigrzyska.com
mahjongchallenges.com
mahjongfuns.com
mahjongfusions.com
mahjonghubs.com
mahjonglands.com
mahjongmaniagame.com
mahjongmaniagames.com
mahjongmasterplay.com
mahjongmastersplay.com
mahjongoria.com
mahjongphili.com
mahjongplanets.com
mahjongquests.com
mahjongstournament.com
mahjongtimeplay.com
mahjongzones.com
mail.playunityhub.com
mainerdude.com
mainnewv3.pages.dev
mainoria.com
majesticcasinohoteles.com
maluntadeplay.com
manch3arena.com
maniafantasy.com
mapjkl.com
mapozz.com
marquentise.com
maskofquendor.com
masterfungamezone.com
mastersgoals.com
matchpointheroesin.com
matchreals.com
mavrohuben.com
maxfunplay.com
maxgame.space
maxoraweb.com
maxtexx.com
mayningutes.com
meadowcres.org
meaffc.com
medifgy.com
meenleaned.com
meensalours.com
meersylsindia.com
meetfunhub.com
meetfunplayers.com
meetupandfun.com
meetupgamezone.com
meetupplaymates.com
megadeluck.com
megafunsgames.com
megafunx.com
megagamevault.com
megagamevaults.com
megaplayzones.com
megaslooots.com
megsameworld.com
mejiky.com
meplaytime.com
meqeki.com
mernospifantasy.com
metroshopbd.com
meynerrools.com
mileniumplay.com
minglebuzzers.com
minglehub.xyz
minglespot.xyz
mint-gazette.com
minustered.com
missionxpzone.com
mitycznaliga.com
mixede.com
mlinersand.com
mobihugs.com
modapkterbuka.com
momandsdaughter.com
mondeprize.com
moneypq.com
monivexo.com
montarions.com
montelique.space
monteliques.com
moonabx.com
moonasd.com
moonfiregames.com
moonfr.com
moonlesfeiny.com
moonreydoul.com
moonrfc.com
moonxcaptial.com
motor-power-hmk.com
mouselp.com
movenp.com
movicjw.com
moviepj.com
movietnc.com
movifx.com
movipl.com
movixz.com
movizq.com
moxentra.com
mriitsiatenko.com
mrocznyturniej.com
mujiky.com
multigamefun.com
multimediamaking.com
munichcasinohotel.com
musicvw.com
musicwz.com
musicye.com
musiczt.com
mustangwins.com
mycatalogoai.com
myenfantasycricket.com
myfunplaynet.com
mygameclick.com
myinstantchef.com
mykadri.space
mysterium.space
mysticalmatchescr.com
mysticansion.com
mysticgameslands.com
mysticwickets.com
mythicbattl.com
nadiakonsultasi.com
najboljikasinoigra.com
nakresedplay.com
nambyfantasylist.com
namikal.com
neelanered.com
nefema.com
neonwavegames.com
netavexa.com
netavora.com
netgoall.com
nethunterball.com
netraildc.com
netuty.com
netvop.com
neviteams.com
new-geopolitics.com
newcrfantasy.com
newsasd.com
newsyui.com
newzealandsocialclub.com
newzealandsocialgamings.com
nexplaygamess.com
nextgamefun.com
nextgameworlds.com
nextgamezone.com
nextlevelgames.xyz
nextlevelgamess.com
nextleveljumpers.com
nextlevelsfun.com
nextyui.com
nhatkiet.com
nhlroud.com
nibucu.com
nickrichmond.com
nicyoga.com
nidenadv.com
nightowlshub.org
nikpew.com
nillenersteam.com
nilupe.com
ninisilk.com
nitygo.com
niwedahhotel.com
nodetodo.com
nomidstrail.com
nonstopfunclubs.com
nonstopfunplace.com
nonstopfunplaces.com
noorectyless.com
northsflows.com
nosdermint.com
novagzz.com
novarentias.com
novarentis.space
novelixprox.com
nstockedinfo.com
nudervbulls.com
nunbask.com
nundervist.com
nutixi.com
nuviarelle.com
nuwese.com
nybopu.com
nyfyji.com
nyzawe.com
nzsocialgame.com
nzsocialsgames.com
oakridgek.org
oasiscasinoresort25.com
officielpremium.com
ojingame.com
okapidemocorp.com
okernystas.com
oldefrysmage.com
olifangame.com
olustreber.com
olydetrests.com
omnistackhub.com
onebowler.com
onecasinohotel.com
onegocar.com
oneking-field.com
onestersteam.com
onethinkplay.com
onetopgoal.com
onevacationcasino.com
onewinzone.com
onlinefunplay.com
onsersbasket.com
onurestilesh.com
onyxauraco.com
openfunplace.com
openjoyplay.com
openplayhub.com
openplayportal.com
openplays.org
openvoices.space
oredwoels.com
orionrouterplane.com
orlaniqua.com
ottobestgt.com
oucricketsport.com
oudefsodout.com
outbackwagers.com
ovalmythn.com
overorealms.com
ozlottix.com
pafenityr.com
painthouseservice.com
paradisechipshotel.com
paradisehotelcasinoat.com
paradiseshotelcasino.com
paranoidrp.com
parovtra.com
passlords.com
pathofloryn.com
pathofxerion.com
patirsonts.com
pcdrives.org
pearlersfeel.com
peerdesteam.com
pekysi.com
pellermatch.com
peloostplay.com
penetsrenes.com
penrty.com
penthousehunter.com
peoplesplays.com
percyplastics.com
perfectvictoryf.com
perneldysvo.com
phantomfieldfootball.com
pigskindynasty.com
pigskinpicks25.com
pigskinplaysat.com
pigskinprosin.com
pijyla.com
pinupcore.com
pinupdykuxa.com
pinupengine.com
pinupfovipe.com
pinupgylizi.com
pinuphezade.com
pinupjamola.com
pinupkacune.com
pinupride.com
pinuprocaki.com
pinuprocavi.com
pinuprosyki.com
pinupvetynu.com
pinupwarrior.com
pinupwasibe.com
pinupwevopy.com
pinupxuqaxe.com
piqety.com
piseru.com
pitchmastersfantasy.com
pitchoftitans.com
pixasol.com
pixelgamesarena.com
pixelgamese.com
pixelonezone.com
pixelstormgames.com
pixelxpboost.com
pixelyui.com
placetorest.com
planfb.com
plannerblue.com
planqyx.com
planvz.com
planwex.com
planydalesty.com
play-fever.com
play-nia.com
playahuwin.com
playandconnectzone.com
playandflycr.com
playandfunhub.com
playandgamehub.xyz
playandgather.com
playandjoyhub.com
playarenis.com
playaroundzone.com
playatleast.com
playbasey.com
playbondzone.com
playboomzone.com
playboxmanias.com
playboxteam.com
playbridgehub.com
playbuddiesclub.com
playbuddyclub.com
playbuddyplace.com
playbuddyzone.com
playcampzone.com
playcentrals.com
playchesshub.com
playchesspro.com
playchessworld.com
playchesszone.com
playchillhub.com
playcirc.com
playcircleonline.com
playclickarea.com
playclickfun.com
playclickfunny.com
playclickhall.com
playclickmates.com
playclickspot.com
playcliquehub.com
playcliquenet.com
playcloud.space
playcloudhub.com
playcommunityzone.com
playconnectclub.com
playconnecthub.com
playconnectz.com
playconnectzone.com
playcozyzone.com
playcrewcircle.com
playcrewfun.com
playcrewzone.com
playcryziland.com
playcubeonline.com
playdira.com
playdoria.com
playersdive.com
playerslounges.com
playfantasytactics.com
playffbal.com
playflixy.com
playfriendgame.com
playfriendsclub.com
playfriendsconnect.com
playfriendshub.com
playfriendsnet.com
playfunbase.com
playfungamelands.site
playfunhubs.com
playfunlandhub.com
playfunlands.com
playfunlife.com
playfunmania.com
playfunmeet.com
playfunpark.com
playfunplace.com
playfuntimes.com
playfunzonehub.com
playgamesfuns.com
playgameshubs.com
playgameverges.com
playgamezones.com
playgroundonee.com
playgroupfriends.com
playgroupfun.com
playguildhub.com
playhappynet.com
playharmonys.com
playhavenhub.com
playhousefun.com
playhubes.org
playhubmates.com
playhubs.space
playhubzone.xyz
playhypezones.com
playitfantasycr.com
playjkv.com
playjmw.com
playjoinboxes.com
playjoinnow.com
playjoycircle.com
playjoyclick.com
playjoycrew.com
playjoyers.com
playjoyfriends.com
playjoylounge.com
playlandcitys.com
playlinkmates.com
playlinkworld.com
playlobe.com
playlooparena.com
playloopclub.com
playloopgames.com
playloopzone.com
playloungehub.com
playmahjongonlines.com
playmahjongs.com
playmatearena.com
playmatecircle.com
playmates.icu
playmatesnet.com
playmats.xyz
playmexo.com
playmexo.xyz
playmiraq.com
playmixergamehubs.com
playmixerhubs.com
playmno.com
playmoretime.com
playmorewithus.com
playnestgo.com
playnestshub.com
playnetarena.com
playnetbuzz.com
playnexo.xyz
playnfunclub.com
playnqo.com
playnthub.com
playonetrek.com
playontrack.com
playonverse.com
playonverses.com
playonw.com
playpalsclub.com
playparkest.com
playparkzone.com
playpeakin.com
playplazanet.com
playportales.com
playportalfun.com
playpulsepro.com
playpulsezones.com
playqaro.xyz
playquest.space
playquxo.xyz
playraro.com
playrixzone.com
playroomfriends.com
playroomzone.com
playsantys.com
playsbuzz.xyz
playscircle.org
playscirclehub.com
playsdays.com
playsomeglad.com
playstake365-au.com
playstartzone.com
playstreamerz.com
playstreamhub.com
playtacticks.com
playtapclick.com
playtero.com
playtimeresume.com
playtimesgames.com
playtizo.com
playtogetherclub.com
playtogetherz.com
playtogetherzone.com
playtopiaworlds.com
playtoraq.com
playtownhub.com
playtribe.games
playtribe.space
playtribehub.com
playtworelax.com
playunityhub.com
playvergeway.com
playversen.com
playverseonlines.com
playvibers.com
playvoras.com
playwavehub.com
playzari.com
playzavo.xyz
playzens.com
playzixo.com
playzoneblasts.com
playzonefriends.com
playzoras.com
plcricketfantasies.com
plenivra.com
plenst.space
plurixor.com
pofaju.com
pohuly.com
pokerstaar.com
polsersgames.com
polvrenys.com
pomporsden.com
pongo-travel.com
portugalpulses.com
portugalsportri.com
pouldetscourt.com
powerforplayer.com
powerhittersleague.com
powerplaycity.com
powerplayfantasykings.com
powerplayfuns.com
powerplaygamezones.com
powerplaylegends24.com
powerplaypros.com
powersplayfuns.com
powerstrikesport.com
powerupgymm.com
premierfantasycricket.com
premierfootballs.com
prestigehotelcasino.com
primeveritas.com
prism-wash.com
privobatcrick.com
pro-fit-house.com
proactivplays.com
prochessmatch.com
professorzygoat.com
proformax-store.com
profuroseol.com
promotionalproducts.space
prophecyofhaldris.com
proplaygamehubs.com
proplayshubs.com
prosinsports.com
protectivesquad.com
puckdraft.com
puckmastersleague.com
puckrunners.com
pufugu.com
pulse-cascade.com
pulsefitgym25.com
purefunplays.com
pureplayfun.com
pureplaygameworlds.com
purevistatone.com
purvevo.com
pusyqy.com
puttquestgame.com
qahipi.com
qaziky.com
qedexo.com
qehyme.com
qenyfu.com
qiwuri.com
qlxbl.com
qolyra.com
qoplents.com
qoqyli.com
qorovi.com
qowahu.com
quantilink.com
questtimeracket.com
quickchessgame.com
quickplayarenas.com
quickplaylands.com
quickquizes.com
quicksplaygames.com
quinvtra.com
qyfipu.com
qyzose.com
rabelsplay.com
racquetscore.com
rakeppy.com
rapschool.org
raventrox.com
rawimage.org
realmofzorin.com
realscricket.com
realsfungames.com
rebaqa.com
reblineshts.com
rechesfitness.com
redleafrattt.com
redzoneelite24.com
redzonepicks25.com
refreshdiles.com
rehmatfoundation.org
reinirass.com
rellersoul.com
renlatbarb.com
reself.space
resortcasinofaeu.com
resortcasinofsn.com
resortcasinogetaway.com
resortcasinoinyou.com
resortcasinovien.com
resortvacationcasino.com
respawnboost.com
resteriopmes.com
reynerlets.com
reyrelsgame.com
rialtengast.com
rideforgame.com
rinkofglory.com
rinkrivalss.com
rinkrosterin.com
risaspiecesllc.com
robirobo.com
rocketgameszone.com
rofasin.com
rostertactics.com
rouferplay.com
royalcasinohotel25.com
royalishotel-at.com
royalishotel-de.com
rtrogrd.com
rugbydraftpro.com
rugbysaid.com
rulerkarp.com
rummydelta.com
rummymist.com
rummysparkes.com
rummysync.com
rummytrove.com
rummytwists.com
runblitzfantasy.com
runchaserstr.com
runechampionship.com
runeforgebattle.com
runforglorycr.com
runiczneigrzyska.com
runrisers.com
runsmashers.com
runyspell.com
ruserellyfive.com
rynexwic.com
rypera.com
ryrlevelup.com
safecanbet.com
safeplayplace.com
sanefunindia.com
sarabragdonmassage.com
savadora.com
sazelaccesorios.com
scepterofnylvar.com
scrollofdraevin.com
scrollsofvalnor.com
sd-181621.dedibox.fr
seenbasket.com
seldingsgame.com
seldyrsindia.com
selectedbasketball.com
senemat.com
serenquill.com
serlydsfantasy.com
servelegendsgr.com
serventesly.com
servicezanae.com
servilsdoop.com
setandlegends.com
shadleagues.com
shadowforgesolutions.com
shadowofzalthera.com
shalesnyr.com
shardofulveth.com
sharedchecklists.com
sharefunplay.com
sharetribez.com
sharezoneplay.com
sharpcutsin.com
shieldofgarneth.com
shinewavecarwashat.com
shingekinostonk.com
shophqzt.com
shoplypz.com
shopraxyz.com
sicoce.com
sigilofdrevan.com
sigilofmorvain.com
sigilofvalrik.com
sikiby.com
silvenora.com
silverewoods.com
simplefunnelfix.com
sincerelyuncorked.com
sistersofkarenth.com
sitexzq.com
skateordraftice.com
skillbowcrick.com
skycasinohotel.com
skylorian.com
skywavegrid.com
slapshotleague.com
slotsbritain.com
slotslottoco.com
slshopdz.com
slutrabbit.com
smartlifes.space
smartreviews.space
smartsplayhub.com
smashchampionsat.com
smashfantasycricket.com
smilegameclub.com
smilelinkplay.com
smileplayhub.com
smileplayteam.com
smiletapzone.com
smm-eu.com
smoczymistrzowie.com
sneergame.com
snicord.com
sniscord.com
soccerstrategist.com
socialbondhub.com
socialcanadahub.com
socialcanadas.com
socialemeraldplay.com
socialgamelovers.com
socialgamingnz.com
socialgaminsnz.com
socialgliders.com
socialjoyclub.com
socialjoyhub.com
socialloophub.com
socialmatehub.com
socialnesthub.com
socialnewzealand.com
socialplaynet.com
socialswitzerlands.com
softclickplay.com
softgamehub.com
softgamenet.com
softgametime.com
softgroupplay.com
softjoyclick.com
softplayclub.com
softplayteam.com
sokuby.com
solandressa.com
songofdralia.com
sorcererssluggers.com
sorcericket.com
sorcerysoccer.com
sort-ball.com
soulsofvenakar.com
sowahe.com
sparklecarwash25.com
spastayluxury.com
speedyplayzone.com
spellwicket.com
spherefantasy.com
spherionet.com
spinpukeko.com
spinsquadat.com
spinsteras.com
spintacticszone.com
spinvoyager.com
spireofxendros.com
sportbation.com
sportbetproo.com
sportflexin.com
sportgameforce.com
sportgamevibes.com
sportgeniushu.com
sportinfusionik.com
sportivaplay.com
sportivitys.com
sportivohubsplay.com
sportkxye.com
sportonepulse.com
sportsmanians.com
sportsmaniya.com
sportsrivalon.com
sportyau.com
ssncricket.com
stadium-fantasy-play.com
stadium-fantasyplay.com
staresjackpot.com
starleapp.com
starsofnelkaria.com
starstrikergoal.com
startlojicflow.com
startplaytodays.com
steadyhold.org
stickandmagic.com
stockswithticey.com
stoneofyvenor.com
stormer-elite.com
stormerelite.com
stosnbridges.org
strategyprotr.com
stravion.space
streamvanta.com
strengthline-app.com
strikeforcen.com
strikekingcric.com
strikespint.com
studaralightis.com
stumpchampionsleague.com
stumpmastersat.com
stumpstrikerstr.com
stylebarberly.com
successwithtyrell.com
summerpuck.com
sumyfy.com
sunabex.com
sunabqz.com
sunabxq.com
sunabxy.com
sunabzx.com
sunatqw.com
sunaxyz.com
sunbaq.com
sunblup.com
suncrickets.com
sunderfest.com
suneetarakhya.com
sunehy.com
sunerteam.com
sunfje.com
sunhoq.com
sunixyz.com
sunjoyxz.com
sunmazx.com
sunrayab.com
sunrayxq.com
sunrayzt.com
sunrayzx.com
sunrazt.com
sunrazy.com
sunresortcasino.com
sunsetcasinoresort25.com
sunsetresortcasino.com
sunsettbays.com
sunsetxy.com
sunuxyz.com
sunvaqz.com
sunvez.com
sunwvu.com
superfunlaunch.com
superfunzones.com
supergamesways.com
supergoalkeeper.com
superoverleague.com
superplaygames.space
superrunleague.com
supersfunzone.com
swertegame.net
swishroster.com
swishsquad24.com
swordofvaltheon.com
syndeventsoul.com
tacali.space
tactixzone.com
talabathub.com
talkflows.org
talkfusioner.com
talkhubzone.com
talkplayland.com
talkstreamer.com
talkysquad.com
talquoraburst.com
talverions.com
tanivoms.com
tapandgroup.com
tapclickclub.com
tapclickfun.com
tapclickzone.com
tapfunclub.com
tapfunworld.com
tapgameland.com
tapgamenow.com
tapgameroom.com
tapjoinfun.com
tapjoinzone.com
tapjoynet.com
tapnjoyhub.com
tapplayfriends.com
tapplayjoy.com
tapplaymate.com
tapplayzone.com
tappyerfun.com
taptogetherfun.com
tarintra.com
tasklu.com
taursay.com
teaabcd.com
teachynaflownix.com
teamcrease.com
teamfunplayers.com
teamplayarena.com
techexw.com
techiqy.com
technoqe.com
techoxx.com
techoxyz.com
teenlefsport.com
tekaci.com
tekhnotsiatko.com
telremsplay.com
tennisdreamleague.com
tennisforevers.com
tennislooking.com
tennisloves.com
tennismatchpoint.com
tenpinsocialwin.com
thatidaholife.com
theeveryvillaa.com
theholeofthefuture.com
themarsrovers.space
thepanda-drum.com
theresortowen.com
thetopcourt.com
thevalverra.com
thexisiazylnar.com
thicketstrike.com
thisbuildis.com
throneofkalderin.com
throwfireball.com
tianaslore.com
tilionasters.com
timehotelcasino.com
timeyourgame.com
tiqaqe.com
togetherfunplay.com
togetherfuns.com
togetherinfun.com
togetherlinkplay.com
togethernplay.com
togetheronplay.com
token-arc.com
token-beacon.com
token-beams.com
token-crux.com
token-fathom.com
token-fiber.com
token-glint.com
token-intel.com
token-skein.com
toonsleaders.com
top-footballone.com
topcasinoresort.com
topedgepl.com
topfireball.com
topjogoaposta.com
topmahjongs.com
topmasterscr.com
topplayhubs.com
toppotca.com
topshelffantasy1.com
topskillplay.com
topspinlegendsde.com
topspinlegendsin.com
topspinlegendss.com
toshakchi.com
touchdownelitede.com
touchdowntacticiansat.com
touchdowntitans24.com
tranquelina.com
travelinnest.com
trendsbethub.com
tripledoublefantasy.com
trivontra.com
trixonex.com
tronivra.com
truearces.com
trueschanges.org
truesvoices.org
trustcore-daily.com
trustline-daily.com
trustlineu.com
tryinfinityhoop.com
tryzonechampions.com
tryzonerivals.com
tsyfrovatsiatko.com
tunerdesplay.com
tunersplay.com
turbochargefun.com
twinsetbook.com
twinsetcalendar.com
twinsetcenter.com
twinsetcentral.com
twinsetconnect.com
twinsetdata.com
twinsetdate.com
twinsetflow.com
twinsetfocus.com
twinsetmail.com
twinsetmeet.com
twinsetnetwork.com
twinsetplanner.com
twinsetreach.com
twinsetservice.com
twinsetshare.com
twinsetspace.com
twinsetsync.com
twinsetway.com
udnermyplay.com
ugernested.com
ukluckychances.com
ukluckyslot.com
ukslotsgames.com
uktoponlinegame.com
uktvip.com
ultifantasycricket.com
ultimatecrickettournament.com
ultimateovers.com
ultracleanwashes.com
ultrafunland.com
ultragamehubs.com
ultrawavegamese.com
unallarotoparca.com
unicelfcames.com
uniderllball.com
unitypaths.org
urbangameszone.com
urbanshotelsgroup.com
urbiventa.com
vad-rex.com
vahuly.com
valenhora.com
valenxtra.com
valenxtra.space
valontra.com
valorhallfitness.com
vanhor.com
vanleygersy.com
vault-glint.com
vaultblock-hq.com
vedrustyl.com
vegasones.com
vegasvibeshotel.com
velanthora.com
velederdy.com
velmoraresort.com
velvet-chapters.com
ventralvo.com
ventraxo.com
ventroxa.com
ventursaindia.com
veracento.com
veradomira.com
verlosocialhub.com
vernersbool.com
veroltra.com
vestelyusts.com
vibechatclub.com
vibechatspace.com
vibecirclehub.com
vibecloud.space
vibefusions.xyz
vibeparkhub.com
vibeplayhub.com
vibeport.site
vibraplays.com
victorialaverman.com
victorycricketx.com
victorygreengolf.com
victorystumps.com
villanovelle.com
vionursets.com
virtual-onegolf.com
virtual-tennispro.com
visadocscore.com
vistahotellodge.com
voklersygame.com
volentrax.com
volleyupball.com
vonavex.com
vooletersts.com
voondermly.com
vortelixcomb.com
vortexara.com
vortexplaygrounds.com
vosjeuxpreferes.com
vretersynyty.com
vuendersys.com
vuyensylters.com
vuzawe.com
vylliferde.com
vyvoto.com
wabashvalleymassage.com
wagerspherea.com
wantstobelikeyou.com
warpsdrivegames.com
warriorsofthegreenpitch.com
wavefarers.com
wavehotelcasino.com
wealthy-mom.com
weaveyournovel.com
weby-nova.com
weekendintheworld.com
weelplayers.com
wefuxu.com
weledasindo.com
wellcestdum.com
werslernot.com
wicketkingstr.com
wicketwarriorsch.com
wickitcricket.com
wildgameshub.com
wildsehores.com
willandleap.com
wilscove.com
wilsforest.com
wincrickethub.com
winnercricketplay.com
winningwickets.com
winplays.xyz
winwaaaaave.com
winwincr.com
wisdomhouseministries.org
witchy-stitches.com
wizwicket.com
woondsplay.com
word-documents.com
worldoftenni.com
wujaby.com
wulenzkellend.com
wurofi.com
wytyma.com
xadrefnys.com
xanivtra.com
xeolomano.com
xermed.com
xiventro.com
xolefy.com
yardageleague.com
yennyfers.com
yourhotelcasino.com
zamberleest.com
zap-arenas.com
zaqifa.com
zemblanegames.com
zenithcores.space
zenovtra.com
zensterra.com
zernovia.com
zeusclassic.com
zolintra.com
zolontra.com
zonetriq.com
zonetrixa.com
zorvea.com
in4share.com/users/base/cus/

# Reference: https://x.com/PrakkiSathwik/status/2031624100125487483
# Reference: https://www.virustotal.com/gui/file/785c48c170d677ceee0112f843d8959ff7b701866283c2e503451c96c82f63ce/detection

kickstartercareer.website

# Reference: https://x.com/Cyberteam008/status/2035903346314502301
# Reference: https://x.com/malwrhunterteam/status/2049190442084835702
# Reference: https://www.virustotal.com/gui/ip-address/176.125.240.33/relations
# Reference: https://www.virustotal.com/gui/file/69b89845c4f4d92ac33a7cecb47b1eee08e626966ca63b2c537dbe39940ca0b3/detection
# HOST-TITLE=SPIDY C2 - Secure Login

176.125.240.169:443
176.125.240.33:443
45.90.97.211:443
45.90.97.21:443
formainserverlin.site
formainserverlin.space
formainserverwin.online
formainserverwin.store
forwindowstesting.site
forwindowstesting.space
mmmmsys.space
mmmmsys.store
vayusena.online
vayusena.store
ftp.czwaluk.de
t8.formainserverwin.store
tf.forwindowstesting.site
vdsd.whypay.info
vu.forwindowstesting.space

# Reference: https://x.com/Cyberteam008/status/2043891889842291024
# Reference: https://www.virustotal.com/gui/file/2f7f476ea5513d20963ba9834765f9712823ab720b42f101c844e0c148728c3f/detection

204.12.236.177:36826
204.12.236.177:9628

# Reference: https://x.com/Cyberteam008/status/2046056599568200055

2.56.10.46:443
45.13.225.22:443
a.erforias.cam
bitredeem.online
delhibellyindia.com
erforias.cam
moo.bitredeem.online
pokazatelniiprimer.store
servicemasterrestore.me
servicemasterrestore.pro
servpanel-5.xyz

# Reference: https://x.com/goldenjackel12/status/2047562684581941698
# Reference: https://www.virustotal.com/gui/file/dfec14b95671a4f8ec280390b7ae8fe0fedc938c8f86236351b6df62c64608ad/detection
# Reference: https://www.virustotal.com/gui/file/80b4b7b1f00d869958e18f5f1d809603798c634a03453f411711210dbdfcfd91/detection

esevasecurefile.store
monitorondomainwintgt.store

# Reference: https://x.com/smica83/status/2047562832401531378
# Reference: https://www.virustotal.com/gui/file/4edbed6228be3369efbc5c38b1c08d2227f907fd5be0de2bacdb4f51fff8a95b/detection

bossmaya.xyz
makiinindia.online
makiinindia.xyz

# Reference: https://x.com/Cyberteam008/status/2051140637186232355
# Reference: https://www.virustotal.com/gui/file/34396d4460dfba92a7daeb8d4417ce0fb6088fb50055323dc4b8b071a687163a/detection

ceadelhi.in
epolpro.org
mopngs.org
videshapp.in
videshapp.org

# Reference: https://x.com/Cyberteam008/status/2051871665496412608

193.233.244.243:8080
45.155.54.113:8080
45.155.54.123:8080
45.155.54.253:8080
46.253.4.33:8080
85.137.249.224:8080
87.120.244.206:8080
87.120.244.90:8080

# Generic

/h_ttp
/h_tt_p
/htt_p
/h_t_t_p
/h-xmlhttp/
/streamcmd?AV=
/classics/abnormal.php
/classifieds/classifieds.php
/classification/updatecs.php
/Armed-Forces-Spl-Allowance-Order/
/Defence-Production-Policy-2020/
/IMPL_OF_SPL_ALLCE_ORDER/
/ParaMil-Forces-Spl-Allowance-Order/
/mod.gov.in_dod_sites_default_files_Revisedrates/
