GTU DATA LEAK

 Cyber crime Police Station I C.R.N0 . 11191067200119, U/S 43(a), 43(b), 65,
66, 72 of IT Act Dated- 31/07/2020
Case Detail  Complainant: Kanjibhai Naanbhai Kher, GTU Registar, R@: Quarter NO. 10,
GTU Quarter, Chandkheda, Ahmedabad City
 Case Short Detail: GTU had conducted online pre-checked trail test. Before the
said pre-check test exam could be conducted; ID proof, photographs and
personal details of almost 1200 GTU Students who appeared in Pre-check trail
test have been hacked/leaked from GTU authorized website and gone viral &
uploaded on www.gtu-exam.github.io/pre-check-trails-students/ & other
websites.
3

Websites/links where
data uploaded 1. http://gtu-exam.rf.gd

2. http://gtu.hackx.com

3. https://gtu-exam.github.io/pre-check-trial-
students
4

1.http://gtu-exam.rf.gd
Links hosted by IDs  Hosted on infinityfree.net

 Email Id Used in crime

• compliance@infinityfree.com
• abuse@infinityfree.com

2.http://gtu.hackx.com
 Hosted on www.tucowsdomains.com

 Online portal to report abuse

https://tucowsdomains.com/report-abuse/
5

https://gtu-exam.github.io/pre-check-trial-students/
Links hosted by IDs
 Github repository named “pre-check-trial-students” was
created by username “gtu-exam”.

 During the time of investigation the directory was deleted.

 While doing OSINT on github “pre-check-trial-student” was

uploaded on another github repository “anoxdleo”.
6

Repository Created by “anoxdleo”

Repository
7
Pre-check-trial-students folder
8

Folder with images

9

Sample Data
image
10
Commit History Showing “gtu-exam”
11
“gtu-exam” doing commit on repository of “anexdleo”
total 1259
12

Commit according to What is Commit?

GITHUB
 To add anything in the directory , user will have to “commit”
the data with prior permission of the owner of the repository

 According to GITHUB, no one can commit without prior

permission of the owner of account
13

Anexdleo OSINT of “anexdleo”

Username
 We found following public profile with same username:

1. https://www.linkedin.com/in/anoxdleo
2. https://dribbble.com/anoxdleo
3. https://www.freelancer.com/u/anoxdleo
4. https://www.behance.net/anoxdleo
5. https://www.instagram.com/hell_of_night/
14
Checking other repository of “anexdleo” we found
15
Instagram of “anexdleo” a.k.a. Mohit Chothani
16
“Neer Choksi” friend of Mohit Chotwani
17
Personal Details of “anexdleo”
18

Other domain Further we retrived data from below sites:

Technical Data
 https://github.com/anoxdleo

 https://github.com/gtu-exam

 Details taken from legal@support.github.com

• Github, Inc.
• c/o Corporation Service Company
• 2710 Gateway Oaks Drive, Suite 150N
• Sacramento, CA 95833-3505
19

https://github.com/anoxdleo
Technical Data
Domain Purchased from Infinityfree.net

Registered Email ld gtubaba@fexbox.ru

IP Logs
Date of Registration:
1) 164.52.192.222
2020-07-29 09:56 PM IST
2) 164.52.197.130
20 In server logs following IPs were suspicious:
1. 203.192.193.206
2. 164.52.197.130
164.52.192.222 = 0
GTU Web Server 203.192.193.206 =5
Logs Sr. Enrolment Name Email ID Mobile
No. No. Number
1 160950107104 SIDDHANT BANE thatao.sid@gmail.com

2 160640107044 SHARMA PRATIK Sharmapratik851@gmail.com 7405620028

RAJESH 9099929951

3 160950107103 SHUKLA PARTH parth 180198d@gmail.com 7043882089

DEVEN

4 160950109012 PATEL patelaksh76@gmail.com 8320728009

AKSHAYKUMAR

5 160950109029 VARGHESE AARON me@aaronvarghese.com 9909091494

LALU

 IPDR of 203.192.193.206 visited 164.52.192.130:

VARGHESE AARON LALU 9824050041 1-1/7 Jalanand Township, Refinary Road. Gorwa,
Vadodara 390020 Vadodara., VADODARA, Gujarat.
India
Thanks

21