This analysis explores the infrastructure of APT36, also known as Transparent Tribe, using passive DNS and host response history. Starting with indicators from a CyberXTron report on a targeted phishing attack against Indian Government and Defense, the investigation expands through DNS history, IP pivoting, and host response analysis. Key findings include shared name server patterns, non-Cloudflare IP addresses, and connections to previously unreported domains. The research identifies potential new infrastructure using ETag pivoting, revealing domains with similar subdomain conventions to known Transparent Tribe assets. The methodology demonstrates the power of comprehensive DNS data and host response history in uncovering hidden connections and potential threat infrastructure.