Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo City of Columbus, Ohio

Group: rhysida

Discovered by ransomware.live: 2024-07-31

Estimated attack date: 2024-07-31

Country: US

Description:

City of Columbus, Ohio

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 1

Compromised Users: 112

Third Party Employee Credentials: 5

External Attack Surface: 35


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • No emails found.
MX Records
  • mailgwa02.columbus.gov.
  • mailgwa01.columbus.gov.
TXT Records
  • adobe-idp-site-verification=01fcd68ee0fa34a781079f9b575682c036d36cd9c7646bba7551c52f00abbd9a
  • ssw9xlqgfftw0prvzm8hkkyccnfljtk5
  • v=spf1 ip4:206.211.177.17 ip4:206.211.166.63 include:gateways.firstdata.com include:_spf.salesforce.com include:spf.mailjet.com include:dayforcehcm.com include:spf.protection.outlook.com Include:spf-001b4a03.pphosted.com ip4:208.6" "4.237.225 ip4:208.64.239.226 " "ip4:63.101.151.0/28 ip4:208.185.229.45 ip4:35.80.141.6 ip4:44.229.121.55 ip4:208.185.235.45 ip4:216.206.180.107 ip4:216.206.180.108/30 ip4:69.5.90.9 ip4:170.153.66.12/31 ip4:208.75.123.0/24 ip4:205.207.106.10 ip4:205.207.106.11 ip4:205.207.106.12 ip4:205." "207.106.13 ip4:205.207.106.14 ip4:205.207.106.15 ip4:205.207.106.16 ip4:205.207.106.17 ip4:205.207.106.18 ip4:205.207.106.19 ip4:205.207.106.20 ip4:205.207.106.21 ip4:70.60.23.38 ip4:173.239.96.20 ip4:207.178.215.101 ip4:208.91.114.151 ip4:66.11.19.64 ip4" ":52.161.92.147 ip4:52.161.95.89 ip4:168.245.5.8 ip4:54.240.62.215 ip4:54.240.62.216 ip4:54.240.62.215 ip4:54.240.62.216 ip4:205.220.165.224 ip4:205.220.176.170 ~all
  • docusign=48865f14-9d62-45dd-829c-dc0eeedf5a54
  • ywgcc357ywpqknwb021d2rvhlbgyctjb
  • j7fP8kgDEnTssBLpEopT/L7SVVkTrplaMqxG/baOnoQE1ju4rqnuS+sGFfwRqpFfgZdS4OiS8Qw1/eivmwZzsA==
  • apple-domain-verification=Yn91wQ5MM5nXIN0R
  • globalsign-domain-verification=E9DA6B89EEF8422B0DFD23843630C095
  • facebook-domain-verification=cytelj3bpsqje66qmbht9sohamhoe8
  • cisco-ci-domain-verification=d953cad7e6e0c4ebbb323a0b4533677d902667338ad266111862b2edb0c1a89
  • apple-domain-verification=0I3LA1pIPE8GFRCP
  • 2Ls86WhH9p3CTznb7Gqe46a5c9QcFmh25GfY0SwIAeDUf49j5PJW4DJR4OIuTfvOIFgRf7S6XacrcT5znQvIIg==
Cloud / SaaS Services Detected
Adobe Apple Salesforce Cisco Mailjet DocuSign Proofpoint