AON.COM
AON.COM
Group: clop
Discovered by ransomware.live: 2023-06-16
Estimated attack date: 2023-06-16
Description:
Better Decisions - Commercial Risk - Health - Reinsurance - Wealth - Aon
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 57
Compromised Users: 3138
Third Party Employee Credentials: 106
External Attack Surface: 131
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- domainabuse cscglobal.com
MX Records
- aon-com.mail.protection.outlook.com.
TXT Records
- figma-domain-verification=d620b889974ad0d1fdd07942f67906d3087c0ba734f56aa07c7c919b027f6245-1752694145
- stripe-verification=cd9241476913b8b96233ec2fec5c213ea6582ab618d8b6f2dd27df0238c8beba
- aon-mclagan-investor-surveys.azurewebsites.net
- cloudhealth=b7b8a55b-59ba-4546-950b-6809b5b27533
- yahoo-verification-key=xIcnI6b7TC4c7/lnzIefhwrkJKcwh0pi54N7x1HNxuU=
- stripe-verification=19752c5103355dcd7f6ba82d8b6d8a3b5b104341e1aaf62aad6a98ae73727445
- stripe-verification=50e561f7b38b3cbc106ba493ef6cb116978846d076b0c491697512fc7ed61ed8
- spf-au.iress.com; au1smtp.iress.com.au
- docusign=897bb959-9a55-472f-9dc6-297e76d60509
- google-site-verification=9fxlEhlFADQFRrN9iXlV6E0ITsMSnRBD1nOgWK00hu4
- v=spf1 include:spf.aon.net include:%{i}._ip.%{h}._ehlo.%{d}._spf.vali.email ~all
- ms-domain-verification=c1611657-822d-42a7-a4f5-14dd8dd7e82b
- cloudhealth=21c504b4-3738-4cbb-8f0d-66a1b0366d82
- docker-verification=5d2997cb-5b32-44c6-add7-a864a586843d
- ibmid=7ffa7167-ef8b-4097-a8fd-585812375a73
- 5f923f19-d439-4f87-8b12-bc624a7fce04
- stripe-verification=c1d8f1d9f4eaa9c14f1e3680afc3dfa18bf382409df348abf70dc734af83971d
- onetrust-domain-verification=462bc09312a54e0a8f5c1c37e362a97d
- ms-domain-verification=be23387f-2dbc-477d-84e9-e2b2bf5dffa3
- amazonses:YMAOVs9ptRA+eRfNkdSA65eT2xV34wExoCfVEg/4pQI=
- smartsheet-site-validation=r_A0A11a_4OfDrkos3OImg62T_2JORPc
- cisco-ci-domain-verification=1b229c06e22daaae0b61037921b6f562b8a0f5e74d3c397b2bac18d823f8aa0b
- google-site-verification=CMPgf3BxpQ7WrlljaAH-laYA8ahhSCuwzOB2Se-radI
- yahoo-verification-key=Wix6z22rEtScsoxVTcG+aq5NWE+ZuSudt6Vb+QJvp5w=
- _an2rf31709humwgzn4mhyfyofczb0qh
- google-site-verification=B1xVyEjI7Oy-M-0HncjZit1y09vNQ6KDq3UJSo9QNcM
- stripe-verification=9df87df7bf1b5eabb56726455b343007ce0dd57389542b6565ca891c956dac33
- stripe-verification=c469db77c1c298fd4ed7c2e09777cb4aea6da824ee739a0cf7a54431c2da89f3
- mandrill_verify.AArsyFKIBMQLWezOxzMX0Q
- lPaKmQd4OuzaLI80NuYf4oWjjioQHHrv
- vmware-cloud-verification-b5ca0c82-8621-4617-b94c-c636e69edcaa
- _github-challenge-aonplc-ent
- segment-site-verification=lPaKmQd4OuzaLI80NuYf4oWjjioQHHrv
- apple-domain-verification=qfSPYt9mXSzlJmR7
- so3JwnjOqgmyARrpUm7owLeCOZ0kApg7ZxFL2hOUP4noVN5hU5yo92/0UhpDEqhtNtR8TymW/ePy7Aop1caIOA==
- onetrust-domain-verification=bf65a86be4084c06a6ff98085056f072
- k=rsa;" "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0B2BEyvbwtiYE9r9e5Y52GljiATMf4IcLw6EY/mcMUwIaJlAZWuaUvrhz/2CeWRsqB04yFaySzkV/YxMSMZRakPt3gbUDFiFdW160Pot294a9s4Sll52/P2gpQUFtiY+jdOZbc9ZD4pFpyZpOwL22xFg39lX6VybdFV/Ti5xapQIDAQAB
- _16012i7dexg6eajc3zuu74j4dk085di
- v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMV0tAmQNF4IZmHtdO0TxjFYIz+P3SNdfzEC6NfWJlvmHx9X0tnqYdjfyNEAZqObL9arr8cY7UjAxwatBIl8jc254GEcyHxf2o8S9oZj6iBnSWNGKbPEXAlCSiETmkebdtzAUvU44kQ1zB+ELew67gguDEoXSRbX+7uk3svn4XwIDAQAB
- ms-domain-verification=2bf72f2e-c25e-4e2e-b62d-a48e8f2207f5
- yW+Ww2obkqaTg1q2U9nXJieN9l992Jn23sX2nq+bP1pQgUrI500DoAEhjdC/ES089waFff6KzHY3XHPup7IACQ==
- jamf-site-verification=eTzZ9qT2il9YOKYog5Zjxw
- zywave-domain-verification=zW11vnQwSJwDxrNDnGvswjeUItUyL2AC0XumU/FjBv8=
- flexera-domain-verification-dmglgarnbjmgayje
- atlassian-domain-verification=yGRztRDc9kCq/anB63h3TyR0rJnrq7d5GaReJggmA8/YuYfX69I6fsiGNC2rdBom
- atlassian-domain-verification=4B2A1eOljaMNfiq1qW4Tx9HaqNAF1u4H5dr39luRvEgNiG7L2ppWq4CMmGuDpBRX
- f+W2NPk2W4z5yQtup/YYp00LUyaVo0MHnuKZiNMk8PQ=
- _sx9uo3v6iotet8mg9k2yczsg0bykfz8
- facebook-domain-verification=51aki2xlid1syv11p2gqu9uns1m2mg
- stripe-verification=14b715c20711b5f86190064cc0d324c721a8b99efee96b4710557e6dadbad74b
- docusign=81f813fa-784a-414f-882a-567d40872cec
- webexdomainverification.4C675B877D2DB136E053AB06FC0A3F65=f577defc-2876-4313-aae9-fe8bb04ca0b9
Cloud / SaaS Services Detected
Apple
Atlassian
Amazon SES/WorkMail
Mailchimp
Stripe
Segment
Flexera
JamF
Cisco
OneTrust
DocuSign
Cisco Webex
Leak Screenshot:
