BLUEFIN.COM
BLUEFIN.COM
Group: clop
Discovered by ransomware.live: 2023-07-19
Estimated attack date: 2023-07-19
Description:
Bluefin: Payment & Sensitive Data Security Solutions
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- abuse godaddy.com
MX Records
- alt1.aspmx.l.google.com.
- aspmx.l.google.com.
- aspmx3.googlemail.com.
- aspmx2.googlemail.com.
- alt2.aspmx.l.google.com.
TXT Records
- intacct-esk=4FED1A61736D1231E053EB06A8C0E242
- google-site-verification=_s8Co2ymGzEL30sOy7H7dEELJlOFMbkNW0DWQcnCoow
- pardot878932=967137336c123c984d66207c477a5fe019d2be05e694e0f957e330d7105ae388
- v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxSvaqvZjyEzkYcemg9mFJmCosmpU61eBEMyQzCYmN4XF0+lLrl0rsFOAyUNNEKGy9A9jNAi3UULaEYj9fRzG4klA2RDjTSBPwgVgtSERO90PjBtrTAxsL1Ofn5s0JsChKwpARtLhtar8wPeTWqxy/S5+92KLLNvZ8k91fh/lyyQIDAQAB
- MS=ms29393676
- status-page-domain-verification=pq9vvmfj0l9f
- v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCRm2l3MCs3VRN9R8iwfSGfOScAtum/vWd5dUSP/ApZxnDtcz+HpoE2HlYsY7YnC8/TzNElD6eD9mi7a+/whBQK/YUveH6rBW9usoaO9S+Z3bNpDK29t9cHE8GotS6Sd8DT+d15UlZH1SKgRRqgGi9DM9R45tWR9I/jJX/x91aKawIDAQAB
- v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwd7YolubvU+LjVVk5zzllHZID8z8rFji/IfaYoY2OToYfxskQp1OaZNBXCyhsIAVMF5oeVUf2GU8G61jjNwhMfNaV5tM6mOHE1r8jKNKPf93GFJ4PYjkkZ3wYwSAqSaS+czGAL0dcXn5UALKNMmzXdBa5gtzCribyZeYVRy8JAQIDAQAB
- globalsign-domain-verification=350A04D3A23ECB1AC67A6DDA3E5396A1
- v=verifydomain MS=3723145
- v=verifydomain MS=1173620
- v=spf1 mx include:_spf.google.com include:_spf.salesforce.com include:aspmx.pardot.com include:stspg-customer.com ip4:172.217.197.26/32 ip4:20.81.54.65/32 ip4:23.21.109.197/32 ip4:23.21.109.212/32 ip4:34.197.134.60/32 ip4:34.199.159.209/32 ip4:34.251.106." "174/32 ip4:40.97.223.114/32 ip4:40.97.230.178/32 ip4:40.99.227.146/32 ip4:40.143.226.0/24 ip4:52.49.201.246/32 ip4:52.49.235.189/32 ip4:52.96.16.162/32 ip4:52.96.40.114/32 ip4:52.96.79.18/32 ip4:52.96.97.178/32 ip4:52.96.122.66/32 ip4:52.96.164.130/32 ip4" ":52.96.165.50/32 ip4:52.96.165.130/32 ip4:52.96.172.114/32 ip4:52.96.182.2/32 ip4:52.96.184.18/32 ip4:52.96.184.50/32 ip4:52.96.186.162/32 ip4:52.96.191.114/32 ip4:52.96.222.194/32 ip4:52.101.10.9/32 ip4:52.101.68.20/32 ip4:52.101.68.28/32 ip4:52.101.73.3" "/32 ip4:52.101.73.20/32 ip4:52.101.132.29/32 ip4:52.101.132.31/32 ip4:63.236.100.0/24 ip4:64.88.185.182/32 ip4:64.132.109.48/28 ip4:65.38.22.85/32 ip4:66.77.16.0/24 ip4:66.162.193.224/28 ip4:66.192.165.128/28 ip4:67.214.105.119/32 ip4:67.220.105.106/32 ip" "4:69.166.133.128/29 ip4:69.166.133.224/29 ip4:69.166.133.232/29 ip4:74.202.227.32/27 ip4:147.160.167.14/32 ip4:147.160.167.15/32 ip4:184.172.50.87/32 ip4:185.183.31.105/32 ip4:205.220.184.73/32 ip4:207.254.213.192/26 ip4:209.136.213.98/32 ip4:216.27.84.64" "/27 ip4:216.27.86.128/26 ip4:216.27.93.0/25 ip4:54.197.5.236/32 ip4:44.210.166.32/32 ip4:54.164.173.191/32 ip4:3.211.210.226/32 ip4:44.206.9.87/32 ip4:147.160.167.0/26 ip4:148.163.144.176/32 ip4:204.193.146.84/32 ip4:52.101.9.12/32 ip4:52.101.9.0/32 ip4:5" "2.101.9.11/32 ip4:52.101.40.24/32 ip4:85.22.38.65/32 ip4:67.231.152.116/32 ip4:167.89.0.0/17 ip4:208.117.48.0/20 ip4:50.31.32.0/19 ip4:198.37.144.0/20 ip4:198.21.0.0/21 ip4:192.254.112.0/20 ip4:168.245.0.0/17 ip4:149.72.0.0/16 ip4:159.183.0.0/16 ip4:23.25" "3.182.103/32 ip4:23.253.183.145/32 ip4:23.253.183.146/32 ip4:23.253.183.147/32 ip4:23.253.183.148/32 ip4:23.253.183.150/32 ip4:166.78.68.221/32 ip4:167.89.46.159/32 ip4:167.89.64.9/32 ip4:167.89.65.0/32 ip4:167.89.65.53/32 ip4:167.89.65.100/32 ip4:167.89." "74.233/32 ip4:167.89.75.33/32 ip4:167.89.75.126/32 ip4:167.89.75.136/32 ip4:167.89.75.164/32 ip4:192.237.159.42/32 ip4:192.237.159.43/32 ip4:159.112.242.162/32 ip4:159.135.228.10/32 -all
- rippling-domain-verification=4570281936eb3d4a
Cloud / SaaS Services Detected
Microsoft 365
Salesforce
Rippling
Leak Screenshot:
