Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo DataBank

Group: hunters

Discovered by ransomware.live: 2024-04-03

Estimated attack date: 2024-04-03

Country: US

Description:

Country : United States of America - Exfiltraded data : yes - Encrypted data : no

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 14

Third Party Employee Credentials: 4

External Attack Surface: 7


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse godaddy.com
MX Records
  • us-smtp-inbound-1.mimecast.com.
  • us-smtp-inbound-2.mimecast.com.
TXT Records
  • adobe-idp-site-verification=b5d1110d2b9f34634b0ad8b70052770ce80e1384fbd7deb290100b1829167661
  • _5wgpssokhbpthxifqbmrzu8falaq1ec
  • docusign=84a746c6-b375-44ab-9793-c995cd466ddd
  • apple-domain-verification=XNW6eFBxsRXSQaQU
  • 3SNx44T/tuKm6QDpN7HhS98hdwwYDpq3TkceAPfoR2tIJAbELnijtkMyH1sTc4Hu7iiE7Ntk4RKOYaiYpHOCkg==
  • google-site-verification=sjxidVRuPHreK5aMf2oydOBjbvGkVI6QYbDJr3fC-Yc
  • linear-domain-verification=bjem58witjc7
  • google-site-verification=ZBrEGVdDzj3Ac3U1nYYvwizc0KOdIOgekIyh6J2NcN8
  • g1jfpczqfxpdd0ns1pt3sg7j365g23sv
  • kqwqhn0nmkw26mr8vbppl5fpg3gfbcdx
  • sophos-domain-verification=5ba6ff29c928c44229da4befe7528455dcf6abd4cc5c9df29250ecd645455bc5
  • _ptjslrx0doimibyclb6c6ibmkagpzfa
  • traction-guest=8ae58353-ca5a-44f0-92a9-c344b1cc28bf
  • d32llk1pd245f125lbgswwpzdkjfc64n
  • QYESIYJFNOX0RC2J1K4XU9QQFW1D6HVN0AES0Q8K
  • pp9cd9yf7tb1bft4tc0866g28gghc3yg
  • n4r3821v5vnjnr1yrhnnx5sz8vskv4ld
  • MS=ms87186691
  • 1f3hs22cxl6ysf50zdd4qhcks114swnr
  • _cvxxlsceop3gfnoesbf6ga1cb0jkd4b
  • drift-domain-verification=423dbfe429cd08e07c3d48a593d9b52e5143f68d01980830cd54f3071f3216b3
  • pardot1103952=b226be1bd7f4945edcbe012a695a082307cf377291d8e5aece4e84049b10a4f1
  • autodesk-domain-verification=0gB_z-cmq-QjN14WmvRL
  • _ec2jbhiphzeiz49ddvbwhpb0mva5dug
  • vpkzysrvn6jkhng7hndl1882mgwh40bn
  • lwq0zh9g7lm4bqy6x4xts2bn1r65s3g1
  • yzb7hntft2ywn8k6wmfp5tbdqxw3vj3z
  • sending_domain1103952=2d53ae2fb5b71fe3c34149b51a58b91ebf2203c108b2457eeeb4ffd18f6a48db
  • google-site-verification=EQIy3EourbHObr1qNCZpHuUvLDmxE50jNcM0s8Oc3lQ
  • _ajc5vjj83brvwgkk84k6jw13rzceff6
  • pardot1103952=95751933f6c22a69703554d93b5d1c307aeb7fd4bf782ace46d3ae46998ac7ba
  • trend-micro-v1-domain-verification.08bdcd4cd0811f58d852a103bd2b8389=193aa8ba-6ed5-402b-8d2c-267947b77521
  • v=spf1 ip4:69.63.128.0/19 ip4:69.43.143.32/27 ip4:69.43.143.96/27 ip4:69.43.169.32/27 ip4:69.43.189.196/32 ip4:208.89.117.250 ip4:146.88.176.254/32 ip4:209.43.55.102/32 include:spf.protection.outlook.com include:sent-via.netsuite.com include:us._netblocks" ".mimecast.com include:amazonses.com include:_spf.salesforce.com include:rp.oracleemaildelivery.com ~all
Cloud / SaaS Services Detected
Adobe Apple Amazon SES/WorkMail Microsoft 365 Salesforce Autodesk Mimecast DocuSign Sophos

Leak Screenshot:

Leak Screenshot