Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo MYCWT.COM

Group: clop

Discovered by ransomware.live: 2023-07-14

Estimated attack date: 2023-07-14

Description:

Your Business Travel & Meetings Management Company -  CWT


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abusecomplaints markmonitor.com
  • domain-admin carlsonwagonlit.com
  • whoisrequest markmonitor.com
MX Records
  • mxa-00121102.gslb.pphosted.com.
  • mxb-00121102.gslb.pphosted.com.
TXT Records
  • 2K/FZk45YnYuxFgxqDIXWlbXjTkOSLSsrV2/thQeJcrqUwWSZ31UYGOCBp6/LTULolXk1ZABs4yPpAeEvS+k9w==
  • ciscocidomainverification=4e8b284e7063cbef634e39129f1a804d1ed93a5ce1446a3c04b6a3d79e397474
  • onetrust-domain-verification=a28e655a281c4bfb93e032ca8f96d7e2
  • mixpanel-domain-verify=cae7ac94-4113-4621-abe9-fc3881c55abc
  • onetrust-domain-verification=445f8218d2de4eeeab084b71454cc1ea
  • 82k0jqwrm1gwzshx4409g2c0rlb3cstx
  • MS=ms26519230
  • _0fpf036fx1fcu9k9pilmbtkqgt1woc9
  • onetrust-domain-verification=091430130b034cf19a42050617e71919
  • mandrill_verify.xW4Gc28BxDx4dElzkWos0A
  • nk51ywy8d30mp0wd4px3k4hf9b2cv1rq
  • atlassian-domain-verification=Rx7ktt3AOpV//Cu6belg2dZh8aL9Mv8uqOju4Q3Uybp904l3XgGPW0Yt/FTDUo6G
  • 1zcpwxrsz2bkwyshng5frqg3r6lldrg9
  • apple-domain-verification=pI32db4NIbeSddfY
  • v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com include:ipzmarketing.com include:spf.mailjet.com -all
  • 6xl6l7rprljw9zt3vzflzyfpkzdcvs7g
  • mongodb-site-verification=0Fhtgbp0qob8yVdXyTWb8iih0tPWnmsT
  • amazonses:yw0OjG03gwxpaEbs8dPjSnocDnz2TO7HpKf9LQ/SXzw=
  • amazonses:Ggt82C/fBpjuuvaYvUdb0F8JVuZ2M8GtvQ6SYMwVwRc=
  • kzt0tc08ktk1yzpqfvsm9xgccmlb663t
  • workplace-domain-verification=ovYwmAOvqS1Z1SXdZZmrp9wicDfsHD
  • MS=ms78854671
  • rx162frrkynkhg5rr1h8gfq5060bclyr
  • ky74eYZqzzIqrbZVEInIqtCsnTqztmP3UyNfqjpvNxVeYrUWtZlGbIFX8NKpv2UfKo8zOUpcKO+8lnDQlOuglA==
  • mongodb-site-verification=IiO3AzsBQ3sRr0K17KUyUSGuIHuousWA
  • google-site-verification=pA3P4xqE6zVmkdUja-3IA3tbZlYfxGnSac6V3DLDDy8
  • miro-verification=11151dcc38a2eb676adb1147301fb677c5ef2419
  • ibmid=7721a0ee-de3b-44d9-b799-011d32ff5089
  • amazonses:NU/2vGP768ND9fiTzSKavHYCqhr8tG5j7gdd+oCBGQg=
  • amazonses:auDy8voNTH+3oar+ePzj/yLFH312j5PBMm32NGo6aco=
  • DxZFVxKKIPhwu1xcYtvqZv1JW7R6La0E
  • _qfrmknw21e54hdi9ur9ireyk1dzcw6k
  • c4b3zkmmj1cx9lff7vb516pg5kgq8vn9
  • amazonses:4Z4gJIflwuXr4s12Sk6mBVvozlSQRCTFsf3HkXBU8BA=
Cloud / SaaS Services Detected
Apple Atlassian Amazon SES/WorkMail Mailchimp Microsoft 365 Miro Mailjet OneTrust Proofpoint

Leak Screenshot:

Leak Screenshot