Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Metro Transit

Group: play

Discovered by ransomware.live: 2023-10-11

Estimated attack date: 2023-10-09

Country: US

Description:

Missouri, United States


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • registrar-abuse cloudflare.com
MX Records
  • usb-smtp-inbound-2.mimecast.com.
  • usb-smtp-inbound-1.mimecast.com.
TXT Records
  • v=spf1 include:usb._netblocks.mimecast.com include:_spf.elasticemail.com include:spf.mandrillapp.com include:_spf.psm.knowbe4.com +ip4:38.65.101.3 +ip4:139.60.0.0/22 -all
  • MS=ms17612083
  • MS=ms62989842
  • MS=ms76993592
  • api._domainkey TXT k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB
  • docusign=d22e7be5-6082-47b2-9ebb-8fb6cde118ab
  • duo_sso_verification=BYrdybGsz6ASg1zhAd0b6U9aTb9rwySjZLYX0ozZ6WTabf9Q13s6pm9QUfeIdSUM
  • slack-domain-verification=eTYSmmmdsK1GsNyjNpu3r4km48Vi04MZSYMuJH6Y
  • tracking CNAME api.elasticemail.com
Cloud / SaaS Services Detected
Microsoft 365 Slack KnowBe4 Mandrill Cisco Duo Mimecast DocuSign

Leak Screenshot:

Leak Screenshot