NORGREN.COM
NORGREN.COM
Group: clop
Discovered by ransomware.live: 2023-07-05
Estimated attack date: 2023-07-05
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- domainabuse cscglobal.com
MX Records
- eu-smtp-inbound-1.mimecast.com.
- eu-smtp-inbound-2.mimecast.com.
TXT Records
- pardot1032301=e53c08d4cc655a49aafd9460a20e84be34e974c210f6517cb1f2bd1cf26a23e3
- pardot1070292=ad04395315074f6fced2bbde1b9c7229a7f78e90dd459d057fa01990ebc47ab2
- pardot505441=bbe1fe2879f1145d000fc4b34be99e956712c7a7894e33bb5ddd0ca01d3ed75f
- pardot_4022_*=b3303db70d72e658f7cc647e7c8944a96aa560df8991f7c09177191eb615cc59
- rujtzxsnaAoYrVYNbZ7OUoMtUgpP3jMgxtLIlqa1y/mRHtSijDRG452IqafanE0Dq28ULiUW2t+PmHOm5wiCVg==
- sending_domain1032301=f585e621bbb5ea686a63f993be8d1d069c7cb92fad20b4976ee932c5bf83243a
- sending_domain1070292=8feef158edb62205de2f078b8db044be49cbff7efeff8f99605c9ae941bac14c
- unbounce=332819
- v=spf1 include:spf.protection.outlook.com ip4:87.127.239.114 ip4:87.127.239.115 ip4:213.23.122.221 ip4:213.23.122.222 include:aspmx.pardot.com include:spf.mandrillapp.com include:eu._netblocks.mimecast.com -all
- 9sgrv019j5n361v1kinlvlqlgv
- google-site-verification=THyi_he1LHMdNeXlB2KFTeAwhMRxt2p3AKvxBOsr2fY
- j8l1a5rlbf99vt62i25d3ll020
- pardot1032301=da22a8b64468ef234aa19680ed64f7aa96f3ac7fd2328a5b40173b75dcb8d6bd
Cloud / SaaS Services Detected
Salesforce
Mandrill
Mimecast
Leak Screenshot:
