Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Q railing

Group: play

Discovered by ransomware.live: 2025-03-19

Estimated attack date: 2025-02-19

Country: DE

Description:

Germany

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 47

Third Party Employee Credentials: 1

External Attack Surface: 24

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse ionos.com
  • dataprivacyprotected ionos.de
MX Records
  • qrailing-com0c.mail.protection.outlook.com.
TXT Records
  • Sendinblue-code:7d467aa71fd41f4b0ff7b6591670c593
  • ZXztOeCQ
  • MS=ms81580585
  • MF=72e46863-bcd6-4855-a918-efbe40518db2
  • v=spf1 mx ip4:145.253.154.0/28 ip4:176.94.56.2 ip4:176.222.237.98 ip4:217.89.137.106 ip4:91.112.18.62 ip4:95.227.64.91 ip4:194.74.103.82 ip4:84.245.167.170 ip4:98.190.7.242 ip4:91.190.98.153 ip4:62.232.26.6 ip4:81.167.254.202 ip4:82.209.153.50 include:spf" ".protection.outlook.com include:spf.sendinblue.com include:_spf.ism.nl include:_spf.createsend.com ~all
  • d365mktkey=0zVmxuwXyp5k7uPBN725hBmIUgXhiJzt3o3CaW4VNcsx
  • JYXCpx5HIxXE7SYOpvqyEfg5Sm3QF0m0SOJcYvcWkHcILrZ9j51wlYQ2926J5mzoZlZ3mhjcoFA3Iyo4ALG9hQ==
  • k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeMVIzrCa3T14JsNY0IRv5/2V1/v2itlviLQBwXsa7shBD6TrBkswsFUToPyMRWC9tbR/5ey0nRBH0ZVxp+lsmTxid2Y2z+FApQ6ra2VsXfbJP3HE6wAO0YTVEJt1TmeczhEd2Jiz/fcabIISgXEdSpTYJhb0ct0VJRxcg4c8c7wIDAQAB
  • rippling-domain-verification=3e5451be83834ed6
  • docusign=1abd4312-b3cd-44c8-86ab-fe3a9b11c4eb
  • h3sdqfr8b6d2r7e9dkp3to1837
  • google-site-verification=pFhttsIcnf_i_GzLUiNTEUS3JDvYwIDuqpwTa6yBgMQ
Cloud / SaaS Services Detected
Microsoft 365 Sendinblue Rippling DocuSign

Leak Screenshot:

Leak Screenshot