WERUM.COM
WERUM.COM
Group: clop
Discovered by ransomware.live: 2023-06-26
Estimated attack date: 2023-06-26
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- domain-abuse internetx.com
MX Records
- mxa-0054b501.gslb.pphosted.com.
- mxb-0054b501.gslb.pphosted.com.
TXT Records
- rb1qdxhgnf3vdg49zyxs2yl08cr9w18g
- sg9rrn75fq4chcv46sm7mzw3mf6ms4jb
- v=spf1 a mx a:c.spf.service-now.com ip4:83.246.101.231 ip4:185.237.66.150 ip4:3.93.157.0/24 ip4:3.210.190.0/24 ip4:18.208.124.128/25 ip4:54.174.52.0/24 ip4:54.174.53.128/30 ip4:54.174.57.0/24 ip4:54.174.59.0/24 ip4:54.174.60.0/23 ip4:54.174.63.0/24 " "ip4:139.180.17.0/24 ip4:143.244.80.0/20 ip4:158.247.16.0/20 ip4:198.245.81.0/24 ip4:136.147.176.0/24 ip4:13.111.0.0/16 ip4:136.147.182.0/24 ip4:136.147.135.0/24 ip4:199.122.123.0/24 " "ip4:45.153.90.164 ip4:62.96.153.59 include:spf-0054b501.pphosted.com include:_spf.salesforce.com ~all
- zoho-verification=zb45688361.zmverify.zoho.com
- 9f4v70k2r66qvtbcnldjp5hrxlqtv2j5
- MS=ms18813379
- MS=ms35255257
- _e3z3apznqy1akavpnxi4pe34sy5h5ay
- _gjf4g2a8xlx1gfj5d2krzf66h02siy7
- c3q43cs2d87rntwbmjh2y453x8zvlw10
- have-i-been-pwned-verification=40f6835633d9261b00bdcc114f3a590c
Cloud / SaaS Services Detected
Microsoft 365
Salesforce
Zoho Campaigns
ServiceNow
Have I Been Pwned
Proofpoint
Leak Screenshot:
