Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Welch's

Group: play

Discovered by ransomware.live: 2024-02-23

Estimated attack date: 2024-02-01

Country: US

Description:

Massachusetts, United States

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 1

Compromised Users: 0

Third Party Employee Credentials: 1

External Attack Surface: 5


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • welchs-com.mail.protection.outlook.com.
TXT Records
  • wzc6j31zsr0hv06y438pbr6cmq0kcphv
  • 199-121-Welchs.azurewebsites.net
  • google-site-verification=PXc585PKIdkiHQ0YTV-zd-R01gsYZkoymYNmWX9go6M
  • apple-domain-verification=jztpvzOYT7juqH68
  • X2VFjd8NglXEwyIx6qi4xIsv/ib0mo4RFjRxRGvnN4IzZQuoX4nl1m3nTimkqMo1FJV8oMeYnc+4n4kI8xhYXA==
  • google-site-verification=ofuIqkR8fSyNiXZKHxJshAS6l_Dihx5d1KwK0nxnu44
  • _e3puaeocx0it3xn46x507o2zhl945l5
  • ms-domain-verification=946966de-5569-4c57-95a1-d1f178aecddd
  • amazonses:8pm8UjsT6XMjincjs/0dfNTovY3xAWMeslJrjkhYkRI=
  • _l39oajbcjzbg9ujlqrccqxc08t8jr30
  • CLObUgnhWIDuWQgdnqlZNV0LDyFAvXGqifx6JSdc4vW7WXVoxj2yKZUm72yMHifNBRVoJOFRc6t79tL7tBvWXQ==
  • ms-domain-verification=909a9dc0-e6d4-454f-b36c-e4101b1d759d
  • openai-domain-verification=dv-j2uK014pN9M9VwaoCYyOA8u7
  • ahYdnRqxp2L0vv9KWS+Daq9YFShRhp+D88KKmrsj2f8biA+J3UUBP3rHJJo2l2Yjc5jHvXYpWmCjLhFPWHcUuQ==
  • jjuQhRLLhVMhcGHnJa2IvybWkbCFSHcItdt11h1JaqzsXP5Wr2uIMhaPTzrP6wxUbBBGBttvswJEW5EVW0evQg==
  • dlbb3k913xq8x8q2fpxl81qrtjdz4nfb
  • docusign=fbe8f663-a02e-4852-ac21-ddbc7b2a8eb0
  • ms-domain-verification=9b2b98c3-2f53-4684-80bc-b39d392d001c
  • MS=ms81020421\0111 Hour
  • ms-domain-verification=5ebfa7b6-c357-4e45-9247-46ece504a167
  • ttXB9NaaZhzYYd6II7NJII+pjj9NCJp/A8KDUxXQbpfjtPyoZdCXLHbGRSzT5ukn9cW30vEjeRtLjknE0NzDXw==
  • ms-domain-verification=06493bd3-2b42-4834-b586-296d318ce20a
  • ms-domain-verification=129db5f1-e207-46cc-91ff-c587bd588fa4
  • ms-domain-verification=6f2d73a1-c532-4e18-821d-f9d8055b2201
  • facebook-domain-verification=en20w0b5omi9p74qzy2z2zahapus4l
  • ms-domain-verification=00d9db1f-f834-43a1-a5bf-9b16e176674f
  • v=spf1 ip4:3.214.204.181 ip4:44.211.178.112/28 ip4:66.203.91.171 ip4:3.101.216.144/28 ip4:66.203.91.174 ip4:162.220.105.36 include:us._netblocks.mimecast.com include:spf.protection.outlook.com -all
  • 05768897-a309-487c-8c8c-5c42523b571c.
Cloud / SaaS Services Detected
Apple Amazon SES/WorkMail Microsoft 365 Mimecast DocuSign

Leak Screenshot:

Leak Screenshot