Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Tyler Technologies

Group: ransomexx

Discovered by ransomware.live: 2020-09-23

Estimated attack date: 2020-09-23

Country: US

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 16

Compromised Users: 770

Third Party Employee Credentials: 14

External Attack Surface: 120


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse support.gandi.net
  • bc0592bb753f23e57bb7e1df1250a605-3459374 contact.gandi.net
MX Records
  • mxb-0018e002.gslb.pphosted.com.
  • mxa-0018e002.gslb.pphosted.com.
TXT Records
  • miro-verification=8e094a14524487d0fe6477c29fad9a0e7a4c15a7
  • _amazonses=HjuU0IkjjEtzIE9xK7YObsC8s1rN/0ESfq4IkSGm9Ao=
  • intersight=8f8af9005f34c7a38e93ebfafe55dea625abe631a1682ff9a2cf812501ada289
  • iOS-enroll=https://ldcsa.tylertech.com/rtc/yarpvsvlandesk/MDM/api/v1/enroll/IosEnroll
  • 447e02a1557fe026
  • citrix-verification-code=6e52a463-d71a-432e-aadc-a0637cfc5b52
  • msfpkey=16pajsdgm7gh1ky8y4eqox4np
  • 74fe9dd9c74b4cf09c28f6331d98fead
  • v=spf1 ip4:208.56.1.0/25 ip4:135.84.68.123 ip4:67.231.152.0/24 ip4:67.231.153.0/24 ip4:67.231.154.0/24 ip4:67.231.155.0/24 ip4:67.231.156.0/24 ip4:67.231.144.0/24 " " ip4:67.231.145.0/24 ip4:67.231.146.0/24 ip4:67.231.147.0/24 ip4:67.231.148.0/24 ip4:67.231.149.0/24 ip4:148.163.128.0/19 ip4:52.6.44.126 " " ip4:52.207.153.36 ip4:207.166.95.11 ip4:207.166.92.11 ip4:205.220.176.110 ip4:205.220.164.110 ip4:208.185.229.0/24 ip4:208.185.235.0/24 " " ip4:148.59.108.0/23 ip4:148.59.106.0/23 ip4:174.129.192.189 ip4:208.64.232.0/21 ip4:207.182.192.0/19 ip4:66.231.197.180 ip4:24.97.227.131 " " ip4:198.61.157.217 ip4:52.210.173.117 ip4:34.254.118.201 " " ip4:66.64.15.72 ip4:50.57.196.144 ip4:72.46.76.0/22 ip4:207.189.98.224/27 ip4:207.189.124.224/27 ip4:207.189.125.224/27 ip4:204.156.176.0/23 " " ip4:209.222.66.0/23 ip4:216.41.143.0/24 ip4:52.209.168.242 ip4:148.59.100.16/28 ip4:44.229.121.55 ip4:35.80.141.6 ip4:204.11.38.166 ip4:54.219.4.217 " " include:spf.intermedia.net include:mail.zendesk.com include:emailsrvr.com include:spf.protection.outlook.com include:mktomail.com ~all
  • google-site-verification=FoXGvdW_03JutBxH8k4z7WxY5FvjuRQcbQtCx70VtLo
  • docker-verification=a4bf15d3-f62b-47eb-b16c-1433150cbf3d
  • box-domain-verification=23b38203093940dde7417c3005747939248c46a64308583a60058bc6db82797e
  • adobe-idp-site-verification=d9255659c64ed7a8bc308be9e88720e6b09eb48a8846b86eb01c7fa66e2e0aaa
  • atlassian-domain-verification=Rq6hNqwyVCg5DNAVxDcUpSkkNW26elgMBvQXs8qD3HwjQfBjPLqJymttJgDNvvf7
  • box-domain-verification=c0215a9bb5baa0ca260d9652f273d6165fa89dd8e2556af374efc0ad1755bf4d
  • docusign=1c7b8d2b-c0bd-4bd8-a6ed-b68a220f0eed
  • box-domain-verification=e012b359982f5b39e9c38cce5e40d46ae22a7277651ab98f55e044f41086a2fc
  • jetbrains-domain-verification=er8k0grmrdl6qr7gzmga48q8o
  • adobe-sign-verification=faa90980aad42d3d2e8b329222ee9693
  • box-domain-verification=8809909a2a31badfd7a8957cd3b5203a5a8a173549de3e929743b2f6f52496ca
  • AS2TrustedDomains=tylercorpappstream.tylertech.com
  • google-site-verification=ytMZL2MISX5PTM68OnTjCEpjY1LKBsj2rU2I15sf7Z8
  • android-enroll=https://ldcsa.tylertech.com/rtc/yarpvsvlandesk/MDM/api/v1/enroll/AndroidEnroll
  • infoblox-domain-mastery=5081a79236e4d7944c550583ff4a3472b89fd10c6aa6102262fe21e610f5031847
  • vmware-cloud-verification-55d637b3-e9fa-4687-8350-fa7701b9a237
  • logmein-verification-code=608083cd-4fc8-4b59-ab97-10e9a1ecfb73
Cloud / SaaS Services Detected
Adobe Atlassian Amazon SES/WorkMail Box Zendesk Marketo Miro LogMeIn DocuSign