Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo citynational.com

Group: dispossessor

Discovered by ransomware.live: 2024-04-19

Estimated attack date: 2021-12-04

Description:

citynational.com

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 14

Third Party Employee Credentials: 0

External Attack Surface: 7


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • us-smtp-inbound-2.mimecast.com.
  • us-smtp-inbound-1.mimecast.com.
TXT Records
  • formstack-domain-verification=b8f4eab4516a6ae6a0ff9e5998bdb22c
  • cisco-ci-domain-verification=2476ba04739b04bbacdfd38cdce637957f7a169d4af3057929de28d8d17087b0
  • 1aeceb6d-a668-4267-b9d2-9e6c363e273f
  • adobe-idp-site-verification=54f24524017b926d10df69bd3defaab3e94b55f7138ef6e46ca90da9755a38ed
  • docusign=849e7e57-859c-4063-bbe5-eb036292097a
  • MS=ms58406875
  • k9060p63U6RRLHvLKh26ZONr0EaobUb05/RJVb2sJyHp6ub+sgRcwk+GnmVJnKVI+0CgkS/Gfh32flvEYPLWjw==
  • atlassian-domain-verification=xxvHZaoisqZVVgBuTyqYXKoHncUE/TpcsyYeFOay6Y9SqWEk9dvk0Dy4IX3WLqPF
  • apple-domain-verification=hyvPh7wDZuLRPpKL
  • facebook-domain-verification=6g7m82g2lepagnbzpvi1yn8cuyx49o
  • P2A_20391_8
  • docusign=2d7a961a-7d22-4818-ae3d-3526d29d319f
  • google-site-verification=85JpM7B_t-kb7cQ3U6FQm9BaSISPKewmuTvkiOvr9v4
  • _0t1dt1h05s8hn5fxsx2cgnw1o9hppcw
  • v=spf1 ip4:12.108.255.69 ip4:52.230.228.145 ip4:52.230.228.146 ip4:208.235.248.20 ip4:52.128.98.34 ip4:52.128.98.35 ip4:52.128.98.36 ip4:69.63.101.253 ip4:69.63.101.254 ip4:12.129.29.143 ip4:206.107.78.244 ip4:208.185.229.0/24 ip4:208.86.168.7 ip4:208.1" "85.235.0/24 ip4:148.59.108.0/23 ip4:148.59.106.0/23 ip4:174.140.138.245 ip4:65.119.189.250 ip4:50.205.105.51 ip4:212.118.244.150 ip4:13.111.92.190 a:monitor.ensenta.com include:spfref.jackhenry.com include:part1.digitalinsight.com include:bmsend.com inclu" "de:us._netblocks.mimecast.com include:spfhost.messageprovider.com include:sendgrid.net -all
  • citrix.mobile.ads.otp=96g0a3itk4xhzjmsry03v8
  • p8djzn29kb5r0n0vc24fxrvk22fsbv5j
  • TVC-157-YBN
Cloud / SaaS Services Detected
Adobe Apple Atlassian Microsoft 365 Cisco SendGrid Mimecast DocuSign

Leak Screenshot:

Leak Screenshot