Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo gotocfr.com

Group: lockbit3

Discovered by ransomware.live: 2023-11-09

Estimated attack date: 2023-11-09

Description:

CFR is a privately held Wisconsin –USA based system integrator for the dairy and food industry. 553GBEmployees (ssn numbers, residential addresses, license numbers, contracts, salary information, tax forms, FMLA forms and more)Clients (informat...


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • mx1-us1.ppe-hosted.com.
  • mx2-us1.ppe-hosted.com.
TXT Records
  • MS=ms17385414
  • v=spf1 mx a ip4:206.176.193.123 include:gotocfr.com include:dispatch-us.ppe-hosted.com ~all
  • google-site-verification=kvpjWgbNTxKB2MSQGLkSoZkKCukTW6aOLPh114d0SW4
  • MS=403EFAFDA2050A7EAD883BF677699416DFF9EF44
  • ppe-00256471e97f4eeb00e8
  • duo_sso_verification=tEewTvrNTcjNnNbO7wDlPnVB3zAMB4L2KXNqj07Wo4JB3gkqwv3ppV6SmCrux9mB
Cloud / SaaS Services Detected
Microsoft 365 Cisco Duo Proofpoint Essentials

Leak Screenshot:

Leak Screenshot