gdi.com
gdi.com
Group: cactus
Discovered by ransomware.live: 2023-12-28
Estimated attack date: 2023-12-28
Country:
Description:
Download link #1: https://***************.onion/GDI/PROOF
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- abuse godaddy.com
MX Records
- gdi-com.mail.protection.outlook.com.
TXT Records
- smartsheet-site-validation=ZeRL_NvOsGI5SGpVXFh_jFtIUYVvmPgd
- firebase=gdi-fotofinish-new
- ms=ms80542510
- v=verifydomain MS=3817108
- v=verifydomain MS=8583979
- v=verifydomain MS=7234793
- klaviyo-site-verification=RxH7Xz
- v=verifydomain MS=9204016
- MS=EB2BACB0FED19916BD88FCD6EBB7D76DEB6332BB
- WBl76Z3/8caLnSzpzQEu6WmSBXzeehU5dKwrymqRs1fOD3N2hTiNf90pXlE+HCtTPOjbdzYsEhvKiE5dJ7VhPQ==
- sdzOa8KIwxaOcCGgWQpAMSsBxI0QhwYam5M4FYrosi8=
- v=verifydomain MS=1749003
- v=spf1 ip4:65.93.244.142 ip4:216.208.234.27 ip4:192.252.134.24 ip4:216.208.234.22 ip4:216.208.234.21 ip4:75.98.93.0/24 ip4:12.130.131.217 ip4:52.40.63.2 a:smtp.fibrenoire.ca include:servers.mcsv.net include:sendgrid.net include:spf.protection.outlook.com " "include:_spf.google.com include:_spf.psm.knowbe4.com ~all
- v=verifydomain MS=9956464
- v=verifydomain MS=4971484
- apple-domain-verification=FYX0pV61YEh1m11L
- v=verifydomain MS=5967418
- hosting-site=gdi-fotofinish-new
- droa4tlaq
- eoe32tfnf5ontt8u4hvh4dbdne
- google-site-verification=L7Vza4W1iphV8acgKHym-q4YbAGKbmy7IpQJKJwH7RI
- google-site-verification=IXfUTyO7CmY_TXjILRkLOhI-DMJH8fLFfp8nStz-EAM
- ni4ncv62rc9vo7nhc47nq5ndio
Cloud / SaaS Services Detected
Apple
Microsoft 365
KnowBe4
SendGrid
Leak Screenshot:
