gesa.com
gesa.com
Group: dispossessor
Discovered by ransomware.live: 2024-04-19
Estimated attack date: 2022-04-15
Description:
gesa.com
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 0
Compromised Users: 155
Third Party Employee Credentials: 0
External Attack Surface: 38
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- abuse godaddy.com
MX Records
- mx1.hc4323-30.iphmx.com.
- mx2.hc4323-30.iphmx.com.
TXT Records
- globalsign-domain-verification=VTjNtfyVPHN7LpNOQKqKBKh7-1ayrmfCeBOAmkGoOH
- globalsign-domain-verification=bc3396ff5d7bca8b530355df86e15272
- globalsign-domain-verification=AC5F9D05CE846F9E008763D8465BDE6E
- v=spf1 ip4:75.141.8.33 ip4:75.141.8.34 ip4:75.141.8.131 ip4:75.141.8.132 ip4:216.229.177.253 ip4:216.229.177.254 ip4:216.182.86.17/32 ip4:139.138.39.164 ip4:139.138.35.171 include:_thirdparty.gesa.com include:_forwarders.gesa.com include:spf.protection.ou" "tlook.com include:spfhost.messageprovider.com ~all
- google-site-verification=xJNqF7BzbTxmLQDgZhKJqn8pgdpVJ1cxIqNiM_UlxPc
- FqUDiRlRi3f7VEnO/5GtUj68+HnXbxoCfGZ5Q1F5lOArEbMsRrEWjezAyKXKO31Kbm3r7TDLIT+06h4u/EncfA==
- ahrefs-site-verification_b9a09d99319ca355deb98b396e1e11aefc8ad34d41f2174cd7828d873aa7c1d1
- adobe-sign-verification=1355db562892734141e99d3d76929a70
- vmware-cloud-verification-e8949d3a-d5c3-441c-bed1-a27deb1b86ef
- facebook-domain-verification=21l4anjr65cw8c6lji8eliknmgs1in
- facebook-domain-verification=bbiq07tg7wmdy75rtiamp8s2z4ij0a
- globalsign-domain-verification=C1AC69D4CE073B840AA1DCBBF46AF33F
- docusign=2928d057-7152-417f-90da-14a60b30cd7e
- google-site-verification=SLp-WIn_vfvxNpIX3jkkR2Rf8lZRap76LbWS6GEzROo
- MS=ms10399867
- google-site-verification=gLWFCLdDt7IQH5Q0h1BinE0HCwEm8u4Me3fmRfQ2i2g
- google-site-verification=YA-KUvhzcBaoe9g6O55XEURtHWIQJBKw4AJL4Hpx7UY
- MS=F6C9484C9FEBBFBF4CD99F7BDB7ADAC4BBEDFD15
- google-site-verification=6zf6f9IHPRtKf-9NCk6uNhD-CKHsQ70SeR-sX9n_JuM
- globalsign-domain-verification=edc3afb5b01d25d508fbce93a1f7e4df
- google-site-verification=TBIL1K9ztwtwmly0_ftX-BScPdPjDbifrY7tRYnr3Ms
- google-site-verification=EYwE7XzSlHGR_AOX_v5BUQvIWjMylFbPQeRJwJtxEK8
- globalsign-domain-verification=B730554B3F8E9F87060DF02EAB9A7CBE
Cloud / SaaS Services Detected
Microsoft 365
DocuSign
Leak Screenshot:
