drcloudemr.com
drcloudemr.com
Group: Safepay
Discovered by ransomware.live: 2025-09-17
Estimated attack date: 2025-09-17
Country:
Description:
DrCloudEHR (often referenced as DrCloud/DrCloudEMR) provides cloud-hosted electronic health record (EHR) / practice management software targeted at ambulatory clinics and …
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 0
Compromised Users: 11
Third Party Employee Credentials: 0
External Attack Surface: 11
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- domainabuse tucows.com
MX Records
- drcloudemr-com.mail.protection.outlook.com.
TXT Records
- MS=ms27779468
- 8402fq3at67e0csr08crkolemo
- MS=ms96901485
- atlassian-domain-verification=tioEJvw2HLvL+aZi+4cR6+DNOlc3gISBMDJ+Dslx9freiS+1YDnUNoD+sIbdMUvV
- atlassian-domain-verification=snaTdNUapYbYUvX8BFuxUlZnPwuQRzMedd6fzEwDr30v6m7PqN0to4PzuxJ4caeL
- cisco-ci-domain-verification=53de8378bedf7a9a4fe427a942e805d6749e1ea9860430a95fe4a1069fe7ce01
- atlassian-sending-domain-verification=2533071a-23b9-4800-8729-7bbe7c0b4a15
- _acme-challenge.drcloudemr.com=BMurhLUHDcR17o0twT6YKUsg8274Iasqw2nU3agnmqU
- v=spf1 ip4:104.211.63.226 ip4:13.93.208.204 ip4:104.42.153.208 ip4:40.78.123.30 ip4:40.112.180.213 ip4:13.91.44.3 ip4:137.117.38.65 include:spf.protection.outlook.com include:zcsend.net include:servers.mcsv.net ~all
- ZOOM_verify_NIwI7saYbY24mQsgMEe6gH
- _acme-challenge.drcloudemr.com=KPzrw_K9l13kQZHbd41wNCMjmIkwekW8I8zEKcs1uWM
- google-site-verification=ARg0z_yf6Nnh86i5UxWBvMDa3fuHZt66983MWEB9EJ8
Cloud / SaaS Services Detected
Atlassian
Microsoft 365
Cisco
Zoom
Leak Screenshot:
