Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo encom#####

Group: clop

Discovered by ransomware.live: 2024-12-24

Estimated attack date: 2024-12-24

Country: US

Description:

Presumed victim name: Encompass Health - Cl0p announcement. We have data of many companies who use cleo. Our teams are reaching and calling your company and provide your special secret chat.


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • hpp3.healthsouth.com.
  • hpp2.healthsouth.com.
  • hpp4.healthsouth.com.
TXT Records
  • meltwater_sso_20240807_TRITON-22228
  • google-site-verification=hQ7YZROo-LKMiwfeyNt9WnFnxtyMPqG-ge4cqAoToHo
  • apple-domain-verification=XpqsYEFHVhyyxXkh9bj7SLFBfp446JotJrlWA1V4j9c
  • ZOOM_verify_mmX46nzwWtGBTXa6RqdsFv
  • cisco-ci-domain-verification=7227efaf99c359eebbcf7599225d333cea631c26fee8e192356ab982e90703d3
  • MS=ms68344540
  • adobe-idp-site-verification=b0141fa86f1c9440caeeea7947a98b22a5c84eb109f2fc78d683c73934acb9b0
  • docusign=4b46fed0-14bf-4bc9-b1b7-1bc77b7ad833
  • sitecore-domain-verification=94438cbb00f745f2837852fb008a6c5b
  • JtESH8mzgAQe4Oyzvru/FWpS8Ryhb5CTYEwbyjAWLwgjEmz3C6QTGzzLWlmoF4qMwO9QspMGKWdw9QcBw1BpWw==
  • facebook-domain-verification=290jrboyj1fa0rhmafk8rn61rmakpp
  • v=spf1 a:healthsouth.com a:encompasshealth.com ip4:208.68.216.181 ip4:208.68.216.182 ip4:208.68.216.183 ip4:208.68.216.184 ip4:35.80.141.6 ip4:44.229.121.55 include:_spf.q4press.com include:spf.mandrillapp.com include:mailgun.org ~all
  • apple-domain-verification=8tRwRvJ2rFPJOuAb
  • smartsheet-site-validation=tXqiC1HaBCWyacYTGS2AwMNlC5W49_e2
  • clickup-verification=30ua4ExevVvEQnH9YdtRgNIRljoBYV71LIzZAi37orM=
  • google-site-verification=GyGIbSqkRL5pOOuKKCF4LAV_nfbXbYPBh5Z6vZpMD9A
Cloud / SaaS Services Detected
Adobe Apple Microsoft 365 Mailgun Mandrill Cisco DocuSign Zoom

Leak Screenshot:

Leak Screenshot