hertz#####
hertz#####
Group: clop
Discovered by ransomware.live: 2024-12-24
Estimated attack date: 2024-12-24
Country:
Description:
Presumed victim name: Hertz Global Holdings - Cl0p announcement. We have data of many companies who use cleo. Our teams are reaching and calling your company and provide your special secret chat.
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 8
Compromised Users: 7695
Third Party Employee Credentials: 30
External Attack Surface: 107
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- abusecomplaints markmonitor.com
- domainadmin hertz.com
- whoisrequest markmonitor.com
MX Records
- mxa-00034201.gslb.pphosted.com.
- mxb-00034201.gslb.pphosted.com.
TXT Records
- parkable-domain-verification=ioyWPZCFOHUtBmZ_91fSt7_cqzkzGzQWnH1sEFD_Mow=
- spf2.0/pra ip4:66.216.133.19 ip4:66.109.239.154 ip4:66.109.242.2 ?all
- v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all
- MS=ms13411640
- _globalsign-domain-verification=-jzefWdoUCJxai9FWTvTDdRNc9N2JJFgFuKXH3uf7r
- amazonses:/IPm1hhpAyQ6uAN3f5XmTLtE6VZpUY582Ppr6IOcIVU=
- atlassian-domain-verification=UIjQlEnCPaW6i0RzVM3AR436tSaICZapas/EUtMfpkfZBIa0JMzmiltvbLYSbZug
- ff965r3f3xkp2dmt55k49yhvx2ssydw6
- google-site-verification=wyQk_1YHMYyIMjnMnFHe9mV1rFZov5GexcMMgoyz6e4
- infoblox-domain-mastery=7ada838ff03c6654eac9005e99b87df0bd7804a0345fa5e54ca2d91c5db9ee287e
- msfpkey=3bh3x8yaiq2v4u7299q3pav40
Cloud / SaaS Services Detected
Atlassian
Amazon SES/WorkMail
Microsoft 365
Proofpoint
Leak Screenshot:
