ironbow.com
ironbow.com
Group: dispossessor
Discovered by ransomware.live: 2024-04-19
Estimated attack date: 2022-08-17
Description:
ironbow.com
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 1
Compromised Users: 2
Third Party Employee Credentials: 1
External Attack Surface: 7
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- domain.operations web.com
MX Records
- mxa-00378c01.gslb.pphosted.com.
- mxb-00378c01.gslb.pphosted.com.
TXT Records
- \"i/UNjexJLBPV0cvFVPPpoOSDcVGlavRHCSk7FZ/aL07rBcwQtLrCU6xhBlaDQxzJzmCgHJpIXlSa5rUe0BDUdg==\
- 7c06cceikdatb92dqc2mt4dgli
- fpo4t68fdch2rots52h9nkpbvr
- smartsheet-gov-site-validation=vGQjAdaalpuGB-lwocahQp0Iobb57KLr
- v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all
- MS=ms36093265
- twilio-domain-verification=867e097bfea2b22d0902001fad4bfe54
- paloaltonetworks-site-verification=b5810e2ba825e7d8dc505ae9000c519e72b250e6509ca48db94b5f09f63b9ebd
- 7001bqp8k83hnqceg4m4c4lqm7
- google-site-verification=9nvX34OzVUd76xVow5bktgztsxEg9ASARFIn8DBJ-h4
- _fk1n21qjrl6sf4ok5g7n12tspefqe27
- docker-verification=fbb64ac0-0075-40af-8e46-cc3cc665e880
- cisco-ci-domain-verification=286546b5ffb8ca48342c1978ac576f25eef567a41371b30e0d7f78ac04494ea7
- lcl9m27q5u8si95vpr2abvd6ro
- google-site-verification=utAX8AsWCVbMheSJeUy5XV5es5MIeG2moWzLcba-GYI
- atlassian-domain-verification=1NNkuCJDv1WrKOTCzDDaY5sAdNY2BNovWZ2MuJOn0tNFi8cbXwSaMOA1n8/peX6r
Cloud / SaaS Services Detected
Atlassian
Microsoft 365
Twilio
Cisco
Proofpoint
Leak Screenshot:
