Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo metromont.com

Group: Blacksuit

Discovered by ransomware.live: 2025-05-29

Estimated attack date: 2025-03-30

Country: US

Description:

Commercial & Residential Construction.


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • metromont.mail.protection.outlook.com.
TXT Records
  • duo_sso_verification=jDHXILHLm5gvgBaoLPwmvmcUfdSnL1vvyWExkcctTYSxJvazGLMhHq7iSeAE4RQL
  • google-site-verification=mcssR3RI-gM-dil10t9FHaEnlk_ARfgsvKg6sNYTe1k
  • ms-domain-verification=4b258cd7-d6d8-4f18-b9c8-250fd3e7cda1
  • MS=ms58198028
  • MS=ms23956503
  • autodesk-domain-verification=1V3sEQkFwlWqskin3dKO
  • qDKBW+7IoGY82KlXh+0IkneNzIG1oucGqc/02istdk001yujgenrk6Av1f4URO1l1fl2CJksDUklW3vHTvv3/w==
  • bWV0cm9tb250
  • v=spf1 include:edgepilot.com include:spf.protection.outlook.com ip4:209.194.224.125 ip4:209.194.224.124 ip4:208.86.168.7 ip4:216.24.170.237 ip4:67.231.158.158 ip4:67.231.151.29 ip4:67.231.152.177 ip4:208.84.65.220 include:spf.smtp2go.com include:_spf.brai" "nier.com ~all include:spf-us.emailsignatures365.com
Cloud / SaaS Services Detected
Microsoft 365 Autodesk Cisco Duo

Leak Screenshot:

Leak Screenshot