npauctionscom (copartcom)
npauctionscom (copartcom)
Group: alphv
Discovered by ransomware.live: 2023-07-26
Estimated attack date: 2023-03-15
Description:
We exfiltrated all the sensitive data from 3 file servers and even the source code of all your developments from git repos.
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- domain.operations web.com
MX Records
- npauctions-com.mail.protection.outlook.com.
TXT Records
- 1jq8rutoh9g4vrlner123886lq
- MS=ms36074350
- MS=ms54889831
- atlassian-domain-verification=BvfGGKSh7bWtmyBmf5mBbJ6PVM3z6FapHRAIrimYrD7CNhrGneUZnyg2xPTgVVcl
- ctj8ifjs32f543tfe7k43012aq
- dudilj4rblvl3rd5fq718khvc
- globalsign-domain-verification=167D82F6EFB03F6DFE5D6AFCFB57E69C
- globalsign-domain-verification=487FB1C8FA86AB240C65D5EE94F1E7AD
- globalsign-domain-verification=ED262254FB09FC998FD0A33DBD4AB4BF
- google-site-verification=fZ_2OeZhLbTltqLrF94WvGr714XKrI17J3tcQD9-wd0
- lc2cvlh6jmeqkoelos2nm52m40
- s87vsdb06vcea8p5idc731e6s2
- v=spf1 include:spf.protection.outlook.com ip4:63.110.0.132 include:spf-0004a004.pphosted.com include:spfa.cpmails.com -all
- vdo5fj2p8m6kh7io2ia949b6sh
- wiz-domain-verification=e78014adab17059f6cdace940eb9274322dbcac444200c2af391a5fceaa02328
- 0ed1fe018a38dca57b07364b059dd1443ebfafb9b7
Cloud / SaaS Services Detected
Atlassian
Microsoft 365
Proofpoint
Leak Screenshot:
