Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

paysdelaloire.fr

paysdelaloire.fr

Group: Lockbit3

Discovered by ransomware.live: 2024-07-19

Estimated attack date: 2024-07-18

Country: FR

Description:

Regional aid and services foreconomy and innovation Industry, commerce, agriculture, fishing, food or research... I discover all the regional aid and services useful to my projects for my business, my farm or my organization.
Infostealer activity detected by HudsonRock

Compromised Employees: 1

Compromised Users: 902

Third Party Employee Credentials: 4

External Attack Surface: 63


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainmaster@paysdelaloire.fr
  • contact@dri.fr
  • nic@dri.fr
MX Records
  • mx1.paysdelaloire.fr.
TXT Records
  • _52a52vtgc56ul2ga0m4ackw3tx5cj66
  • _v2yfzwxocmxol4dfr95h65a92k8df4y
  • MS=ms89117991
  • W1YdPf5rqoLHgWHIwrG4cMGZDR8=
  • BSm/PvBjskfywpHEBzQL9pdZ9yE=
  • _ubsg0vmf7qvnq9x8264f5k5p1vsp7s3
  • _2xnph5xk10g7447ud25usldtvqnrq06
  • google-site-verification=00ZlGia3EumbN73-mosxZiqpvijvzHfbZvexBVr-1B0
  • d365mktkey=2rh4kht9s92lpc9kmvumv8nq8
  • d365mktkey=kloWaHQThhqdpZjpRxuuxDpgiWqATxbfyuYh6zYnryIx
  • have-i-been-pwned-verification=cd948565629d92021e7b104d73e7836c
  • zAxwPRKmUhK+SYi4vDC0RAb13/+XVM+5AlDN5XGM71RLQqKcEtySkGI0mPCuQYATn9U1j4xXzs5AhVM6HV/64Q==
  • _rrnh1k7znl9cfptnlyh9vlkylkkil26
  • apple-domain-verification=030gs9t1zi9onLRv
  • v=spf1 mx a:relay10.gfi-info.net a:relay20.gfi-info.net ip4:80.82.234.126 ip4:80.82.234.101 ip4:80.82.234.106 ip4:46.18.195.48/28 ip4:178.33.42.53 ip4:87.98.154.168 ip4:87.98.181.238 ip4:46.105.34.230 ip4:37.59.224.153 ip4:37.97.66.84 ip4:163.172.35.106 i" "p4:87.106.52.129 " "ip4:185.218.155.54 ip4:213.245.2.0/25 ip4:92.222.104.13 ip4:137.74.24.205 ip4:167.114.226.248 ip4:185.66.233.0/27 ip4:5.39.0.140 ip4:178.32.127.87 ip4:149.202.177.210 ip4:217.182.247.225 ip4:54.38.160.88 ip4:46.18.195.234 ip4:46.18.195.142 ip4:195.83.167" ".123 ip4:54.36.157.210 ip4:217.109.233.91 ip4:198.21.6.129 ip4:46.235.17.249 ip4:46.235.17.250 ip4:46.235.17.251 ip4:46.235.17.252 ip4:145.239.184.33 ip4:145.239.184.34 ip4:145.239.184.40 ip4:40.79.138.192/26 ip4:13.74.106.128/25 ip4:13.69.226.128/25 ip4" ":87.98.154.168 ip4:" "46.18.195.4/30 ip4:5.39.8.122 ip4:5.39.8.123 ip4:46.18.195.182 ip4:5.39.8.116 ip4:20.74.37.146 ip4:20.74.97.162 ip4:20.74.99.62 ip4:46.18.194.3 ip4:46.18.194.117 ip4:46.18.194.118 ip4:185.182.168.90 ip4:185.182.168.82 include:spf.protection.outlook.com i" "nclude:spf4.sbr-mas" "ter.net include:spf" ".mailjet.com include:spf.tipimail.com include:spf.local-trust.com -all
  • google-site-verification=x0Y3jN3ZVaKYHUNxJkhPAcjLTs1e1wXQ5aRY4URjgNc
  • _plp6l1lexpqe6ojcammemdn4hg9a59s
  • adobe-idp-site-verification=a7dcf837bc2c1ae6931f84e4ca5eaa65fcb00ee97fca4be8f8bb6599bf435214
Cloud / SaaS Services Detected
Adobe Apple Microsoft 365 Mailjet Have I Been Pwned

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.