wings.travel
wings.travel
Group: Lockbit3
Discovered by ransomware.live: 2023-05-16
Estimated attack date: 2023-05-16
Description:
Wings has led the market in managing complex travel and support services worldwide, with particular expertise in developing markets and high-risk destinations.
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- No emails found.
MX Records
- za-smtp-inbound-2.mimecast.co.za.
- za-smtp-inbound-1.mimecast.co.za.
TXT Records
- _globalsign-domain-verification=843ffM4-d_GNSESMFI8YDgV7eewFkxpD6mj3Y_YxvE
- atlassian-domain-verification=ayaCrb6t4VDvkLSdt7ZKS868U4KaQLt1N/DotG225D3eeR1XBtHGwmrbIYEU5bmb
- include:spf.mandrillapp.com
- l6uqqpos92i8i2uqi4lj01ajp2
- pardot1061792=6c90074d415fb83c6758ab170e09d71b0217d8bc2e5654ddf87ad4f7d4f62ccb
- qyJtOHacKrvDXuWVnMH/X39tQpMwSGX1PwEmllTFkYBVSobIEWyoFyP761oR13pQYVkRro783zwiG20VRlkefQ==
- sending_domain1061792=cbb8f3a2822fb0ab3517694c60d32c23cac0784f6d3a6a2d96a3a016072b8fbe
- v=spf1 ip4:82.150.225.79 ip4:171.17.133.140 ip4:171.17.131.35 ip4:171.17.133.100 ip4:167.89.0.0/17 ip4:168.245.0.0/17 ip4:194.116.128.11 ip4:27.126.146.0/24 ip4:103.28.42.0/24 ip4:146.88.28.0/24 ip4:156.38.149.0/24 ip4:81.171.5.0/24 ip4:116.202.93.120/32 " "ip4:203.55.21.0/24 ip4:204.75.142.0/24 ip4:163.47.180.0/22 ip4:43.228.184.76 include:za._netblocks.mimecast.com include:_spf.psm.knowbe4.com include:servers.mcsv.net include:spf.sabre.com include:spf.mandrillapp.com include:spf.apptivo.com exists:%{i}._sp" "f.mta.salesforce.com ~all
- MS=ms57715115
- MS=ms82864603
Cloud / SaaS Services Detected
Atlassian
Mailchimp
Microsoft 365
Salesforce
KnowBe4
Mandrill
Mimecast
Leak Screenshot:
