Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo HEALTHEQUITY.COM

Group: clop

Discovered by ransomware.live: 2023-06-15

Estimated attack date: 2023-06-15

Description:

HealthEquity - Industry's #1 HSA Administrator


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • registrar-abuse cloudflare.com
MX Records
  • mx0b-006f7c02.pphosted.com.
  • mx0a-006f7c02.pphosted.com.
TXT Records
  • 81e23cc1e8f3426b9fa6b0be47057ee6
  • adobe-idp-site-verification=503b8e6200e9f0766a3df6966446c7653cda4dc8b07c42973d3c89a87135414f
  • Dynatrace-site-verification=e309c1c2-f442-4c9c-959f-2518fe5b1c39__hb8a1al4b3thllml0a09setp95
  • v=spf1 ip4:198.37.154.177 ip4:216.51.93.155 ip4:207.200.23.98 ip4:198.17.0.0/24 ip4:69.89.48.0/20 ip4:208.85.49.177 ip4:208.85.49.215 ip4:208.85.49.25 ip4:74.121.52.1 ip4:23.21.109.197 ip4:23.21.109.212 ip4:147.160.167.0/26" " include:spf.protection.outlook.com include:_spf.wageworks.com include:es._spf.adp.com include:spf.workfront.com include:spf-a.rnmk.com include:spf.mandrillapp.com include:_spf.qemailserver.com include:spf.clearslide.com include:amazonses.com -all
  • smartsheet-site-validation=iv2h9u4fA7IPLYdOB5KHzof_a1whivf-
  • atlassian-domain-verification=x9AN4UtmV3CC5i2g4n1vDuQ3iS5l6h596cqEdCCXxH3FCMM0ikQa86snQI0k7BBS
  • onetrust-domain-verification=7d3cfa082e9c4dcebe3af53649d4327d
  • lbsqck9j95jz05n0m63h8tgl4vs9v9ts
  • adobe-sign-verification=17e4a24a34d36d955d7b7d735962990a
  • status-page-domain-verification=0mr16nsf26t3
  • google-site-verification=jGK7RPw15AYKC1hOyniFP4_72bTyZsLgn9Rn_Wzg00k
  • apple-domain-verification=cIUEUeHjJOriO7lN
  • google-site-verification=jYlqc5FSNTa2X-dIyuxm9yMU5xkpTUEC4uC_Lo-r4vs
  • mongodb-site-verification=B3mz2iBffdBfK1gyn0lvhgr0yEDhdK6n
  • MS=ms16529642
  • google-site-verification=I0wvIqSq76Pb6Go4usNkI_vBBv7VXcfIKPvkwbcvXCQ
  • k21n3p7ght4kss6bhrg8w5wb4002rtdj
  • miro-verification=79283e7a4dbbd192c075933502f372ed872a756a
  • 8xr25vgftf14d427774fcsf3tbp354d1
  • cisco-ci-domain-verification=4e54a3bf7df2bae67f2a5e7ca6264761f8c5b2cab88b3007d3d9119cb2b80061
Cloud / SaaS Services Detected
Adobe Apple Atlassian Amazon SES/WorkMail Microsoft 365 Miro Mandrill Cisco OneTrust

Leak Screenshot:

Leak Screenshot