thoms#####
thoms#####
Group: clop
Discovered by ransomware.live: 2024-12-24
Estimated attack date: 2024-12-24
Country:
Description:
Presumed victim name: Thomson Reuters - Cl0p announcement. We have data of many companies who use cleo. Our teams are reaching and calling your company and provide your special secret chat.
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- abusecomplaints markmonitor.com
- domain.name thomsonreuters.com
- whoisrequest markmonitor.com
MX Records
- mxa-00160c04.gslb.pphosted.com.
- mxb-00160c04.gslb.pphosted.com.
TXT Records
- _amazonses.thomsonreuters.com=LsY5zfTHvxP01nLdSqlKfTqQdqPTiUXgV5O7QgQsRRY=
- yahoo-verification-key=VxZJ1Z2mvpck/GvOO+6mc1QN8TRgfoh7sRLJ51FHOUE=
- MS=ms99622046
- stripe-verification=78EFA9D2CD953392341BF430035DC7C67C713E60B30CE2DD371B39061AE7BB25
- segment-site-verification=i4swjTyiv0fzz199v83ipMm2LjAYngwQ
- h1-domain-verification=Eh9QTPjgF8sdAzUvjh35dJbq2dz9Q1sd8XJDJW895jKLgRdi
- google-site-verification=aKXwOLCnhDJc_NJ0_HRm2T7heOqk8DLnv04KxM3UI4I
- google-site-verification=BJMjc5b5RrTLbcWFEUdEWchLp89mi5fsKEowihqQdMA
- docker-verification=ed0c56d0-0bab-4875-86bb-fdfa31ccff9c
- adobe-idp-site-verification=94ddc4fa-09b2-4150-82be-c7ec87321c70
- stripe-verification=69AAF362D7E5A544AC590729BCF721E5E58DCE88E429EB7D37160F1FF31DE491
- google-site-verification=bkcGR8CDR4PAkZtYFoy3vwGpnNfvJOOp20zgU0ieQwY
- amazonses:zJH854fDfgTJzUP1sSYem9nEgeuvTFhxADpFSogN2xw=
- smartsheet-site-validation=mtVjlUTVB_Xb8kvZmKxrtk759fhaQ6o8
- apple-domain-verification=voAz1fDhqIN4vRxG52m4VSOgLipH0OMyfJIprobVB1U
- cursor-domain-verification-1f0skn=n5dwd5vVS3umKyEckyLWCuPU4
- status-page-domain-verification=b1rl37cjwt4p
- 69AAF362D7E5A544AC590729BCF721E5E58DCE88E429EB7D37160F1FF31DE491
- v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com -all
- Sendinblue-code:0d38bf86b81833ecc3a015b5b9e3a1c7
- google-site-verification=JeOQZIbRQFHYLju7pJ9pA1jcBQ_YuJr1BJYZDamvOG8
- onetrust-domain-verification=f29fc709451a4dffb27dd3f10f9d45dd
- anthropic-domain-verification-dd448w=5LzCgB65qkxp0Miig6DR7Ckmp
- amazonses:v3UnzPZ83hX92rRo+Jl8TOx32xxGSlwFhgd3lzQTDCY=
- google-site-verification=uavxXCPtaVBB3nDV93qsksXEq1kowMc3Mztcpfm2yxo
- onetrust-domain-verification=2d76838cbc56485e9e32447386c1ddb9
- google-site-verification=ZBvvfGQJ8LXaxkZNfbBy9gkLknU2euUSyITxq5HKTCw
- datadome-domain-verify=y5WtOufNeZ56druqIi42VfOOisXeUqZh
- amazonses:lIIlkGIiC4u5Z56yfvW6DQIvM9JhFVVXXcrrbnFMyvk=
- microsoft-site-verification=6ex1JKbgBafQfCZSu9W2PkES7pzOEssDJSmUqnF14buApkUuXuaX/iaBg5SQW4i6+0762A6nJPQ5qPJOJFC1QQ
- atlassian-domain-verification=0n1gBban2ijoxEeHEYG9HvDUH10dw8a/8NQAEOE4zIQz2L5aBAQuQx8cBSlZ7p+5
- postman-domain-verification=0d8b80562ae1824f3321234031738be1f4b5c0228905306bdfeab475ea7cde00ab9b99b48fffbb7c9a964661ad8b6c16223ebeafc6885ee305924aa49023872f
- jamf-site-verification=8-eBDOfffzCRywWdIMU5AA
- apple-domain-verification=eRGp4zKokpCndMZU
- docusign=d544be33-31ee-47d3-b1b7-2617dd10b046
- brevo-code:0d38bf86b81833ecc3a015b5b9e3a1c7
- jamf-site-verification=DxDupr_BH0hLVOFDILupGA
- amazonses:voZl9lBlnYBY+ap0Ab3vZCGHfGaGRgMe+ioYEKGdy2M=
- oci-domain-verification=DhQsN0a5vJEOE2cLCiDX7RGoJGZny3vKzR2JEbp51
- adobe-idp-site-verification=f6a6830182f1e0dcbcb7781acc7f1ee9eac983529878d0c8ed38bc65d420b773
- mongodb-site-verification=TOB0H8CZfBWwEXdMblD6BRN61xKHX6kX
Cloud / SaaS Services Detected
Adobe
Apple
Atlassian
Amazon SES/WorkMail
Microsoft 365
Stripe
Segment
JamF
OneTrust
DocuSign
Proofpoint
Leak Screenshot:
