Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Sandals Resorts International

Group: Blackbasta

Discovered by ransomware.live: 2023-03-08

Estimated attack date: 2023-03-08

Country: LC

Description:

Since 1981, Sandals Resorts International has been leading the Caribbean all-inclusive industry by offering guests more amenities, more luxury, more innovations, and more choices than any other beach resort. Our properties are located on some of the most sought-after stretches of sand in the world, including Jamaica, the Bahamas, Saint Lucia, Grenada, Barbados, Antigua, Curacao, and Turks & Caicos. From the most romantic couples-only getaways to fun-filled vacations for the whole family, our family of all-inclusive resorts share the same vision – an unwavering commitment to excellence and a promise to exceed expectations.SITE: https://www.sandals.com Address Kent Ave, Montego BaySaint James, Jamaica


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • mailstream-west.mxrecord.io.
  • mailstream-east.mxrecord.io.
  • mailstream-central.mxrecord.mx.
TXT Records
  • g5isrrq702nndq62qtvo4vpvai
  • facebook-domain-verification=pb8hexvwhk269isggl21j44qhwhzq1
  • kkilslb8ues0eicksk47iccrpf
  • ahrefs-site-verification_21230495891971caaec04f78e4535a3cacc54b2e70e3945b1daa667f6cc81638
  • cisco-ci-domain-verification=2f54114de907947246ae790723d7501e91028dcc7dc9e9673c7cabe907480f92
  • knowbe4-site-verification=b5156e6bfe1f1df25e5a7d22dd232148
  • v=DKIM1; h=sha256; k=rsa; p=MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC4ntrNWj6HnbZ/vuzzrU/vXpow2MUdxVKJM1MfMBDcN+d9facE5uxIO9HlBnWNP4mS0kc42xAriyweMaqMPguJPUUPhEewn7glWFB9MNBUh/+SiZwYg2X2Z7nV7DzpinvHfyB+6pufSq/ttx3CEY69H0UxxeeWa1qoWRobamgd4QIBEQ==
  • y7319q1vk91fkc8lfx0w5808bbx06mgn
  • MS=ms58051756
  • d7h9660zh097jdgp2sksy87k7902dh6q
  • 5br1uigi836064lg4s2kee2h4f
  • v=spf1 a mx include:spf.protection.outlook.com include:mail.zendesk.com include:spf.gomoxie.cloud ip4:8.36.160.0/24 ip4:199.187.116.0/22 ip4:178.249.98.16/29 ip4:178.249.202.16/29 ip4:216.221.149.0/24 ip4:69.167.71.227 ip4:74.121.52.241 ip4:216.82.240.0/2" "0 ip4:216.221.149.140/32 ip4:8.36.160.132/32 a:messageboard.sandals.com a:mt01.cimondemand.com ip4:74.112.65.87 ip4:8.36.160.35 -all
  • qyn1qtfwfbcqstbvt4whhmhdq5jqjbtq
  • 8j7eo6cea6ua3chcgp61uukmpp
  • M0O2X32546
Cloud / SaaS Services Detected
Microsoft 365 Zendesk KnowBe4 Cisco

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.