Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

The Nueva School

www.nuevaschool.org

Group Qilin
Discovered 2026-07-18 13:34 UTC
Est. attack date 2026-07-18
Country US

Description:

N/A

Infostealer activity detected by HudsonRock

Compromised Employees: 3

Compromised Users: 2

Third Party Employee Credentials: 3


External Attack Surface: 6


Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuseenom.com
MX Records
  • alt4.aspmx.l.google.com. Google Workspace
  • alt3.aspmx.l.google.com. Google Workspace
  • aspmx.l.google.com. Google Workspace
  • alt2.aspmx.l.google.com. Google Workspace
  • alt1.aspmx.l.google.com. Google Workspace
TXT Records
  • adobe-idp-site-verification=aaa8fcbb975509bf82bfda9c649d9d80b2b774faa6c82a2a2f05e13dc4815ef1
  • v=spf1 ip4:207.8.97.254 ip4:12.110.193.88 ip4:103.151.192.0/23 ip4:185.12.80.0/22 ip4:188.172.128.0/20 ip4:192.161.144.0/20 ip4:216.198.0.0/18 ip4:205.139.104.0/22 ip4:216.235.196.0/22 ip4:216.235.200.0/21 ip4:206.79.6.0/24 ip4:216.235.195.0/24 ip4:205.13" "9.105.48/29 ip4:206.79.6.128/26 ip4:208.40.241.140/30 ip4:216.37.18.6 ip4:204.8.10.114 ip4:216.235.197.198 ip4:64.209.141.221 ip4:199.255.192.0/22 ip4:199.127.232.0/22 ip4:54.240.0.0/18 ip4:69.169.224.0/20 ip4:23.249.208.0/20 ip4:23.251.224.0/19 ip4:76.22" "3.176.0/20 ip4:52.82.172.0/22 ip4:54.240.64.0/19 ip4:54.240.96.0/19 ip4:76.223.128.0/19 include:outboundmail2.blackbaud.net include:spf_target.brightarrow.com include:bmsend.com include:_spf.google.com include:sendgrid.net ~all
  • anthropic-domain-verification-d4a93a=x1mJZr3OXsKHhF0WAcwUmekoo
  • 8X960NQ0EL18Z4VQ6G3N0OSYZHM1BIRAIZ8WNMCZL
  • MS=ms51316695
  • openai-domain-verification=dv-wx0seeNA7VYfLsPB1Wu3TMmO
  • apple-domain-verification=VRCS8HGWWHKY095F
  • google-site-verification=z7LSiv4iak2WSsTN9m-IM17pSLADv_3VqSq7i49JndM
  • 808131841467e51e2970f923d8258b3e
  • google-gws-recovery-domain-verification=70398059
Cloud / SaaS Services Detected
Adobe Apple Microsoft 365 Anthropic OpenIA SendGrid

Leak Screenshot:

Leak Screenshot