Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Valentin Hotels

Group: nightspire

Discovered by ransomware.live: 2025-05-20

Estimated attack date: 2025-05-19

Country: ES

Data exfiltrated: 700 GB

Description:

Valentin Hotels (Spain)

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 1

Compromised Users: 4

Third Party Employee Credentials: 1

External Attack Surface: 6

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse tucows.com
MX Records
  • valentinhotels-com.mail.protection.outlook.com.
  • mx1-eu1.ppe-hosted.com.
  • mx2-eu1.ppe-hosted.com.
TXT Records
  • qbw5snng2th0xvn6sgd78hqkx79r3d1j
  • facebook-domain-verification=5dck8w7vz52509ikozb9dfoiwjfrxz
  • MS=ms58515903
  • v=spf1 mx include:spf.protection.outlook.com include:spf.valentinhotels.com ip4:212.81.134.0/24 ip4:212.81.213.0/27 ip4:18.194.71.23/32 ip4:35.158.202.59/32 -all
  • atlassian-sending-domain-verification=25b77ee5-bc78-484e-83d5-de2a094d2c92
  • 35tbk0b23q9sfnnkxt211y6381b5nb7x
  • ppe-24879aadeb8cbf2caa8101b814b9c3b1e6b63415
  • google-site-verification=ZyaMAXDTVRyslees-lALgAwdUiM9_xHrc7x1PK7Drdg
  • rx50kr28g32nm5h17q7dfzyljyrmwrcq
  • atlassian-domain-verification=YXWHY18GqTqJGwrLFV9lXy2Cn9a7kTalB4U69QXV4LON/16UrQxqojC66m75jU9o
  • j1x3gb6md6s3k4d8v8d4rjq6w5m7qkhq
Cloud / SaaS Services Detected
Atlassian Microsoft 365