hautsdefrance.fr
hautsdefrance.fr
Group: Qilin
Discovered by ransomware.live: 2025-10-13
Estimated attack date: 2025-10-13
Country:
Description:
The Regional Council manages regional programs (economy, transport, education, vocational training, culture/sports, ecology). 1.passports 2.Personal data 3.School incident report
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 53
Compromised Users: 5631
Third Party Employee Credentials: 16
External Attack Surface: 118
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- support support.gandi.net
- 77f9fbe346257a57de4fd3a74ad4f2c9-4863463 contact.gandi.net
- hostmaster nnx.com
- noc gandi.net
MX Records
- mxl.hautsdefrance.fr.
- mxa.hautsdefrance.fr.
TXT Records
- cisco-ci-domain-verification=7e82c0034cf2e1350c63d72ba1812ebecb74ccb2fcc22f518fc2aa2b340b2555
- v=spf1 mx ip4:91.230.0.0/23 ip4:195.74.80.29/32 ip4:194.167.56.66/32 ip4:194.167.56.70/32 ip4:194.167.56.84/32 " "ip4:195.220.232.5/32 ip4:93.17.229.101/32 ip4:92.222.104.12/32 ip4:51.254.233.233/32 " "ip4:51.68.23.85/32 ip4:217.182.247.225/32 " "a:relay20.gfi-info.net a:relay10.gfi-info.net a:peg4-vdc-admin.saas-gfi.eu " "include:spf4.sbr-master.net include:spf.local-trust.com include:sendgrid.net ~all
- ovJ4gkf3N1MBdfcW5g+bdMP4o/I=
- HARICA-iUjKoVeSJz7QvzwlGQU
- r/rMwRQcxYWw65vlz8KUtceGR+3tEc8Cj7EpV5GV6Cd0Npj+EbTWjRvMmTESpQdo4/lVfefzDksfXVTWxMntLQ==
- facebook-domain-verification=55pbh16v2f6lhtklr8m7t933gccpht
Cloud / SaaS Services Detected
Cisco
SendGrid
Leak Screenshot:
