Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo inmarsat.com

Group: babuk2

Discovered by ransomware.live: 2025-03-22

Estimated attack date: 2025-03-22

Country: GB

Description:

inmarsat.com

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 6

Compromised Users: 113

Third Party Employee Credentials: 15

External Attack Surface: 66

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse cscglobal.com
MX Records
  • mxb-0085b301.gslb.gpphosted.com.
  • mxa-0085b301.gslb.gpphosted.com.
TXT Records
  • canva-site-verification=JF7NU8mmwtJ3GUuTVmQ65g
  • google-site-verification=JcowngyG9Zoh52hKBJk0CYIsvidvN5VrHdLwRLn05NE
  • google-site-verification=r_Kd6xAyczKOgLXP9kBKQ2py5HmAEMaWdohq8bQ-MD8
  • MS=C0856B279B61F9726B62F8584ECF0D806C532733
  • apple-domain-verification=GNQuTRIcTC88Z1BJ
  • MS=ms41199389
  • lucid-verification=hbx3fvf*ajc7vhz5UWM
  • Dynatrace-site-verification=5892b50c-4611-4000-9792-9ec8b9c12e80__k87iha9eftdnbve43qra4ca5hu
  • facebook-domain-verification=hm6rc5jfg3j7yz9a2qvzdbkoa8klt2
  • dwJJRwyDmHG7uDA5hAP7B9pkUfAzMTw+B/eOKnI3avLSDqkFPlIbRj+s7WRLP0y0h5Hb7lbXxEyBfPJByLbo2Q==
  • canva-site-verification=YsL2BGtzXKg8to30pqj8bg
  • google-site-verification=Dnv7dHHGgQ4VtQDrKccS_hz9BPsb3WGUVIcO3axRipQ
  • bDtxD7qw7LvxZgpzhhyd3sI1xGOkN3vVpTLTZyvD8OGT8nGSAHrIDgKFQ77YDGt2xDm/VgwzvL8zO+O85Ek8Ow==
  • atlassian-domain-verification=kcrZ4q3NyUi1AeSqQ1+enGxBagznnZB7BvMCp3ZkhaD1GDtwiX84rJrNU9nm1FCV
  • atlassian-domain-verification=OwqT9sYry04esWv5u0UOZDiehYj7hUrbRNJ5HxxujwQ9u6eREg8VoZLeB4oJjL3c
  • google-site-verification=E1HWZrcbmvimmqbyylX7dCYrpV44rgiFKP-n2C7KIfs
  • docusign=d3e0e9d4-f77d-4e5d-b04b-3b9fd9975a2f
  • _globalsign-domain-verification=imWpMxvYoZivV7AjuZxXHFTvrlqJpNRRPyxDeMslR-
  • v=spf1 mx a:c.spf.service-now.com include:aspmx.pardot.com include:_spf.sidetrade.net include:spf-0085b301.gpphosted.com include:spf-0085b303.pphosted.com include:eu._netblocks.mimecast.com ~all
  • docusign=c63da4fa-060f-41f0-9a48-325987dce52d
  • 9295c7717abe40318586f1293f44382d
Cloud / SaaS Services Detected
Apple Atlassian Microsoft 365 Mimecast DocuSign ServiceNow Proofpoint

Leak Screenshot:

Leak Screenshot