Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

alansarioman.com

alansarioman.com
Group Embargo
Discovered 2025-01-09 15:21 UTC
Est. attack date 2025-01-09
Country OM

Description:

Al Ansari is a provider of integrated building, infrastructure and engineering solutions. The group was established in 1975 in response to the growing needs of the infrastructure and construction developments in Oman. Over the years, the group has earned a reputation of delivering high quality service in a timely manner. Al Ansari has undertaken many vital construction projects that have contributed to the development of the local infrastructure. Al Ansari is registered as an"Excellent Grade" company with the Tender Board of Oman & is also certified by the Quality Management Standard ISO 9001:2008. With a work force of over 4,000, the group strongly believes in investing into HRD (Human Resource Development) initiatives to enhance individual's skill and competencies and produce "Extraordinary" human capital. - Around 1 TB of critical and confidential data were downloaded from the Al Ansari Oman company's network
Infostealer activity detected by HudsonRock

Compromised Employees: 3

Compromised Users: 1

Third Party Employee Credentials: 3

External Attack Surface: 7

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abusegodaddy.com
MX Records
  • alansarioman-com.mail.protection.outlook.com. Microsoft 365
TXT Records
  • v=spf1 ip4:188.135.49.73 ip4:85.154.92.114 ip4:68.66.226.88 ip4:85.154.92.6 include:sendersrv.com include:spf.protection.outlook.com -all
  • facebook-domain-verification=kbd5h955bg5erah18zxjpfqrx3rb1w
  • google-site-verification=590h1Q6tOQcd4l4X4NjGfzOHMjIGCd1cX2s0JisBR4Y
Cloud / SaaS Services Detected
No well-known cloud or SaaS service detected.

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.