Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

hotelplan.co.uk

hotelplan.co.uk

Group: Blackbasta

Discovered by ransomware.live: 2023-12-22

Estimated attack date: 2023-12-12

Country: GB

Description:

Hotelplan UK is the UK subsidiary of Hotelplan Group, a large pan-European travel group headquartered in Switzerland. We are a well-established family of five specialist tour operators, with a strong tradition of excellence & high standards of quality and service. We are passionate about the holidays we offer, and we always aim to meet or exceed the expectations of our customers’. Sustainability and responsible tourism are at the heart of everything we do. The Hotelplan UK family of brands includes Inghams, Esprit, Santa’s Lapland and Explore Worldwide all based in Nelson House in Farnborough, together with Inntravel based near York.SITE: www.hotelplan.co.uk Address : Nelson House, Victoria Rd, Farnborough GU14 7PA, United KingdomALL DATA SIZE: 704gb 1. Human Resources 2. Users personal folders 3. Finance and etc…

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • No emails found.
MX Records
  • eu-smtp-inbound-1.mimecast.com.
  • eu-smtp-inbound-2.mimecast.com.
TXT Records
  • v=spf1 ip4:52.16.26.110 ip4:134.213.195.176 ip4:35.177.7.61 ip4:89.248.58.98 include:amazonses.com include:eu._netblocks.mimecast.com include:sendgrid.net include:hotelplan.net ~all
  • /SnsHuoTsrfNwBGB284yu7CFXu0cZG5Nh/MOkXBOvunzODyh5YCZn0GeURdg00++UcOJuI3xjYTTguLDMRfTPQ==
  • docusign=ec7b568f-8548-45cc-8362-517e2144b625
  • apple-domain-verification=5RgP9ZNUZmDGmJAh
  • MS=ms78054401
  • MS=3F2A14D093AD6688E67C118BF9484EC7B9A66250
  • twilio-domain-verification=96967aa2c04c33edf150008fdd72b533
  • astro-domain-verification=cmhors7ht19il01p4j2fy92md
  • MS=ms12902337
  • atlassian-domain-verification=brGU7pw65y1YYAEyonVLcwArog8K6k/aDdf/fZALdkAqBwn0UW4x8SQH6l00LqOp
  • asl7qd3pe211d422vdd7vnog6e
  • google-site-verification=8kdSLkBBNZu1Q5bE5WAmi0OVTS3UMlIfqtn8Lq87drs
  • docusign=49a8b9cb-6155-4959-a2e1-64d4bb0e252d
  • aj3b2t39fvd9kqkrmagd2qfqjd
  • 0ed1fe018a1e084503d3e44cbcbfecd6c18e603ada
  • onetrust-domain-verification=b6f04a14fe394836933d0230c6331e01
  • 0ed1fe018abc0d9304d8334d7cbd270f2b1eabfc9e
  • hImaRKsUJO7FJvg+V7rBMfiOfCb4IRCJIAMmB0Z/w4n4fqghATjaqKcHigy7xfR1OXfpLppb/urvv8N/n4aoFw==
Cloud / SaaS Services Detected
Apple Atlassian Amazon SES/WorkMail Microsoft 365 Twilio SendGrid OneTrust Mimecast DocuSign

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.