Ransomware Group: QILIN

VICTIM NAME: lee-irvine[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 20, 2025, a ransomware group published a leak page tied to the victim domain lee-irvine[.]com. The post presents a data-leak narrative, asserting that internal documents were exfiltrated and made publicly accessible on the leak site. The dataset indicates the victim’s country as the United States but does not specify an industry. The page accompanies eight image attachments, described as screenshots or thumbnails of internal documents, and it notes the presence of a claim URL for further information. No explicit ransom amount is shown in the supplied excerpt, and there is no overt indication of encryption in the visible content.

The body excerpts enumerated on the leak page describe five documents or document groups, all related to lease and property matters. The items include a first amendment to a lease (dated June 6, 2025), a letter of intent for a future lease, a separate lease agreement from 2023, a May 2025 financial table, and an exclusive sublease arrangement. The materials appear to consist of typical real estate records—lease terms, rent figures, deposits, and balance-sheet style data—rather than operational or security data. PII-like contact fields are present in the excerpt but are redacted in the published content, and the page references a claim URL without providing the actual link in the visible text. Eight image attachments accompany the post, suggesting screenshot-like evidence of the documents.

In terms of timing, the post is dated August 20, 2025, which serves as the post date for this leak entry. Within the documents themselves, a June 6, 2025 date appears as the date of the first lease amendment, indicating the material’s timeframe rather than the attack date. The post does not disclose a ransom figure or encryption status in the excerpt, aligning with a data-leak narrative rather than a stated encryption event. The victim’s name remains lee-irvine[.]com, with other company names referenced in the leak content redacted or ignored per the summarization guidance. Eight accompanying images are present, reinforcing the emphasis on leaked document screenshots rather than downloadable files.