Ransomware Group: QILIN

VICTIM NAME: www[.]ecodemolizionisrl[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Based on the provided data, the leak page concerns the victim domain www[.]ecodemolizionisrl[.]com and is attributed to the Qilin ransomware group. The post date is August 22, 2025 (the key_date field), with no clearly identified compromise date indicated in the data. The victim operates in the Construction sector and is based in Italy. The leak page includes a description that outlines the business as involved in demolition of large buildings, quarrying, reclamation, and beach cleaning, and notes branding that uses the word ECO in the name; the description appears truncated. The metadata indicates a claim URL is present on the leak page, but the record shows no screenshots, attachments, or downloadable content accompanying the post. The available fields do not specify whether encryption, data exfiltration, or a ransom demand occurred, as the impact field remains empty.

From a threat-intelligence perspective, the page presents a minimal footprint beyond identifying the victim domain. The associated actor group is indicated as Qilin in the metadata, and there are no visible images (images_count is 0) or downloadable media on the leak page (downloads_present is false, link_count is 0). There is a claim URL present, suggesting additional information may exist externally, but no ransom figure or explicit impact category (e.g., Encrypted or Data leak) is provided in the data. The post date is treated as the publish date in the absence of a separate compromise date. As requested, this summary centers on the victim_name and does not reiterate other company names mentioned in the leak text.