Ransomware Group: QILIN

VICTIM NAME: diversifiedcpc[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 18, 2025, a leak page attributed to the Qilin group identifies the victim as diversifiedcpc[.]com, a United States–based manufacturing entity. The page’s description portrays diversifiedcpc[.]com as a producer and distributor of aerosol propellants, hydrocarbon refrigerants, and related biomass products, placing the company within the manufacturing sector. The post presents this event as a data-leak scenario rather than a straight encryption incident, which aligns with standard ransomware double-extortion narratives in which stolen data is exposed or threatened for public release. The dataset notes a claim URL is present, indicating the attackers provide a separate claims page, but no ransom amount or figure is shown in the available data. Because there is no explicit compromise date in the provided fields, the visible date should be treated as the post date.

The leak page includes nine image attachments, described in the metadata as screenshots likely representing internal documents or related materials. These images are referenced but not displayed in detail within the summary. The accompanying text contains contact artifacts, including a Jabber handle with a redacted email and a TOX identifier, along with an FTP-style reference that appears to contain credentials and an IP address; the actual contact details have been redacted in the public data. The presence of these artifacts is consistent with other ransomware leak posts that offer channels for communication or negotiation. Overall, the page follows a data-leak narrative, suggesting exfiltration of data without confirming an encryption status, and there is no explicit ransom amount disclosed in the visible information.