Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

5àSec

5asec.com
Group Dragonforce
Discovered 2025-07-16
Est. attack date 2025-07-02
Country FR

Description:

To our surprise, company representatives stated that for a network of over 2000 dry cleaners, publishing database dumps for several countries of presence would not cause problems, and customers are not important. Their investors expressed the same opinion. Therefore, we are forced to keep our promise and publish this data in full. Current and future partners of the network, as well as all customers, should think very carefully about who they trust. 5aSec was created in 1968 from a real innovative concept based on services with a good quality/price ratio accessible to everybody, straight forward rates with only 5 different prices (hence the «5» in 5aSec) and with fast delivery return. From then on, 5aSec has benefited from a huge development thanks to a commercial offer which came at the right moment. In 30 years, the brand has first expanded in the French territory and then began its great international expansion. In 2001, 5aSec took a new dimension with the arrival of a new investor - EAC Group - and of Olivier Bedat who gave a new dynamism to the group. In 2007, 5aSec's shareholder changed and the Investment company ING Parcom acquires the group. This evolution allowed the 5aSec Group to strenghten its leader position, to continue its international development and to reinforce its shops network.
Infostealer activity detected by HudsonRock

Compromised Employees: 4

Compromised Users: 2

Third Party Employee Credentials: 0

External Attack Surface: 11

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • 5872f23616c014598e8b66a48b8d80d9-330990@contact.gandi.net
  • a3b3845e0840b984619f69596f279acf-1393314@contact.gandi.net
  • abuse@support.gandi.net
  • 058c6ba07b387cbc5eb2fea72501f013-1703550@contact.gandi.net
MX Records
  • 5asec-com.mail.protection.outlook.com.
TXT Records
  • mailerlite-domain-verification=c5b659b1f47f51cfce6f76b155e8f8e0b4088f1b
  • v=spf1 include:spf.protection.outlook.com include:spf.mailjet.com include:spf.infomaniak.ch include:mail.zendesk.com include:25894279.spf02.hubspotemail.net include:_spf.mlsend.com ip4:46.105.6.157/32 ip4:81.63.171" ".41/32 ip4:167.114.253.222 mx ip4:46.18.209.195 ip4:93.93.188.175 ip4:185.92.36.65 ip4:31.172.232.198 ip4:185.92.37.57 ip4:51.255.47.72 ~all
  • atlassian-domain-verification=SRu0ZJJpXwllJ4PaJrfGeIGNTx5hmT8kZ5LDSb5EkPF6H6EWXVYnj8Y6dwRu1yst
  • Tt437kwq23
  • google-site-verification=huacqLPDguPRfJ7-XWpBln_LG5b_dsK3JCZaNUpNKgQ
  • (En@$@$ers)
Cloud / SaaS Services Detected
Atlassian HubSpot Zendesk Mailjet

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.