Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Corban OneSource

Group: Qilin

Discovered by ransomware.live: 2025-10-04

Estimated attack date: 2025-10-03

Country: US

Description:

Corban OneSource, USA - maximize risks to compliance. Company provides comprehensive HR outsourcing services, including payroll administration, employee benefits management, and HR support, aimed at reducing risks and improving organizational ...

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 2

Third Party Employee Credentials: 0

External Attack Surface: 2

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse godaddy.com
MX Records
  • mx2-us1.ppe-hosted.com.
  • mx1-us1.ppe-hosted.com.
TXT Records
  • ppe-11239f9d9ea94b8e5a5fa605af2064abbc864313
  • ca3-0b42bdf55bd24d7f973968aab531e11d
  • google-site-verification=u6gmgE54e7lU_sQ6Cvxz-e24criBS_E3Y2KGtTwnW-c
  • v=spf1 a:dispatch-us.ppe-hosted.com include:spf.protection.outlook.com include:5387697.spf03.hubspotemail.net -all
  • ca3-e08f24299d0b4b3ba1a8e759d67db501
  • MS=ms44207485
  • MS=E4FC76EA9E9B06207919D12D30CCCC77303F9C30
  • dn4hcvubjglct4upi0v3924klp
  • sln0i51hbqc99ieci00833f03a
Cloud / SaaS Services Detected
HubSpot Microsoft 365 Proofpoint Essentials

Leak Screenshot:

Leak Screenshot