Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo Lotus Bedding

Group: Thegentlemen

Discovered by ransomware.live: 2026-01-20

Estimated attack date: 2026-01-20

Country: TH

Description:

www.lotusbedding.com https://www.zoominfo.com/c/lotus-bedding/357889420 LOTUS is Thailand's leading and most exciting bedding company. At LOTUS, inspiration comes alive through artistic expression by Lotus Design Lab. Your bed will be livened up in style with our exciting design proposals and vast collection of bedding fashion. Established in 1980, the company started off as a tiny workshop doing cut and sew using merely 3 staffs including both founders, Mr. Kamthorn and Mrs. Leena Lojanagosin. Today LOTUS is not merely having over a thousand enthusiastic staffs in the family, but it has grown into multi-national group of companies and expanded its bases to many significant markets including Belgium, Singapore, Hong Kong, to name a few. Moreover, Lotus Bedding Group has successfully diversified its business portfolio to covering other industries such as mattress, hygiene home service, ultra luxury import furniture, retail, transit media provider, aesthetic and holistic hospital, public bus transportation in Bangkok area, and real-estate development.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 0

Compromised Users: 34

Third Party Employee Credentials: 0

External Attack Surface: 13

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abuse@onlinenic.com
  • teepakorn@lotusbedding.com
  • baisri@dunlopillo.co.th
MX Records
  • aspmx.l.google.com.
  • aspmx4.googlemail.com.
  • inbound-smtp.us-east-1.amazonaws.com.
  • alt1.aspmx.l.google.com.
  • alt4.aspmx.l.google.com.
  • alt3.aspmx.l.google.com.
  • aspmx3.googlemail.com.
  • aspmx5.googlemail.com.
  • alt2.aspmx.l.google.com.
  • aspmx2.googlemail.com.
TXT Records
  • v=spf1 include:spfa.mailendo.com ~all
  • \"v=spf1 a mx ip4:165.22.111.139 ~all\
  • klaviyo-site-verification=UfUAwE
  • google-site-verification=TkEaM95jZRtoPJ8SgE-TewTdd8EeixAPmYxT0ntKXRk
Cloud / SaaS Services Detected
No well-known cloud or SaaS service detected.

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.