Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo onedayonly.co.za

Group: killsec

Discovered by ransomware.live: 2024-08-26

Estimated attack date: 2024-08-26

Country: ZA

Description:

OneDayOnly is an online shopping platform offering a variety of deals on consumer products, including home and garden items, apparel, electronics, and more. The platform features limited-time promotions, clearance sales, and everyday essentials, appealing to a wide range of customers looking for discounts and unique products.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 1

Compromised Users: 1

Third Party Employee Credentials: 1

External Attack Surface: 101


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • No emails found.
MX Records
  • aspmx.l.google.com.
  • aspmx2.googlemail.com.
  • aspmx3.googlemail.com.
  • alt1.aspmx.l.google.com.
  • alt2.aspmx.l.google.com.
TXT Records
  • atlassian-domain-verification=Dh5HYJF25Cax80Bl6xwy60eQVYW6FDDB8rLrTxR8MFQ9Njh2ulsJaDuK4rKXoljT
  • google-site-verification=YQD2oc9mTQBZY9B8uLtXn1Oh8kqA0004qXCSJoGj47c
  • yahoo-verification-key=ijHKQzb8ZSG2uYUAiyovJbPl3mc4LErWKlOKRiRf69A=
  • google-site-verification=pKEju_FYwFkIyb-lbNf10Y8IJuFPqky6joOcjgJbV9s
  • google-site-verification=qnSzXJzaV-cVD_ipwB2xdApXZNdRWRXOW76DvZDL4cY
  • v=spf1 mx a include:_spf.google.com include:spf.mandrillapp.com include:mail.zendesk.com include:_spf.salesforce.com ip4:196.40.103.0/26 ip4:129.232.250.0/26 ip4:104.130.122.0/23 ip4:146.20.112.0/26 ip4:141.193.32.0/23 ip4:161.38.192.0/20 ip4:209.61.151.0" "/24 ip4:166.78.68.0/22 ip4:1" "98.61.254.0/23 ip4:192.237.158.0/23 ip4:23.253.182.0/23 ip4:104.130.96.0/28 ip4:146.20.113.0/24 ip4:146.20.191.0/24 ip4:159.135.224.0/20 ip4:20.87.14.115 ip4:69.72.32.0/20 include:aspmx.sailthru.com ip4:102.133.203.45/32 ip4:102.133.195.252/32 ip4:102.133" ".196.9/32 ip4:20.87.36.99/32 ip4:102.37.19.80/32 ip4:102.133.186.206/32 ip4:40.123.254.123/32 ip4:102.37.113.24/32 ip4:20.87.13.24/32 ip4:20.87.15.137/32 ip4:20.87.13.164/32 ip4:20.87.25.3/32 ~all
  • google-site-verification=cGCfg3FBVDx47E1FJK62-IpLm_wTmhsE7C04dDUejeI
  • atlassian-sending-domain-verification=b6191007-0c63-40a1-b5e1-3a6e063c74e1
  • google-site-verification=6tTalLzrBXBO4Gy9700TAbpg2QTKzGYEuZ_Ls69jle8
  • IJIPQNSMRUFB5S23G1PIIDT27Q
  • 6sfnv410as3594oqsjir8itsc1
  • apple-domain-verification=jU6BBs8dMSqDlYtm
  • atlassian-domain-verification=sWHrNZIIQxFXibM4ENizKuFMyhj11fS1gCzw8GNPY2mnrqZEEDpaSwinE8d4jPUG
Cloud / SaaS Services Detected
Apple Atlassian Salesforce Zendesk Mandrill

Leak Screenshot:

Leak Screenshot