Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

Comcast

comcast.com
Group Medusa
Discovered 2025-10-04
Est. attack date 2025-09-26
Country US
City Detroit

Description:

Comcast Corporation operates as a media and technology company worldwide. It operates through Residential Connectivity & Platforms, Business Services Connectivity, Media, Studios, and Theme Parks segments. The Residential Connectivity & Platforms segment provides residential broadband and wireless connectivity services, residential and business video services, sky-branded entertainment television networks, and advertising. The Business Services Connectivity segment offers connectivity services for small business locations, which include broadband, wireline voice, and wireless services, as well as solutions for medium-sized customers and larger enterprises; and small business connectivity services in the United Kingdom. company is headquartered in Comcast Center 1701 John F. Kennedy Boulevard Philadelphia, PA 19103 United States. 182,000 Employees. The total amount of data leakage is 834.4 GB
Infostealer activity detected by HudsonRock

Compromised Employees: 715

Compromised Users: 2984

Third Party Employee Credentials: 1564

External Attack Surface: 173

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse@cscglobal.com
MX Records
  • mxa-00143702.gslb.pphosted.com.
  • mxb-00143702.gslb.pphosted.com.
TXT Records
  • teamviewer-sso-verification=4a24e296450940f48ac4faba9a172fc0
  • airtable-verification=709aa8e31ed274aa8abc0f3a9286141f
  • pendo-domain-verification=XM4f85DQvo0VLA8QzSh-M0bjGEs
  • atlassian-domain-verification=n+yfnu4Su0J6uQkiatjL+lTNjzOZrPUGOpVn+HiHPwwDgMivjJD5Pwg7yzepfmIC
  • 1password-site-verification=3BCX5ACVKBD73ADOMJ5XWM7JJ4
  • v=spf1 " "ip4:148.163.145.77 ip4:148.163.141.77 ip4:162.150.44.71 ip4:96.114.158.212 ip4:68.87.31.167 ip4:68.87.96.15 ip4:96.114.28.75 ip4:96.114.28.76 ip4:67.231.157.49 ip4:67.231.149.53 ip4:192.28.144.202 " "include:spfext.zapproved.com include:_spf.mdp.comcast.net include:_spf.comcast.com include:spf-00143705.pphosted.com ~all
  • airtable-verification=31e52307c66bf62d16697b7f0439d35e
  • eYZbzQ91r/pvvnV/FdrbHyREx7EaAwWLeNYk/EMQrJiGpNCsX4tJcWlHJDFzifTDbfnlhI6koqrm0dYgkIfncg==
  • airtable-verification=644c0c83b6807a2a10c20d4cf57505d7
  • atlassian-domain-verification=J+tB36tc4CyLsnqZ/MTW5tI3SZ+IOFAGTWEgMbo+FLRl+gvI4cSIQmMmTYOPEbTz
  • amazonses:RYuDm+T3xJC87y0v4Cj4JlDm9d5enVzIZcr/arCF7J0=
  • smartsheet-site-validation=x1Hv84--jB9jvo7M0QQviDXPy_81zS_t
  • facebook-domain-verification=f1zw72g52fjiesmld6xtuj467pl7f5
  • docker-verification=f79a60d9-69ec-4c26-8d54-0165c0943613
  • airtable-verification=d9386eea22fce5ee0d01209512aa7706
  • intersight=3c7c5c60389a6b81830ef696f8761bc121ecf3f10d7cf8eef08f66af90451a8f
  • paloaltonetworks-site-verification=b6c919476067691db128e9375b002b801db8ab2a1de767bc27acb829530c59bd
  • paloaltonetworks-site-verification=b51e185f274a13eccff6f0e001549d4a2f08fc11c599ffde8f295cc7cf4c3138
  • aws-domain-verification=c326827a-0d9a-4061-a35d-1ea2a8afc6f5
  • atlassian-domain-verification=xhDGO0SgEPXcuSpqqvu7kAzZyKrM2pat53VPEt5XvKGHvOq4ErhUFRioLG98Ndh3
  • atlassian-domain-verification=C34TI2IiJOrziv9uyV2Yva6ZoRRCSZPjqc15wZASQfypHgNMl6esmkpDsYYXhjk7
  • adobe-idp-site-verification=8c9c59d410322404f7d75a0b3c770ce7b87cf141707b58224143253e1149f489
  • apple-domain-verification=XRKeuEf5cWtc2oDC
  • apple-domain-verification=VNdTgwsxrDHE4eJM
  • autodesk-domain-verification=9qi_qkHrCGa8onVbz33s
  • mongodb-site-verification=ucqyDX29txaTTi3K4euWVtieT0zCXRrg
  • docusign=0ead29a6-1c9c-4b0c-865a-85a5a127e776
  • docusign=8fb076b3-05e6-41c4-a6ee-6f6227be4b11
  • browserstack-domain-verification=e23475d1-ef64-4cf7-bf92-7620239fe86a
  • google-site-verification=XdqEZdbhoNgKou31_aOrVN98TKJqxC0Ve3hNPBmSM7M
  • al0yn+08kj3q/n1E+s02ttnE5Fd9gIjwjjbn4mCggizGLJepyQ7cMxRTgw4RxYVoZ965qJIHfnH0966SxaicMw==
  • openai-domain-verification=dv-z3jR2RoYFRLipmXTqN9mx5hU
Cloud / SaaS Services Detected
Adobe Apple Atlassian Amazon SES/WorkMail Teamviewer Autodesk DocuSign Proofpoint

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.