Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

Fiserv

fiserv.com
Group Everest
Discovered 2026-05-03 03:21 UTC
Est. attack date 2026-05-03
Country US

Description:

[AI generated] Fiserv is a global financial technology company headquartered in Milwaukee, Wisconsin, United States. It provides financial services technology solutions including payment processing, core banking systems, digital banking platforms, and merchant acquiring services. Serving banks, credit unions, retailers, and businesses worldwide, Fiserv operates across the fintech and banking technology industry and is one of the largest providers of financial services infrastructure globally.
Infostealer activity detected by HudsonRock

Compromised Employees: 4

Compromised Users: 1064

Third Party Employee Credentials: 170

External Attack Surface: 104

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabusecscglobal.com
MX Records
  • mxa-00265f01.gslb.pphosted.com. Proofpoint
  • mxb-00265f01.gslb.pphosted.com. Proofpoint
TXT Records
  • google-gws-recovery-domain-verification=55860565
  • webexdomainverification.4C675B87894CB136E053AB06FC0A3F65=9c402228-b6d3-41f8-924f-f2dae03b7fb3
  • onetrust-domain-verification=c2df4c4d7918479caeffad0d63d97376
  • MS=ms21998472
  • Docusign=docusign=0371d67d-bccd-48bd-8581-a4011ab45fd8
  • webexdomainverification.4C675B8B3013B136E053AB06FC0A3F65=7f825ad8-afbd-4387-8b1d-50ce111e6c26
  • google-site-verification=pY6PSz8aLpZa4dM9SXh89JqnL8ldTSrPWBLEXvJpT04
  • workbrew-domain-verification-efjr2d=\208\181\209\128\208\156CEyW2EIECnxzPnuXQ9U3gc
  • h1-domain-verification=agZJZTpsF1CE9svirVCKqHU5FBuEzCPPkHs2NzVmKf5KY6wG
  • flexera-domain-verification-zhhplnnzgomfpypr
  • 17816170
  • atlassian-domain-verification=UUQbbVvMvjF4/Haa4wZPYq9FxrYqfMLH3E6gI2ri2gGiM1YehJSYASzKT5Kfz2hn
  • _vvx4goxq3kx13ccg1dcwpx5aoa7posb
  • webexdomainverification.1TZGB=c6da537b-9979-44d0-997a-4d8aae81f836
  • webexdomainverification.4C675B8BBA3DB136E053AB06FC0A3F65=b60a76e1-3a2b-4758-a56b-537dc796b69a
  • cisco-ci-domain-verification=36496db70cd00a0d2b0080444fe50f9768c761347afce669dd8fcb03adb96a42
  • _uuksxgbjbs15u8hqlmming028cc3qlu
  • pexip-ms-tenant-domain-verification=ef008caa-325a-491d-94c8-20fa87367151
  • MS=ms64210103
  • calendly-site-verification=UjVC4Dr8mmigGznR3cq9QlScDEMiX5jllkqkErDph
  • Dynatrace-site-verification=6702af45-fdc3-4e5b-8e4e-c9b0571968f3__vr9j5nn7e4vvbtubo94gu526h9
  • MS=ms16798604
  • miro-verification=1f3759e11be6ef2f755b87e65f93699bea6b74ed
  • anthropic-domain-verification-zmvjvn=xzTk6WAnm9pKPFIDLdlw4icpM
  • _vv7xn63cbo5isfeqmeabw5d64p404bq
  • ddc4c422-c2aa-4b9e-a71c-1f781faa5cc5
  • postman-domain-verification=44b89265aa1f6208ef132bb7d29d89729d3199b131b8ac72d6d365a28709b243b268377a291059cf9427976c869730c9e6cf283c18569adcc1341a6fe854faec
  • google-site-verification=b5nZvs7RMeBwCHBH_DUCJbksBxallgTMmqUY2dosvn8
  • MS=ms52021924
  • ibmid=6e4a213b-e42f-44b3-8fcb-adc839f378b1
  • adobe-idp-site-verification=463b510d83ded0c6f6c18a6b69641df700cd806ac1e9dc15a39c537d5bbb2c91
  • webexdomainverification.68e7ebd06891d6cee053ad06fc0a97a5=9f558815-85bc-49e6-a1d0-6d48961bb66a
  • jamf-site-verification=CgoRYdNnnRd96I3o_HFGlw
  • atlassian-domain-verification=HrlQKJmTa7huoM91otWhTMt8iuvJexiWdrAMFkuc7xaDCzoHmZiovBUKLGuqZFGO
  • docusign=7cafbe80-deea-4662-8a2f-1b65f4bf1530
  • klaviyo-site-verification=ULTxtq
  • docusign=0371d67d-bccd-48bd-8581-a4011ab45fd8
  • 18115065
  • jamf-site-verification=q11x7bw2-61hvjiAlRH-MA
  • onetrust-domain-verification=f0266e443f264394815154216d01be44
  • MS=ms28448833
  • wiz-domain-verification=74fc5d21018494a6fdd53bfffe6018f2ab2f78e8be60ad639ba5f4798726106f
  • I1BDJ/f8alg9s+nmYeCH+3d7ksEsAfPy71FlELanJAR9pjmx3McFNW+nJSzQJAzd08J2qY79q+rHcYDCeYdXlw==
  • apple-domain-verification=nVMmNhm1yw2oMhvA
  • v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all
  • hcp-domain-verification=d7eeb26b7066067aabfb44e977a62f8629c2c4003e4b5ff27e8296a60e74b8d2
  • docker-verification=e324deec-96a4-4285-86ed-b44fbe28a45e
  • pexip-ms-tenant-domain-verification=value1,ef008caa-325a-491d-94c8-20fa87367151
  • google-site-verification=ynXfaWL1dv3_HHZ2XOCbC7Gr_3LivbK1aRt6TJq70x8
  • _thgywd2rpx9hgqed7jc8qnzcrw4x1yf
  • webexdomainverification.4C675B87A9E9B136E053AB06FC0A3F65=06144af7-42ac-437e-bd04-8b76890c5cb3
Cloud / SaaS Services Detected
Adobe Apple Atlassian Docker Microsoft 365 Anthropic Calendy Miro Flexera JamF Cisco OneTrust DocuSign Proofpoint Cisco Webex

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.