Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo S&P Global (spglobal.com)

Group: Shinyhunters

Discovered by ransomware.live: 2025-10-05

Estimated attack date: 2025-10-05

Country: US

Description:

[AI generated] S&P Global is an American company that provides high-quality market intelligence in the form of credit ratings, analytics, data, and insights to help customers make informed decisions. It operates through four divisions: S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices, and S&P Global Platts, covering various sectors like energy, finance, commodities, and technology.

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 126

Compromised Users: 1874

Third Party Employee Credentials: 190

External Attack Surface: 159

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse cscglobal.com
MX Records
  • mxb-0032c001.gslb.pphosted.com.
  • mxa-0032c001.gslb.pphosted.com.
TXT Records
  • infoblox-domain-mastery=448a574f0b33ca44e970c1858e0a5cb6d9a6efdc8140a44a6cbd414782e011d7b4
  • v=spf1 ip4:148.163.148.100 ip4:148.163.152.37 ip4:204.8.130.0/26 ip4:168.116.34.0/26 ip4:199.30.235.176 ip4:74.203.185.176 ip4:207.126.120.0/24 ip4:167.89.16.99 include:spf1.spglobal.com include:spf2.spglobal.com include:spf3.spglobal.com -all
  • aliyun-site-verification=ca6c4b65-de53-4a2f-bb66-0896ca4e070a
  • MS=ms65563480
  • aliyun-site-verification=fe4daab8-13bd-4ac9-b6dc-24adf7beb95a
  • yMwK1h05IkDA3nvHLIJc/lQoc4xNe9QUNmCvfV7aNZA=
  • e2ma-verification=qk1fb
  • docusign=8713107b-33b4-495b-b065-f739671c546f
  • cloudhealth=949c8507-5fc3-45f7-b509-dba6ca56e47b
  • cisco-ci-domain-verification=4f24f6046415feba24466bad602439302627d2991becfe7ee694199f8254a04c
  • amazonses:s1ybIXu5VAbPu7uaJG7Ay6LGb2klmHlbNrKA+qkL5io=
  • brevo-code:5d58621877b999d1f55e58641668e385
  • amazonses:hjkf8iCvlG6M5vzfQS6knu9rEgWY7iENH58oxn71fMg=
  • adobe-idp-site-verification=32e6a19cbac0aaa1bf1282828160983e0161508d610d9e8cd3413476fc850e4d
  • PRMNFcUV4ui3Tm3J-k8v
  • db7o3fksry4lw.cloudfront.net
  • MS=ms63434478
  • airtable-verification=cb2119bb1c925674362e1bb9d971e544
  • airtable-verification=061d9401d7d237e02773f8ea0d864225
  • google-site-verification=D_tULu7pbV8xis-ur3qx-xqZuvNSql0bjHPFldKNxWU
  • atlassian-domain-verification=r3JgisYgfjhPzBLra6EggpnSBp7L2q8gpd/riLyo6uB3JgZR2dwueUQUcCMriajA
  • adobe-idp-site-verification=2bc320369e66ce417ef3dd3de88c68d1b0946998b6655ea65e0921625c10458a
  • sending_domain989632=42df4b634431521ba7f1866ab401ad5db1ff68fca26108c971b50cac6b7938a3
  • aliyun-site-verification=2065e344-0356-4065-9388-7035ebeef6c3
  • atlassian-domain-verification=Ko/7kQrTuxBu0Lj6zQjlHnkDv8HYstdGmcs/66ddYS7qp4zlxnjlzZva0jj2IipM
  • atlassian-domain-verification=1KXvLNzt/HSUc6gun2e7YGOeMc0aHKpGtpNkhzleZSaGFM0Y6jD9o9pJ7ahpo28w
  • asv=459f9f930252dc61a466a9ccdb7828f2
  • pendo-domain-verification=N3UrsyVRibmYwBIh1KZhTsduX8U
  • ece513f8bb4ec122623bc60978a523dfaab13fceee53736616965c675562d2a0
  • google-site-verification=7jzXyy460kI2kfWxHXIuJqMCzskw-9hzh2ERwQExZf8
  • google-site-verification=_t_yFbcgeuqO_CrKwiFfCGinAd0pC6QwhV9Cc4Z75Ck
  • EE6jzbyR_w-ASC4pC5id
  • aliyun-site-verification=3005cfd9-28c9-4d8e-98c1-72d0f9a9906d
  • miro-verification=147f64f22fa1a97df76f47224f8c5d93cbb84f2c
  • google-site-verification=D5PYYTnmaO2remKusJrfvV6TY8JuxKHZ-WEjTis4H2A
  • atlassian-domain-verification=NzXzg26UWjNJ/KJ15uo0dPfDczVpriU3VE1qd9lMUIFDFqpS0F9ad42VA5aQzQje
  • atlassian-domain-verification=bk4wc1r-AN1NOe7oTzqyf+e656EwR0lM9bGOwyEpj/GkZbrb64Af7X5ZHk35/jJo
  • docusign=3046a212-0cea-434b-a152-ec30c5f00c13
  • google-site-verification=MTFB1yPZ6Jt2bTquWoLoDCPD425suyn2Uqq3ndGj_1s
  • brevo-code:7421957d3c5a23ead96b4e40cde7f5bf
  • status-page-domain-verification=nn6vpm1r7vs8
  • onetrust-domain-verification=2daa7b87e3864b7d88d55893a361c4ba
  • aliyun-site-verification=c7d50a66-a55b-40ea-977d-dcc17d7171da
  • pardot910432=8827164fef0cc11d6d746476c0ce8d98bd39137f4a148fb3dfdafff408e6e982
  • 5Zv4csO7SYFrGobEug9zQyMbm9vD3msqkhk5r2RizYcPpRC1iIh7BCx5Ust4nBq/Cr5xmqera803+a5ittmCHQ==
  • cursor-domain-verification-cm20wn=Va8rsxcPcTPPTo6ypWkIWcOAK
  • atlassian-domain-verification=mwQLqIeWHm2hKqlDUZAGfpCEurAQS3pzobvCrt0nUR8/pAqFC/oo46veYShwHG/c
  • aliyun-site-verification=4e18a98c-d56b-4566-8119-6d8408dcbb22
  • _hh898dpckm58ox7h0bw0qpwhla2zjg4
  • amazonses:CrSRW1r5FkJJfD8bu25hoZ3H4iU4FWBE5DHGNG5FMRE=
  • pexip-ms-tenant-domain-verification=ff9191d6-ff13-4a89-a059-def01c15d296
  • intersight=ece513f8bb4ec122623bc60978a523dfaab13fceee53736616965c675562d2a0
  • aliyun-site-verification=ec998802-b69f-4ddd-9c64-781f31b9cd22
  • yahoo-verification-key=IHEiiM2t2G9Ap8Z4/SgwDzofdFLYaHD8JRL88NqyJH4=
  • pardot892491=e59cd2a2eee2e0a316fd934c1861961f9e1fbd8f7c089a262f58e759f99002c9
  • shopify-verification-code=KV5mNR05JdQfIAD2I4ZQGZL6Q8i5rf
  • pendo-domain-verification=Hb-63hTahYsq9D4yrGfjq9Rwpa8
Cloud / SaaS Services Detected
Adobe Atlassian Amazon SES/WorkMail Microsoft 365 Salesforce Miro Cisco OneTrust DocuSign

Leak Screenshot:

Leak Screenshot