S&P Global (spglobal.com)
S&P Global (spglobal.com)
Group: Shinyhunters
Discovered by ransomware.live: 2025-10-05
Estimated attack date: 2025-10-05
Country:
Description:
[AI generated] S&P Global is an American company that provides high-quality market intelligence in the form of credit ratings, analytics, data, and insights to help customers make informed decisions. It operates through four divisions: S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices, and S&P Global Platts, covering various sectors like energy, finance, commodities, and technology.
Compromised Employees: 126
Compromised Users: 1874
Third Party Employee Credentials: 190
External Attack Surface: 159
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
- domainabuse cscglobal.com
- mxb-0032c001.gslb.pphosted.com.
- mxa-0032c001.gslb.pphosted.com.
- v=spf1 ip4:148.163.148.100 ip4:148.163.152.37 ip4:204.8.130.0/26 ip4:168.116.34.0/26 ip4:199.30.235.176 ip4:74.203.185.176 ip4:207.126.120.0/24 ip4:167.89.16.99 include:spf1.spglobal.com include:spf2.spglobal.com include:spf3.spglobal.com -all
- google-site-verification=D5PYYTnmaO2remKusJrfvV6TY8JuxKHZ-WEjTis4H2A
- atlassian-domain-verification=1KXvLNzt/HSUc6gun2e7YGOeMc0aHKpGtpNkhzleZSaGFM0Y6jD9o9pJ7ahpo28w
- PRMNFcUV4ui3Tm3J-k8v
- db7o3fksry4lw.cloudfront.net
- aliyun-site-verification=ca6c4b65-de53-4a2f-bb66-0896ca4e070a
- amazonses:CrSRW1r5FkJJfD8bu25hoZ3H4iU4FWBE5DHGNG5FMRE=
- 5Zv4csO7SYFrGobEug9zQyMbm9vD3msqkhk5r2RizYcPpRC1iIh7BCx5Ust4nBq/Cr5xmqera803+a5ittmCHQ==
- amazonses:hjkf8iCvlG6M5vzfQS6knu9rEgWY7iENH58oxn71fMg=
- EE6jzbyR_w-ASC4pC5id
- sending_domain989632=42df4b634431521ba7f1866ab401ad5db1ff68fca26108c971b50cac6b7938a3
- _hh898dpckm58ox7h0bw0qpwhla2zjg4
- google-site-verification=D_tULu7pbV8xis-ur3qx-xqZuvNSql0bjHPFldKNxWU
- google-site-verification=7jzXyy460kI2kfWxHXIuJqMCzskw-9hzh2ERwQExZf8
- google-site-verification=MTFB1yPZ6Jt2bTquWoLoDCPD425suyn2Uqq3ndGj_1s
- yahoo-verification-key=IHEiiM2t2G9Ap8Z4/SgwDzofdFLYaHD8JRL88NqyJH4=
- aliyun-site-verification=fe4daab8-13bd-4ac9-b6dc-24adf7beb95a
- atlassian-domain-verification=bk4wc1r-AN1NOe7oTzqyf+e656EwR0lM9bGOwyEpj/GkZbrb64Af7X5ZHk35/jJo
- cursor-domain-verification-cm20wn=Va8rsxcPcTPPTo6ypWkIWcOAK
- status-page-domain-verification=nn6vpm1r7vs8
- google-site-verification=_t_yFbcgeuqO_CrKwiFfCGinAd0pC6QwhV9Cc4Z75Ck
- adobe-idp-site-verification=2bc320369e66ce417ef3dd3de88c68d1b0946998b6655ea65e0921625c10458a
- miro-verification=147f64f22fa1a97df76f47224f8c5d93cbb84f2c
- atlassian-domain-verification=NzXzg26UWjNJ/KJ15uo0dPfDczVpriU3VE1qd9lMUIFDFqpS0F9ad42VA5aQzQje
- yMwK1h05IkDA3nvHLIJc/lQoc4xNe9QUNmCvfV7aNZA=
- cisco-ci-domain-verification=4f24f6046415feba24466bad602439302627d2991becfe7ee694199f8254a04c
- onetrust-domain-verification=2daa7b87e3864b7d88d55893a361c4ba
- docusign=3046a212-0cea-434b-a152-ec30c5f00c13
- brevo-code:5d58621877b999d1f55e58641668e385
- airtable-verification=cb2119bb1c925674362e1bb9d971e544
- airtable-verification=061d9401d7d237e02773f8ea0d864225
- atlassian-domain-verification=Ko/7kQrTuxBu0Lj6zQjlHnkDv8HYstdGmcs/66ddYS7qp4zlxnjlzZva0jj2IipM
- amazonses:s1ybIXu5VAbPu7uaJG7Ay6LGb2klmHlbNrKA+qkL5io=
- brevo-code:7421957d3c5a23ead96b4e40cde7f5bf
- pendo-domain-verification=Hb-63hTahYsq9D4yrGfjq9Rwpa8
- e2ma-verification=qk1fb
- docusign=8713107b-33b4-495b-b065-f739671c546f
- MS=ms63434478
- ece513f8bb4ec122623bc60978a523dfaab13fceee53736616965c675562d2a0
- MS=ms65563480
- infoblox-domain-mastery=448a574f0b33ca44e970c1858e0a5cb6d9a6efdc8140a44a6cbd414782e011d7b4
- shopify-verification-code=KV5mNR05JdQfIAD2I4ZQGZL6Q8i5rf
- pexip-ms-tenant-domain-verification=ff9191d6-ff13-4a89-a059-def01c15d296
- pendo-domain-verification=N3UrsyVRibmYwBIh1KZhTsduX8U
- atlassian-domain-verification=mwQLqIeWHm2hKqlDUZAGfpCEurAQS3pzobvCrt0nUR8/pAqFC/oo46veYShwHG/c
- aliyun-site-verification=ec998802-b69f-4ddd-9c64-781f31b9cd22
- aliyun-site-verification=3005cfd9-28c9-4d8e-98c1-72d0f9a9906d
- aliyun-site-verification=2065e344-0356-4065-9388-7035ebeef6c3
- adobe-idp-site-verification=32e6a19cbac0aaa1bf1282828160983e0161508d610d9e8cd3413476fc850e4d
- aliyun-site-verification=4e18a98c-d56b-4566-8119-6d8408dcbb22
- asv=459f9f930252dc61a466a9ccdb7828f2
- aliyun-site-verification=c7d50a66-a55b-40ea-977d-dcc17d7171da
- cloudhealth=949c8507-5fc3-45f7-b509-dba6ca56e47b
- atlassian-domain-verification=r3JgisYgfjhPzBLra6EggpnSBp7L2q8gpd/riLyo6uB3JgZR2dwueUQUcCMriajA
- pardot910432=8827164fef0cc11d6d746476c0ce8d98bd39137f4a148fb3dfdafff408e6e982
- intersight=ece513f8bb4ec122623bc60978a523dfaab13fceee53736616965c675562d2a0
- pardot892491=e59cd2a2eee2e0a316fd934c1861961f9e1fbd8f7c089a262f58e759f99002c9
- docker-verification=a3cb7f08-7162-4383-b121-666df292a986
- windsurf-verification=Ho5e-MxquwvJqFsmeYPkKFHjL4G-duj4QKLAeJtVgLE=
Leak Screenshot:
Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.