Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

DaVita

davita.com

Group: Interlock

Discovered by ransomware.live: 2025-04-25

Estimated attack date: 2025-04-12

Country: US

Description:

DaVita Inc. provides kidney dialysis services for patients suffering from chronic kidney failure in the United States. The company operates kidney dialysis centers and provides related lab services in outpatient dialysis centers. It also offers outpatient, hospital inpatient, and home-based hemodialysis services; operates clinical laboratories that provide routine laboratory tests for dialysis and other physician-prescribed laboratory tests for ESRD patients; and management and administrative services to outpatient dialysis centers. In addition, the company offers integrated care and disease management services to patients in risk-based and other integrated care arrangements; clinical research programs; physician services; and comprehensive kidney care services. Further, it engages in the provision of acute inpatient dialysis services and related laboratory services; and transplant software business.
Infostealer activity detected by HudsonRock

Compromised Employees: 32

Compromised Users: 801

Third Party Employee Credentials: 160

External Attack Surface: 98

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • abusecomplaints@markmonitor.com
  • whoisrequest@markmonitor.com
MX Records
  • mx1.davita.iphmx.com.
  • mx2.davita.iphmx.com.
TXT Records
  • docusign=139cddc1-b182-43f4-b6ea-d29bbb6211bd
  • adobe-idp-site-verification=930b1669c6d3c81b4d3148054d965072e4bfe9ef8785780652897018d3cc2d58
  • google-site-verification=oZASgdN68iQHwQ85y21-EQpN4OeptzSFBi6MMzn1JSg
  • H8XZTUcRGiKv1kezYma3HdjC2GHQoHXMt2CVqkrnGxLQ7YA2V4kQ0XXm6QNbzNocgciGGfEJmN54WrhwdBpQxQ==
  • ms87009227
  • wiz-domain-verification=b7142ba489544272bdc8d078cd5471f4e533f75858e3ce7b843404145240f863
  • mandrill_verify.7DAu92IlpCn78iuL8Os_Wg
  • ciscocidomainverification=766e85ef3ab9df4fd9c43102ceb659adaabb10128c20d0680bdee72334c73681
  • GjHyRaOlmg73tuPsBiRTa0tBnnXqXwUllSiky8lyPOdCuHHfYFULj9V2yLNVxgrZrys7Stvs3v6O+ZThX0BKxw==
  • k+WirGECEdpjIFy1Z4itP6/iRswyzYcNr9kEMsViR88v+JRKjFT8uFuMYZ+8gA3WpsibqD3omLSVrpzC8cjBiw==
  • asv=0a7f65291d776bec3c6d23017b393280
  • MS=69F3042A9FC54D00D0FEAE344EFF01A654A21F38
  • miro-verification=838ad08058c53bae3d9902050e4be1afca80cb9d
  • smartsheet-site-validation=YIWXH4oJBvDaHU72zM8CKp0Qh-axiOHt
  • onetrust-domain-verification=4827fc68fb964de1a1034d3c36559ed3
  • dropbox-domain-verification=1fj0cfaqvcfl
  • webexdomainverification.L060=02d4f778-6d06-45c8-a19f-f3fc1606340b
  • 2675123
  • teamviewer-sso-verification=27699c0a5a1e4267a39f7110b139ea8a
  • mongodb-site-verification=nwUAlLOM9mFGuzfNaMpiH8EGTiv2Thgs
  • google-site-verification=Qt17csBUAqCcYpYICDzumppfycjSCDFaFikSgAW1KAo
  • hj-ownership=rrL312$gFM
  • apple-domain-verification=7QXaFsm0bxPVuiOk
  • wiz-domain-verification=405de0ce20e73dff8b895bd247f69250d50d3f9bc7cf56cbbf73d214a9cb8227
  • apple-domain-verification=fqytRE2VZCv6N1ONxccnF3JxFeZElH_Vcply0ImDj5g
  • v=spf1 exists:%{i}.spf.davita.iphmx.com include:icpbounce.com include:cmail1.com include:mktomail.com a:c.spf.service-now.com include:emfluence.alight.com include:_spf.salesforce.com" " ip4:208.185.229.42 ip4:208.185.229.45 ip4:35.80.141.6 ip4:44.229.121.55 ip4:195.68.23.32/28 ip4:64.73.120.230 ip4:64.73.120.251 ip4:204.12.239.140 ip4:64.182.213.14 ip4:174.129.192.189 ~all
  • Dynatrace-site-verification=474849dd-6474-448a-b46f-bcadcb30b9e9__vqull92gg0nf7cg4ivd0nl43nh
  • figma-domain-verification=807777ed2534c8f1af68aa43cd04fc98403ba0fb6cc9780a708aaa2dafbdc7bb-1731615701
  • 7tgZTV4LhorSeJJX4ZC3IM9bfYW5lLIxqPYg0ziZpLr6txl1Q+GhkJVtMDcxptVF8loCKyYDK7SIizP0jS8Ulw==
  • atlassian-domain-verification=xa1MiGwdKG17EuEf9v7/YQyXnxEdYLLNOqatGyoxgxXjKH68UO5MHeD/SSQakiwo
  • _ee4uu4iriiv7tcqxrr24xfvkhctcjvp
  • Px8eTdb/NcWfj9MzwnFWHI91h0im55bBOR2R5vvVsqFc64HiLP+2Z3ogWbeVHDFpbl3wfL3lb/YIDB1ZlGq/PA==
  • ciscocidomainverification=69a37b1168b93b4ce82cdcc3284ab69358ad36e19b2df5128b87faf9f2798fa5
Cloud / SaaS Services Detected
Adobe Apple Atlassian Dropbox Mailchimp Salesforce Box Marketo Miro Teamviewer OneTrust DocuSign ServiceNow Cisco Webex

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.