Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

Trellix (McAfee & FireEye)

www.trellix.com
Group Ransomhouse
Discovered 2026-05-08 07:29 UTC
Est. attack date 2026-04-17
Country US

Description:

Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security
Infostealer activity detected by HudsonRock

Compromised Employees: 15

Compromised Users: 551

Third Party Employee Credentials: 10

External Attack Surface: 81

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabusecscglobal.com
MX Records
  • alt2.us.email.fireeyecloud.com.
  • alt3.us.email.fireeyecloud.com.
  • primary.us.email.fireeyecloud.com.
  • alt1.us.email.fireeyecloud.com.
TXT Records
  • google-site-verification=fTAxBpF8U4wqLHgxpk1BikD6ioGcYsG5eN689Jao1yw
  • 3564151
  • OPE0032887
  • h1-domain-verification=BbmDqJW2862epvCNohkNEbLnLFAyeRNYCZmoYjMieeQz8vEW
  • dtm-domain-verification=HuXI_1d-3eww8YR6SecbVbeUngVkUfl2hEUaWWda-i8
  • google-site-verification=GxtSztAz2U7O5VstGFsSt4rOd0BMm-ohS0CgnN4lw1s
  • pardot346132=d5af24c888ff81e3400850ce6728c71346149fbf83f532a84f95a644870b496e
  • adobe-idp-site-verification=dd8712c2c27678d1e272eb3b29329e44895d33da806dc2bf5a1ed43e538b4968
  • atlassian-domain-verification=YQTMzt2iNJl/cxsaxZpJp7IQg9aqhA/Cty6aNTr1WEmIx9Zsj21ExKa0XGVTclEA
  • smartsheet-site-validation=-4vXpGG2Iam6-K6n373e-oUbVh3SQ17y
  • jamf-site-verification=Va5V-BYljuPSwbLQ06_Cqw
  • apple-domain-verification=ms4A7f7yYu072PYe
  • docusign=d17498b9-1599-46a6-bb9f-be0134e52f2c
  • v=spf1 include:_spf.google.com include:_spf.fireeyecloud.com redirect=trellix.com.on.autospf.email
  • pardot479502=4bccd2ba31ab0b31bb5a74d7600d1538cb3aea52ff3eae4984d63c33c680ea3b
  • status-page-domain-verification=llt98gdm0l6s
  • atlassian-domain-verification=wewZdb4buRxVi15S/bXItjnPk1lCvIFkboRgiAErfFMJe4yENHak5GVZ7qnqiAGa
  • atlassian-domain-verification=z0qCaoUgbCLAA54zJ6XAOWG/fGhmGjvYgnWoYIo9fN3I5LiOcBXtXZNQPa5Y2499
  • cursor-domain-verification-jbharm=mR3DKFtS2KX7YueDGc45xZCmu
  • MS=ms30495098
  • 9d27dd11-64ac-477f-8e32-51a04ab1e394
  • cloudhealth=5b1cc0b2-367b-4ae3-833f-bd028bf0e0fe
  • vmware-cloud-verification-44ae236f-ea1e-4a9a-9c13-96308f1f0843
  • google-site-verification=drCSN73Mi8zxnbbI1TwR2fKfCKN0lVLx27ukwU5zthM
  • pardot484561=b096fba0ae76b39aa8a78639dd821f2b301d52f06248ba748571b44c550a128d
  • docker-verification=2a34dcfa-dc14-4693-97d0-0e0d77c219d4
  • pardot890323=1c266dfa6b6144011c80f9a31d9053a639ba6972a9228b871852f6ceec56784c
Cloud / SaaS Services Detected
Adobe Apple Atlassian Docker Microsoft 365 Salesforce JamF DocuSign

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.