Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo Change Healthcare - Optum - UnitedHealth

Group: alphv

Discovered by ransomware.live: 2024-02-28

Estimated attack date: 2024-02-28

Country: US

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 33

Compromised Users: 696

Third Party Employee Credentials: 28

External Attack Surface: 107


DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabuse cscglobal.com
MX Records
  • mxb-0077b904.gslb.pphosted.com.
  • mxa-0077b904.gslb.pphosted.com.
TXT Records
  • atlassian-domain-verification=Ak5GBLix8t8r5DnxQD8I/d4LS1oVxIWH1LYuO8PK5cFB1nzlVDZvhJQ1G4Bzwadv
  • onetrust-domain-verification=f4a31626fa1e4a4283d53d44c73b76d6
  • wrike-verification=MTI4NjY4MDo5ZGRkYmNlZDg3MjE3ZjM1NWM1MDhmYzg5MTcyZjA5ZjlhNzFiNTRmNjAwOTU3OGQzNjdlYWI3MzA4OWM5MTVl
  • 5rgzbhjp347hylm68s4hgpcyqh3qq3jm
  • status-page-domain-verification=hzjw5ck6q0sp.
  • google-site-verification=xJbE3VHczbI7r75w15ToPnbfMlTsjShYxkfnr3zdeMs
  • fsdd-verification-308589-2020511
  • v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all
  • facebook-domain-verification=bp6so5lfgwm3byj8kmtxbw2y5kytyv
  • smartsheet-site-validation=C40SiD3Y0O6FtEjxEIuojpXEFrmbE6TP
  • globalsign-domain-verification=66131991BA5A1A0F185D9C711532EA7C
  • ZT45htnBGYuJIK1u1nPAquZH7fN4fOqJSEOGyC2VexVFsIx+RZpLgtweBvcmRQl6XBcW3Nln0J0A3SdYXECk+g==
  • globalsign-domain-verification=D876E84C5A337067C23F03BAD813C2AC
  • apple-domain-verification=XSuihySWxxTUgexB
  • globalsign-domain-verification=537CE3B220ED77279C083A39327FE5B0
  • atlassian-domain-verification=jO0T40uF1goEWHfnQRfcRQ8uuYtuzJVnlzOI8/EZ6OVbzBPpBuXtZBwZkpGbv9bR
  • cisco-ci-domain-verification=33dca293ce081e4fb1574f7bb56ee3a727b63a2a8ab956bc61509c3e739780c5
  • MS=ms894171493600
  • onetrust-domain-verification=79da8974924249f898228cbe5f6f2e5b
  • adobe-sign-verification=cd254a0651a48ccfa288aca5e14d229
  • E0M0D93251
  • globalsign-domain-verification=8a927b242b4c2f3c0c9f9130b41b8cc9
  • Dynatrace-site-verification=a0a7602e-44ce-4f1a-97f0-3d7c36893752__rv9u6g0fd8lsuo6snt5i9ep92r
  • google-site-verification=yX6q7gQKo3uu9p3LD3oKtI2XhvYwHt9QN5qwHdO5nUs
  • _globalsign-domain-verification=eRi2ZQZJ99fAou8jrSC06eUJpasrvj8YgWl21vaW5G
  • globalsign-domain-verification=3F164B1956556D0F52B13F49967CC80C
Cloud / SaaS Services Detected
Apple Atlassian Microsoft 365 Cisco OneTrust Proofpoint

Leak Screenshot:

Leak Screenshot