Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Logo RE/MAX

Group: medusa

Discovered by ransomware.live: 2025-06-01

Estimated attack date: 2025-05-27

Country: US

Ransom: $ 200,000

Description:

RE/MAX (founded in 1973) is the global real estate franchisors and a subsidiary of RE/MAX Holdings.RE/MAX corporate office is located in 5075 S Syracuse St, Denver, Colorado, 80237, United States and has 140,000 employees. The total amount of data leakage is 151.80 GB

🕵️ Infostealer activity detected by HudsonRock

Compromised Employees: 1

Compromised Users: 620

Third Party Employee Credentials: 64

External Attack Surface: 101

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations web.com
MX Records
  • us-smtp-inbound-1.mimecast.com.
  • us-smtp-inbound-2.mimecast.com.
  • remax.com.s9a2.psmtp.com.
TXT Records
  • notion-domain-verification=M33aMAPUmtP6XPzFurqPPNNt29pjrYbuDilAU4mykhQ
  • DhGuivEc332g47kN0uTYA4HMGVCCCYHOUuw4CAecJxc=
  • docusign=b87be413-9a63-47c3-9a76-11edac09319e
  • text-text-1
  • smartsheet-site-validation=1_EIJSUzv1A56Y_RIll826mwcnqdlJb-
  • apple-domain-verification=aaHM3dcmPCdrl9gV
  • globalsign-domain-verification=gp0QzQOGAxU4l3S5rFVm3ZrM9MIGr-FjRhh7WWUXxU
  • android-mdm-enroll=https://174.46.219.126/MobileEnrollment/ld-AndroidEnroll.aspx
  • traction-guest=35766854-9807-4210-819a-2a81010bed4f
  • astro-domain-verification=clmutaug9016a01hm6gouw6t5
  • docker-verification=59b7127d-964a-4d78-bbb5-8ef2b3da72e3
  • OSIAGENTREGURL=https://174.46.219.126/MobileEnrollment/ld-iosEnroll.aspx
  • pardot863051=6a354677337f07b65f242a5e9b2274014d0319444030ea9705bb4a7fa0958927
  • S9YU1Fc1E2owSbVY07vggFBSwz/rN1tE3xLn4F8NGOAESxfVFXruueS6xOsngQ+lXwlvNeqXUoMbK/LauX9c+Q==
  • amazonses:tgsZDVBovxpROWX14zXmGBuLE988ZNA1CzmcDJURw+Q=
  • test-text-2
  • atlassian-domain-verification=kIHF7aF8LblqKkyg9lChSUeZYpvE1aoWXruQzJ0gm4y21wgUDSFX0mdZ1aHzN4Lf
  • ca3-be773e01cfa1493b8f671523dfb9b5ab
  • hpe-greenlake-domain-verification=536f3371656b796a3951675331366938376a7339574b3873426f545a4b414572
  • v=spf1 ip4:54.79.0.4 ip4:52.4.156.8 ip4:52.16.38.44 ip4:52.16.49.62 ip4:34.251.63.7 ip4:52.3.237.34 ip4:40.92.0.0/15 ip4:51.4.72.0/24 ip4:51.5.72.0/24 ip4:51.5.80.0/27" " ip4:51.4.80.0/27 ip4:52.16.75.109 ip4:52.16.75.118 ip4:52.22.249.69 ip4:18.197.43.76 ip4:3.209.231.65 ip4:52.65.244.27 ip4:3.248.148.18 ip4:3.96.249.213 ip4:52.58.159.50 ip4:3.11.129.102 include:_s0.remax.com ~all
  • MS=ms20474175
  • google-site-verification=nS67zqsFVVih6eIwqfI7QIHqU9PyL6zVDIwOvwpuOWI
  • DZC=eZsY79Q
  • google-site-verification=RrMP-BWLO-KwypguwOB_jmYSLv9LkwHpNAHSyo0eDvI
  • pexip-ms-tenant-domain-verification=7783457e-3129-4928-a239-d58566c32760
  • cursor-domain-verification-3dyrcj=RhRu1gHnssPnfTAeRD9E1KfNI
  • google-site-verification=HFXmE6UBp1qKpkhaoFt-lfNUYbITaM87EK051TZl3VY
  • google-site-verification=Bt5wOZz8-9oCHUQNjDtB0iD20gVprmhQwvKLmUqMXxU
  • google-site-verification=czRFBh6jh1YwLnJ-42BO7qnnXZ8v6NxMqDbN18oV8W4
  • adobe-idp-site-verification=2be15deb571a7cd31f6b32c735e6e1a16e15ddbf3f3731db5eb4ac1fa5a25604
  • dropbox-domain-verification=vrtisj4lh6ml
  • pardot863051=ce92ccb59dc1750258ca58a7e117353242395e3ae5c4701bd810d90b0a0c670c
  • d1s2mbhrohqp9h.cloudfront.net
Cloud / SaaS Services Detected
Adobe Apple Atlassian Amazon SES/WorkMail Box Dropbox Microsoft 365 Salesforce DocuSign

Leak Screenshot:

Leak Screenshot