robinhood.com
robinhood.com
Group: apt73
Discovered by ransomware.live: 2024-10-24
Estimated attack date: 2024-10-17
Country:
Description:
Robinhood Broker Clients' Data. 7 732 244 lines of emails
🕵️ Infostealer activity detected by HudsonRock
Compromised Employees: 3
Compromised Users: 34910
Third Party Employee Credentials: 6
External Attack Surface: 101
DNS Records:
The following DNS records were found for the victim's domain.
WHOIS Emails
- abusecomplaints markmonitor.com
- whoisrequest markmonitor.com
MX Records
- alt2.aspmx.l.google.com.
- aspmx.l.google.com.
- aspmx2.googlemail.com.
- aspmx3.googlemail.com.
- alt1.aspmx.l.google.com.
TXT Records
- v=spf1 ip4:152.70.150.118 a:outbound.email.robinhood.com include:mail.zendesk.com include:amazonses.com include:_spf.google.com include:spf.mandrillapp.com include:mg-spf.greenhouse.io include:aristotle.com exists:%{i}._spf.mta.salesforce.com ~all
- facebook-domain-verification=0jxcn748uz6b8drqoohl7zgx7n9v1r
- stripe-verification=fcc2904251a14a11eb0f1765ec6f2f909e5f200c34bdb15def4b400c9c34fd52
- openai-domain-verification=dv-ot7KP9Cf5PkMgB8x9u19XL87
- stripe-verification=eea2d9a26c727d703b3ac9f83baf40c9367e3881625335218d7cacb0c1ec783c
- docusign=46fcbd24-163b-4096-9c14-94c405f4cff6
- google-site-verification=o7Er0N4wiSC49Fpg0DnJlB5eX6EFgUTkqKtfaS3hZoA
- google-site-verification=uvnRH5-xSB7gwALFXBzJBGbFQ-MslFq5KipvjJnaebg
- have-i-been-pwned-verification=b9ccca1f8a1a23a4a910774f1e65110e
- smartsheet-site-validation=BtII9pDIXfTlL6OB0xo-BZtKkX1oQAY6
- stripe-verification=406cc480b56e3009de92277a941ec8c8e657be14ca3d87fd301841ca97da91b3
- adobe-idp-site-verification=337b49da39d5e893bd1cfb2ea676c82c0f58829a8328c97ad118ffff68f083ff
- warpstream-verification=HJrMnZcumnuTlhjcdbEYZw==
- docusign=a1debf77-faad-442a-a876-caca91dc1524
- google-site-verification=JEA9gSTIxxUK8YJFYEw52vrOxAWq-ST0O52iav-ZpOQ
- google-site-verification=VUuzGLQnd9n9hyAN1YCbPXRo_0A4bWwSyQYdGVO_vW4
- h1-domain-verification=y9uaWoUydiViekWLETvSYEDX6U4y1fWc4Huap2hXU3teHaif
- google-site-verification=0Fdchx2Vxh-dBKyqS0511gdVcqGALFOAIdx-jzj9gjM
- twilio-domain-verification=503e21f89f84b91b80b7ca14d72ac14f
- infoblox-domain-mastery=23c54b6631fcf04d6f82c9a513cdfa3b828a51febebb3a1c3ddc7035412730d9f6
- loaderio=3b374e0e01eb22cea519ca4cb508509c
- stripe-verification=54ab59832e81c89b5536467238a88573ee4d7513f51c270eea5f9de0ddfd9b70
- atlassian-domain-verification=pJXlDoka7BtrtfifCE5D23RKMl2offYcXo9aJwLoWUJvupad7gycHRr6WQhaZSiM
- piktochart-site-verification=BzQ8UclActSTceUD9KOp2tOrZUrtrGMLkyvY
- google-site-verification=5yUdgL3NScf1Det_yKjAvAZub5XgcJSSHHvougBh_jw
- google-site-verification=D99vnCS8NaROiaHHSYWAVM-z62rNx2e3nsf4ByCBSys
- 3121037
- sterling-verification= d2b379398f184390a49ff7cc7ecd79fe
- postman-domain-verification=c47965ef45e7c791defb69cc6f8012bcb550663cc54f2cfd47586cd1b82e9e6ecaa1fd2a14594173f1ef5f8f992d2746af51594b5988347997342b837c47858f
- parallels-domain-verification=17b8d8294e2a40d1abc4f7ac568054a6f206bd8741b249c7851f52ffb455cf0a
- wrike-verification=NjMzMTU3NzoyNjcwYzcxOWUyYmRmNTllNGVkMzA1NTcwZTZjNDU5MjIyZjJjNzQzNDI1ZDBjYTJlMWVmMjZjMTQwOWE4NDVl
- google-site-verification=f_TAbAM_p9fGgl3c7ssq81SGfbkz11ytgeQaZy6s3ro
- google-site-verification=JrBLPC7WcxAw1i2CmJ08imTMVXa7fXmYxqkUiGYcXMM
- apple-domain-verification=fQoNAnWdU1uR_z9DwzPE2ugCHuzIC4IrmdSnFXM1q9M
- MS=ms37860350
- dropbox-domain-verification=dyrk58kqgdmu
- stripe-verification=7aedd4a55386e529b45b6a42bfae6ea98136481455e48d66c31da1126bc230d0
- docker-verification=84a32f24-69e6-4abc-8f1d-c3bd63d84bcb
Cloud / SaaS Services Detected
Adobe
Apple
Atlassian
Amazon SES/WorkMail
Box
Dropbox
Microsoft 365
Stripe
Twilio
Zendesk
Parallels
Mandrill
DocuSign
Have I Been Pwned
Leak Screenshot:
