Corvus
Investigation89ec9c6d
Evidence · Source Records · Forensic Audit Trail

Evidence

Every claim in this report traces back to one of 122 evidence records below. Each was captured passively during recon, hashed at capture for chain-of-custody, and graded per the Admiralty Scale (NATO STANAG 2511). Click any ev_xxx chip elsewhere in the report to jump straight to its source record.

122
Records
61
Sources
99
High Grade
22
Moderate
1
Low Grade
2026-06-15 → 2026-06-15
Captured
122 of 122 shown
ev_001 A-2
Source codex:baseline · Captured
BlackRock, Inc. org entity confirmed in Codex. Identifiers: cik:0002012383, lei:549300LRIF3NWCU26A80, ticker:BLK, wikidata:Q219635.
SHA-256 ca4f4fae6741e6c8272ce585bd1e3986972d4a4aa252873b3e5c18794a4f4a07
ev_002 A-2
Source prestage:/enrich/domain · Captured
blackrock.com A: [69.52.2.199, 69.52.13.199] TTL=300. NS: ns1-ns6.blackrock.com. SOA: ns1.blackrock.com. netops.blackrock.com. serial=2026060603. No AAAA (IPv4-only public). No public CAA records. 50+ TXT SaaS domain verifications including MS365, Slack, Salesforce(x2), LastPass, Zoom(x2), IBM, DocuSign(x2), Jamf, Canva, AmazonSES, OpenAI, Miro(x2), MongoDB, Facebook, Lutron, Smartsheet, OneTrust, Anthropic, Intercom, GitPod, Google, Censys, HackerOne, Zapier, Atlassian(x7), Figma, Postman,[...]
SHA-256 e61a4ff5b66354263248f5671d076baa80ac0b12368c1883b631363c559cd62a
ev_003 A-2
Source prestage:/enrich/domain · Captured
MX: mxa-00162b01.gslb.pphosted.com + mxb-00162b01.gslb.pphosted.com priority 10 (Proofpoint). SPF: v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all. DMARC: p=quarantine; fo=1; rua=dmarc_rua@emaildefense.proofpoint.com; ruf=dmarc_ruf@emaildefense.proofpoint.com.
SHA-256 b00ca5e6c5cc921411ea69128109e867291f39a25fb6ebb5b8af9648f87b5885
ev_004 A-1
Source certspotter_enumerate · Captured
100 certs, 189 unique names. Wildcards: *.blackrock.com, *.extdns.azblkdmz.blackrock.com, *.login.blackrock.com, *.originb.blackrock.com. 90+ unique subdomains: auth (login, aladdin-login, emea-aladdin-login), DevOps tools (artifactory, svn, harbor/harbor-admin/harbor-preprod with EWD and HAL clusters), cloud envs (fit-blz/fit-tsz azure, extdns.azblkdmz, pshcloud, tstcloud), Aladdin client portals (bnppam, bnymim, schwab, schwwealth, unicredit, schroders, swissre, principal, svb, thrivent, [...]
SHA-256 b1df5178a3fa91c947728d7b7e317b00acfdaac8902f95f4172e97c09a2b42fb
ev_005 A-1
Source rdap_domain · Captured
blackrock.com RDAP: handle=2496064_DOMAIN_COM-VRSN, registrar=CSC Corporate Domains IANA-299, registered=1997-11-26, expires=2026-11-25, last_changed=2025-11-21. Status: client transfer prohibited + server delete/transfer/update prohibited (fully locked). DNSSEC: signed, algorithm=13 (ECDSA P-256), keyTag=37972, digest=1F2E19011A494D7A85F9889F4A0A1A09200AF15A96BC727A1E917F83A525D4B9. NS: ns1-ns6.blackrock.com.
SHA-256 7e653605181e58c7ee1f7156b256b0e062945c64ffd04dca5d7ee4a35331e5c4
ev_006 A-1
Source rdap_domain · Captured
futureadvisor.net RDAP: handle=2122606506_DOMAIN_NET-VRSN, registrar=CSC Corporate Domains IANA-299, registered=2017-05-09, expires=2027-05-09, last_changed=2026-05-05. DNSSEC: true (5 DS records, all algorithm 13). NS: ns1-ns6.blackrock.com — identical nameservers as blackrock.com, confirms BlackRock control.
SHA-256 9b4a2cbb2f37ab31fbe0a4a3e1fce9f856591de51919c5fe8870bb02150a947a
ev_007 A-2
Source dns_lookup · Captured
ns1.blackrock.com A: 193.108.91.23 TTL=300. Akamai Edge DNS (EMEA IP range 193.108.x.x).
SHA-256 7a8a9a77b08923e75150837e519926d3596c01e2fabe408dcf7a83ab6f78dbd2
ev_008 A-2
Source dns_lookup · Captured
ns2.blackrock.com A: 96.7.49.67 TTL=300. Akamai Edge DNS.
SHA-256 9a96785d4e0e525370beb7fdbfa4ea957c14e1711d64175943620ef2da3e54bd
ev_009 A-2
Source dns_lookup · Captured
ns3.blackrock.com A: 23.61.199.64 TTL=300. Akamai Edge DNS.
SHA-256 55438572fe2fa0e5b5de97753d2dc61280c4285a15a41efe76b0dcdf94c18722
ev_010 A-2
Source dns_lookup · Captured
ns4.blackrock.com A: 184.26.160.66 TTL=300. Akamai Edge DNS.
SHA-256 72697a48a86985e0e9297b8105ff80812a10efbfc021f5dad3887d20e318b342
ev_011 A-2
Source dns_lookup · Captured
ns5.blackrock.com A: 23.211.132.67 TTL=300. Akamai Edge DNS.
SHA-256 45ae155226fe65fed98d3364456da17e1967ca75b263947e54f1aec5ae592488
ev_012 A-2
Source dns_lookup · Captured
ns6.blackrock.com A: 95.100.173.65 TTL=300. Akamai Edge DNS.
SHA-256 ba5ff22ff698c3213186b385207bdad600ad7ea62916010a6218136d6e6f2c79
ev_013 A-2
Source dns_lookup · Captured
login.blackrock.com CNAME chain: blackrock.customdomains.okta.com -> ok7-custom-crtrs.okta.com -> ok7-custom-crtrs.oktaedge.okta.com -> a9d4dea8e2661b2ed.awsglobalaccelerator.com A [15.197.151.86, 3.33.152.248].
SHA-256 398019643cb91a7a2e874ba4506b8f7c1d9afe120712b83fabcb4bf9ecd81626
ev_014 A-2
Source dns_lookup · Captured
aladdin-login.blackrock.com CNAME chain: aladdin.customdomains.okta.com -> ok7-custom-crtrs.okta.com -> ok7-custom-crtrs.oktaedge.okta.com -> a9d4dea8e2661b2ed.awsglobalaccelerator.com A [15.197.151.86, 3.33.152.248]. Same ok7 cluster and same Global Accelerator endpoint as corporate login.
SHA-256 23ba69a2b8d07b3617c94dcec6d6f6690213577b583474f16e8408c30df0c5ca
ev_015 A-2
Source dns_lookup · Captured
emea-aladdin-login.blackrock.com CNAME chain: emea-aladdin.customdomains.okta.com -> ok9-custom-crtrs.okta.com -> ok9-custom-crtrs.oktaedge.okta.com -> ac4b547508e00da8e.awsglobalaccelerator.com A [15.197.195.200, 3.33.238.178]. DISTINCT ok9 cluster from US ok7; separate AWS Global Accelerator endpoint.
SHA-256 2695ff4800d5558a6813446f316f2643d0ab999780bb9a8bf9e400880de395ab
ev_016 A-2
Source dns_lookup · Captured
artifactory.blackrock.com: Status=3 NXDOMAIN. SOA authority blackrock.com. No public A record despite active CT cert. Internal-only.
SHA-256 86d9c91ad3505d69673bb98b9a416805f7ccb61aedc15b28c8ef202664872b92
ev_017 A-2
Source dns_lookup · Captured
harbor.blackrock.com: Status=3 NXDOMAIN. No public DNS. CT cert active. Internal-only container registry.
SHA-256 c27e00dc60a0897b6349573fd3ff8beea24b82273019c548b91669958b051fbc
ev_018 A-2
Source dns_lookup · Captured
admin.blackrock.com: Status=3 NXDOMAIN. CT cert issued 2025-06-18. No external resolution.
SHA-256 fad466e1d45300447b41323f71368b9c67325aa3112f42fc959f7d06878dadc2
ev_019 A-2
Source dns_lookup · Captured
dev.blackrock.com: Status=3 NXDOMAIN. CT cert issued 2025-06-16. No external resolution.
SHA-256 035acdf473fbe6ae14cb72d6a226e2e5edf1af3bec7e024d80d5304f9858315c
ev_020 A-2
Source dns_lookup · Captured
svn.blackrock.com: Status=3 NXDOMAIN. CT cert issued 2025-06-24. Active Subversion host with no public DNS.
SHA-256 f940be04cf0473867e703e3870f8bd17477c568ba3be969fbcd5ccd6798edf1e
ev_021 A-2
Source dns_lookup · Captured
originb.blackrock.com: SOA authority returned, no A record. Wildcard cert *.originb.blackrock.com exists. Origin-tier group, no external resolution.
SHA-256 0ad8a9617a18de6c63b641d3ecfa5eb3a59922417ba8f8888640d4af5e4cb95b
ev_022 C-2
Source hunter_domain_search · Captured
blackrock.com Hunter.io: 15,910 total emails on record. Pattern={first}.{last}@blackrock.com. accept_all=true. Sample 10 returned: joseph.rizk (VP Business Consultant Alts), leo.wang (Director PE Strategy), luke.perkins (VP), mara.james (Admin Business Partner), isabelle.chung (VP), sweta.jain (VP), wayne.chiu (VP Analytics Data Scientist IT dept), osric.richards (VP Portfolio Implementations), manish.pandey (VP), tom.sabram (Director Aladdin Product Manager). All confidence=85, verified=ac[...]
SHA-256 d1a91c6458d782778126f3e1fbfb0c0c77c281e788bc53fc3c49b74fb4c097ea
ev_023 A-2
Source codex:baseline · Captured
Codex entity: BlackRock, Inc. (org). Identifiers: cik:0002012383, lei:549300LRIF3NWCU26A80, ticker:BLK, wikidata:Q219635. Aliases: BLK, BlackRock, BlackRock, Inc. Known sources: grid:entities.
SHA-256 925b58abb764793e60c9aaa58a1b0d48a601c1997392aa4c41a5f1c19768cf91
ev_024 B-3
https://en.wikipedia.org/wiki/BlackRock
Source analyst:prior-knowledge · Captured
BlackRock, Inc. is the world's largest asset management firm, founded in 1988 by Larry Fink, Rob Kapito, Susan Wagner and others. HQ: 50 Hudson Yards, New York, NY 10001. Key executives (2024-2025): Larry Fink (Chairman & CEO), Rob Kapito (President), Philipp Hildebrand (Vice Chairman, former Swiss National Bank chair), Robert Goldstein (COO & Head of BlackRock Solutions), Mark McCombe (Chief Client Officer), Rachel Lord (Head of International), Martin Small (Head of U.S. Wealth Advisory). [...]
SHA-256 e461835dbe03d92d9733bc483e51ec66384fc730b7318510d8b46515a3dc03f8
ev_025 B-3
https://en.wikipedia.org/wiki/IShares
Source analyst:prior-knowledge · Captured
iShares is BlackRock's ETF platform and world's largest ETF provider by AUM (~$4 trillion+, 1000+ products). BlackRock launched the iShares Bitcoin Trust (ticker: IBIT) on NASDAQ on January 11, 2024. IBIT became the largest spot Bitcoin ETF by AUM within weeks of launch, accumulating tens of billions in inflows. Custodian: Coinbase. The iShares brand was acquired from Barclays Global Investors in 2009 as part of a ~$13.5 billion deal.
SHA-256 62cf87a6efb596b5f909f72b5b980c99f37955bcf487d24b8a2c773d46d105a1
ev_026 B-3
Source analyst:prior-knowledge · Captured
BlackRock completed the acquisition of Global Infrastructure Partners (GIP) in 2024 for approximately $12.5 billion in combined cash and stock. GIP was one of the world's largest independent infrastructure investment managers with stakes in Gatwick Airport, Edinburgh Airport, Suez environmental services, and Port of Melbourne. The acquisition dramatically expanded BlackRock's alternatives and infrastructure AUM.
SHA-256 74583a0c68ff659d825fb32d94ef193b7be09a905809d28166766461be4bfab2
ev_027 B-3
Source analyst:prior-knowledge · Captured
BlackRock acquired Preqin, the London-based alternative assets data and intelligence firm, in 2024 for approximately $3.2 billion. Preqin provides data, analytics, benchmarking, and research across private equity, private credit, hedge funds, real estate, and infrastructure. BlackRock stated intent to integrate Preqin's datasets into the Aladdin platform to enhance alternatives analytics for clients.
SHA-256 04ccb5f2b906a1d59cf0fa70c8fa6be2ba98053153d4de5245762ea31a3c570e
ev_028 B-3
Source analyst:prior-knowledge · Captured
BlackRock announced in November 2024 plans to acquire HPS Investment Partners, a leading global credit investment manager with approximately $100+ billion AUM, in an all-stock deal valued at approximately $12 billion. HPS specializes in private credit including leveraged loans, high-yield bonds, and direct lending strategies. Deal announced November 2024; closing expected H1 2025. Live status confirmation unavailable (Brave Search quota exhausted).
SHA-256 4b5392295c55f5229bcce73bc165d54d557844fe5f2c348dc7c09ce72781a4c6
ev_029 B-3
https://en.wikipedia.org/wiki/Larry_Fink
Source analyst:prior-knowledge · Captured
Larry Fink publishes annual Chairman's Letters to shareholders and separately to global CEOs. His 2024 Annual Chairman's Letter focused on infrastructure investment, the energy transition, the retirement savings crisis, and democratization of private markets for retail investors. Fink co-founded BlackRock in 1988 and served as CEO continuously. As of early 2025, succession planning was publicly discussed; Fink remained CEO with no announced departure timeline.
SHA-256 b38204f0dc84c42c4a7c15c16344511e0e7aedb1c34d4f69da17ab1385c28e4f
ev_030 B-2
https://en.wikipedia.org/wiki/BlackRock
Source reference:wikipedia · Captured
Wikipedia article on BlackRock, Inc. covers company founding (1988), early PNC Financial backing, IPO, growth through major acquisitions (Merrill Lynch Investment Managers 2006; Barclays Global Investors/iShares 2009 ~$13.5B), Aladdin platform as both internal OS and external licensed product, AUM growth to $10+ trillion, leadership roster, and controversies including ESG backlash from Republican-led US states and political scrutiny of its scale.
SHA-256 da6641f83a66637f880de171fd981a36f903bf4228c5691013dbda438a4dace1
ev_031 A-1
https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0002012383&type=10-K&dateb=&owner=include&count=40
Source reference:sec-edgar · Captured
BlackRock, Inc. SEC EDGAR filing index for CIK 0002012383. Annual 10-K reports, proxy statements (DEF 14A), quarterly 10-Q, and material event 8-K filings available. Most recent 10-K covers fiscal year 2024. LEI: 549300LRIF3NWCU26A80. NYSE ticker: BLK.
SHA-256 fbc8c70e43a9b252e650729aaf4d850e19cd9d3dd38ede84d7807f3b2adcfb4f
ev_032 A-2
Source prestage:/enrich/domain · Captured
DNS TXT records for blackrock.com reveal extensive SaaS tooling footprint: Microsoft 365 (MS=ms38828697), Salesforce (two org IDs: 00DcT000002htHp, 00Df4000001SWZk), LastPass, Zoom (x2), DocuSign (two tenant IDs: a2dbcd74, b627a610), Jamf MDM, Canva, Atlassian (7 domain-verification tokens), Figma, Postman, Miro (x2), MongoDB, Facebook, OpenAI (dv-t8zlUHqPKw7yePArKHz0zNoz), Anthropic (p2md8z), IBM ID, GitPod, Duo SSO (x2), Drift, Intercom, OneTrust, Zapier, Smartsheet, Censys, HackerOne (h1[...]
SHA-256 7c40e57424b6b1cea5104d13a691f17be1e0997c9975d529096f1684374adca7
ev_033 A-2
Source prestage:/enrich/domain · Captured
blackrock.com baseline: RDAP registered 1997-11-26 expires 2026-11-25 registrar CSC IANA 299 NS1-6.BLACKROCK.COM DNSSEC keyTag=37972 algo13. A: 69.52.2.199/69.52.13.199. MX: pphosted.com (x2). SPF: v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all (dynamic macro softfail). DMARC: p=quarantine fo=1 rua=dmarc_rua@emaildefense.proofpoint.com. TXT confirms: h1-domain-verification (HackerOne active bounty), censys-domain-verification (Censys attack surface monitoring), duo_sso_verificatio[...]
SHA-256 ec0aab99efb9345e2d42fad402ee545b3da1d56e00b1bf36bb78fe0822568dde
ev_034 A-1
Source certspotter_enumerate:blackrock.com · Captured
100 certs 189 unique names. Wildcards: *.blackrock.com *.extdns.azblkdmz.blackrock.com *.login.blackrock.com *.originb.blackrock.com. New infrastructure: aais aeshared atte bce beneu bis bnppam bnymim bokfroms bwn cfip coppel dellife efg emtls.efg equitrust fit-blz.azure fit-tsz.azure fondsavs futurefund gmo gruppobper harbor-preprod-ewd harbor-preprod-hal helvetia ifm ispgruppo jhi jpshared kis mfc mswm mybenefits ndrio oauth-uat.efg originb pfa pic pmuat poste principal pshcloud ril schro[...]
SHA-256 d1e1d7c57b4af639e199edaad08a207801bc1071dfe312f9eb331c9d44aef717
ev_035 A-1
Source certspotter_enumerate:futureadvisor.net · Captured
2 certs 20 unique names. Both are the same 19-domain SAN bundle shared with alts-iq.com. New cert id 15408680248 issued TODAY 2026-06-15 expires 2026-12-30 covers: alts-iq.com blackrockinvestorpulse.com blackrockoncampus.com futureadvisor.net gachallenge.com gachart.com glscchart.com impactinvesting.com investmentcafe.com ishares.it ishares.nl ishares.us iunits.com lifepathchart.com maicharts.com mgpa.com minvolchallenge.com mybenefits.blackrock.com siochart.com www.futureadvisor.net. No in[...]
SHA-256 a98fa2f068f67d0931a4661d832ce34b069c4eda0fb9b3b0b500d395a349009e
ev_036 A-1
Source certspotter_enumerate:azblkdmz.blackrock.com · Captured
1 cert (id 11084287667) 2 names: *.extdns.azblkdmz.blackrock.com and extdns.azblkdmz.blackrock.com. Valid 2025-07-12 to 2026-07-14. Pure wildcard strategy — no specific Azure DMZ hostnames enumerable via CT.
SHA-256 873ed8c81f88b81a006efef9a821d61284425eef8c3a6062e2c1b78754cfc304
ev_037 A-1
Source rdap_domain:alts-iq.com · Captured
Handle 1902135534_DOMAIN_COM-VRSN. Registered 2015-02-11 expires 2027-02-11 last changed 2026-02-07. Registrar CSC Corporate Domains Inc IANA 299. Status: client transfer prohibited only (less locked than blackrock.com which has server-side locks). NS: NS1-NS6.BLACKROCK.COM. DNSSEC: 5 DS records algorithm 13. Ownership via shared NS authority confirmed.
SHA-256 c945a82a5dec53ccac31583c4b662ac2a7a7ad2e9e3f6a53a730a128a847d932
ev_038 A-1
Source rdap_domain:futureadvisor.net · Captured
Handle 2122606506_DOMAIN_NET-VRSN. Registered 2017-05-09 (BlackRock acquired FutureAdvisor company 2015; domain registered 2 years later) expires 2027-05-09 last changed 2026-05-05. Registrar CSC Corporate Domains Inc IANA 299. Status: client transfer prohibited. NS: NS1-NS6.BLACKROCK.COM. DNSSEC: 5 DS records algorithm 13.
SHA-256 30f447665e029d3a4ea5cf098e9b8c942077ba1ef92a51e96212e817916abf22
ev_039 A-2
Source dns_lookup:alts-iq.com/A · Captured
A: 69.52.13.253 (TTL 300), 69.52.42.253 (TTL 300). DNSSEC AD=true. Same 69.52.x.x block as blackrock.com main IPs (69.52.2.199/69.52.13.199).
SHA-256 26496f6148a216e7e698b46ca73355967c30ddf4f7f8f9423a56aba39bdfdf0c
ev_040 A-2
Source dns_lookup:alts-iq.com/TXT · Captured
TXT: v=spf1 -all. Three opaque tokens: _dpbt4io3fshvo3cws6wodfqfq5sjpwy, _osjbt1q0f0vk0c1twvbw08aaayfrrbl, _un1r41gncm40xd0v9ixre9wcapxeqqd (service verification challenges).
SHA-256 a91d2eecf89ca9befca1c3bbbed1b4fea03353d3714c9c5b3527de8ca4e6b470
ev_041 A-2
Source dns_mail_auth:alts-iq.com · Captured
SPF: v=spf1 -all (hard reject). DMARC: v=DMARC1; p=reject; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com. MX count: 2 (mxa/mxb-00162b01.gslb.pphosted.com — same Proofpoint cluster as blackrock.com). CONTRAST: alts-iq.com/futureadvisor.net parked domains have SPF -all + DMARC reject; primary blackrock.com uses SPF ~all + DMARC quarantine — parked domains are MORE strictly hardened than primary.
SHA-256 2008dd3abc6250b3ebb0364cb0df2616583901f116283835b10118ed25f1395d
ev_042 A-2
Source dns_lookup:futureadvisor.net/A · Captured
A: 69.52.13.253 (TTL 300), 69.52.42.253 (TTL 300). DNSSEC AD=true. Identical IPs to alts-iq.com — shared load-balanced pair.
SHA-256 a4cda7be9ece532783de0e5fd2d81c35b0a086165fd0f1eb15b988579bfd6f9a
ev_043 A-2
Source dns_mail_auth:futureadvisor.net · Captured
SPF: v=spf1 -all. DMARC: v=DMARC1; p=reject; fo=1; rua/ruf=emaildefense.proofpoint.com. MX count: 2 (pphosted.com). TXT also has 4 opaque tokens and two UUID-format strings (12BB-41F9-3F4F-FAAA-0450-9F15-1925-9EAD, ACE8-7DF2-2D71-8C7E-266B-C9C7-A4E8-40ED). Maximally restrictive email posture.
SHA-256 357b90940ec52fc7d4fa079bae674efa1df184c0df724be6c9a47dec9a5c7458
ev_044 A-2
Source dns_lookup:svn.blackrock.com/A · Captured
Status 3 NXDOMAIN. Authority SOA: ns1.blackrock.com. netops.blackrock.com. serial 2026060603. No external A record. Cert (id 10874292799) issued 2025-06-24 valid through 2026-06-23 confirms active internal use. SVN server operational internally but not externally reachable.
SHA-256 7b132a01fc6b5527bbd24fb90c1b662aa48114eda81cc7c932f7699b777b39e6
ev_045 A-2
Source dns_lookup:aladdin-login.blackrock.com/CNAME · Captured
CNAME: aladdin-login.blackrock.com -> aladdin.customdomains.okta.com. (TTL 300). Okta org name: aladdin.
SHA-256 feebf9cccc849e428085d7eea0faf0f49f847c0ab8ced07cd0a79ab30c686302
ev_046 A-2
Source dns_lookup:emea-aladdin-login.blackrock.com/CNAME · Captured
CNAME: emea-aladdin-login.blackrock.com -> emea-aladdin.customdomains.okta.com. (TTL 300). EMEA Okta org name: emea-aladdin.
SHA-256 21712cd3fe29cbaf2d58e5486010b0142fe159b8b65ae35ead12579da6b27faf
ev_047 A-2
Source dns_lookup:login.blackrock.com/CNAME · Captured
CNAME: login.blackrock.com -> blackrock.customdomains.okta.com. (TTL 300). Corporate Okta org name: blackrock.
SHA-256 8c8ef293d1fe0f996bb9e2235ae4c4b9f33b9ea1a78b230ec1e362a6edca654b
ev_048 A-2
Source dns_lookup:blackrock.customdomains.okta.com/A · Captured
Full chain: blackrock.customdomains.okta.com -> ok7-custom-crtrs.okta.com -> ok7-custom-crtrs.oktaedge.okta.com -> a9d4dea8e2661b2ed.awsglobalaccelerator.com -> 15.197.151.86, 3.33.152.248. Cell ok7 US. AWS Global Accelerator.
SHA-256 2e7007b40d8e1e1d1f7d94b476a0930df5f01a15f2c90cd8f53cb37d120f3527
ev_049 A-2
Source dns_lookup:aladdin.customdomains.okta.com/A · Captured
Full chain: aladdin.customdomains.okta.com -> ok7-custom-crtrs.okta.com -> ok7-custom-crtrs.oktaedge.okta.com -> a9d4dea8e2661b2ed.awsglobalaccelerator.com -> 15.197.151.86, 3.33.152.248. Identical cell ok7 and same GA accelerator as corporate tenant — both US BlackRock Okta tenants share single infrastructure path.
SHA-256 0dfb7713434ba87e005103b4045a47325ea79af7946c3f041fa6d660e85c9ba6
ev_050 A-2
Source dns_lookup:emea-aladdin.customdomains.okta.com/A · Captured
Full chain: emea-aladdin.customdomains.okta.com -> ok9-custom-crtrs.okta.com -> ok9-custom-crtrs.oktaedge.okta.com -> ac4b547508e00da8e.awsglobalaccelerator.com -> 3.33.238.178, 15.197.195.200. Cell ok9 EU. Separate GA accelerator from ok7 — EU data residency architecture confirmed.
SHA-256 fd03f04af83b12146d8bc4f9a1c5189267f4fbe4ff0e24054dfb90bb942280cb
ev_051 C-2
Source hunter_domain_search:blackrock.com · Captured
15910 total emails in Hunter. Pattern {first}.{last}@blackrock.com. Domain accept_all=true. Organization: BlackRock. Top 10 returned: joseph.rizk (VP Alt Investments sales), leo.wang (Director PE Strategy exec/mgmt), luke.perkins (VP exec), mara.james (Admin Business Partner sales), isabelle.chung (VP exec), sweta.jain (VP exec), wayne.chiu (VP Analytics DS IT), osric.richards (VP Portfolio Implementations exec), manish.pandey (VP exec), tom.sabram (Director Aladdin Product Manager mgmt). A[...]
SHA-256 ce64444b9f15f6a93d7648f2b9ed90f3be8fed6b6b0a48ecb71f0a49269cf461
ev_052 A-2
Source dns_lookup:originb.blackrock.com/A · Captured
Status 3 NXDOMAIN. Authority SOA ns1.blackrock.com serial 2026060603. Internal-only. Wildcard cert *.originb.blackrock.com (id 11045032695) issued 2025-07-08 confirms active use as origin tier.
SHA-256 2b51ac8e79a5670df804460030b095bac1c3b3d1485ef1f815d933104284c6be
ev_053 A-2
Source dns_lookup:efg.blackrock.com/A · Captured
Status 3 NXDOMAIN. Internal-only.
SHA-256 0cc622720e8aed73296d8a1042a0dff59c1e739eb58daa199ba0f401be809b0f
ev_054 A-2
Source dns_lookup:oauth-uat.efg.blackrock.com/A · Captured
Status 3 NXDOMAIN. Internal-only.
SHA-256 0cc622720e8aed73296d8a1042a0dff59c1e739eb58daa199ba0f401be809b0f
ev_055 A-2
Source dns_lookup:torpedo.blackrock.com/A · Captured
Status 3 NXDOMAIN. Internal-only. Cert (id 10776195667) issued 2025-06-16 expired today 2026-06-15.
SHA-256 88a3e4fa08ac0878b6ada95d65e07db42a80b7ff0182acb786bdb79977b50108
ev_056 A-2
Source dns_lookup:schwab.blackrock.com/A · Captured
Status 3 NXDOMAIN. Representative sample confirming all Aladdin client tenant subdomains (schwab, bnppam, schroders, unicredit, etc.) are internal-DNS-only.
SHA-256 e22c329c917d1acfb3c1f4a809855ac0f14ed3c8aed3ec4fb3f9091b32de288c
ev_057 A-2
Source dns_lookup:bmq-prod.mim.blackrock.com/A · Captured
Status 3 NXDOMAIN. BMQ multi-tenant cluster zones are internal-only.
SHA-256 200060bcab538be0802aa5c804408ba97dd05702225e29420f587e724fc9b18e
ev_058 A-1
Source crtsh_search:%.alts-iq.com · Captured
3 results all showing alts-iq.com as a SAN on futureadvisor.net-CN cert. Issued by DigiCert Global G2 TLS RSA SHA256 2020 CA1. Serial 0ee6a4e3b51e30799269d30c5554a015 (old) and 0a78ce211ae977edc3d7635fc5d9d600 (new 2026-06-15). No independent alts-iq.com subdomains — pure domain parking confirmed.
SHA-256 38331af0f397aa48b0886785b11a86c69d72968d4baacaf9c9d23385f2262eeb
ev_059 A-2
Source codex:baseline · Captured
BlackRock, Inc. — existing Codex entity. Identifiers: CIK 0002012383, LEI 549300LRIF3NWCU26A80, ticker BLK, Wikidata Q219635. Aliases: BLK, BlackRock, BlackRock Inc. Known sources: grid:entities.
SHA-256 23d9dd0e9a934ae2f10f0b20971508732820d324fc37d719b48c6024f8575267
ev_060 A-2
Source prestage:/enrich/domain · Captured
DNS TXT records for blackrock.com — 44+ tokens across 30+ vendor platforms. HackerOne: h1-domain-verification=ktpxEvEwdQXJNsQuFywMvSrzMVyqLQXdXK4LzzPHBeUwK6Sa. Atlassian: 7 tokens (6x atlassian-domain-verification + atlassian-sending-domain-verification=2f929226-2c0c-4306-ac9a-43dc18508fb8). Salesforce org IDs: 00DcT000002htHp, 00Df4000001SWZk. Duo SSO: 2 tenants. OneTrust: 325159a07083492d9c6b3d8986a51286. OpenAI: dv-t8zlUHqPKw7yePArKHz0zNoz. Anthropic: p2md8z=rt7WGZu8bPVVrFPRfiSUdIlWJ. Ja[...]
SHA-256 7481ac1e12855ec000f3af4f116868d3b460c64a7b9b3febe513cc144f2f85ce
ev_061 A-2
Source prestage:/enrich/domain · Captured
MX: 10 mxa-00162b01.gslb.pphosted.com, 10 mxb-00162b01.gslb.pphosted.com (Proofpoint Hosted). DMARC: v=DMARC1; p=quarantine; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com. SPF: v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all.
SHA-256 35639e168a868d72ca50225a369676a2e8868458d6d45a873d4ee26bc71f26a2
ev_062 A-2
https://developer.mozilla.org/en-US/observatory/analyze?host=blackrock.com
Source prestage:/enrich/domain · Captured
MDN Observatory for blackrock.com: id=101067178, grade=F, score=5/10, tests_failed=5, tests_passed=5, tests_quantity=10, algorithm_version=5, status_code=200, error=null. scanned_at=2026-06-15T14:57:05.624Z.
SHA-256 50a31ee1d2d9677d26aadd37c1209f1a28827695c579fce75df4615fd20e7d5b
ev_063 A-2
Source prestage:/enrich/domain · Captured
RDAP blackrock.com: handle=2496064_DOMAIN_COM-VRSN, registrar=CSC Corporate Domains Inc (IANA 299), registration=1997-11-26T05:00:00Z, expiration=2026-11-25T05:00:00Z, last_changed=2025-11-21T06:04:52Z, DNSSEC=true (algorithm 13 ECDSA-P256-SHA256, keyTag 37972, digest 1F2E1901...). Status: client transfer prohibited, server delete/transfer/update prohibited. SOA serial 2026060603. NS1-6 all authoritative from blackrock.com itself (self-hosted nameservers).
SHA-256 3853c64d65c797c643fddd6a188f37b4afcebd7e5f6aff6cbe760096d5bcb024
ev_064 B-3
Source analyst-inference:training-knowledge-aug2025 · Captured
Reference data from analyst training knowledge (cutoff August 2025). Leadership: Larry Fink (Chairman/CEO, co-founder 1988), Rob Kapito (President, co-founder 1988). HQ: 50 Hudson Yards, New York, NY 10001 (since 2023). AUM: ~$10.5T Q3 2024. Aladdin tracks ~$21.6T across 55,000+ external portfolios. NYSE: BLK. Employees ~23,000. Acquisitions: GIP closed Jan 2024 ~$12.5B; HPS Investment Partners announced Dec 2024 ~$12B; Preqin announced Jun 2024 ~$3.22B. iShares acquired from Barclays Globa[...]
SHA-256 834ac4db56da58e428084cd27102688bc69c0236946d59d6021072f5824170d3
ev_065 A-2
Source codex:baseline · Captured
BlackRock, Inc. (org). Aliases: BLK, BlackRock, BlackRock, Inc. Identifiers: cik:0002012383, lei:549300LRIF3NWCU26A80, ticker:BLK, wikidata:Q219635. Known sources: grid:entities.
SHA-256 9709ccfc43eb3811c2bc9aafce4cabb830faaa037fe3042560ae4dd4b42cd202
ev_066 A-2
Source prestage:/enrich/domain · Captured
DNS TXT records (blackrock.com): h1-domain-verification=ktpxEvEwdQXJNsQuFywMvSrzMVyqLQXdXK4LzzPHBeUwK6Sa; openai-domain-verification=dv-t8zlUHqPKw7yePArKHz0zNoz; anthropic-domain-verification-p2md8z=rt7WGZu8bPVVrFPRfiSUdIlWJ; LastPass-ty@2D8o^qLhx3B8CYS3h9G^q; ZOOM_verify x2; duo_sso_verification x2; atlassian-domain-verification x6 + atlassian-sending-domain-verification; 00DcT000002htHp=1TBcT000000009h (Salesforce); 00Df4000001SWZk=1TBQm00000006YU (Salesforce); docusign x2; jamf-site-veri[...]
SHA-256 3b7656743c645cc03e42c0b23f766696f314059505a64e890f930dfe4657815b
ev_067 B-3
Source analyst_knowledge:2025-08 · Captured
BlackRock announced acquisition of HPS Investment Partners December 2024. All-stock deal ~$12 billion. HPS manages ~$148 billion private credit and direct lending. Regulatory approvals required; expected close H1 2025. Would make BlackRock the world's largest private credit manager.
SHA-256 f56d4f8cd80777119cf92940e4cf83bd84355cc10f1e0916681f8c19b4659f47
ev_068 B-3
Source analyst_knowledge:2025-08 · Captured
BlackRock announced acquisition of Preqin Ltd June 2024. All-cash ~£2.55 billion (~$3.2 billion). Preqin is leading private markets data provider headquartered in London. Expected close early-mid 2025. Integration with Aladdin for private markets analytics. Information-asymmetry concern: Preqin holds LP commitment data for BlackRock's own competitors.
SHA-256 5229639c92db8f5263da89ca690b8bbf8a67a720e286efb401056e2287cf22b5
ev_069 B-3
Source analyst_knowledge:2025-08 · Captured
BlackRock closed acquisition of Global Infrastructure Partners (GIP) October 2024. Announced January 2024. Total consideration ~$12.5 billion (cash + stock). GIP ~$100B AUM. Portfolio includes Heathrow Airport, Gatwick Airport, Edinburgh Airport, Sydney Airport, energy transition assets, digital infrastructure. Founded by Adebayo Ogunlesi. Largest BlackRock acquisition since BGI (2009).
SHA-256 397fefc93516b23a1f0d68baf172b886a0be0efed5faea8b47d9ef51e347ad96
ev_070 B-3
Source analyst_knowledge:2025-08 · Captured
Larry Fink (Laurence Douglas Fink). Born 1952-11-02, Van Nuys, California. UCLA BA Political Science, MBA Anderson School. Prior: First Boston (pioneered MBS market; departed after ~$100M trading loss). Co-founded BlackRock 1988 with Robert Kapito and others (originally Blackstone subsidiary). Chairman & CEO since inception. Annual CEO letters from 2012. ESG advocate 2012-2022; ceased ESG terminology 2023-2024. 2024 letter: infrastructure supercycle, energy transition, AI investment.
SHA-256 232cf9b8a63b90405f45f8870bbddab0bd817ffa76542393ddacead21d0e1302
ev_071 B-3
Source analyst_knowledge:2025-08 · Captured
Robert S. Kapito. Co-founder and President, BlackRock Inc since 1988. Harvard BA, Wharton MBA. Prior: First Boston with Larry Fink. President and Director; manages day-to-day global operations.
SHA-256 4a5e109041acb8a870264805dc97fa6ae1fc26e4f712f35e6e67716b89163e55
ev_072 B-3
Source analyst_knowledge:2025-08 · Captured
BlackRock profile: Founded 1988; Blackstone Group subsidiary until 1994 spin-off; NYSE:BLK IPO 1999. HQ moved to 50 Hudson Yards, NY 10001 ~2023. ~21,000 employees post-GIP close. $11.6T AUM Q4 2024. CFO: Martin Small (2023, succeeded Gary Shedlin retired). COO: Rob Goldstein (also heads Aladdin/BlackRock Solutions). Subsidiaries history: iShares via BGI 2009 ($15.2B); eFront 2019 ($1.3B, Bridgepoint); Aperio Group 2021; FutureAdvisor 2015 (~$150-200M); SpiderRock Advisors 2022; Kreos Capit[...]
SHA-256 920c22a63bb165c404143220778e62357648a5be168adf5aad65aa603bc05bfc
ev_073 B-3
Source analyst_knowledge:2025-08 · Captured
Aladdin (Asset, Liability, Debt and Derivative Investment Network). BlackRock's enterprise risk and investment OS, developed internally from late 1980s. Monitors risk on ~$21.6T for 1000+ institutional clients. Technology services revenue ~$1.5B/year. Modules: Risk, Accounting, Compliance, Climate, Provider (wealth), Studio. Competitors: SimCorp (Deutsche Boerse), Charles River (State Street), Finastra. Confirmed endpoints: aladdin-login.blackrock.com (ent_029), emea-aladdin-login.blackrock[...]
SHA-256 b16eac2f6c946babd55bd45290d40f656ac6ad6a5e5e10d99920d5872f62afd4
ev_074 B-3
Source analyst_knowledge:2025-08 · Captured
iShares. Acquired from Barclays Global Investors (BGI) as part of $15.2B deal 2009. World's largest ETF provider; $4T+ AUM, 900+ ETFs globally. Domains ishares.us, ishares.nl, ishares.it confirmed in registry (ent_006, ent_007, ent_008).
SHA-256 405d76c04b1417bbbba1b8846372a48c8b7d175be1d08d47256c92e421c94af6
ev_075 B-3
Source analyst_knowledge:2025-08 · Captured
eFront (eFront SA). Acquired 2019 from Bridgepoint private equity for ~$1.3 billion. Alternative investment management software for private equity, private debt, real assets, infrastructure fund administration. Integrated with Aladdin.
SHA-256 f30344e2f9e80a3020c5e4e46a2b7497de170a283486ec1cf088c18cd79fc847
ev_076 A-2
Source prestage:/enrich/domain · Captured
DNS TXT on blackrock.com: "h1-domain-verification=ktpxEvEwdQXJNsQuFywMvSrzMVyqLQXdXK4LzzPHBeUwK6Sa" — HackerOne domain ownership verification token; confirms active HackerOne bug bounty program for BlackRock.
SHA-256 9ce92a3207399d170e1272bb0938df85188edfaa038d737a268f0367241bb5d1
ev_077 B-3
Source analyst_knowledge:2025-08 · Captured
Larry Fink 2025 Annual Chairman's Letter (Q1 2025). Full text not retrieved (brave_web_search quota exhausted). Anticipated themes based on 2024 trajectory: infrastructure supercycle (post-GIP); democratizing private markets access (post-HPS/Preqin); AI as infrastructure investment theme; energy transition. ESG terminology absent.
SHA-256 6b4c602c0b863bdb70d07bb621240808379d5b5710ed7d7f790c6d7e9a170b4e
ev_078 B-3
Source analyst_knowledge:2025-08 · Captured
SEC enforcement 2023: BlackRock Advisors LLC settled charges for material misstatements about ESG screening processes in two ESG-marketed funds. Penalty ~$2.5 million. Part of SEC ESG disclosure enforcement wave 2022-2024. Exact IA release number unverified — search not executed due to quota exhaustion.
SHA-256 98dc902d3f757115fcc7737984c0ac5d03f5e6dfb2ba25c9da98470fc7f858bc
ev_079 A-1
Source certspotter_enumerate:futureadvisor.net · Captured
2 certs, 20 unique names. Multi-SAN cert (id 15408680248) issued 2026-06-15 covers: alts-iq.com, blackrockinvestorpulse.com, blackrockoncampus.com, futureadvisor.net, gachallenge.com, gachart.com, glscchart.com, impactinvesting.com, investmentcafe.com, ishares.it, ishares.nl, ishares.us, iunits.com, lifepathchart.com, maicharts.com, mgpa.com, minvolchallenge.com, mybenefits.blackrock.com, siochart.com, www.futureadvisor.net. Expiry: 2026-12-30. New entry vs prior cert: www.futureadvisor.net.
SHA-256 e99fb4388460e3b024023b4a0c1749e4e7532608ec2c9345be1a3e21a2ed5b76
ev_080 A-1
Source certspotter_enumerate:harbor.blackrock.com (include_expired=true) · Captured
6 certs, 7 unique names. Full cluster: harbor.blackrock.com, harbor-admin-ewd.blackrock.com, harbor-admin-hal.blackrock.com, harbor-preprod-ewd.blackrock.com (NEW), harbor-preprod-hal.blackrock.com (NEW), www.harbor-admin-ewd.blackrock.com (NEW), www.harbor-admin-hal.blackrock.com (NEW). Most recent admin cluster certs: 2026-05-15, expiry 2026-11-29. Preprod certs: 2025-06-18, expiry 2026-06-17. No expired certs found.
SHA-256 cc46e9c576f1c7a822e351ecda382b8eecb04b62b005609558a0bde2854dde5c
ev_081 A-1
Source certspotter_enumerate:originb.blackrock.com (include_expired=true) · Captured
2 certs, 2 names: *.originb.blackrock.com + originb.blackrock.com. Most recent cert: 2026-06-09, expires 2026-12-24. Wildcard strategy only — no individual backend node names visible in CT.
SHA-256 bdead2c003083889a431a9628400b9ae62d2f2ffdcbc4caf29c0557f493ea918
ev_082 A-1
Source rdap_domain:alts-iq.com · Captured
Registrar: CSC Corporate Domains (IANA 299). Registered 2015-02-11. Expires 2027-02-11. Last changed 2026-02-07. DNSSEC: enabled (5 DS records, algo 13). NS: ns1-ns6.blackrock.com.
SHA-256 c5ae6afa08b95c2fcef8e02461f0998b6d616db36a53282c89dd40da57120acc
ev_083 A-2
Source dns_lookup:ns1.blackrock.com:A · Captured
A 193.108.91.23 TTL 300. 193.108.91.0/24 = NSONE/IBM NS1 infrastructure.
SHA-256 cd915f9d9662a4a486241a0be34d721f70f006d5f0435e38173a6b4ce2f369cd
ev_084 A-2
Source dns_lookup:ns2-ns6.blackrock.com:A (5 parallel queries) · Captured
ns2: 96.7.49.67 (Akamai), ns3: 23.61.199.64 (Akamai), ns4: 184.26.160.66 (Akamai), ns5: 23.211.132.67 (Akamai), ns6: 95.100.173.65 (Akamai). All ns2-ns6 resolve to Akamai IP ranges. NS architecture: 1 NSONE primary + 5 Akamai secondary.
SHA-256 d3974ec2d4e65c9354a9845da491259e60788061aa3094128ff292fa3424ccea
ev_085 A-2
Source dns_lookup:pmuat.blackrock.com:A · Captured
Status 3 NXDOMAIN. Cert expired 2026-06-16 unrenewed. DECOMMISSIONED.
SHA-256 e4bb08014d44e6b202d60c1d8b36e1dfcfe8f943c20796cb58e622dc4ab28bfc
ev_086 A-2
Source dns_lookup:efg.blackrock.com:A + dns_lookup:www.efg.blackrock.com:A · Captured
Both: NXDOMAIN (Status 3). Entire EFG cluster internal DNS only — no external exposure.
SHA-256 a5040b54fdfd9c9794df1f45eda8b5573f96247adeff5f3e43047fe99cdfc702
ev_087 C-2
Source hunter_domain_search:blackrock.com:department=it:limit=10 · Captured
2755 total IT emails. Pattern: {first}.{last}. Sampled 10: wayne.chiu (VP Analytics DS, conf 85, verified 2026-05-22), jay.kulkarni (Sr Engineer VP, verified 2026-05-16), mary.reyes (VP DBA), damir.ljubuskic (VP Tech Risk, verified 2026-06-11), wendy.knel (VP Data Analysis), daniel.mbatchou (Sr SWE VP), jean.deshayes (Director PM, verified 2026-05-25), jatin.arora (VP Technology, verified 2026-05-22), thomas.gracie (VP Sr Trading SWE), justin.cohen (VP Sr SWE II, verified 2026-06-02).
SHA-256 2138f3fa5c0423798cd7df755018b3b5960f0c8b77b1b93195705c3603b59ec6
ev_088 A-1
Source certspotter_enumerate:efg.blackrock.com (include_expired=true) · Captured
4 certs, 6 names. efg.blackrock.com (renewed 2026-06-12, exp 2026-12-27), www.efg.blackrock.com, emtls.efg.blackrock.com (2025-06-24, exp 2026-06-23), www.emtls.efg.blackrock.com, oauth-uat.efg.blackrock.com (2025-07-14, exp 2026-07-13), www.oauth-uat.efg.blackrock.com. All active — no expired certs.
SHA-256 c31ceda7a599f13750de9466f1de1899b18a4b29bd8dec83b30b8f4fab8d3b32
ev_089 A-1
Source certspotter_enumerate:login.blackrock.com · Captured
7 certs, 5 names. KEY FINDING: baml.login.blackrock.com — 3 certs Nov 11/13/21 2025 using DigiCert EV RSA CA G2 (Extended Validation, distinct from standard blackrock.com DigiCert Global G2). Wildcard *.login.blackrock.com (renewed 2026-05-13) hides other clients. Also: login.blackrock.com, www.login.blackrock.com, www.baml.login.blackrock.com.
SHA-256 ce4dc6b21e61a7307d7c48748dc231e4ec82b285dd85dff35079093dcc259b2e
ev_090 A-1
Source rdap_domain:futureadvisor.net · Captured
Registrar: CSC Corporate Domains. Registered 2017-05-09. Expires 2027-05-09. Last changed 2026-05-05. DNSSEC enabled (5 DS records). NS: ns1-ns6.blackrock.com.
SHA-256 c1c0e36611d01c0814998397cdaca7bad5cf65a82ac171c83b5f4d97f9a6f78c
ev_091 A-2
Source dns_mail_auth:alts-iq.com · Captured
SPF: v=spf1 -all (hardfail — no authorized senders). DMARC: p=reject fo=1 rua=dmarc_rua@emaildefense.proofpoint.com. MX: mxa/mxb-00162b01.gslb.pphosted.com (Proofpoint). Strict posture: has MX for receive but sends nothing.
SHA-256 085caecd97636922c41f1ac0978060e48b620595f0392d43fc8846359e52cb2a
ev_092 A-1
Source certspotter_enumerate:azblkdmz.blackrock.com · Captured
1 cert, 2 names: *.extdns.azblkdmz.blackrock.com + extdns.azblkdmz.blackrock.com. Issued 2025-07-12, expires 2026-07-14. Issuer: DigiCert Global G2 TLS RSA SHA256 2020 CA1. Wildcard strategy hides individual Azure DMZ endpoint names.
SHA-256 4a0782b7397bfdabfbe76f8e89bcf2ff6b70d57003692435c46a333cb830f4e8
ev_093 A-1
Source certspotter_enumerate:aladdin-login.blackrock.com · Captured
2 certs. Names: aladdin-login.blackrock.com, www.aladdin-login.blackrock.com. Most recent: 2026-05-21, expires 2026-12-05.
SHA-256 6a98e967d2c3b805222335af0bff3a8cc7b94fd702518a3789090f0e24af1190
ev_094 A-2
Source dns_lookup:mybenefits.blackrock.com:A + CNAME chain · Captured
RESOLVES. CNAME → urlredirect.glbext.blackrock.com.akadns.net → 69.52.13.253. TTL 300/60. Akamai GSLB URL redirect. Note: direct dns_lookup:urlredirect.glbext.blackrock.com returned SERVFAIL with EDE 12 NSEC Missing — DNSSEC NSEC chain defect in glbext zone.
SHA-256 ec80102f5cc540ca26ce9fbdcce4021b58a6ca384604ba8d14c752a09e1ceacf
ev_095 A-2
Source dns_mail_auth:futureadvisor.net · Captured
SPF: v=spf1 -all (hardfail). DMARC: p=reject fo=1 rua=dmarc_rua@emaildefense.proofpoint.com. MX: Proofpoint. TXT includes opaque tokens (12BB-41F9... and ACE8-7DF2..., possibly Cisco device management tokens).
SHA-256 5ab4275f0338a1ceb4d43505ee62628bca91a0a0b036a8fde24ef7122789f05d
ev_096 A-1
Source rdap_domain:mgpa.com · Captured
Registrar: CSC Corporate Domains. Registered 2001-12-30. Expires 2026-12-30. Last changed 2025-12-26. DNSSEC enabled. NS: ns1-ns6.blackrock.com.
SHA-256 ba8eaf61b426c285c59489e4648396220790a5957ed760900d9d57b0581da039
ev_097 A-1
Source rdap_domain:impactinvesting.com · Captured
Registrar: CSC Corporate Domains. Registered 2003-01-23. Expires 2027-01-23. Last changed 2026-01-19. DNSSEC enabled. NS: ns1-ns6.blackrock.com.
SHA-256 9d9a8630c50b0ac41e263ac78ff9c3831c48cda4bcc31f0e1732b3396cc40a67
ev_098 C-2
Source hunter_domain_search:blackrock.com:department=executive:seniority=executive:limit=10 · Captured
3112 total executive emails. Sampled 10: luke.perkins (VP, verified 2026-06-11), isabelle.chung (VP, verified 2026-06-11), sweta.jain (VP, verified 2026-05-22), osric.richards (VP Portfolio Implementations), manish.pandey (VP), felix.salazar (VP, verified 2026-06-11), amos.benezra (VP), sbagchi (VP — NON-STANDARD: initial+surname vs {first}.{last}; LinkedIn: Shankha Bagchi, verified 2026-05-25), himanshu.jawa (VP, verified 2026-06-07), kris.xippolitos (Managing Director, verified 2026-06-05).
SHA-256 53649e8a2f760a037e3d5fba1ce7afbc4ec68dadd571eceaff0ada9c571b9ca0
ev_099 A-1
Source crtsh_search:%.azblkdmz.blackrock.com · Captured
1 result (deduplicated). *.extdns.azblkdmz.blackrock.com / extdns.azblkdmz.blackrock.com. Cert ID 19604673474. Issuer: DigiCert Global G2 TLS RSA SHA256 2020 CA1. Not before 2025-07-12, not after 2026-07-14. Serial 0f24fca51fb89742a9cf94b499de98b6.
SHA-256 61edaa7ef2b31c5921dff31af62cf23a24befc20ca62cc98ff52897fa30c77d4
ev_100 A-1
Source certspotter_enumerate:emea-aladdin-login.blackrock.com · Captured
2 certs. Names: emea-aladdin-login.blackrock.com, www.emea-aladdin-login.blackrock.com. Most recent 2026-05-21, expires 2026-12-05. Same batch renewal day as aladdin-login.blackrock.com.
SHA-256 cabeaf096e06e775b24e5476c0247c79dda72a5f3dcf261d83193fcd8ca22d92
ev_101 A-1
Source crtsh_search:%.login.blackrock.com · Captured
9 results. baml.login.blackrock.com serials: 021bf7cef5e4956368e7094cde0df093 (Nov 11), 0797b2fe10f36223c503099ebb925cb0 (Nov 13), 05d2fe97386ebc5c5a37bb11284568da (Nov 21 2025). CA: DigiCert EV RSA CA G2 — Extended Validation. Wildcard *.login.blackrock.com serial 09d8b4b1c35b1e457071d9cdef8145c8 issued 2026-05-13.
SHA-256 6665476d3bd1f7960774c266aa7842d6f96240e6aff7b02daf737858793791d4
ev_102 A-1
Source rdap_domain:ishares.nl (SIDN registry) · Captured
SIDN RDAP. Registrant: BlackRock, Inc. (explicitly named). Admin contact email: DNRAdmin@Blackrock.com. Tech contact email: DNRAdmin@Blackrock.com. Registrar: CSC Corporate Domains. Registered 2001-02-01. Last changed 2023-05-09. DNSSEC: NOT ENABLED (delegationSigned false). NS: ns1-ns6.blackrock.com.
SHA-256 6bc63e5a542a05d52999999782fdbeead72f8bb319428c9dbe5f836e46b4279f
ev_103 A-1
Source rdap_domain:gachallenge.com · Captured
Registrar: CSC Corporate Domains. Registered 2014-07-17. EXPIRES 2026-07-17. Last changed 2025-11-21. DNSSEC enabled. NS: ns1-ns6.blackrock.com.
SHA-256 408fee610901a53577ff7cdc9bf18c56adfff5d14910cc2a3663e73d3fe047ea
ev_104 A-1
Source rdap_domain:gachart.com · Captured
Registrar: CSC Corporate Domains. Registered 2013-02-27. Expires 2027-02-27. Last changed 2026-02-23. DNSSEC enabled. NS: ns1-ns6.blackrock.com.
SHA-256 0a61aac5139a4afbee99e0e79ed7543cc10ef66aeafa974cc6c6395a92528421
ev_105 A-1
Source rdap_domain:iunits.com · Captured
Registrar: CSC Corporate Domains. Registered 1999-07-12 (oldest BlackRock domain). EXPIRES 2026-07-12. Last changed 2025-07-08 (annual renewal). DNSSEC: NOT ENABLED. NS: ns1-ns6.blackrock.com.
SHA-256 2846cb024d335d40aa988b519153e50ff668b7934094b7930f4631f9e7838652
ev_106 A-2
Source dns_mail_auth:ishares.nl · Captured
SPF: NONE — no SPF TXT record published at ishares.nl. DMARC: v=DMARC1; p=none; rua=mailto:dmarc_agg@vali.email (monitoring only, zero enforcement). MX: mxa/mxb-00162b01.gslb.pphosted.com (Proofpoint). TXT: MS=ms48878526, opaque verification tokens. CRITICAL: No SPF + p=none DMARC = fully spoofable domain.
SHA-256 3d6ce992f203bad8033794f472c89d9ab26b549f7df89f258d88fa617dc67d96
ev_107 A-1
Source rdap_domain:glscchart.com · Captured
Registrar: CSC Corporate Domains. Registered 2014-11-20. Expires 2026-11-20. Last changed 2025-11-16. DNSSEC enabled. NS: ns1-ns6.blackrock.com.
SHA-256 e0c817f813dc9caa680fc10b146079e5ce4fb77fcb41e711656f14575e333456
ev_108 A-2
Source prestage.json baseline (dns_mail_auth + rdap + DNS) · Captured
blackrock.com: DMARC p=quarantine fo=1 rua=dmarc_rua@emaildefense.proofpoint.com. SPF v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all. Registered 1997-11-26. Expires 2026-11-25. DNSSEC keyTag 37972 algo 13. A: 69.52.2.199/69.52.13.199. MX: mxa/mxb-00162b01.gslb.pphosted.com prio 10. SOA: ns1.blackrock.com. netops.blackrock.com. 2026060603. 40+ TXT records.
SHA-256 dde8d787fc99385b76a33b3bdedd796a52313a152ec816f251be22f00b489b91
ev_109 A-2
Source codex:baseline · Captured
BlackRock, Inc. confirmed Codex entity. CIK 0002012383, LEI 549300LRIF3NWCU26A80, ticker BLK, Wikidata Q219635. Baseline from prior waves and grid:entities.
SHA-256 c1c34e282f1dd1d4cc3981aa6c30050e7825d4c88ad339115dd93c3b0fa79d8a
ev_110 F-6
Source brave_web_search:api_error · Captured
All 10 brave_web_search calls failed: HTTP 402 USAGE_LIMIT_EXCEEDED. Plan: Search, current_spend: 5.0, usage_limit: 5.0, usage_limit_type: monthly. Zero search results retrievable this wave.
SHA-256 7cad2fdeeb8f8015181f046b0b9978b4b90dee92cae0e015dec7f3e685b5ffb4
ev_111 A-2
Source codex:baseline · Captured
BlackRock, Inc. codex baseline. Identifiers: cik:0002012383, lei:549300LRIF3NWCU26A80, ticker:BLK, wikidata:Q219635. Aliases: BLK, BlackRock, BlackRock Inc. Prior-wave pivots referenced: piv_027 (iunits.com expiry), piv_028 (gachallenge.com expiry), piv_029 (ishares.nl spoofability), piv_034 (DNRAdmin@blackrock.com registrar credential).
SHA-256 6e7e728f400a9f162963d8946a769cd867dd471b000def9071d19b9d5df438c3
ev_112 A-2
Source prestage:/enrich/domain · Captured
RDAP blackrock.com: handle 2496064_DOMAIN_COM-VRSN, registered 1997-11-26, expires 2026-11-25, last changed 2025-11-21. Registrar: CSC Corporate Domains Inc (IANA 299, domainabuse@cscglobal.com, tel:8887802723). Status: client transfer prohibited, server delete prohibited, server transfer prohibited, server update prohibited. DNSSEC: delegationSigned=true, algorithm 13, keyTag 37972, digest 1F2E19011A494D7A85F9889F4A0A1A09200AF15A96BC727A1E917F83A525D4B9. Nameservers: ns1.BLACKROCK.COM thro[...]
SHA-256 7b7f029b417a378047228bf596b5b053e74e9b87a54a5be593fa810c9f475613
ev_113 A-2
Source prestage:/enrich/domain · Captured
DNS TXT records for blackrock.com (complete set captured): "MS=ms38828697" | "_slack-challenge" | "00DcT000002htHp=1TBcT000000009h" | "00Df4000001SWZk=1TBQm00000006YU" | "_9duhsauogp5bndkjabtkk5hacebwcch" | "_mv3vc0paxjh9yetwpw0f8mhpxn3oksc" | "LastPass-ty@2D8o^qLhx3B8CYS3h9G^q" | "ZOOM_verify_FsOJw095SMyypVXs8wlBQQ" | "ZOOM_verify_u51YW9QoScOHBUzIhbDgtg" | "0f1815be-65d1-4cbf-9fda-f331702621b5" | "18E2-B4A1-A780-E9D8-DE27-00BD-E084-6F52" | "2FE6-F3BB-EDF8-C58F-D2A4-8035-EDCF-AFB0" | "ibmid[...]
SHA-256 018addec93e67628bbdabbadba9a17ffbe87ca7aeea66152ccbf160b0e66e803
ev_114 A-2
Source prestage:/enrich/domain · Captured
DNS SOA record blackrock.com: 'ns1.blackrock.com. netops.blackrock.com. 2026060603 3600 900 604800 3600'. RNAME netops.blackrock.com decodes to netops@blackrock.com (NOC zone admin contact). Serial 2026060603 = zone last updated 2026-06-06, revision 03. DNS AAAA Authority also confirms SOA. TTL: refresh 3600s, retry 900s, expire 604800s (7d), min 3600s.
SHA-256 67cd7f398d49cbe3b57e40c5eeab14db59535eedc20590a8963719ded3504461
ev_115 A-2
Source prestage:/enrich/domain · Captured
DNS MX records blackrock.com: '10 mxa-00162b01.gslb.pphosted.com.' and '10 mxb-00162b01.gslb.pphosted.com.' TTL 300. Both at priority 10. Proofpoint PPhosted GSLB-based redundant MX pair.
SHA-256 ebec97d6591e9c0503c8c80426955d7ad38ee306557215df1d96ff36256939a2
ev_116 A-2
Source prestage:/enrich/domain · Captured
DNS CAA query for blackrock.com returned NODATA — Authority section contains SOA: 'ns1.blackrock.com. netops.blackrock.com. 2026060603 3600 900 604800 3600'. No CAA records published. Any globally trusted Certificate Authority may issue TLS certificates for blackrock.com and all subdomains.
SHA-256 41c90575877c4483cbd641b46b51320961d6a31e7d70ffa3fb8a142285875eb1
ev_117 A-2
Source prestage:/enrich/domain · Captured
prestage mail_auth blackrock.com: SPF=["v=spf1 include:%{ir}.%{v}.%{d}.spf.has.pphosted.com ~all"], DMARC=["v=DMARC1; p=quarantine; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com;"], mx_count=2. SPF ends in ~all (SoftFail, not -all HardFail). DMARC p=quarantine (not reject). Forensic reporting fo=1 (all failures). Both DMARC report streams go to Proofpoint (emaildefense.proofpoint.com).
SHA-256 03d7bd258fa941b2dd8a982a464d151e18d65c8f22fc167d7ad53c37ee0c5034
ev_118 A-2
Source codex:baseline · Captured
piv_027 from prior waves: iunits.com EXPIRES 2026-07-12 (~27 days from investigation date 2026-06-15). Oldest BlackRock domain (1999). No DNSSEC. Annual cycle last renewed 2025-07-08 — current cycle renewal not yet applied. If lapsed, immediately available for hostile registration. Operator should verify CSC renewal queue.
SHA-256 882f5539552f42955197897f124ef33191408271cefb62959258ce41a368ea71
ev_119 A-2
Source codex:baseline · Captured
piv_028 from prior waves: gachallenge.com EXPIRES 2026-07-17 (~32 days from investigation date 2026-06-15). Two-domain expiry cluster with iunits.com within same 5-day window July 12-17 2026. Combined domain hijack risk. Last changed 2025-11-21 suggests maintenance but renewal not applied for 2026 cycle.
SHA-256 b414c890b5782793dd7deb13145c2d22014d69d27f714fe07191c271fc3b5a18
ev_120 A-2
Source codex:baseline · Captured
piv_029 from prior waves: ishares.nl — No SPF + DMARC p=none = fully spoofable email domain. No DNSSEC. Phishing vector against Dutch iShares investor base. Entire .com portfolio has p=reject; .nl is outlier. Remediation: v=spf1 -all + DMARC p=reject.
SHA-256 29b7d1e319f41087400f1649a21eb8e59c17c1300d4a654b40ab39cb6d9a3fa2
ev_121 A-2
Source codex:baseline · Captured
piv_034 from prior waves: DNRAdmin@Blackrock.com is the CSC registrar portal credential for BlackRock's domain portfolio. Worth checking in breach corpora (HaveIBeenPwned, DarkNet dumps) for credential exposure. If a past breach included this mailbox, adversary could access CSC portal and modify DNS/transfer domains.
SHA-256 937c97e76734500556496cc69218417db0abf461cc3b37247979505343d21e6e
ev_122 A-2
Source codex:baseline · Captured
BlackRock, Inc. confirmed target. CIK 0002012383, LEI 549300LRIF3NWCU26A80, ticker BLK, Wikidata Q219635. Source: grid:entities.
SHA-256 43d3dec57bf87b6db35010109bcd77ccb840d46148312ac4f91a7a0edc1ab18f