NTT Data/Vectorform
NTT Data/Vectorform
Group: Coinbasecartel
Discovered by ransomware.live: 2025-09-15
Estimated attack date: 2025-09-15
Country:
Description:
NTT Data is a global IT services provider based in Japan, delivering innovative solutions across a variety of industries including finance, healthc...
Compromised Employees: 1000
Compromised Users: 674
Third Party Employee Credentials: 1295
External Attack Surface: 138
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
- support psi-japan.co.jp
- mxa-004dc302.gslb.pphosted.com.
- mxb-004dc302.gslb.pphosted.com.
- pardot970163=9ca945a28c4cffe8a45d45a51fcd625f635fc9ee6ad95f1b548a3b7837bc325b
- onetrust-domain-verification=2b8fad1cb3f845e2a4197d09ddf1b958
- pardot1000551=cc4638b8c6a348a640faf736adaf79559ed382dc05977f6624b21ca3955c96ec
- smartsheet-site-validation=V05zDz4bvPwH5MRRJ_AK4m4v3eqtQNoV
- onetrust-domain-verification=60e2acaa4969477595782338db87250a
- _globalsign-domain-verification=ds-N2WIymaPgeQStMRRFBCpoCD_bXwTWDXdnyQ0t6O
- pardot836203=03da1353d816fe74d78c7d37d70d538ab6c3e231139a098f7d9a96e590a19a12
- v=spf1 include:servers.mcsv.net include:spf.protection.outlook.com include:spf.jobdiva.com include:aspmx.pardot.com ip4:205.220.162.213 ip4:206.180.193.143 ip4:206.180.193.144 ip4:206.180.193.145 ip4:98.142.93.195 ip4:192.131.85.3" " ip4:141.77.1.126 ip4:141.77.1.127 ip4:141.77.1.128 ip4:89.96.244.55 ip4:59.167.68.40 ip4:189.125.136.227 ip4:217.56.29.13 ip4:206.180.193.80 ip4:206.180.193.81 ip4:206.180.193.82 ip4:167.247.216.0/22" " include:_spf.qualtrics.com ip4:163.135.193.192/26 ip4:103.51.48.30 ip4:185.132.183.33 ip4:185.183.30.93 ip4:185.132.183.31 ip4:185.183.30.89 ip4:3.113.157.113 ip4:107.20.210.250 ip4:52.1.14.157 include:amazonses.com" " ip4:130.214.193.83 ip4:130.214.193.93 ip4:130.214.193.78 ip4:130.214.193.85 ip4:163.135.156.0/25 ip4:163.135.157.0/25 ip4:66.159.244.22 ip4:66.159.246.138 ip4:67.231.144.107 ip4:208.86.201.112 ~all
- sending_domain1000551=492779bffe5f417616dfa9871a9439bb8d27720e93786ff0c7bbde38b39b930d
- IYCaPpE/G9R7+Cdz3PZ0H9lxeWw/+4+i+nf0x9WH+jt8Qtb5b2xqMQzKwmciZs8/vE91adHML9HagZ28erFCPw==
- _globalsign-domain-verification=HhWkAnOsUjQnnHsmq4cUPogJecCGIsSvsFbNVee9T_
- openai-domain-verification=dv-07ddp1v0dSWt7s0PYKkoJJEo
- pardot836193=1224cc34fa604c049943d26ff7c94be3112921c5e1282d0baccaa431e816a5ad
- adobe-idp-site-verification=00054bd1d50ba05bd6162db4438c40f16fd606fb03e65720a26a6c2d0f11d021
- miro-verification=74a3ffd0198a638bbfdf92ea861249ce8cb8f3f7
- miro-verification=bcef0e4977e1e8f8c2f7a9b22901201860d479f8
- google-site-verification=1xfaqC5-BYsOMr7fLawPypNuey3xg1TqHmgmWrGFFa4
- openai-domain-verification=dv-IG4kU1T6Nkl3ZzfjtTU5o4ze
- wrike-verification=NTQ4NzY0MDo3NGJmOGJhMWM1NTQxMWU1N2Q3ZDllNjNhZmY3ZmE0YmY3YjhmZmY4ZjAxZjJmOThlODY0NmNmZDMyMTIwZThk
- apple-domain-verification=giwucGLa1aJYBgaY
- pardot836223=81fff967169843b79ee61a5bd539f1d3bfc3d63aa700db5d5221630e20d411e1
- pardot547422=a066810a35420ac4d8d632fd5ec5318f9d78af2e9d462942c572477f6c4333d9
- pardot_312401_*=d10d98f5ac7269584abf0eec79b76732e7ec6226d1562b71d2a82a7e507d46b5
- pardot60932=2ad556ca193e6979db6b2c9c90ae48e42bed4f1d7e126e8b068baf942ecba215
- MS=ms39092878
- google-site-verification=VGLMdzXGjSiXupIiBQ_vU1SLuxqSlQoseHpLRGvbey0
- smartsheet-site-validation=RxjBTyQA_g_7bC3fmA8UkB0FT9nRyCaz
- sitecore-domain-verification=bceae7c64fb24f4bab270a0011c89e68
- webexdomainverification.4C675B8B7EAAB136E053AB06FC0A3F65=f1961d37-d75a-4f6b-8224-b5d3d802b2df
Leak Screenshot:
Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.