marriott.com
marriott.com
Group: Lockbit5
Discovered by ransomware.live: 2025-12-07
Estimated attack date: 2025-12-06
Country:
Description:
Book Directly & Save at any of our 9000+ Marriott Bonvoy Hotels. Choose from Luxury Hotels, Reso...
Compromised Employees: 198
Compromised Users: 40558
Third Party Employee Credentials: 368
External Attack Surface: 131
Infostealer Distribution
DNS Records:
The following DNS records were found for the victim's domain.
- domainabuse cscglobal.com
- marriott-com.mail.protection.outlook.com.
- onetrust-domain-verification=c8419e55a9f44fd3a2aea1086589b47c
- amazonses:dRwYaeqcRYgOr0nfuNpgfwcye7qC/+W7j9+4l95WmfA=
- google-site-verification=Op26MVqGm5ezgYeMJ0t_6ZCjHTtBehaS43CpvlTFkPg
- e2ma-verification=i7b3
- e2ma-verification=t4xeb
- amazonses:TdaQ33Ma34JA3mbWth3J30gcPqfDoCkl/gpcDpdk1hM=
- flexera-domain-verification-jbnluuhrebvugcmr
- _vo9fuuxfwrimz2thuq6vane5ixcrnre
- e2ma-verification=g83fb
- postman-domain-verification=f50031b67f277c87b8d1fc380cdab9ae7c24fd70fe60547b6d37cb0f78bc3573949498c86dd8ca48648b3f2c4c225df73ee99f2dacae3513358a8911124ad0eb
- NhJc80JClTwLvKuJzmJzVRWhiX7JEubBi8Tegyp1MyGbRSn0bMKddsgokifhxw2JuZ76PZ8qFHYEW9Aa8ykiwQ==
- canva-site-verification=jksL3Zvuljo2ex9weFenew
- e2ma-verification=zhe3
- Dynatrace-site-verification=b018e42d-1bf3-4214-a55d-b6d11d472484__dkbokapmaohqnqf6rjt4vc75d1
- e2ma-verification=8oreb
- e2ma-verification=hsbcb
- liveramp-site-verification=dphz_fboDvNf-L04XjGWSNpfcEjqykIGaOetpgtRFrY
- e2ma-verification=2m0fb
- h1-domain-verification=3bPxkTRBe4uck7trDLA9BEguQdHUTpEsbin4kgsAepgHSnsi
- e2ma-verification=g23cb
- adobe-idp-site-verification=b58a812cb8a67904b7b89c5ba71e21242157d93cc4609f572f4d63398d2f1c95
- e2ma-verification=r4qcb
- docusign=b47573dd-01c3-49a8-9014-26e813e1c8d2
- figma-domain-verification=92316758906766ace0ee6271ca4f1ccf3795fce0f1925f846f4a5ee4c3dd0cfb-1732030374
- e2ma-verification=eqqgb
- cisco-ci-domain-verification=510f4042252171cd62c2992306c3623499318270fcef3f0266e4bc2bc4df9053
- e2ma-verification=rzicb
- docusign=a75f5992-a1f4-42fb-b1fb-36850d8e976a
- facebook-domain-verification=7yktss7qob13nc0gahxo6028udc8ti
- e2ma-verification=5eigb
- v=spf1 include:spf.marriott.com include:_spf.caspiomail.com include:spf.givex.com include:mail.zendesk.com a:c.spf.service-now.com include:spf.protection.outlook.com" " ip4:65.221.12.128 ip4:65.221.12.148 ip4:70.42.227.151 ip4:70.42.227.152 ip4:68.233.76.14 ip4:68.233.76.20 ip4:68.233.76.41 ip4:216.34.69.5 ip4:34.194.251.20" " ip4:41.138.70.80/29 ip4:52.86.138.215 ip4:23.251.231.176/28 ip4:23.251.231.192/28 -all
- atlassian-domain-verification=zzbKNynGXmBVVjHMpHdfFpEwzGxKV5plDTgGo00mBnx6f3sEd30UmA/w/TPcy9Ai
- EMMA-VALIDATION2-22-21
- infoblox-domain-mastery=078e97082eaa5be71d1011466d456249102dd95393572d0c23d7652a65d4dec5cf
- amazonses:T+PiZncc85hp45Hh5rxnadRc3PqQCxeWhb2Iulxh+HI=
- 9ea2de8a-d4af-4255-86f8-22e6410e7a3a
- DocuSign-JAS-3f8670aa-a7b3-4c80-b87c-c4009cf24fef
- amazonses:ycQqj6K4JaTXJZHZIcYKm+rZk3kf0+CDo58LI2UwkR0=
- e2ma-verification=puqeb
- cursor-domain-verification-1fjpt7=Pu1dYBwqsDofgAhFP0N6ME9YW
- meltwater_sso_20250515
- e2ma-verification=5nbgb
- apple-domain-verification=0BpDQkck5deFVztA
- google-site-verification=vGWnWWqZZS-wOwob2dGmMK44ncOOD3s3Vy7mkUR2CQk
- e2ma-verification=9ntgb
- MS=ms72490600
Leak Screenshot:
Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.