Back

3m.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain 3m.com has experienced a significant number of events, with 67,428 total events recorded over the past year. The majority of these events, 94.6%, are classified as historical data breaches, totaling 63,772 incidents. Additionally, there are 3,656 active infostealer logs, representing 5.4% of the total events. The timeline shows a surge in employee and client-related events, particularly in September 2025 and January 2026, coinciding with a high volume of data breaches and infostealer activity. Malware analysis indicates a prevalence of Redline infostealer (54.3%), LummaC2 (8.2%), and Rhadamanthys (7.9%), suggesting a focus on credential harvesting and data exfiltration.

Total Events

67,428
credential exposure events

Employee Affected Events

55,010
account email domain = 3m.com

Client Affected Events

12,418
service target = 3m.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
25,00016,6678,3330
peak month 23,321
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events3,656
Share5%
Data breaches
Events63,772
Share95%
Infostealer logs (5%)
3,656events
Data breaches (95%)
63,772events

55,010 compromised employee accounts pose an infrastructure risk, while 12,418 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender77
Windows Defender [ON]1
Windows Defender.1
Bitdefender1
Avira1
Avira Antivirus [OFF]1
Windows Defender ESET Security1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,986
LummaC2301
Rhadamanthys289
Vidar196
Acreed101
RisePro54
X-Files32
StealC18
Remus10

Top Login URLs

Top exposed services found in the event results

  1. 1https://enl.3m.com/enl/709
  2. 23m.com659
  3. 3https://enl.3m.com444
  4. 4enl.3m.com421
  5. 5enl.3m.com/enl/399
  6. 6https://vas.3m.com/register187
  7. 7https://3m.com187
  8. 8https://enl.3m.com/enl/enl_display_servlet167
  9. 9https://jobs.3m.com159
  10. 10https://www.3m.com157

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events560
Netherlands
Events397
Germany
Events385
Denmark
Events154
Philippines
Events130
India
Events126
Vietnam
Events88
Peru
Events72

Country Breakdown

  1. 1United States560
  2. 2Netherlands397
  3. 3Germany385
  4. 4Denmark154
  5. 5Philippines130
  6. 6India126
  7. 7Vietnam88
  8. 8Peru72

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Pulse Secure38
Cisco (AnyConnect)37
Citrix30
Git14
FortiNet VPN9
WordPress2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11179
Windows 11 24H2 build 26100 (64 Bit)171
Windows 8 x32136
Windows Server 2016 x32135
Windows 10 Enterprise x32128

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
43,051
Combolist pools
20,721
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.