Back

blocket.se Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting blocket.se, with a high risk score of 87. The primary concern stems from 6,279 historical data breaches and 669 active infostealer logs, affecting 6,615 clients and 333 employees. The majority of the exposure, 90.4%, is attributed to historical data breaches, with a notable 9.6% from active infostealer activity. Malware families such as Redline, LummaC2, and Rhadamanthys are prevalent, suggesting credential harvesting and data exfiltration are ongoing threats. The data indicates a concentration of affected users in Sweden, aligning with the domain's primary geography, and a significant portion of the exposure originates from "Combolist sources" (95.9%) and "Database dumps" (4.1%), pointing to compromised credentials as a key vector.

Total Events

6,948
credential exposure events

Employee Affected Events

333
account email domain = blocket.se

Client Affected Events

6,615
service target = blocket.se

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
2,0001,3336670
peak month 1,939
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events669
Share10%
Data breaches
Events6,279
Share90%
Infostealer logs (10%)
669events
Data breaches (90%)
6,279events

333 compromised employee accounts pose an infrastructure risk, while 6,615 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender3

Malware Families Distribution

Distribution of Active Stealer Strains

Redline138
LummaC289
Rhadamanthys85
Acreed34
Vidar22
Millenium15
Remus10
StealC8
Raccoon5

Top Login URLs

Top exposed services found in the event results

  1. 1blocket.se774
  2. 2https://blocket.se540
  3. 3https://www.blocket.se454
  4. 4https://www.blocket.se/konto421
  5. 5blocket.se/konto389
  6. 6https://www.blocket.se/konto/login304
  7. 7www.blocket.se290
  8. 8blocket.se/konto/login215
  9. 9www.blocket.se/konto196
  10. 10https://www.blocket.se/ai/form/0163

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Sweden
Events333
United States
Events12
United Kingdom
Events12
Finland
Events6
Egypt
Events5
Mongolia
Events4
India
Events4
Venezuela
Events4

Country Breakdown

  1. 1Sweden333
  2. 2United States12
  3. 3United Kingdom12
  4. 4Finland6
  5. 5Egypt5
  6. 6Mongolia4
  7. 7India4
  8. 8Venezuela4

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1175
Windows 11 24H2 build 26100 (64 Bit)57
Windows 10 Enterprise x6438
Windows 10 Home x6436
Windows 11 24H2 build 26200 (64 Bit)32

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
6,024
Combolist pools
255
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.