Back

cafebazaar.ir Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting cafebazaar.ir, with a high risk score of 92. The primary concern stems from 12,719 historical data breaches and 1,287 active infostealer logs, affecting 581 employees and 13,425 clients. The data breaches are predominantly sourced from "Combolist sources," suggesting credential stuffing or account takeover attempts. Infostealer activity is linked to prevalent malware families such as Redline, LummaC2, and Rhadamanthys, which are known for exfiltrating credentials and sensitive information. The timeline shows a surge in client-related events in March 2026, with a notable increase in employee events in the same month, potentially indicating a coordinated attack or widespread compromise. Given the high volume of data breaches and infostealer activity, the priority for remediation should focus on credential hygiene, multi-factor authentication enforcement, and comprehensive endpoint security monitoring. The prevalence of Redline and LummaC2 suggests a need to investigate and mitigate their specific attack vectors. The targeted services, particularly pishkhan.cafebazaar.ir, should be scrutinized for vulnerabilities and unauthorized access. The geographical breakdown indicates a concentration of activity originating from Iran, aligning with the domain's origin, but also shows presence in the United States and Germany, suggesting potential international reach of the threat actors or compromised entities.

Total Events

14,006
credential exposure events

Employee Affected Events

581
account email domain = cafebazaar.ir

Client Affected Events

13,425
service target = cafebazaar.ir

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
4,0002,6671,3330
peak month 3,375
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,287
Share9%
Data breaches
Events12,719
Share91%
Infostealer logs (9%)
1,287events
Data breaches (91%)
12,719events

581 compromised employee accounts pose an infrastructure risk, while 13,425 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender22

Malware Families Distribution

Distribution of Active Stealer Strains

Redline283
LummaC2253
Rhadamanthys109
Acreed64
RisePro60
Vidar33
Cthulhu25
StealC20
Millenium11

Top Login URLs

Top exposed services found in the event results

  1. 1pishkhan.cafebazaar.ir1,756
  2. 2https://pishkhan.cafebazaar.ir1,344
  3. 3https://pishkhan.cafebazaar.ir/account/login1,106
  4. 4pishkhan.cafebazaar.ir/account/login1,013
  5. 5https://pishkhan.cafebazaar.ir/account/register1,011
  6. 6pishkhan.cafebazaar.ir/account/register843
  7. 7cafebazaar.ir732
  8. 8https://cafebazaar.ir728
  9. 9https://cafebazaar.ir/login/557
  10. 10cafebazaar.ir/login/470

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Iran
Events447
United States
Events61
Germany
Events40
Bulgaria
Events23
Netherlands
Events21
United Kingdom
Events21
Canada
Events19
Egypt
Events18

Country Breakdown

  1. 1Iran447
  2. 2United States61
  3. 3Germany40
  4. 4Bulgaria23
  5. 5Netherlands21
  6. 6United Kingdom21
  7. 7Canada19
  8. 8Egypt18

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Git28
Pulse Secure3

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Enterprise x64169
Windows 11109
Windows 10 22H2 build 19045 (64 Bit)41
Windows 11 Pro (10.0.22631) x6438
Windows 10 Pro (10.0.19045) x6434

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
12,714
Combolist pools
5
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.