Back

cleartrip.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting cleartrip.com, with 81,615 total events recorded between July 2025 and June 2026. The majority of these events, 84.2%, are classified as historical data breaches, with an additional 15.8% identified as active infostealer logs. This suggests a persistent threat landscape where both past compromises and ongoing credential harvesting are prevalent. The data shows a substantial number of client-related events (80,232) alongside employee-related events (1,383), indicating a broad impact across the organization's user base. Key malware families associated with these events include LummaC2, Redline, Vidar, and Rhadamanthys, all known for their credential-stealing capabilities. The targeted services primarily include the cleartrip.com domain and its associated sign-in and registration pages, as well as the cleartrip Android application, highlighting the critical points of user interaction as targets. The geographical distribution shows a concentration of events originating from India, followed by the United Arab Emirates, indicating a primary focus on these regions.

Total Events

81,615
credential exposure events

Employee Affected Events

1,383
account email domain = cleartrip.com

Client Affected Events

80,232
service target = cleartrip.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
20,00013,3336,6670
peak month 19,665
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events12,868
Share16%
Data breaches
Events68,747
Share84%
Infostealer logs (16%)
12,868events
Data breaches (84%)
68,747events

1,383 compromised employee accounts pose an infrastructure risk, while 80,232 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender446
Windows Defender Quick Heal AntiVirus Pro14
Windows Defender.7
None5
Avast3
Windows Defender Avast Antivirus.3
Reason Cybersecurity2
Avast Norton2
Windows Defender AhnLab V3 Lite2

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC22,628
Redline1,276
Vidar1,222
Rhadamanthys1,049
Acreed590
RisePro276
StealC218
Raccoon126
Millenium88

Top Login URLs

Top exposed services found in the event results

  1. 1cleartrip.com7,808
  2. 2android://fP8Npthxkqy8wzj_gK-buZJ4ERLtgApKmNestkTXIKUk6-z4thyJFnZjryioT5IzLO6zO9onffIOCoQAjs8hog==@com.cleartrip.android/7,481
  3. 3https://www.cleartrip.com/signin5,384
  4. 4https://cleartrip.com5,296
  5. 5https://www.cleartrip.com5,179
  6. 6www.cleartrip.com3,455
  7. 7cleartrip.com/signin3,418
  8. 8www.cleartrip.com/signin2,385
  9. 9https://www.cleartrip.com/register2,142
  10. 10https://www.cleartrip.com/1,816

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

India
Events6,061
United Arab Emirates
Events465
Saudi Arabia
Events109
Qatar
Events104
Egypt
Events103
United States
Events91
Venezuela
Events57
United Kingdom
Events55

Country Breakdown

  1. 1India6,061
  2. 2United Arab Emirates465
  3. 3Saudi Arabia109
  4. 4Qatar104
  5. 5Egypt103
  6. 6United States91
  7. 7Venezuela57
  8. 8United Kingdom55

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft12
Jira (Atlassian)5
Salesforce3
Citrix2
WordPress2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11831
Windows 10 Pro (10.0.19045) x64596
Windows 10 Pro591
Windows 11 24H2 build 26100 (64 Bit)436
Windows 10 Enterprise x64391

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
67,859
Combolist pools
888
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.