Back

dns-shop.ru Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure of client data, with over 40,000 client records compromised, primarily through historical data breaches. Additionally, there are over 4,000 infostealer events, suggesting ongoing attempts to exfiltrate sensitive information. The primary malware families involved are Rhadamanthys and Redline, both known for their credential-stealing capabilities. The targeted services are predominantly related to user authentication and account management for dns-shop.ru, indicating a focus on compromising user credentials. The majority of the compromised data originates from "Combolist sources," suggesting a large-scale credential stuffing or account takeover campaign. The timeline shows a surge in employee and client compromise events in early to mid-2026, particularly in March 2026. Given the high volume of client data breaches and the prevalence of infostealer activity targeting authentication services, this exposure poses a critical risk to the organization and its users. The focus should be on immediate remediation of identified vulnerabilities, enhanced monitoring of authentication systems, and a comprehensive review of data breach response protocols. Prioritize the investigation of the "Combolist sources" to understand the origin and scope of the credential compromise and implement stronger authentication mechanisms, such as multi-factor authentication, for all user accounts.

Total Events

45,181
credential exposure events

Employee Affected Events

4,605
account email domain = dns-shop.ru

Client Affected Events

40,576
service target = dns-shop.ru

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
12,0008,0004,0000
peak month 11,440
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events4,012
Share9%
Data breaches
Events41,169
Share91%
Infostealer logs (9%)
4,012events
Data breaches (91%)
41,169events

4,605 compromised employee accounts pose an infrastructure risk, while 40,576 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender57
Windows Defender.11
Windows Defender Avast Antivirus.1
Windows Defender ‍.1
Windows Defender ESET Security1

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys640
Redline580
DarkCrystal293
LummaC2255
Vidar202
Acreed93
Remus43
RisePro20
Blank Grabber12

Top Login URLs

Top exposed services found in the event results

  1. 1https://accounts.dns-shop.ru/login4,539
  2. 2accounts.dns-shop.ru/login4,106
  3. 3https://accounts.dns-shop.ru4,011
  4. 4https://accounts.dns-shop.ru/registration2,991
  5. 5accounts.dns-shop.ru/registration2,894
  6. 6accounts.dns-shop.ru2,714
  7. 7https://www.dns-shop.ru/1,292
  8. 8dns-shop.ru1,220
  9. 9https://www.dns-shop.ru1,188
  10. 10dns-shop.ru/792

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Russia
Events500
Netherlands
Events196
Germany
Events141
United States
Events141
Ukraine
Events66
India
Events65
Finland
Events60
United Kingdom
Events52

Country Breakdown

  1. 1Russia500
  2. 2Netherlands196
  3. 3Germany141
  4. 4United States141
  5. 5Ukraine66
  6. 6India65
  7. 7Finland60
  8. 8United Kingdom52

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Jira (Atlassian)2
Cisco (AnyConnect)1

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 22H2 build 19045 (64 Bit)382
Windows 10 Enterprise x64254
Windows 11 24H2 build 26100 (64 Bit)161
Windows 11119
Windows 10 Pro90

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
37,645
Combolist pools
3,524
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.