Back

dollartree.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure related to the dollartree.com domain, with a high volume of historical data breaches (93%) and active infostealer logs (7%). The data breaches suggest a large-scale compromise affecting both employees (59,542) and clients (35,680) over the observed period. Infostealer activity, primarily involving malware families like Redline, Rhadamanthys, and LummaC2, indicates ongoing attempts to exfiltrate credentials and sensitive information. The majority of this activity originates from the United States, with targeted services including account creation and checkout pages on dollartree.com. The presence of combolist sources and database dumps in leak repositories further exacerbates the risk of credential stuffing and unauthorized access.

Total Events

95,222
credential exposure events

Employee Affected Events

59,542
account email domain = dollartree.com

Client Affected Events

35,680
service target = dollartree.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
30,00020,00010,0000
peak month 27,482
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events6,685
Share7%
Data breaches
Events88,537
Share93%
Infostealer logs (7%)
6,685events
Data breaches (93%)
88,537events

59,542 compromised employee accounts pose an infrastructure risk, while 35,680 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender70
McAfee VirusScan19
Windows Defender PC Matic Super Shield16
Avast AVG6
Windows Defender Kaspersky Total Security UltraAV3
Bitdefender2
Avast Norton2
Avira2
Unknown1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline2,372
Rhadamanthys875
LummaC2637
Acreed490
Vidar253
X-Files96
Millenium62
Remus48
StealC28

Top Login URLs

Top exposed services found in the event results

  1. 1dollartree.com3,427
  2. 2https://www.dollartree.com/create-account2,936
  3. 3https://dollartree.com2,128
  4. 4dollartree.com/create-account1,905
  5. 5https://www.dollartree.com1,826
  6. 6www.dollartree.com1,339
  7. 7www.dollartree.com/create-account1,267
  8. 8https://www.dollartree.com/1,185
  9. 9https://www.dollartree.com/checkout720
  10. 10dollartree.com/681

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events2,848
Netherlands
Events438
Germany
Events352
Denmark
Events156
Venezuela
Events96
Canada
Events68
United Kingdom
Events60
Mexico
Events52

Country Breakdown

  1. 1United States2,848
  2. 2Netherlands438
  3. 3Germany352
  4. 4Denmark156
  5. 5Venezuela96
  6. 6Canada68
  7. 7United Kingdom60
  8. 8Mexico52

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix59
Pulse Secure21
Git19
Cisco (AnyConnect)19
Microsoft11
FortiNet VPN8
Paloalto VPN6

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11585
Windows 11 24H2 build 26100 (64 Bit)571
Windows 10 Home x64249
Windows 10 Enterprise x64231
Windows 10 22H2 build 19045 (64 Bit)199

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
63,426
Combolist pools
25,111
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.