Back

emuparadise.me Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain emuparadise.me exhibits a high-risk score of 95, primarily driven by a significant volume of historical data breaches (50,786 events) and active infostealer logs (5,117 events) over the observed period. The data indicates that 55,763 client accounts were compromised, with a notable increase in employee exposure starting in early 2026, peaking in April with 82 affected employees. The prevalent malware families associated with these events include Redline, LummaC2, and Acreed, suggesting a focus on credential harvesting and data exfiltration. The majority of the exposure originates from "Combolist sources," indicating compromised credentials being traded or sold. Given the high volume of client data breaches and the increasing exposure of employee accounts, coupled with the use of common infostealer malware, this situation poses a critical risk. The focus should be on immediate remediation of compromised accounts, strengthening authentication mechanisms, and enhancing endpoint security to detect and prevent further infostealer activity. The primary affected sector appears to be "Retail & E-commerce" due to the nature of the domain and the high number of client-related events.

Total Events

55,903
credential exposure events

Employee Affected Events

140
account email domain = emuparadise.me

Client Affected Events

55,763
service target = emuparadise.me

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
20,00013,3336,6670
peak month 15,484
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events5,117
Share9%
Data breaches
Events50,786
Share91%
Infostealer logs (9%)
5,117events
Data breaches (91%)
50,786events

140 compromised employee accounts pose an infrastructure risk, while 55,763 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender11

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,021
LummaC2842
Acreed586
Rhadamanthys480
Vidar232
RisePro134
StealC115
Millenium76
Raccoon48

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.emuparadise.me/login.php10,371
  2. 2emuparadise.me/login.php8,549
  3. 3emuparadise.me6,239
  4. 4www.emuparadise.me/login.php5,611
  5. 5https://www.emuparadise.me4,321
  6. 6https://emuparadise.me4,307
  7. 7https://emuparadise.me/login.php3,206
  8. 8www.emuparadise.me2,813
  9. 9https://m.emuparadise.me/login.php1,622
  10. 10m.emuparadise.me/login.php1,050

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Brazil
Events321
United States
Events304
France
Events184
Italy
Events155
Spain
Events154
Mexico
Events152
Argentina
Events149
Indonesia
Events148

Country Breakdown

  1. 1Brazil321
  2. 2United States304
  3. 3France184
  4. 4Italy155
  5. 5Spain154
  6. 6Mexico152
  7. 7Argentina149
  8. 8Indonesia148

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11572
Windows 10 Enterprise x64477
Windows 10245
Windows 10 Pro205
Windows 10 22H2 build 19045 (64 Bit)189

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
50,778
Combolist pools
8
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.