Back

espncricinfo.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain espncricinfo.com experienced a significant exposure event between July 2025 and June 2026, with 4,695 total events recorded. The majority of these events, 89.9%, were historical data breaches, while 10.1% were active infostealer logs. A substantial number of client accounts, 4,632, were affected by these breaches, alongside 63 employee accounts. The timeline shows a notable increase in client-related events from March 2026 onwards, coinciding with a rise in employee account compromises. The primary malware families observed were LummaC2, Redline, and Vidar, indicating a focus on credential harvesting. The data suggests that these breaches originated from combolist sources, impacting users primarily in India, Pakistan, and the United States. The high volume of data breaches and active infostealer logs, coupled with the compromise of both client and employee accounts, presents a critical risk. The prevalence of infostealer malware targeting credentials, particularly LummaC2 and Redline, suggests a strong potential for further account takeovers and downstream impacts. Prioritization should focus on immediate remediation of identified vulnerabilities, enhanced credential hygiene for both employees and clients, and a thorough investigation into the root cause of the data breaches originating from combolist sources. The observed targeting of specific services like "submit.espncricinfo.com" for login and user registration warrants focused security hardening.

Total Events

4,695
credential exposure events

Employee Affected Events

63
account email domain = espncricinfo.com

Client Affected Events

4,632
service target = espncricinfo.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
1,5001,0005000
peak month 1,218
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events476
Share10%
Data breaches
Events4,219
Share90%
Infostealer logs (10%)
476events
Data breaches (90%)
4,219events

63 compromised employee accounts pose an infrastructure risk, while 4,632 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender1

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC281
Redline52
Vidar32
Rhadamanthys18
RisePro12
Acreed11
StealC9
Raccoon7
Remus2

Top Login URLs

Top exposed services found in the event results

  1. 1submit.espncricinfo.com389
  2. 2https://submit.espncricinfo.com360
  3. 3http://submit.espncricinfo.com/member_mgmt/content/submit/member_mgmt/fantasy_login.html282
  4. 4submit.espncricinfo.com/member_mgmt/content/submit/member_mgmt/fantasy_login.html275
  5. 5espncricinfo.com222
  6. 6submit.espncricinfo.com/member_mgmt/content/submit/member_mgmt/user_registration.html162
  7. 7https://espncricinfo.com158
  8. 8http://submit.espncricinfo.com/member_mgmt/content/submit/member_mgmt/user_registration.html154
  9. 9https://submit.espncricinfo.com/member_mgmt/content/submit/member_mgmt/fantasy_login.html128
  10. 10https://www.espncricinfo.com127

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

India
Events65
Pakistan
Events49
United States
Events37
Nepal
Events14
Saudi Arabia
Events10
Bangladesh
Events10
United Arab Emirates
Events8
South Korea
Events6

Country Breakdown

  1. 1India65
  2. 2Pakistan49
  3. 3United States37
  4. 4Nepal14
  5. 5Saudi Arabia10
  6. 6Bangladesh10
  7. 7United Arab Emirates8
  8. 8South Korea6

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

FortiNet VPN4

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1161
Windows 10 Pro (10.0.19045) x6431
Windows 10 Pro22
Windows 11 Home Single Language17
Windows 10 Enterprise x6416

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
4,219
Combolist pools
0
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.