Back

fantasti.cc Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain fantasti.cc has experienced a significant exposure event, with 4853 total incidents recorded between July 2025 and June 2026. The majority of these events, 87.5%, are attributed to historical data breaches, impacting 4244 records. Additionally, 12.5% of events, totaling 609, are linked to active infostealer logs. The timeline shows a notable increase in client-related incidents from March 2026 onwards, with employee-related incidents also appearing in September 2025 and February-April 2026. Malware families such as Redline, LummaC2, and Acreed are frequently observed. The primary targeted services are related to login and signup functionalities of fantasti.cc. The data indicates a strong correlation with "Combolist sources" within leak repositories, suggesting credential stuffing or account takeover attempts. The United States is the most represented country in the observed data.

Total Events

4,853
credential exposure events

Employee Affected Events

152
account email domain = fantasti.cc

Client Affected Events

4,701
service target = fantasti.cc

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
1,2008004000
peak month 1,176
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events609
Share13%
Data breaches
Events4,244
Share88%
Infostealer logs (13%)
609events
Data breaches (88%)
4,244events

152 compromised employee accounts pose an infrastructure risk, while 4,701 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

No Data Available

Malware Families Distribution

Distribution of Active Stealer Strains

Redline108
LummaC280
Acreed69
Rhadamanthys60
Vidar42
StealC11
Raccoon10
Remus8
RisePro7

Top Login URLs

Top exposed services found in the event results

  1. 1https://fantasti.cc653
  2. 2fantasti.cc639
  3. 3fantasti.cc/241
  4. 4https://fantasti.cc/235
  5. 5https://fantasti.cc/signup.php143
  6. 6fantasti.cc/ajax/login_js.php131
  7. 7fantasti.cc/signup.php130
  8. 8http://fantasti.cc/127
  9. 9https://fantasti.cc/ajax/login_js.php125
  10. 10http://fantasti.cc/ajax/login_js.php120

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events100
Hungary
Events52
India
Events41
Germany
Events34
Mexico
Events17
Poland
Events15
Netherlands
Events14
United Kingdom
Events10

Country Breakdown

  1. 1United States100
  2. 2Hungary52
  3. 3India41
  4. 4Germany34
  5. 5Mexico17
  6. 6Poland15
  7. 7Netherlands14
  8. 8United Kingdom10

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11102
Windows 10 22H2 build 19045 (64 Bit)60
Windows 10 Pro41
Windows 10 Enterprise x6435
Windows 10 (Build 19045) (64 Bit)20

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
4,239
Combolist pools
5
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.