Back

google.at Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure related to the domain google.at, with a high risk score of 79. The primary concern stems from 662 historical data breaches and 92 active infostealer logs observed between July 2025 and June 2026. These events predominantly originate from "Combolist sources" (94.1%) and "Database dumps" (5.9%), suggesting compromised credentials are a major vector. Malware families like Redline and LummaC2 were detected, indicating active threats. The exposure affects a substantial number of employees (187) and clients (567), with a notable spike in client-related events in March 2026. The majority of affected systems run Windows 11, with some older Windows Server versions also present. Remediation should focus on credential hygiene, including mandatory password resets, multi-factor authentication enforcement, and enhanced monitoring for suspicious login activity, particularly targeting services like google.at and its login endpoints.

Total Events

754
credential exposure events

Employee Affected Events

187
account email domain = google.at

Client Affected Events

567
service target = google.at

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
200133670
peak month 154
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events92
Share12%
Data breaches
Events662
Share88%
Infostealer logs (12%)
92events
Data breaches (88%)
662events

187 compromised employee accounts pose an infrastructure risk, while 567 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

No Data Available

Malware Families Distribution

Distribution of Active Stealer Strains

Redline13
LummaC211

Top Login URLs

Top exposed services found in the event results

  1. 1https://google.at96
  2. 2google.at96
  3. 3https://www.google.at39
  4. 4google.at/32
  5. 5https://google.at/login24
  6. 6https://google.at/logon23
  7. 7https://google.at/22
  8. 8https://google.at/home18
  9. 9google.at/logon18
  10. 10google.at/login18

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events26
Austria
Events5
Netherlands
Events4
China
Events4
Finland
Events3
Germany
Events3
United Kingdom
Events2
India
Events2

Country Breakdown

  1. 1United States26
  2. 2Austria5
  3. 3Netherlands4
  4. 4China4
  5. 5Finland3
  6. 6Germany3
  7. 7United Kingdom2
  8. 8India2

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1139
Windows Server 2019 x324
Windows Server 2003 x322
Windows 10 Home x642
Windows Server 2003 R2 x322

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
623
Combolist pools
39
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.