Back

google.com.mx Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure related to the domain google.com.mx, with a high risk score of 84. The primary concerns stem from 2,733 historical data breaches and 459 active infostealer logs, affecting a substantial number of clients (2,912) and employees (280) over the observed period. Malware families like RisePro, LummaC2, and Redline are prevalent, suggesting active credential harvesting and data exfiltration attempts. The majority of the exposure originates from combolist sources, indicating compromised credentials are a major vector. The timeline shows a notable spike in client-related events in March 2026, with continued high activity through June 2026. Given the high volume of data breaches and active infostealer activity, this situation presents a critical risk. The prevalence of malware families known for credential theft and the reliance on combolist sources highlight the immediate threat to sensitive information. Prioritization should focus on credential hygiene, including mandatory password resets for all affected employees and clients, enhanced monitoring for suspicious login activity, and a review of access controls. The targeting of services associated with google.com.mx, primarily in Mexico, suggests a localized but widespread impact.

Total Events

3,192
credential exposure events

Employee Affected Events

280
account email domain = google.com.mx

Client Affected Events

2,912
service target = google.com.mx

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
8005332670
peak month 782
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events459
Share14%
Data breaches
Events2,733
Share86%
Infostealer logs (14%)
459events
Data breaches (86%)
2,733events

280 compromised employee accounts pose an infrastructure risk, while 2,912 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender4

Malware Families Distribution

Distribution of Active Stealer Strains

RisePro125
LummaC276
Redline58
Vidar31
Rhadamanthys6
StealC5
Blank Grabber2
Aurora1
Acreed1

Top Login URLs

Top exposed services found in the event results

  1. 1google.com.mx351
  2. 2https://www.google.com.mx/334
  3. 3google.com.mx/255
  4. 4https://google.com.mx237
  5. 5https://www.google.com.mx226
  6. 6www.google.com.mx/155
  7. 7www.google.com.mx129
  8. 8https://google.com.mx/116
  9. 9https://www.google.com.mx/search58
  10. 10http://www.google.com.mx52

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Mexico
Events268
United States
Events17
China
Events8
Japan
Events6
Germany
Events5
South Korea
Events3
Netherlands
Events3

Country Breakdown

  1. 1Mexico268
  2. 2United States17
  3. 3Dominican Republic9
  4. 4China8
  5. 5Japan6
  6. 6Germany5
  7. 7South Korea3
  8. 8Netherlands3

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Home Single Language [x64]122
Windows 1148
Windows 10 Home x6421
Windows 10 Enterprise x6420
Windows 10 Enterprise (10.0.19045) x6419

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
2,690
Combolist pools
43
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.