Back

holidaycheck.de Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure of client data, with 4,920 client accounts and 122 employee accounts potentially compromised. This is primarily driven by a large volume of historical data breaches (4,557 events) and active infostealer logs (485 events) observed over the period from July 2025 to June 2026. The infostealer activity is notable, with Redline, Rhadamanthys, and LummaC2 being the most prevalent families, suggesting credential harvesting and potential unauthorized access. The majority of the data breach evidence originates from combolist sources, indicating a high likelihood of credential stuffing attacks leveraging previously exposed credentials.

Total Events

5,042
credential exposure events

Employee Affected Events

122
account email domain = holidaycheck.de

Client Affected Events

4,920
service target = holidaycheck.de

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
1,5001,0005000
peak month 1,448
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events485
Share10%
Data breaches
Events4,557
Share90%
Infostealer logs (10%)
485events
Data breaches (90%)
4,557events

122 compromised employee accounts pose an infrastructure risk, while 4,920 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

No Data Available

Malware Families Distribution

Distribution of Active Stealer Strains

Redline65
Rhadamanthys61
LummaC254
Acreed47
StealC5
Remus5
Raccoon4
X-Files3
Vidar3

Top Login URLs

Top exposed services found in the event results

  1. 1holidaycheck.de569
  2. 2https://www.holidaycheck.de392
  3. 3https://holidaycheck.de386
  4. 4holidaycheck.de/login302
  5. 5https://www.holidaycheck.de/login295
  6. 6www.holidaycheck.de269
  7. 7https://secure.holidaycheck.de261
  8. 8secure.holidaycheck.de215
  9. 9www.holidaycheck.de/login169
  10. 10https://www.holidaycheck.de/135

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Germany
Events165
Belgium
Events15
United States
Events13
Egypt
Events13
Netherlands
Events7
Spain
Events4
Sweden
Events3
China
Events3

Country Breakdown

  1. 1Germany165
  2. 2Belgium15
  3. 3United States13
  4. 4Egypt13
  5. 5Netherlands7
  6. 6Spain4
  7. 7Sweden3
  8. 8China3

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1178
Windows 11 24H2 build 26200 (64 Bit)27
Windows 10 22H2 build 19045 (64 Bit)26
Windows 11 (Build 26200) (64 Bit)15
Windows 10 Enterprise x6411

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
4,538
Combolist pools
19
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.