Back

india.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain india.com has experienced a significant number of data breaches and infostealer events, totaling over 123,000 incidents within the reporting period. The majority of these events are attributed to historical data breaches, with a substantial portion also linked to active infostealer logs. Employee and client data appear to be the primary targets, with over 98,000 employee-related events and over 24,000 client-related events recorded. The timeline shows a surge in employee and client events in September 2025 and February 2026, indicating potential periods of heightened compromise. Malware families such as Rhadamanthys, LummaC2, Vidar, and Redline are frequently observed, suggesting common infection vectors. The data originates primarily from India, with secondary origins in Portugal and Latvia. Given the high volume of data breaches and the involvement of infostealer malware targeting employee and client data, this exposure presents a critical risk. The prevalence of known infostealer families and the origin of the data from India, a region often associated with large-scale data leaks, necessitate immediate attention. Remediation efforts should focus on strengthening access controls, enhancing endpoint security to detect and prevent infostealer activity, and conducting thorough investigations into the historical data breaches to understand the root cause and mitigate further impact.

Total Events

123,230
credential exposure events

Employee Affected Events

98,410
account email domain = india.com

Client Affected Events

24,820
service target = india.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
40,00026,66713,3330
peak month 32,501
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events11,692
Share10%
Data breaches
Events111,538
Share91%
Infostealer logs (10%)
11,692events
Data breaches (91%)
111,538events

98,410 compromised employee accounts pose an infrastructure risk, while 24,820 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender797
Windows Defender ESET Security20
Windows Defender [ON]4
Avast Antivirus3
Windows Defender Avast Antivirus.2
None2
Windows Defender.1

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys1,890
LummaC21,508
Vidar1,191
Redline1,028
Acreed326
StealC178
Remus127
RisePro60
Blank Grabber42

Top Login URLs

Top exposed services found in the event results

  1. 1india.com5,900
  2. 2https://mail.india.com2,037
  3. 3mail.india.com1,928
  4. 4android://oNEBL6WsDMvrMCg-MmYNPNiwYxiYVWbmh5rWFxzv-FSdbEANVb4Nlz2Y8z0UuI64G1NwhMfvo79ObR9HBxB9cw==@com.india.tencric.android/1,286
  5. 5android://J7kh0rky-5YdaG3EH82Ekgka3jEupRnMmRvIB5gCA9R4SmLF4ewDGwdyZ7Ol3ebbX-85XyL9_TQL-yz9bKfYXg==@com.india.happyeasygo/1,057
  6. 6https://mail.india.com/account/register922
  7. 7android://ogV0MtMlEGDRe-lp4ouxC46bczAGwaIWRtmxU9rzeSvZ6aaz8SGKU3AYIEiWMM15db1xfFgKH2xKlZT5Jd3lBA==@com.india.ddloan/653
  8. 8mail.india.com/account/register651
  9. 9https://mail.india.com/account/login588
  10. 10https://india.com574

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

India
Events5,838
Portugal
Events377
Latvia
Events210
Egypt
Events141
United States
Events104
Romania
Events65
Bangladesh
Events52

Country Breakdown

  1. 1India5,838
  2. 2Portugal377
  3. 3Latvia210
  4. 4Egypt141
  5. 5United States104
  6. 6North Macedonia77
  7. 7Romania65
  8. 8Bangladesh52

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

WordPress161
TeamViewer21
Salesforce20
Zendesk19
Microsoft15
Amazon Cognito12
Git5

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 24H2 build 26200 (64 Bit)1,557
Windows 10 22H2 build 19045 (64 Bit)649
Windows 10 Pro 22H2 (Build 19045)598
Windows 10 Pro538
Windows 11 Home Single Language511

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
82,263
Combolist pools
29,275
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.