Back

ipsosinteractive.com Domain Breach Exposure Report

Risk Score

High Risk

Critical asset booster applied - enterprise VPN / gateway credentials exposed.

AI Findings Summary

Critical

The domain ipsosinteractive.com has experienced a significant number of data breach and infostealer events totaling 1644 over the reporting period. The majority of these events, 1391, are classified as historical data breaches, with 253 active infostealer logs also detected. The timeline indicates a notable increase in client-related events from September 2025 onwards, peaking in March and April 2026, with a concurrent rise in employee-related events during the same period. Malware analysis reveals Redline, LummaC2, and Rhadamanthys as the most prevalent infostealer families. Targeted services include various subdomains of ipsosinteractive.com, with a specific mention of FortiNet VPN. The data breach and infostealer activity is predominantly linked to combolist sources, suggesting credential stuffing or account takeover attempts. The United States, Romania, and France are the top geographical locations associated with these events.

Total Events

1,644
credential exposure events

Employee Affected Events

85
account email domain = ipsosinteractive.com

Client Affected Events

1,559
service target = ipsosinteractive.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
4002671330
peak month 373
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events253
Share15%
Data breaches
Events1,391
Share85%
Infostealer logs (15%)
253events
Data breaches (85%)
1,391events

85 compromised employee accounts pose an infrastructure risk, while 1,559 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

No Data Available

Malware Families Distribution

Distribution of Active Stealer Strains

Redline55
LummaC229
Rhadamanthys28
Vidar10
Acreed3
Remus3

Top Login URLs

Top exposed services found in the event results

  1. 1ipsosinteractive.com48
  2. 2https://ipsosinteractive.com39
  3. 3https://usdresweb2.ipsosinteractive.com/mrIWeb/mrIWeb.dll31
  4. 4https://usdresweb.ipsosinteractive.com/mrIWeb/mrIWeb.dll31
  5. 5usdresweb.ipsosinteractive.com/mrIWeb/mrIWeb.dll30
  6. 6https://usdresweb2.ipsosinteractive.com/28
  7. 7https://ipsosinteractive.com/logon28
  8. 8https://vpn01.ipsosinteractive.com/remote/login27
  9. 9https://www.ipsosinteractive.com26
  10. 10https://obs.ipsosinteractive.com/ipsos.php23

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events60
Romania
Events27
France
Events15
United Kingdom
Events13
Germany
Events8
China
Events7
Venezuela
Events6
Nigeria
Events6

Country Breakdown

  1. 1United States60
  2. 2Romania27
  3. 3France15
  4. 4United Kingdom13
  5. 5Germany8
  6. 6China7
  7. 7Venezuela6
  8. 8Nigeria6

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

FortiNet VPN47

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1139
Windows 11 24H2 build 26100 (64 Bit)22
Windows 11 (Build 26200) (64 Bit)17
Windows 10 Pro12
Windows 11 (Build 22631) (64 Bit)10

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
1,389
Combolist pools
2
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.