Back

kicker.de Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain kicker.de has experienced a significant number of historical data breaches (4488) and active infostealer logs (635) over the past year, indicating a high level of exposure. The majority of these events are linked to "Combolist sources" (98.9%), suggesting credential stuffing or account takeover attempts. Malware families such as Acreed, LummaC2, and Redline are prevalent, targeting Windows 11 operating systems. The primary affected services are related to the kicker.de website and its login portals, with Germany being the most frequently observed country. This suggests a high risk of compromised user accounts and potential identity theft for employees and clients associated with the domain.

Total Events

5,123
credential exposure events

Employee Affected Events

463
account email domain = kicker.de

Client Affected Events

4,660
service target = kicker.de

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
1,5001,0005000
peak month 1,291
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events635
Share12%
Data breaches
Events4,488
Share88%
Infostealer logs (12%)
635events
Data breaches (88%)
4,488events

463 compromised employee accounts pose an infrastructure risk, while 4,660 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender12

Malware Families Distribution

Distribution of Active Stealer Strains

Acreed107
LummaC274
Redline58
Millenium38
Rhadamanthys28
Vidar12
Raccoon3
Cthulhu2
StealC1

Top Login URLs

Top exposed services found in the event results

  1. 1kicker.de379
  2. 2https://kicker.de287
  3. 3https://www.kicker.de242
  4. 4https://secure.kicker.de221
  5. 5https://www.kicker.de/meinkicker/login204
  6. 6secure.kicker.de199
  7. 7https://www.kicker.de/195
  8. 8www.kicker.de165
  9. 9kicker.de/147
  10. 10https://secure.kicker.de/community/login128

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Germany
Events265
United States
Events24
China
Events7
Peru
Events7
United Kingdom
Events4
Thailand
Events3
Kenya
Events3
Türkiye
Events3

Country Breakdown

  1. 1Germany265
  2. 2United States24
  3. 3China7
  4. 4Peru7
  5. 5United Kingdom4
  6. 6Thailand3
  7. 7Kenya3
  8. 8Türkiye3

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Zendesk9

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11160
Windows 10 Enterprise x6423
Windows 11 Pro (10.0.26100) x6420
Windows 11 Pro (10.0.22631) x6413
Windows 1013

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
4,437
Combolist pools
51
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.