Back

kuronekoyamato.co.jp Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting kuronekoyamato.co.jp, with a total of 107,454 events recorded over the period from July 2025 to June 2026. The majority of these events, 83.4%, are classified as historical data breaches, totaling 89,646 incidents. Additionally, 16.6% of events, or 17,808 incidents, are identified as active infostealer logs. The timeline shows a notable increase in client-related events starting in August 2025 and peaking in March 2026, with employee-related events also showing sporadic spikes throughout the period. The primary sources of data leakage are identified as "Combolist sources" (99.9%), suggesting credential stuffing or account takeover attempts, and "Database dumps" (0.1%). Malware families associated with these events include LummaC2, Rhadamanthys, and Redline, all commonly used for credential harvesting and data exfiltration. Targeted services primarily include authentication and customer portal login endpoints, such as auth.kms.kuronekoyamato.co.jp and cmypage.kuronekoyamato.co.jp, indicating a focus on compromising user accounts and potentially sensitive customer information. The geographical breakdown shows a strong concentration of events originating from Japan, with smaller numbers from Vietnam, the United States, and Indonesia. Given the high volume of historical data breaches and active infostealer logs, coupled with the targeting of authentication services and the prevalence of credential-harvesting malware, this incident poses a critical risk to the organization and its customers. The reliance on "Combolist sources" suggests that compromised credentials are a primary vector, potentially leading to unauthorized access and further data exfiltration. Remediation efforts should focus on immediate credential rotation for affected users, enhanced monitoring of authentication endpoints for suspicious login activity, and a thorough review of data access controls. Furthermore, implementing robust endpoint security measures to detect and prevent infostealer malware and strengthening defenses against credential stuffing attacks are crucial next steps.

Total Events

107,454
credential exposure events

Employee Affected Events

330
account email domain = kuronekoyamato.co.jp

Client Affected Events

107,124
service target = kuronekoyamato.co.jp

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
30,00020,00010,0000
peak month 29,856
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events17,808
Share17%
Data breaches
Events89,646
Share83%
Infostealer logs (17%)
17,808events
Data breaches (83%)
89,646events

330 compromised employee accounts pose an infrastructure risk, while 107,124 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender808
Windows Defender マカフィー ウイルススキャン64
Windows Defender ウイルスバスター クラウド50
Windows Defender ESET Security23
Windows Defender ノートン 36019
Windows Defender.18
Windows Defender McAfee18
Windows Defender マカフィー ウイルススキャン ノートン 36016
Trend Micro12

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC22,354
Rhadamanthys2,301
Redline2,029
Acreed1,405
Vidar1,025
Millenium275
Raccoon245
Remus209
RisePro141

Top Login URLs

Top exposed services found in the event results

  1. 1https://auth.kms.kuronekoyamato.co.jp/auth/login9,402
  2. 2https://cmypage.kuronekoyamato.co.jp6,796
  3. 3cmypage.kuronekoyamato.co.jp6,259
  4. 4auth.kms.kuronekoyamato.co.jp/auth/login5,667
  5. 5https://smp-cmypage.kuronekoyamato.co.jp3,997
  6. 6https://cmypage.kuronekoyamato.co.jp/portal/entrance3,496
  7. 7https://auth.kms.kuronekoyamato.co.jp3,416
  8. 8smp-cmypage.kuronekoyamato.co.jp3,383
  9. 9https://cmypage.kuronekoyamato.co.jp/portal/loginpage3,324
  10. 10cmypage.kuronekoyamato.co.jp/portal/entrance2,938

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Japan
Events9,912
Vietnam
Events122
United States
Events114
Indonesia
Events71
Philippines
Events57
India
Events56
Venezuela
Events56
Bolivia
Events49

Country Breakdown

  1. 1Japan9,912
  2. 2Vietnam122
  3. 3United States114
  4. 4Indonesia71
  5. 5Philippines57
  6. 6India56
  7. 7Venezuela56
  8. 8Bolivia49

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

F51

Operating System Distribution

Distribution of compromised endpoint builds

Windows 111,879
Windows 11 24H2 build 26100 (64 Bit)1,218
Windows 10 22H2 build 19045 (64 Bit)778
Windows 10 Enterprise x64706
Windows 11 Pro580

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
89,550
Combolist pools
96
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.