Back

linternaute.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event affecting 158 employees and 64,590 clients, primarily driven by 55,028 historical data breaches and 9,720 active infostealer logs. The data suggests a high risk of credential compromise and potential data exfiltration, with a notable concentration of activity in France. The timeline shows a concerning increase in employee-related events starting in late 2025 and peaking in early 2026. The prevalence of LummaC2, Acreed, and Redline malware families, along with "Combolist sources" in leak repositories, points to a sophisticated attack targeting user credentials, likely through phishing or credential stuffing attacks against services like copainsdavant.linternaute.com. The high risk score of 97 necessitates immediate attention to credential hygiene and incident response. Remediation should focus on widespread password resets, enhanced multi-factor authentication deployment, and targeted security awareness training for employees and clients, particularly those in France. Further investigation into the root cause of the historical data breaches and the active infostealer campaigns is critical.

Total Events

64,748
credential exposure events

Employee Affected Events

158
account email domain = linternaute.com

Client Affected Events

64,590
service target = linternaute.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
20,00013,3336,6670
peak month 16,274
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events9,720
Share15%
Data breaches
Events55,028
Share85%
Infostealer logs (15%)
9,720events
Data breaches (85%)
55,028events

158 compromised employee accounts pose an infrastructure risk, while 64,590 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender164
Windows Defender Panda Dome18
Windows Defender McAfee14
Windows Defender.4
Windows Defender [ON]3
Windows Defender 360 Total Security.2
ESET2
Windows Defender Avast Antivirus.1
Norton Security Ultra1

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC21,488
Acreed1,444
Redline1,356
Rhadamanthys1,039
Vidar310
Millenium224
Remus131
Raccoon83
StealC80

Top Login URLs

Top exposed services found in the event results

  1. 1https://copainsdavant.linternaute.com9,751
  2. 2copainsdavant.linternaute.com9,512
  3. 3https://copainsdavant.linternaute.com/8,988
  4. 4https://copainsdavant.linternaute.com/p/login7,448
  5. 5copainsdavant.linternaute.com/6,227
  6. 6copainsdavant.linternaute.com/p/login5,372
  7. 7http://copainsdavant.linternaute.com/1,517
  8. 8http://copainsdavant.linternaute.com/p/login1,414
  9. 9http://copainsdavant.linternaute.com870
  10. 10linternaute.com772

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

France
Events4,788
Algeria
Events284
Morocco
Events137
United States
Events79
Belgium
Events68
Spain
Events47
India
Events36
Portugal
Events35

Country Breakdown

  1. 1France4,788
  2. 2Algeria284
  3. 3Morocco137
  4. 4United States79
  5. 5Belgium68
  6. 6Spain47
  7. 7India36
  8. 8Portugal35

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 111,526
Windows 10 22H2 build 19045 (64 Bit)541
Windows 10 Enterprise x64471
Windows 10440
Windows 11 24H2 build 26100 (64 Bit)406

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
54,991
Combolist pools
37
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.