Back

onliner.by Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event affecting approximately 29,040 clients and 100 employees of onliner.by. The primary concern stems from 26,496 historical data breaches and 2,644 active infostealer logs, predominantly sourced from "Combolist sources." The timeline shows a surge in client-related events from September 2025 through March 2026, with employee-related events also appearing during this period. Malware analysis highlights Redline as the most prevalent infostealer family, followed by Rhadamanthys and Vidar. Targeted services include the login portals for onliner.by, suggesting credential compromise is a key vector. The majority of affected systems run Windows 10 and Windows 11 operating systems.

Total Events

29,140
credential exposure events

Employee Affected Events

100
account email domain = onliner.by

Client Affected Events

29,040
service target = onliner.by

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
8,0005,3332,6670
peak month 6,864
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events2,644
Share9%
Data breaches
Events26,496
Share91%
Infostealer logs (9%)
2,644events
Data breaches (91%)
26,496events

100 compromised employee accounts pose an infrastructure risk, while 29,040 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender57

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,237
Rhadamanthys215
Vidar125
RisePro63
LummaC252
Acreed29
Remus17
StealC11
DarkCrystal5

Top Login URLs

Top exposed services found in the event results

  1. 1https://profile.onliner.by/login1,878
  2. 2profile.onliner.by/login1,817
  3. 3https://www.onliner.by/1,708
  4. 4https://www.onliner.by1,219
  5. 5onliner.by1,069
  6. 6https://profile.onliner.by1,042
  7. 7onliner.by/1,026
  8. 8profile.onliner.by826
  9. 9www.onliner.by710
  10. 10www.onliner.by/663

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Belarus
Events1,137
Poland
Events370
Austria
Events37
Thailand
Events33
Germany
Events33
France
Events23
United States
Events22
Bolivia
Events16

Country Breakdown

  1. 1Belarus1,137
  2. 2Poland370
  3. 3Austria37
  4. 4Thailand33
  5. 5Germany33
  6. 6France23
  7. 7United States22
  8. 8Bolivia16

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix3
WordPress3

Operating System Distribution

Distribution of compromised endpoint builds

Майкрософт Windows 10 Pro x64327
Windows 10 Enterprise x64265
Майкрософт Windows 11 Pro x64249
Windows 11112
Windows 11 Pro75

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
26,470
Combolist pools
26
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.