Back

persianblog.ir Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain persianblog.ir has been associated with a significant number of historical data breaches and active infostealer logs, totaling over 4,400 events within the observed period. The majority of these events, 93.2%, are attributed to historical data breaches, while 6.8% are active infostealer logs. Notably, the timeline shows a surge in client-related events from September 2025 onwards, with a significant increase in employee-related events in March and April 2026. Malware families such as Redline, LummaC2, and RisePro are frequently observed in these incidents. This exposure presents a high risk due to the sheer volume of historical data breaches and the ongoing threat from infostealer activity, potentially impacting a large number of clients and employees. The prevalence of infostealer malware suggests a risk of credential harvesting and further compromise. Remediation efforts should focus on securing user credentials, investigating the root cause of the historical data breaches, and enhancing defenses against infostealer malware targeting the identified operating systems and services.

Total Events

4,407
credential exposure events

Employee Affected Events

75
account email domain = persianblog.ir

Client Affected Events

4,332
service target = persianblog.ir

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
1,2008004000
peak month 1,140
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events298
Share7%
Data breaches
Events4,109
Share93%
Infostealer logs (7%)
298events
Data breaches (93%)
4,109events

75 compromised employee accounts pose an infrastructure risk, while 4,332 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline69
LummaC241
RisePro23
Rhadamanthys19
Acreed15
StealC7
Vidar4
Remus1
Millenium1

Top Login URLs

Top exposed services found in the event results

  1. 1persianblog.ir900
  2. 2https://persianblog.ir762
  3. 3persianblog.ir/register420
  4. 4https://persianblog.ir/register373
  5. 5persianblog.ir/181
  6. 6https://persianblog.ir/148
  7. 7persianblog.ir/signup.aspx135
  8. 8persianblog.ir/Signup.aspx120
  9. 9persianblog.ir/login115
  10. 10http://persianblog.ir/Signup.aspx99

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Iran
Events99
United States
Events20
Germany
Events11
Greece
Events9
China
Events8
Spain
Events8
Canada
Events8
United Arab Emirates
Events7

Country Breakdown

  1. 1Iran99
  2. 2United States20
  3. 3Germany11
  4. 4Greece9
  5. 5China8
  6. 6Spain8
  7. 7Canada8
  8. 8United Arab Emirates7

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1151
Windows 10 Enterprise x6442
Windows 10 Pro [x64]17
Windows 11 24H2 build 26100 (64 Bit)9
Windows 11 Enterprise (10.0.22621) x649

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
4,109
Combolist pools
0
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.