Back

qoo10.sg Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain qoo10.sg experienced a significant number of events, with over 50,000 total occurrences. The vast majority of these events, approximately 91.4%, are classified as historical data breaches, while 8.6% are active infostealer logs. A substantial portion of the data breaches, 46,399 events, originated from "Combolist sources," indicating a high likelihood of credential stuffing attacks. The timeline shows a notable increase in employee-related events starting in January 2026, with 120 occurrences, and continuing through March and April 2026. Malware families associated with these events include LummaC2, Redline, and Rhadamanthys, all known for their credential-stealing capabilities. The targeted services are primarily login pages for qoo10.sg, suggesting direct attacks on user authentication mechanisms. The primary geography of affected users is Singapore, followed by South Korea and Malaysia. Given the high volume of historical data breaches linked to credential stuffing and the recent surge in employee-related events coinciding with active infostealer activity, this exposure presents a critical risk. The prevalence of LummaC2, Redline, and Rhadamanthys malware indicates a sophisticated threat actor targeting user credentials. Remediation efforts should focus on immediate credential reset campaigns for all affected users, enhanced monitoring of login activity for suspicious patterns, and a review of authentication security controls to prevent future credential stuffing and infostealer compromises. The primary focus should be on protecting client data and employee accounts from further unauthorized access.

Total Events

50,777
credential exposure events

Employee Affected Events

238
account email domain = qoo10.sg

Client Affected Events

50,539
service target = qoo10.sg

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
15,00010,0005,0000
peak month 14,355
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events4,378
Share9%
Data breaches
Events46,399
Share91%
Infostealer logs (9%)
4,378events
Data breaches (91%)
46,399events

238 compromised employee accounts pose an infrastructure risk, while 50,539 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender118
Windows Defender 알약25
Windows Defender Trend Micro Internet Security8
Trend Micro6
Windows Defender [ON]1

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC2983
Redline567
Rhadamanthys536
Vidar236
Acreed179
StealC103
Raccoon65
RisePro43
Millenium24

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.qoo10.sg/gmkt.inc/Login/Login.aspx3,956
  2. 2qoo10.sg3,282
  3. 3qoo10.sg/gmkt.inc/Login/Login.aspx3,117
  4. 4https://qoo10.sg2,402
  5. 5https://www.qoo10.sg2,347
  6. 6www.qoo10.sg/gmkt.inc/Login/Login.aspx1,885
  7. 7www.qoo10.sg1,626
  8. 8qoo10.sg/gmkt.inc/login/login.aspx1,352
  9. 9https://my.qoo10.sg1,185
  10. 10https://my.qoo10.sg/gmkt.inc/Login/Login.aspx1,110

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Singapore
Events1,681
South Korea
Events205
Malaysia
Events153
Philippines
Events87
United States
Events80
Indonesia
Events56
Venezuela
Events52
Taiwan
Events40

Country Breakdown

  1. 1Singapore1,681
  2. 2South Korea205
  3. 3Malaysia153
  4. 4Philippines87
  5. 5United States80
  6. 6Indonesia56
  7. 7Venezuela52
  8. 8Taiwan40

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 24H2 build 26100 (64 Bit)342
Windows 11262
Windows 10 22H2 build 19045 (64 Bit)193
Windows 10 Enterprise x64148
Windows 11 Pro (10.0.26100) x64133

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
46,277
Combolist pools
122
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.