Back

seasonvar.ru Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain seasonvar.ru has been associated with a significant number of data breach events, totaling 7,763, primarily originating from "Combolist sources." Additionally, there are 1,026 "Active Infostealer Logs" linked to this domain, with "Redline" and "Rhadamanthys" being the most prevalent malware families. The exposure period spans from July 2025 to June 2026, with a notable increase in employee-related events in February and April 2026. The majority of affected entities are clients (8,632), but 157 employees are also impacted. The primary targeted service is the domain itself and its subdomains, with a geographical concentration in Ukraine, Finland, and Germany. This exposure presents a high risk due to the large volume of historical data breaches and active infostealer activity, suggesting potential credential stuffing attacks and widespread compromise of user data. The prevalence of infostealer malware indicates a direct threat to user credentials and sensitive information. Prioritization should focus on immediate remediation of compromised accounts, enhanced monitoring for suspicious activity originating from or targeting seasonvar.ru, and a review of data security practices to prevent further data exfiltration.

Total Events

8,789
credential exposure events

Employee Affected Events

157
account email domain = seasonvar.ru

Client Affected Events

8,632
service target = seasonvar.ru

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
2,0001,3336670
peak month 1,945
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,026
Share12%
Data breaches
Events7,763
Share88%
Infostealer logs (12%)
1,026events
Data breaches (88%)
7,763events

157 compromised employee accounts pose an infrastructure risk, while 8,632 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender30

Malware Families Distribution

Distribution of Active Stealer Strains

Redline217
Rhadamanthys164
LummaC2118
Vidar71
Acreed39
Remus15
StealC10
DarkCrystal6
RisePro5

Top Login URLs

Top exposed services found in the event results

  1. 1http://seasonvar.ru/1,967
  2. 2seasonvar.ru/1,480
  3. 3seasonvar.ru1,282
  4. 4https://seasonvar.ru1,194
  5. 5https://seasonvar.ru/1,092
  6. 6http://seasonvar.ru464
  7. 7http://m.seasonvar.ru/41
  8. 8https://seasonvar.ru/logon25
  9. 9https://www.seasonvar.ru25
  10. 10https://m.seasonvar.ru21

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Ukraine
Events71
Finland
Events65
Germany
Events41
United States
Events38
Poland
Events37
Lithuania
Events36
Israel
Events35
United Kingdom
Events32

Country Breakdown

  1. 1Ukraine71
  2. 2Finland65
  3. 3Germany41
  4. 4United States38
  5. 5Poland37
  6. 6Lithuania36
  7. 7Israel35
  8. 8United Kingdom32

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 22H2 build 19045 (64 Bit)102
Windows 1175
Windows 10 Enterprise x6467
Windows 11 24H2 build 26100 (64 Bit)62
Майкрософт Windows 10 Pro x6427

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
7,763
Combolist pools
0
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.