Back

soha.vn Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain soha.vn exhibits a high-risk score of 92, primarily driven by a significant volume of historical data breaches (30,984 events) and active infostealer logs (4,936 events) over the observed period. The data indicates a substantial exposure of client credentials, with 35,776 client-related events, alongside 144 employee-related events. Malware families such as Redline, LummaC2, and Rhadamanthys are prevalent, suggesting active compromise attempts targeting sensitive information. The majority of identified data originates from Vietnam, with a notable portion linked to combolist sources, indicating credential stuffing or brute-force attacks against user accounts, particularly impacting the "soap.soha.vn" service.

Total Events

35,920
credential exposure events

Employee Affected Events

144
account email domain = soha.vn

Client Affected Events

35,776
service target = soha.vn

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
10,0006,6673,3330
peak month 8,866
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events4,936
Share14%
Data breaches
Events30,984
Share86%
Infostealer logs (14%)
4,936events
Data breaches (86%)
30,984events

144 compromised employee accounts pose an infrastructure risk, while 35,776 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender11
Avast2
Windows Defender McAfee.2
Panda Dome1
Unknown1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,211
LummaC2724
Rhadamanthys521
Vidar324
Acreed178
StealC138
RisePro122
Remus38
Raccoon20

Top Login URLs

Top exposed services found in the event results

  1. 1https://soap.soha.vn/6,457
  2. 2https://soap.soha.vn/dialog/login/sohagame6,075
  3. 3https://soap.soha.vn5,374
  4. 4soap.soha.vn5,352
  5. 5soap.soha.vn/dialog/login/sohagame4,308
  6. 6soap.soha.vn/3,943
  7. 7https://soap.soha.vn/dialog/login/Authen979
  8. 8soap.soha.vn/dialog/login/Authen696
  9. 9http://soap.soha.vn/dialog/login/sohagame273
  10. 10soap.soha.vn/dialog/login/authen224

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Vietnam
Events3,027
United States
Events57
Japan
Events31
Venezuela
Events24
South Korea
Events16
Thailand
Events10
China
Events10
India
Events9

Country Breakdown

  1. 1Vietnam3,027
  2. 2United States57
  3. 3Japan31
  4. 4Venezuela24
  5. 5South Korea16
  6. 6Thailand10
  7. 7China10
  8. 8India9

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Enterprise x64638
Windows 11 24H2 build 26100 (64 Bit)273
Windows 11249
Windows 10 Pro221
Windows 10 Home x64213

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
30,966
Combolist pools
18
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.