Back

superjob.ru Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain superjob.ru has experienced a significant exposure event, with 8096 total recorded incidents between July 2025 and June 2026. The majority of these events, 7275, are classified as historical data breaches, while 821 are active infostealer logs. This indicates a substantial risk to client data, with 8024 client-related incidents and 72 employee-related incidents. The timeline shows a peak in client incidents during February and March 2026, with 1203 and 1729 respectively, and a notable spike in employee incidents in April 2026 with 23. Malware families such as Vidar, Rhadamanthys, and Redline are prominently associated with these events, suggesting credential harvesting and data exfiltration are primary threats. The exposure is largely attributed to combolist sources (99.7%), indicating compromised credentials are being widely distributed.

Total Events

8,096
credential exposure events

Employee Affected Events

72
account email domain = superjob.ru

Client Affected Events

8,024
service target = superjob.ru

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
2,0001,3336670
peak month 1,729
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events821
Share10%
Data breaches
Events7,275
Share90%
Infostealer logs (10%)
821events
Data breaches (90%)
7,275events

72 compromised employee accounts pose an infrastructure risk, while 8,024 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender1

Malware Families Distribution

Distribution of Active Stealer Strains

Vidar150
Rhadamanthys144
Redline115
LummaC298
RisePro17
DarkCrystal7
Acreed3
Remus3
Aurora2

Top Login URLs

Top exposed services found in the event results

  1. 1superjob.ru583
  2. 2https://www.superjob.ru527
  3. 3https://www.superjob.ru/425
  4. 4superjob.ru/408
  5. 5https://superjob.ru288
  6. 6http://www.superjob.ru/172
  7. 7https://www.superjob.ru/auth/login/169
  8. 8superjob.ru/user/forgot167
  9. 9www.superjob.ru159
  10. 10https://superjob.ru/147

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Canada
Events164
France
Events116
Russia
Events67
Netherlands
Events34
Germany
Events27
United States
Events20
Israel
Events12
Sweden
Events9

Country Breakdown

  1. 1Canada164
  2. 2France116
  3. 3Russia67
  4. 4Netherlands34
  5. 5Germany27
  6. 6United States20
  7. 7Israel12
  8. 8Sweden9

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 22H2 build 19045 (64 Bit)157
Windows 10 Pro152
Windows 1129
Windows 10 Home x6425
Windows 10 Enterprise x6423

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
7,255
Combolist pools
20
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.