Back

suruga-ya.jp Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain suruga-ya.jp has experienced a significant exposure event, with 16,240 historical data breaches and 2,097 active infostealer logs detected over the reporting period. The majority of these events are attributed to "Combolist sources" within leak repositories, indicating a high likelihood of credential stuffing attacks. The timeline shows a notable increase in client-related events from March 2026 onwards, coinciding with a rise in employee-related events, suggesting a potential compromise impacting both user accounts and internal systems. Malware families such as Rhadamanthys, LummaC2, and Acreed are prevalent, commonly associated with credential theft and data exfiltration. Given the high volume of data breaches and the presence of active infostealer logs, this exposure poses a critical risk to the organization and its users. The focus should be on immediate remediation of compromised credentials, strengthening authentication mechanisms, and conducting thorough security audits to identify and close any vulnerabilities exploited by the observed malware families. Prioritizing the investigation of the "Combolist sources" and understanding the attack vectors used to populate them is crucial for preventing future incidents.

Total Events

18,337
credential exposure events

Employee Affected Events

92
account email domain = suruga-ya.jp

Client Affected Events

18,245
service target = suruga-ya.jp

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
5,0003,3331,6670
peak month 4,914
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events2,097
Share11%
Data breaches
Events16,240
Share89%
Infostealer logs (11%)
2,097events
Data breaches (89%)
16,240events

92 compromised employee accounts pose an infrastructure risk, while 18,245 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender23
Reason Cybersecurity3
KINGSOFT Internet Security リアルタイムガード3
Windows Defender.2
Windows Defender ノートン 360 for Gamers1
ノートン 3601

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys301
LummaC2301
Acreed268
Redline216
Millenium60
Vidar43
Remus35
Raccoon29
RisePro16

Top Login URLs

Top exposed services found in the event results

  1. 1suruga-ya.jp2,106
  2. 2https://suruga-ya.jp1,555
  3. 3https://www.suruga-ya.jp/pcmypage1,471
  4. 4https://www.suruga-ya.jp1,359
  5. 5suruga-ya.jp/pcmypage1,208
  6. 6https://www.suruga-ya.jp/pcmypage/action_account_regist1,188
  7. 7www.suruga-ya.jp906
  8. 8suruga-ya.jp/pcmypage/action_account_regist881
  9. 9www.suruga-ya.jp/pcmypage708
  10. 10https://www.suruga-ya.jp/584

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Japan
Events1,005
United States
Events44
Taiwan
Events27
China
Events25
South Korea
Events21
Vietnam
Events20
India
Events11

Country Breakdown

  1. 1Japan1,005
  2. 2United States44
  3. 3Taiwan27
  4. 4Hong Kong SAR China26
  5. 5China25
  6. 6South Korea21
  7. 7Vietnam20
  8. 8India11

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11323
Windows 10 22H2 build 19045 (64 Bit)164
Windows 11 24H2 build 26100 (64 Bit)123
Windows 10 Enterprise x6477
Windows 10 Home x6461

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
16,234
Combolist pools
6
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.