Back

surveyrouter.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain surveyrouter.com exhibits a high risk score of 78, primarily driven by a significant volume of historical data breaches (3587 events) and active infostealer logs (445 events) observed over the past year. The data indicates a substantial exposure of client information, with 3947 client-related events and 85 employee-related events. Malware analysis reveals Redline as the dominant threat, accounting for 70.8% of identified malware families, alongside LummaC2 and Rhadamanthys. The targeted services are predominantly related to Pulse Secure VPN, specifically `ups.surveyrouter.com/TrafficUI/MSCUI/Page.aspx`, suggesting potential exploitation of VPN vulnerabilities. Geographically, Brazil, Colombia, and Chile show the highest incidence of these events.

Total Events

4,032
credential exposure events

Employee Affected Events

85
account email domain = surveyrouter.com

Client Affected Events

3,947
service target = surveyrouter.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
1,0006673330
peak month 967
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events445
Share11%
Data breaches
Events3,587
Share89%
Infostealer logs (11%)
445events
Data breaches (89%)
3,587events

85 compromised employee accounts pose an infrastructure risk, while 3,947 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

No Data Available

Malware Families Distribution

Distribution of Active Stealer Strains

Redline315
LummaC225
Rhadamanthys14
Vidar6
StealC1

Top Login URLs

Top exposed services found in the event results

  1. 1https://ups.surveyrouter.com/TrafficUI/MSCUI/Page.aspx1,323
  2. 2ups.surveyrouter.com/TrafficUI/MSCUI/Page.aspx913
  3. 3ups.surveyrouter.com261
  4. 4https://ups.surveyrouter.com249
  5. 5ups.surveyrouter.com/trafficui/mscui/page.aspx214
  6. 6https://ups.surveyrouter.com/trafficui/mscui/page.aspx173
  7. 7https://ups.surveyrouter.com/TrafficUI/MSCUI/Page.aspx:Password:81
  8. 8surveyrouter.com56
  9. 9https://surveyrouter.com52
  10. 10https://ups.surveyrouter.com/trafficui/mscui/page.aspx:password50

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Brazil
Events83
Colombia
Events37
Chile
Events24
India
Events23
United States
Events19
Peru
Events18
Mexico
Events17
Indonesia
Events17

Country Breakdown

  1. 1Brazil83
  2. 2Colombia37
  3. 3Chile24
  4. 4India23
  5. 5United States19
  6. 6Peru18
  7. 7Mexico17
  8. 8Indonesia17

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Pulse Secure4

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Enterprise x64142
Windows 10 Home x6458
Windows 10 Pro x6439
Windows 1134
Windows 11 Pro x6415

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
3,587
Combolist pools
0
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.