Back

test.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain test.com has experienced a significant volume of data breaches and infostealer activity between July 2025 and June 2026, with over 377,000 historical data breaches and 35,000 active infostealer logs. Employee accounts are the most affected, totaling nearly 400,000, followed by client accounts at over 12,000. The data indicates a high risk of credential compromise and potential downstream impacts from exposed sensitive information, with a substantial portion of the exposure originating from "Combolist sources" and "Database dumps" within leak repositories. The observed threat landscape includes prevalent malware families such as Redline, LummaC2, and Rhadamanthys, often targeting services like test.com and related login or registration pages. Geographically, India, Pakistan, and Egypt show the highest incidence of related activity. Given the high risk score and the nature of the events, immediate focus should be placed on credential reset campaigns for affected employees and clients, enhanced monitoring for suspicious login activity, and a thorough review of data security practices, particularly concerning the storage and handling of user credentials and personal data.

Total Events

412,801
credential exposure events

Employee Affected Events

399,864
account email domain = test.com

Client Affected Events

12,937
service target = test.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
150,000100,00050,0000
peak month 128,175
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events35,670
Share9%
Data breaches
Events377,131
Share91%
Infostealer logs (9%)
35,670events
Data breaches (91%)
377,131events

399,864 compromised employee accounts pose an infrastructure risk, while 12,937 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender639
Windows Defender [ON]7
Malwarebytes7
Windows Defender.6
Avast6
Reason Cybersecurity3
None2
Windows Defender ESET Security2
Windows Defender Avast Antivirus.1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline5,169
LummaC24,939
Rhadamanthys3,232
Acreed2,564
Vidar2,439
StealC792
Remus561
RisePro408
Millenium280

Top Login URLs

Top exposed services found in the event results

  1. 1test.com4,939
  2. 2https://test.com491
  3. 3android://yMBTjwEdyggPcZAltHP2ozZ0B201pi-H3eByxsetRVcK9Y87tVcGytVj6RuCcYFvXzG4-H9Dh6TIZ3e6dfN86A==@com.test.tikkik/423
  4. 4test.com/personal/registre.asp276
  5. 5test.com/personal/usrreg.asp263
  6. 6https://test.com/135
  7. 7test.com/124
  8. 8test.com/login111
  9. 9test.com/registro97
  10. 10test.com/uye/giris91

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

India
Events3,575
Pakistan
Events1,898
Egypt
Events1,499
Indonesia
Events903
United States
Events897
Philippines
Events684
Brazil
Events553
Bangladesh
Events506

Country Breakdown

  1. 1India3,575
  2. 2Pakistan1,898
  3. 3Egypt1,499
  4. 4Indonesia903
  5. 5United States897
  6. 6Philippines684
  7. 7Brazil553
  8. 8Bangladesh506

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

WordPress1,329
Auth0782
Salesforce439
Git246
Microsoft Entra ID (External ID / B2C)88
GitLab88
Microsoft83

Operating System Distribution

Distribution of compromised endpoint builds

Windows 112,847
Windows 10 Enterprise x641,986
Windows 10 Pro1,773
Windows 11 24H2 build 26100 (64 Bit)1,391
Windows 101,186

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
215,097
Combolist pools
162,034
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.