Back

vfc.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain vfc.com exhibits a critical risk score of 100, primarily driven by a substantial volume of historical data breaches (56,893 events) and a significant number of active infostealer logs (2,728 events) over the reporting period. The data indicates a widespread compromise affecting employees (55,406) and clients (4,215). Malware analysis reveals Redline as the dominant family (63.3% of identified malware), frequently associated with credential harvesting. The timeline shows a surge in employee and client-related events in September 2025 and January 2026, suggesting periods of heightened compromise activity. The high volume of data breaches and infostealer activity, particularly involving Redline malware, indicates a severe and ongoing exposure of sensitive information. The prevalence of "Combolist sources" (71.5%) and "Database dumps" (28.5%) within leak repositories points to large-scale credential stuffing and data exfiltration. Remediation should focus on immediate credential reset for all affected employees and clients, enhanced monitoring for anomalous access patterns, and a comprehensive review of security controls related to data handling and access, especially for services like vfc.com and the vfeportal. The presence of older operating systems like Windows 8 x32 and Windows Server 2003 R2 x32 among the affected systems warrants urgent patching or decommissioning.

Total Events

59,621
credential exposure events

Employee Affected Events

55,406
account email domain = vfc.com

Client Affected Events

4,215
service target = vfc.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
20,00013,3336,6670
peak month 15,702
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events2,728
Share5%
Data breaches
Events56,893
Share95%
Infostealer logs (5%)
2,728events
Data breaches (95%)
56,893events

55,406 compromised employee accounts pose an infrastructure risk, while 4,215 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender Panda Dome81
Windows Defender65
Windows Defender Avast Antivirus28
Windows Defender AVG Antivirus14
Windows Defender ESET Security8
Kaspersky1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,726
Acreed124
LummaC2101
Vidar71
Rhadamanthys70
Millenium43
Raccoon12
RisePro12
Remus11

Top Login URLs

Top exposed services found in the event results

  1. 1vfc.com1,040
  2. 2android://GGJNEBf4AKel3V8f0Zzb9lGEmUL0HGemE2NFYaVNVXdLmEXB6oedWp2Y92X5oubTtN9FMWT58-y8cQj8YR_Yag==@com.vfc.vans/585
  3. 3https://vfeportal.vfc.com190
  4. 4https://vfeportal.vfc.com/123
  5. 5vfeportal.vfc.com117
  6. 6federationfs.vfc.com110
  7. 7https://federationfs.vfc.com103
  8. 8federationfs.vfc.com/adfs/ls/103
  9. 9https://federationfs.vfc.com/adfs/ls/95
  10. 10android://y_cZ3qQSXJdlB9Q1dt9lM3Me1g4Gtbqs6fFX_Xn3uH94CuauuMZbiTVR4ELE90HUE22eH6hUkKKi5G8J4sU4tA==@com.vfc.lgssenew/90

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events491
Germany
Events400
Netherlands
Events367
Italy
Events223
Denmark
Events144
Spain
Events140
India
Events76
United Kingdom
Events75

Country Breakdown

  1. 1United States491
  2. 2Germany400
  3. 3Netherlands367
  4. 4Italy223
  5. 5Denmark144
  6. 6Spain140
  7. 7India76
  8. 8United Kingdom75

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft426
Citrix143
Jira (Atlassian)39
FortiNet VPN24
Pulse Secure24
Git20
Cisco (AnyConnect)13

Operating System Distribution

Distribution of compromised endpoint builds

Windows 8 x32127
Windows Vista x32126
Windows Server 2003 R2 x32122
Windows Server 2012 x32121
Windows 11119

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
40,706
Combolist pools
16,187
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.