Back

with2.net Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain with2.net exhibits a high risk score of 78, primarily driven by a significant volume of historical data breaches (3041 events) and active infostealer logs (566 events) over the past year. The majority of these events are linked to "Combolist sources" within leak repositories, suggesting compromised credentials. The timeline indicates a notable increase in client-related events from September 2025 onwards, peaking in March 2026, with a concurrent rise in employee-related events during March-June 2026. Malware families such as Acreed, LummaC2, and Redline are frequently observed, indicating potential credential harvesting and unauthorized access. Given the high number of data breaches and infostealer activity, coupled with the targeting of services like blog.with2.net, there is a substantial risk of credential compromise and potential downstream impacts on user accounts and sensitive data. The prevalence of Windows operating systems among affected entities suggests a focus on Windows-based environments. Prioritization should focus on immediate remediation of identified vulnerabilities, credential reset campaigns for both employees and clients, and enhanced monitoring for suspicious activity originating from or targeting the blog.with2.net infrastructure.

Total Events

3,607
credential exposure events

Employee Affected Events

93
account email domain = with2.net

Client Affected Events

3,514
service target = with2.net

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
8005332670
peak month 793
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events566
Share16%
Data breaches
Events3,041
Share84%
Infostealer logs (16%)
566events
Data breaches (84%)
3,041events

93 compromised employee accounts pose an infrastructure risk, while 3,514 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender41
Windows Defender McAfee1

Malware Families Distribution

Distribution of Active Stealer Strains

Acreed80
LummaC262
Redline52
Raccoon21
StealC12
Rhadamanthys12
Remus9
Vidar7
X-Files6

Top Login URLs

Top exposed services found in the event results

  1. 1https://blog.with2.net395
  2. 2blog.with2.net388
  3. 3https://blog.with2.net/my236
  4. 4https://blog.with2.net/join188
  5. 5blog.with2.net/my163
  6. 6https://blog.with2.net/join/check149
  7. 7blog.with2.net/join135
  8. 8blog.with2.net/mypage/132
  9. 9https://blog.with2.net/119
  10. 10http://blog.with2.net/mypage/112

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Japan
Events168
India
Events62
Pakistan
Events56
United States
Events23
France
Events18
China
Events12
Algeria
Events10
Germany
Events5

Country Breakdown

  1. 1Japan168
  2. 2India62
  3. 3Pakistan56
  4. 4United States23
  5. 5France18
  6. 6China12
  7. 7Algeria10
  8. 8Germany5

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11117
Windows 1078
Windows 11 Home Single Language 25H2 (Build 26200)55
Windows 10 Enterprise x6427
Windows 10 Home23

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
3,033
Combolist pools
8
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.