Back

6park.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain 6park.com has experienced a significant number of data breaches and infostealer events over the past year, with over 5,000 historical data breaches and over 1,200 active infostealer logs. The majority of these events are linked to "Combolist sources" within leak repositories, indicating potential credential stuffing or account takeover attempts. The timeline shows a notable increase in client-related events, particularly in March and April 2026, alongside a smaller but growing number of employee-related events. Malware families such as Redline, LummaC2, and Rhadamanthys are frequently observed, all of which are known for stealing credentials and sensitive information. The high volume of data breaches and infostealer activity, coupled with the prevalence of credential-harvesting malware, presents a critical risk. The focus should be on identifying and securing compromised accounts, investigating the source of the "Combolist sources" in leak repositories, and enhancing endpoint security to detect and prevent the identified malware families. Prioritizing remediation efforts on client-facing services and employee accounts is crucial given the observed trends.

Total Events

6,544
credential exposure events

Employee Affected Events

89
account email domain = 6park.com

Client Affected Events

6,455
service target = 6park.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
2,0001,3336670
peak month 1,631
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,292
Share20%
Data breaches
Events5,252
Share80%
Infostealer logs (20%)
1,292events
Data breaches (80%)
5,252events

89 compromised employee accounts pose an infrastructure risk, while 6,455 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender7
Windows Defender.2

Malware Families Distribution

Distribution of Active Stealer Strains

Redline246
LummaC2191
Rhadamanthys190
Acreed127
Vidar36
StealC18
RisePro17
Remus11
Millenium9

Top Login URLs

Top exposed services found in the event results

  1. 1https://home.6park.com/index.php1,417
  2. 2home.6park.com/index.php881
  3. 3https://home.6park.com579
  4. 4home.6park.com558
  5. 5http://home.6park.com/index.php402
  6. 6https://home.6park.com/216
  7. 7home.6park.com/206
  8. 8http://home.6park.com/167
  9. 9http://home.6park.com133
  10. 106park.com75

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

China
Events182
United States
Events142
Taiwan
Events88
Canada
Events76
Malaysia
Events55
Singapore
Events33
United Kingdom
Events32
Germany
Events30

Country Breakdown

  1. 1China182
  2. 2United States142
  3. 3Taiwan88
  4. 4Canada76
  5. 5Malaysia55
  6. 6Singapore33
  7. 7United Kingdom32
  8. 8Germany30

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Cisco (AnyConnect)2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 24H2 build 26100 (64 Bit)137
Windows 11129
Windows 10 Home x6480
Windows 10 Enterprise x6470
Windows 1052

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
5,248
Combolist pools
4
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.