Back

ccb.com.cn Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain ccb.com.cn exhibits a high-risk score of 91, primarily driven by a significant volume of historical data breaches (78.2%) and active infostealer logs (21.8%) observed between July 2025 and June 2026. The data indicates 24,806 historical data breaches and 6,897 infostealer events, impacting 141 employees and 31,562 clients. The timeline shows a notable increase in employee and client-related events starting in March 2026, coinciding with a surge in infostealer activity, particularly from malware families like Rhadamanthys and Redline. The majority of affected systems are running Windows 11 and Windows 10, with targeted services including various subdomains of ccb.com.cn related to online banking. The high number of data breaches, predominantly sourced from combolist sources, suggests a widespread compromise of credentials. The active infostealer logs, linked to prevalent malware families, indicate ongoing attempts to exfiltrate sensitive information. The concentration of events in China, coupled with the nature of the targeted services (online banking), points to a significant risk of financial fraud and identity theft for both the organization and its customers. Prioritization should focus on immediate credential reset campaigns for employees and clients, enhanced monitoring of banking services for suspicious activity, and a thorough review of data security practices to prevent future breaches.

Total Events

31,703
credential exposure events

Employee Affected Events

141
account email domain = ccb.com.cn

Client Affected Events

31,562
service target = ccb.com.cn

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
8,0005,3332,6670
peak month 7,635
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events6,897
Share22%
Data breaches
Events24,806
Share78%
Infostealer logs (22%)
6,897events
Data breaches (78%)
24,806events

141 compromised employee accounts pose an infrastructure risk, while 31,562 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender181
Windows Defender McAfee13
Windows Defender.12
Windows Defender Avast Antivirus.2
Windows Defender VirusScan de McAfee .1
Windows Defender 360 Total Security.1
Windows Defender 火绒安全软件1

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys2,197
Redline1,471
LummaC2671
Acreed333
Vidar145
Blank Grabber129
RisePro78
Cthulhu52
StealC43

Top Login URLs

Top exposed services found in the event results

  1. 1ibsbjstar.ccb.com.cn2,607
  2. 2https://ibsbjstar.ccb.com.cn2,587
  3. 3https://ibsbjstar.ccb.com.cn/CCBIS/B2CMainPlat_002,338
  4. 4https://ibsbjstar.ccb.com.cn/2,135
  5. 5https://ebanking1.ccb.com.cn/CCBIS/B2CMainPlat_001,880
  6. 6ibsbjstar.ccb.com.cn/CCBIS/B2CMainPlat_001,269
  7. 7ibsbjstar.ccb.com.cn/1,212
  8. 8https://ibsbjstar.ccb.com.cn/CCBIS/CCBCommGateWay748
  9. 9https://ibsbjstar.ccb.com.cn/CCBIS/B2CMainPlat_13608
  10. 10ebanking1.ccb.com.cn/CCBIS/B2CMainPlat_00557

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

China
Events3,386
Malaysia
Events594
Taiwan
Events208
United States
Events140
Canada
Events113
Japan
Events78

Country Breakdown

  1. 1China3,386
  2. 2Malaysia594
  3. 3Hong Kong SAR China284
  4. 4Taiwan208
  5. 5United States140
  6. 6Canada113
  7. 7Japan78
  8. 8Malawi48

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

WordPress7

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 (Build 26200) (64 Bit)853
Windows 11 23H2 build 22631 (64 Bit)702
Windows 10 22H2 build 19045 (64 Bit)646
Windows 11 24H2 build 26100 (64 Bit)620
Windows 11425

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
24,786
Combolist pools
20
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.