Back

cmbchina.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain cmbchina.com exhibits a critical risk score of 100, primarily driven by a substantial volume of historical data breaches (11,430 events) and active infostealer logs (1,572 events) over the observed period. The data breach events significantly outweigh infostealer activity, suggesting a large-scale compromise or exposure of sensitive information. Employee and client data appear to be the primary targets, with 6,923 employee-related events and 6,079 client-related events recorded. The timeline indicates a surge in employee-related events in September 2025 and March 2026, and client-related events peaking in March 2026, suggesting periods of heightened compromise. Malware analysis reveals Rhadamanthys and Redline as the most prevalent infostealer families, indicating a focus on credential harvesting. The high volume of historical data breaches and active infostealer logs, coupled with the significant number of affected employees and clients, elevates the priority for immediate remediation. The prevalence of credential-harvesting malware like Rhadamanthys and Redline points to a need for enhanced endpoint security, user awareness training, and robust credential management practices. The targeted services, particularly those related to career portals and online banking, suggest that attackers are exploiting these entry points for data exfiltration and potentially further network access. Given the nature of the domain and the observed events, the primary focus should be on securing user credentials, preventing further data exfiltration, and investigating the root cause of the historical data breaches.

Total Events

13,002
credential exposure events

Employee Affected Events

6,923
account email domain = cmbchina.com

Client Affected Events

6,079
service target = cmbchina.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
4,0002,6671,3330
peak month 3,035
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,572
Share12%
Data breaches
Events11,430
Share88%
Infostealer logs (12%)
1,572events
Data breaches (88%)
11,430events

6,923 compromised employee accounts pose an infrastructure risk, while 6,079 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender5
360安全卫士1

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys497
Redline324
LummaC2183
Acreed61
RisePro56
StealC38
Vidar17
Millenium14
Remus9

Top Login URLs

Top exposed services found in the event results

  1. 1https://career.cmbchina.com/index.html373
  2. 2https://career.cmbchina.com/register364
  3. 3career.cmbchina.com/index.html345
  4. 4https://career.cmbchina.com/230
  5. 5https://career.cmbchina.com194
  6. 6career.cmbchina.com193
  7. 7http://career.cmbchina.com/index.html190
  8. 8https://u.ebank.cmbchina.com/CmbBank_FB/UI/Login/FBPOPLogin.aspx155
  9. 9career.cloud.cmbchina.com/index.html144
  10. 10http://career.cloud.cmbchina.com/index.html132

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

China
Events803
Malaysia
Events119
Egypt
Events61
United States
Events50
Japan
Events27
Australia
Events24
United Kingdom
Events16

Country Breakdown

  1. 1China803
  2. 2Malaysia119
  3. 3Egypt61
  4. 4Hong Kong SAR China58
  5. 5United States50
  6. 6Japan27
  7. 7Australia24
  8. 8United Kingdom16

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft Entra ID (External ID / B2C)3

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 (Build 26200) (64 Bit)186
Windows 11 23H2 build 22631 (64 Bit)173
Windows 10 22H2 build 19045 (64 Bit)153
Windows 11152
Windows 11 24H2 build 26100 (64 Bit)127

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
5,874
Combolist pools
5,556
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.