Back

cntv.cn Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain cntv.cn exhibits a high-risk score of 91, primarily driven by a significant volume of historical data breaches (1713 events) and active infostealer logs (248 events) over the reporting period. The exposure affects a substantial number of employees (751) and clients (1210), with a notable concentration of data breach events originating from "Combolist sources" (83.5%) and "Database dumps" (16.5%). Malware families such as Redline, LummaC2, and Rhadamanthys are actively associated with this exposure, indicating potential credential harvesting and further compromise. The timeline shows a peak in employee and client exposure during September 2025 and again in March and April 2026, suggesting ongoing or recurring compromise activities. Given the high volume of data breach events and the presence of infostealer activity, the priority for remediation should focus on immediate credential reset for affected employees and clients, enhanced monitoring for anomalous access patterns, and a thorough investigation into the root cause of the data breaches, particularly those linked to compromised credentials from combolists and database dumps. The prevalence of Windows operating systems among affected systems suggests that endpoint security and patching should be a key focus. The targeted services, including registration and login portals, indicate a potential focus on account takeover or credential stuffing attacks.

Total Events

1,961
credential exposure events

Employee Affected Events

751
account email domain = cntv.cn

Client Affected Events

1,210
service target = cntv.cn

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
4002671330
peak month 317
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events248
Share13%
Data breaches
Events1,713
Share87%
Infostealer logs (13%)
248events
Data breaches (87%)
1,713events

751 compromised employee accounts pose an infrastructure risk, while 1,210 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

No Data Available

Malware Families Distribution

Distribution of Active Stealer Strains

Redline40
LummaC231
Rhadamanthys19
StealC8
Acreed8
Vidar4
Cthulhu2
Millenium1

Top Login URLs

Top exposed services found in the event results

  1. 1http://reg.cntv.cn/regist.html71
  2. 2cntv.cn68
  3. 3https://cntv.cn54
  4. 4reg.cntv.cn47
  5. 5https://reg.cntv.cn41
  6. 6reg.cntv.cn/regist.html40
  7. 7passport.cntv.cn32
  8. 8http://reg.cntv.cn/28
  9. 9cntv.cn/logon27
  10. 10https://passport.cntv.cn26

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

China
Events32
United States
Events20
Japan
Events15
Malaysia
Events14
New Zealand
Events9
Taiwan
Events9
Thailand
Events4

Country Breakdown

  1. 1China32
  2. 2United States20
  3. 3Japan15
  4. 4Malaysia14
  5. 5New Zealand9
  6. 6Taiwan9
  7. 7Thailand4
  8. 8Hong Kong SAR China4

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix7

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1151
Windows 10 22H2 build 19045 (64 Bit)21
Windows 11 Pro14
Windows 10 Enterprise x648
Windows 11 专业版 (10.0.26100) x648

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
1,430
Combolist pools
283
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.