Back

feng.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain feng.com exhibits a high-risk score of 94, primarily driven by a significant volume of historical data breaches (73.7%) and active infostealer logs (26.3%) observed between July 2025 and June 2026. A substantial number of client accounts (22,604) and employee accounts (607) have been exposed. The data indicates a strong association with infostealer malware families such as Redline, Rhadamanthys, and LummaC2, which are frequently used to exfiltrate credentials and sensitive information. The targeted services are predominantly related to the feng.com passport authentication system, suggesting a focus on compromising user login credentials. The majority of the observed data originates from combolist sources, indicating a widespread credential stuffing or brute-force attack vector. The timeline shows a notable increase in employee and client exposures during September 2025 and March-April 2026. Given the high volume of data breaches and active infostealer activity targeting authentication services, this exposure poses a critical risk to the organization and its users. The prevalence of infostealer malware and the reliance on combolist sources suggest a need for immediate remediation focused on credential hygiene, multi-factor authentication enforcement, and enhanced monitoring for suspicious login activity. Prioritizing the protection of the feng.com passport system and associated user data is paramount. The geographical distribution indicates a significant presence in China, the United States, and Egypt, which should inform targeted security awareness campaigns and incident response efforts.

Total Events

23,211
credential exposure events

Employee Affected Events

607
account email domain = feng.com

Client Affected Events

22,604
service target = feng.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
5,0003,3331,6670
peak month 4,545
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events6,116
Share26%
Data breaches
Events17,095
Share74%
Infostealer logs (26%)
6,116events
Data breaches (74%)
17,095events

607 compromised employee accounts pose an infrastructure risk, while 22,604 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender53
알약1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,275
Rhadamanthys925
LummaC2736
Acreed330
Vidar297
Cthulhu206
StealC129
RisePro126
Remus54

Top Login URLs

Top exposed services found in the event results

  1. 1android://YouAZZAgUoyoY3xXbP-Hv8erZfrTMRDaysQYiobAhHkdWQiuVxmEfBuEGcI5mGIYbMsxPEGusEQl90B2gIgByg==@com.feng.droid.tutu/5,506
  2. 2https://passport.feng.com/1,851
  3. 3passport.feng.com1,826
  4. 4passport.feng.com/1,742
  5. 5https://passport.feng.com1,587
  6. 6http://passport.feng.com/1,267
  7. 7passport.feng.com/index.php735
  8. 8http://passport.feng.com/index.php600
  9. 9http://passport.feng.com595
  10. 10https://passport.feng.com/index.php554

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

China
Events1,092
United States
Events318
Egypt
Events159
Brazil
Events153
Taiwan
Events145
India
Events115
Vietnam
Events115
France
Events115

Country Breakdown

  1. 1China1,092
  2. 2United States318
  3. 3Egypt159
  4. 4Brazil153
  5. 5Taiwan145
  6. 6India115
  7. 7Vietnam115
  8. 8France115

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Enterprise x64442
Windows 11409
Windows 10 22H2 build 19045 (64 Bit)328
Windows 11 24H2 build 26100 (64 Bit)323
Windows 10 Pro247

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
16,961
Combolist pools
134
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.