Back

gayboystube.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain gayboystube.com is associated with a high-risk score of 83, primarily driven by a significant volume of historical data breaches (7121 events) and active infostealer logs (1097 events) over the past year. The data breaches are predominantly linked to "Combolist sources," suggesting compromised credential reuse. Infostealer activity is dominated by malware families such as Redline, LummaC2, and Acreed, which are known for exfiltrating sensitive information. The timeline shows a notable increase in employee and client exposure starting in late 2025 and peaking in early 2026, with the United States being the most frequently observed country. The targeted services are overwhelmingly related to the domain itself, including login and signup pages, indicating potential credential harvesting operations.

Total Events

8,218
credential exposure events

Employee Affected Events

139
account email domain = gayboystube.com

Client Affected Events

8,079
service target = gayboystube.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
2,5001,6678330
peak month 2,253
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,097
Share13%
Data breaches
Events7,121
Share87%
Infostealer logs (13%)
1,097events
Data breaches (87%)
7,121events

139 compromised employee accounts pose an infrastructure risk, while 8,079 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender3

Malware Families Distribution

Distribution of Active Stealer Strains

Redline252
LummaC2166
Acreed105
Rhadamanthys60
Vidar59
StealC10
Millenium10
RisePro8
Cthulhu5

Top Login URLs

Top exposed services found in the event results

  1. 1gayboystube.com999
  2. 2https://www.gayboystube.com863
  3. 3https://gayboystube.com684
  4. 4https://www.gayboystube.com/signup683
  5. 5https://www.gayboystube.com/login635
  6. 6gayboystube.com/login524
  7. 7gayboystube.com/signup482
  8. 8www.gayboystube.com420
  9. 9www.gayboystube.com/login364
  10. 10www.gayboystube.com/signup355

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events264
Germany
Events42
Brazil
Events31
Canada
Events22
Hungary
Events21
France
Events21
United Kingdom
Events21
Spain
Events19

Country Breakdown

  1. 1United States264
  2. 2Germany42
  3. 3Brazil31
  4. 4Canada22
  5. 5Hungary21
  6. 6France21
  7. 7United Kingdom21
  8. 8Spain19

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11162
Windows 11 24H2 build 26100 (64 Bit)143
Windows 10 Enterprise x6457
Windows 10 22H2 build 19045 (64 Bit)54
Windows 10 Pro (10.0.19045) x6449

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
7,120
Combolist pools
1
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.