Back

mp4ba.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain mp4ba.com has been associated with a significant number of data breach events, totaling 780, and 205 active infostealer logs over the reporting period. The majority of these events, 79.2%, are attributed to historical data breaches, while 20.8% are linked to active infostealer activity. The timeline indicates a surge in employee and client-related events starting in March 2026, with a notable increase in client-related incidents. Malware families such as LummaC2 and Redline are prevalent, suggesting potential credential harvesting and data exfiltration activities. The targeted services are primarily related to the mp4ba.com domain, including its login and registration pages, and the operating systems observed are predominantly Windows 11 variants. The leak repository classification indicates that the data breaches originate from "Combolist sources." Given the high volume of historical data breaches and active infostealer logs, this exposure presents a critical risk. The prevalence of infostealer malware targeting login and registration services indicates a high likelihood of credential compromise, potentially affecting both employees and clients. The "Combolist sources" classification suggests that compromised credentials may be aggregated and sold, increasing the risk of further unauthorized access and account takeovers. Prioritization should focus on immediate credential hygiene, including password resets and multi-factor authentication enforcement for all users, and a thorough investigation into the source and scope of the data breaches and infostealer activity.

Total Events

985
credential exposure events

Employee Affected Events

135
account email domain = mp4ba.com

Client Affected Events

850
service target = mp4ba.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
250167830
peak month 226
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events205
Share21%
Data breaches
Events780
Share79%
Infostealer logs (21%)
205events
Data breaches (79%)
780events

135 compromised employee accounts pose an infrastructure risk, while 850 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

No Data Available

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC241
Redline31
Acreed16
Rhadamanthys10
Millenium2
StealC1

Top Login URLs

Top exposed services found in the event results

  1. 1mp4ba.com117
  2. 2https://mp4ba.com93
  3. 3https://www.mp4ba.com80
  4. 4http://www.mp4ba.com/member/index/register.html57
  5. 5mp4ba.com/member/index/register.html46
  6. 6https://mp4ba.com/home40
  7. 7mp4ba.com/home35
  8. 8www.mp4ba.com33
  9. 9https://mp4ba.com/login32
  10. 10http://www.mp4ba.com/member/index/login.html30

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

China
Events29
United States
Events22
Malaysia
Events18
Japan
Events10
Netherlands
Events8
Germany
Events8
Cambodia
Events6
Egypt
Events3

Country Breakdown

  1. 1China29
  2. 2United States22
  3. 3Malaysia18
  4. 4Japan10
  5. 5Netherlands8
  6. 6Germany8
  7. 7Cambodia6
  8. 8Egypt3

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix4

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1175
Windows 11 专业版 (10.0.26100) x6418
Windows 11 24H2 build 26220 (64 Bit)10
Windows 11 24H2 build 26200 (64 Bit)8
Windows 10 Enterprise x647

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
780
Combolist pools
0
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.