Back

ppomppu.co.kr Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain ppomppu.co.kr has experienced a significant exposure event with a risk score of 94, primarily driven by 40,743 historical data breaches and 5,040 active infostealer logs. The data breaches are predominantly sourced from combolist repositories, indicating potential credential stuffing or account takeover risks. Infostealer activity is linked to malware families such as LummaC2, Redline, and Rhadamanthys, which are known for exfiltrating sensitive information. The timeline shows a notable increase in employee and client-related events starting in February 2026, with peaks in March and April, suggesting a period of heightened compromise. The majority of targeted services are related to login pages on ppomppu.co.kr, indicating that user credentials may have been compromised. Given the high volume of data breaches and infostealer activity targeting login credentials, this exposure poses a critical risk to the organization and its users. The prevalence of LummaC2 and Redline infostealers suggests a sophisticated threat actor actively seeking to harvest credentials. Remediation efforts should focus on immediate credential resets for all affected users, enhanced monitoring of login activity for suspicious patterns, and a thorough review of security configurations for the ppomppu.co.kr domain and its associated services. Implementing multi-factor authentication and user education on phishing and credential security are also crucial steps.

Total Events

45,783
credential exposure events

Employee Affected Events

116
account email domain = ppomppu.co.kr

Client Affected Events

45,667
service target = ppomppu.co.kr

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
12,0008,0004,0000
peak month 11,808
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events5,040
Share11%
Data breaches
Events40,743
Share89%
Infostealer logs (11%)
5,040events
Data breaches (89%)
40,743events

116 compromised employee accounts pose an infrastructure risk, while 45,667 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender32
Windows Defender McAfee 알약6
AhnLab V3 Lite2
Windows Defender 알약2
Windows Defender 알약 McAfee1
Windows Defender ESET Security1

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC21,085
Redline837
Rhadamanthys701
Vidar237
Acreed217
StealC67
RisePro60
Remus56
Raccoon37

Top Login URLs

Top exposed services found in the event results

  1. 1ppomppu.co.kr4,044
  2. 2https://www.ppomppu.co.kr/zboard/login.php3,429
  3. 3ppomppu.co.kr/zboard/login.php2,940
  4. 4https://ppomppu.co.kr2,819
  5. 5https://www.ppomppu.co.kr2,437
  6. 6https://m.ppomppu.co.kr/new/login.php2,149
  7. 7m.ppomppu.co.kr/new/login.php1,901
  8. 8www.ppomppu.co.kr/zboard/login.php1,863
  9. 9www.ppomppu.co.kr1,676
  10. 10https://ppomppu.co.kr/zboard/login.php1,351

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

South Korea
Events2,954
United States
Events25
France
Events12
Venezuela
Events12
China
Events11
United Arab Emirates
Events11
Canada
Events10

Country Breakdown

  1. 1South Korea2,954
  2. 2Hong Kong SAR China46
  3. 3United States25
  4. 4France12
  5. 5Venezuela12
  6. 6China11
  7. 7United Arab Emirates11
  8. 8Canada10

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 24H2 build 26100 (64 Bit)352
Windows 10 Enterprise x64334
Windows 11315
Windows 10 Pro (10.0.19045) x64307
Windows 10 22H2 build 19045 (64 Bit)258

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
40,726
Combolist pools
17
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.