Back

tmall.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a high-risk exposure for tmall.com, with a risk score of 91. The primary threats stem from a significant volume of historical data breaches (26,523 events) and active infostealer logs (5,163 events) observed between July 2025 and June 2026. These events disproportionately affect clients (31,550) compared to employees (136), suggesting a broad impact on the user base. The data breaches are predominantly linked to "Combolist sources," indicating credential stuffing or account takeover attempts, while infostealer activity is driven by malware families such as Redline, LummaC2, and Rhadamanthys, commonly used to exfiltrate sensitive information. The high volume of client-related data breaches and infostealer activity, particularly targeting services like detail.tmall.com and login.tmall.com, necessitates immediate attention. The prevalence of Windows 11 and Windows 10 operating systems in the observed events suggests a focus on modern endpoints. Remediation efforts should prioritize strengthening authentication mechanisms, enhancing endpoint security to detect and prevent infostealer malware, and actively monitoring for credential stuffing attacks originating from known combolist sources. Given the nature of the domain and the observed events, the closest industry sector is Retail & E-commerce.

Total Events

31,686
credential exposure events

Employee Affected Events

136
account email domain = tmall.com

Client Affected Events

31,550
service target = tmall.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
8,0005,3332,6670
peak month 7,499
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events5,163
Share16%
Data breaches
Events26,523
Share84%
Infostealer logs (16%)
5,163events
Data breaches (84%)
26,523events

136 compromised employee accounts pose an infrastructure risk, while 31,550 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender8
Kaspersky1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,191
LummaC2535
Rhadamanthys428
Acreed93
Vidar61
RisePro35
StealC30
Millenium27
Raccoon17

Top Login URLs

Top exposed services found in the event results

  1. 1https://detail.tmall.com/1,864
  2. 2detail.tmall.com/1,044
  3. 3https://login.tmall.com/903
  4. 4detail.tmall.com897
  5. 5https://detail.tmall.com894
  6. 6login.tmall.com/507
  7. 7https://detail.tmall.com/item.htm399
  8. 8https://login.tmall.com394
  9. 9login.tmall.com370
  10. 10https://world.tmall.com/201

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

China
Events926
United States
Events700
Germany
Events248
Netherlands
Events224
Vietnam
Events159
Japan
Events140
Taiwan
Events97
Malaysia
Events91

Country Breakdown

  1. 1China926
  2. 2United States700
  3. 3Germany248
  4. 4Netherlands224
  5. 5Vietnam159
  6. 6Japan140
  7. 7Taiwan97
  8. 8Malaysia91

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix27
Cisco (AnyConnect)13
Pulse Secure7

Operating System Distribution

Distribution of compromised endpoint builds

Windows 111,267
Windows 11 (Build 26200) (64 Bit)157
Windows 11 24H2 build 26100 (64 Bit)141
Windows 10 22H2 build 19045 (64 Bit)139
Windows 10 Enterprise x64110

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
26,499
Combolist pools
24
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.