Back

world.tmall.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain world.tmall.com is associated with a significant exposure, primarily driven by 722 historical data breaches and 171 active infostealer logs over the period of July 2025 to June 2026. The data breaches, comprising 80.9% of the total events, suggest a large-scale compromise of client data. Infostealer activity, accounting for 19.1% of events, indicates ongoing attempts to exfiltrate credentials and sensitive information, with Redline and LummaC2 being the most prevalent malware families observed. The exposure affects a substantial number of clients (816) and employees (77), with a notable increase in employee-related events in March and April 2026. The primary targeted service is the domain itself, with a concentration of activity originating from the United States, Taiwan, and China.

Total Events

893
credential exposure events

Employee Affected Events

77
account email domain = world.tmall.com

Client Affected Events

816
service target = world.tmall.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
200133670
peak month 181
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events171
Share19%
Data breaches
Events722
Share81%
Infostealer logs (19%)
171events
Data breaches (81%)
722events

77 compromised employee accounts pose an infrastructure risk, while 816 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender2

Malware Families Distribution

Distribution of Active Stealer Strains

Redline35
LummaC214
Rhadamanthys10
Vidar4
Remus2
RisePro2
StealC1
Acreed1
Raccoon1

Top Login URLs

Top exposed services found in the event results

  1. 1https://world.tmall.com/210
  2. 2https://world.tmall.com171
  3. 3world.tmall.com132
  4. 4world.tmall.com/119
  5. 5https://world.tmall.com/logon18
  6. 6https://www.world.tmall.com17
  7. 7https://world.tmall.com/home16
  8. 8world.tmall.com/logon14
  9. 9http://world.tmall.com/10
  10. 10world.tmall.com/home9

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events22
Taiwan
Events21
China
Events12
Canada
Events10
France
Events4
Germany
Events3
Indonesia
Events3

Country Breakdown

  1. 1United States22
  2. 2Taiwan21
  3. 3China12
  4. 4Canada10
  5. 5France4
  6. 6Hong Kong SAR China3
  7. 7Germany3
  8. 8Indonesia3

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1129
Windows 10 專業版 x6412
Windows 11 24H2 build 26100 (64 Bit)8
Windows 11 (Build 26200) (64 Bit)7
Windows 10 Enterprise x644

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
722
Combolist pools
0
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.