Back

alc.co.jp Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain alc.co.jp has experienced a significant number of data breach events, totaling 4213 incidents, which represent 87.5% of all observed events. Additionally, there were 601 infostealer logs, accounting for 12.5% of events. The timeline indicates a surge in client-related events starting in September 2025 and continuing through June 2026, with employee-related events also appearing during this period. Malware families associated with these events include Redline, LummaC2, and Rhadamanthys, commonly found in combolist sources and database dumps. The targeted services are primarily login authentication endpoints for alc.co.jp and its subdomains, suggesting credential compromise is a key vector.

Total Events

4,814
credential exposure events

Employee Affected Events

289
account email domain = alc.co.jp

Client Affected Events

4,525
service target = alc.co.jp

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
1,2008004000
peak month 1,131
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events601
Share13%
Data breaches
Events4,213
Share88%
Infostealer logs (13%)
601events
Data breaches (88%)
4,213events

289 compromised employee accounts pose an infrastructure risk, while 4,525 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender17

Malware Families Distribution

Distribution of Active Stealer Strains

Redline99
LummaC283
Rhadamanthys69
Vidar31
Acreed18
Remus11
Millenium10
Raccoon6
X-Files2

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.alc.co.jp/login/auth.php252
  2. 2alc.co.jp/login/auth.php218
  3. 3https://eowpf.alc.co.jp/login193
  4. 4alc.co.jp162
  5. 5https://user.alc.co.jp146
  6. 6https://alc.co.jp137
  7. 7eowpf.alc.co.jp/login130
  8. 8www.alc.co.jp/login/auth.php126
  9. 9user.alc.co.jp124
  10. 10https://eowpf.alc.co.jp110

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Japan
Events281
United States
Events40
Thailand
Events19
Australia
Events18
United Arab Emirates
Events12
China
Events9
Germany
Events7
Spain
Events6

Country Breakdown

  1. 1Japan281
  2. 2United States40
  3. 3Thailand19
  4. 4Australia18
  5. 5United Arab Emirates12
  6. 6China9
  7. 7Germany7
  8. 8Spain6

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11141
Windows 11 24H2 build 26100 (64 Bit)41
Windows 10 22H2 build 19045 (64 Bit)40
Windows 10 Enterprise x6433
Windows 10 Home x6428

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
4,134
Combolist pools
79
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.