Back

ccm.net Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain ccm.net exhibits a high-risk score of 95, primarily driven by a significant volume of historical data breaches (86.1%) and active infostealer logs (13.9%) observed between July 2025 and June 2026. The data indicates that 45,966 data breach events and 7,410 infostealer events have occurred, impacting 150 employees and 53,226 clients. The timeline shows a notable increase in employee and client-related events starting in September 2025, peaking in March and April 2026. Malware analysis reveals a prevalence of infostealers like Redline, LummaC2, and Vidar, suggesting a focus on credential harvesting. Targeted services include authentication endpoints such as auth.ccm.net and secure.ccm.net, indicating potential attempts to compromise user accounts.

Total Events

53,376
credential exposure events

Employee Affected Events

150
account email domain = ccm.net

Client Affected Events

53,226
service target = ccm.net

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
15,00010,0005,0000
peak month 13,450
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events7,410
Share14%
Data breaches
Events45,966
Share86%
Infostealer logs (14%)
7,410events
Data breaches (86%)
45,966events

150 compromised employee accounts pose an infrastructure risk, while 53,226 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender104
Windows Defender.14
Windows Defender 360 Total Security.3
Windows Defender [ON]2
Malwarebytes2
Windows Defender Avast Antivirus.2
McAfee VirusScan2
Reason Cybersecurity [OFF]2
Windows Defender AVG Antivirus.2

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,887
LummaC21,181
Vidar523
Rhadamanthys521
Acreed422
RisePro352
StealC165
Remus69
Raccoon56

Top Login URLs

Top exposed services found in the event results

  1. 1https://auth.ccm.net/7,157
  2. 2auth.ccm.net/4,657
  3. 3auth.ccm.net4,272
  4. 4https://auth.ccm.net4,172
  5. 5https://es.ccm.net/register/2,353
  6. 6https://secure.ccm.net1,671
  7. 7secure.ccm.net1,619
  8. 8https://ccm.net/register/1,582
  9. 9es.ccm.net/register/1,441
  10. 10https://secure.ccm.net/es.ccm.net/register/1,245

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

France
Events414
Brazil
Events358
Argentina
Events349
India
Events349
Mexico
Events268
Venezuela
Events261
Colombia
Events257
Peru
Events195

Country Breakdown

  1. 1France414
  2. 2Brazil358
  3. 3Argentina349
  4. 4India349
  5. 5Mexico268
  6. 6Venezuela261
  7. 7Colombia257
  8. 8Peru195

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Enterprise x64827
Windows 11430
Windows 10 Pro397
Windows 10 Home x64265
Windows 10 22H2 build 19045 (64 Bit)261

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
45,934
Combolist pools
32
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.