Back

ucoz.ru Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain ucoz.ru has experienced a significant number of events, with 20,008 client-related incidents and 216 employee-related incidents over the observed period. The majority of these events are categorized as historical data breaches (17,903) and active infostealer logs (2,321). Malware families such as Redline, Rhadamanthys, and LummaC2 are prevalent, indicating a high risk of credential theft and further compromise. The high volume of data breaches and infostealer activity, coupled with the targeting of services like registration and site creation, suggests a broad exposure affecting a large client base. The prevalence of combolist sources in leak repositories further indicates that compromised credentials are being actively traded and utilized. Prioritization should focus on immediate remediation of identified vulnerabilities, enhanced credential protection measures for both employees and clients, and comprehensive security awareness training.

Total Events

20,224
credential exposure events

Employee Affected Events

216
account email domain = ucoz.ru

Client Affected Events

20,008
service target = ucoz.ru

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
5,0003,3331,6670
peak month 4,254
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events2,321
Share12%
Data breaches
Events17,903
Share89%
Infostealer logs (12%)
2,321events
Data breaches (89%)
17,903events

216 compromised employee accounts pose an infrastructure risk, while 20,008 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender29
Dr.Web Security Space5
Windows Defender McAfee1
Fortect Security Suite1
Windows Defender Kaspersky Endpoint Security para Windows.1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline501
Rhadamanthys290
LummaC2232
Vidar152
Acreed92
RisePro49
DarkCrystal41
Remus21
StealC17

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.ucoz.ru/register2987
  2. 2https://www.ucoz.ru/createsite939
  3. 3ucoz.ru/register2912
  4. 4ucoz.ru816
  5. 5https://www.ucoz.ru765
  6. 6https://www.ucoz.ru/register630
  7. 7ucoz.ru/createsite619
  8. 8ucoz.ru/register592
  9. 9https://ucoz.ru391
  10. 10www.ucoz.ru/register2344

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Ukraine
Events112
India
Events79
United States
Events73
Russia
Events71
Germany
Events60
Israel
Events49
Hungary
Events47
Poland
Events42

Country Breakdown

  1. 1Ukraine112
  2. 2India79
  3. 3United States73
  4. 4Russia71
  5. 5Germany60
  6. 6Israel49
  7. 7Hungary47
  8. 8Poland42

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Enterprise x64220
Windows 11126
Windows 10 22H2 build 19045 (64 Bit)110
Windows 10 Pro105
Windows 11 (Build 26200) (64 Bit)73

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
17,827
Combolist pools
76
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.