Back

zimbra.free.fr Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain zimbra.free.fr has experienced a significant exposure event, with 106,538 total events recorded over the period from July 2025 to June 2026. The majority of these events, 91,256 (85.7%), are classified as historical data breaches, primarily originating from "Combolist sources." Additionally, 15,282 (14.3%) events are identified as active infostealer logs, with "Redline," "Acreed," and "LummaC2" being the most prevalent malware families. The timeline indicates a surge in client-related events in August 2025 and a notable increase in employee-related events in February 2026, coinciding with a broad spike in client events. The primary geography affected is France. This extensive exposure, particularly the high volume of historical data breaches and active infostealer activity, poses a critical risk. The prevalence of infostealer malware targeting services like zimbra.free.fr suggests a high likelihood of credential compromise and potential follow-on attacks. Remediation efforts should focus on immediate credential rotation for all affected employees and clients, enhanced monitoring for suspicious activity originating from France, and a thorough review of access controls and security configurations for the zimbra.free.fr service.

Total Events

106,538
credential exposure events

Employee Affected Events

1,332
account email domain = zimbra.free.fr

Client Affected Events

105,206
service target = zimbra.free.fr

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
30,00020,00010,0000
peak month 26,569
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events15,282
Share14%
Data breaches
Events91,256
Share86%
Infostealer logs (14%)
15,282events
Data breaches (86%)
91,256events

1,332 compromised employee accounts pose an infrastructure risk, while 105,206 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender121
Windows Defender McAfee VirusScan18
ESET16
Windows Defender Norton 36011
Windows Defender Kaspersky9
Windows Defender Reason Cybersecurity8
Windows Defender [ON]6
Windows Defender.4
Windows Defender Avast Antivirus.1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline2,437
Acreed2,157
LummaC22,153
Rhadamanthys1,654
Vidar422
Millenium328
RisePro224
Raccoon194
Remus155

Top Login URLs

Top exposed services found in the event results

  1. 1https://zimbra.free.fr/23,279
  2. 2https://zimbra.free.fr20,303
  3. 3zimbra.free.fr19,424
  4. 4zimbra.free.fr/17,495
  5. 5https://zimbra.free.fr/zimbra.pl6,960
  6. 6zimbra.free.fr/zimbra.pl5,579
  7. 7https://zimbra.free.fr/index.pl2,970
  8. 8zimbra.free.fr/index.pl1,838
  9. 9http://zimbra.free.fr/1,671
  10. 10http://zimbra.free.fr1,270

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

France
Events8,556
United States
Events85
Algeria
Events53
Mexico
Events53
Morocco
Events51
Switzerland
Events42
Canada
Events40
Netherlands
Events39

Country Breakdown

  1. 1France8,556
  2. 2United States85
  3. 3Algeria53
  4. 4Mexico53
  5. 5Morocco51
  6. 6Switzerland42
  7. 7Canada40
  8. 8Netherlands39

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 112,293
Windows 10 Enterprise x64819
Windows 10 22H2 build 19045 (64 Bit)642
Windows 11 24H2 build 26100 (64 Bit)616
Windows 10593

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
91,206
Combolist pools
50
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.