Back

canalblog.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain canalblog.com is associated with a significant volume of historical data breaches and active infostealer logs, totaling over 8,000 events. The majority of these events, approximately 90%, stem from historical data breaches, while the remaining 10% are attributed to active infostealer logs. The timeline indicates a notable increase in employee and client-related events starting in late 2025 and peaking in March and April 2026, with over 2,400 client events in March alone. Malware families such as LummaC2, Redline, and Acreed are prevalent, suggesting a broad campaign targeting credentials and sensitive information. The high volume of data breaches and the presence of infostealer activity targeting canalblog.com and its login pages indicate a substantial risk of credential compromise and potential downstream impacts on users. The prevalence of Windows operating systems among affected systems, coupled with the identified malware families, suggests a focus on endpoint compromise. Prioritization should be given to investigating the root cause of the historical data breaches and enhancing defenses against infostealer malware, particularly focusing on credential harvesting techniques targeting the identified services.

Total Events

8,135
credential exposure events

Employee Affected Events

124
account email domain = canalblog.com

Client Affected Events

8,011
service target = canalblog.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
2,5001,6678330
peak month 2,406
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events826
Share10%
Data breaches
Events7,309
Share90%
Infostealer logs (10%)
826events
Data breaches (90%)
7,309events

124 compromised employee accounts pose an infrastructure risk, while 8,011 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender15

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC2127
Redline121
Acreed109
Rhadamanthys34
Vidar34
Millenium19
StealC6
RisePro5
Raccoon4

Top Login URLs

Top exposed services found in the event results

  1. 1canalblog.com956
  2. 2https://www.canalblog.com743
  3. 3https://canalblog.com662
  4. 4www.canalblog.com441
  5. 5canalblog.com/signin/290
  6. 6https://www.canalblog.com/signin/286
  7. 7canalblog.com/207
  8. 8https://www.canalblog.com/184
  9. 9canalblog.com/cf/login.cfm176
  10. 10www.canalblog.com/signin/170

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

France
Events242
Algeria
Events36
Morocco
Events27
United States
Events19
India
Events13
Canada
Events12
Cameroon
Events9

Country Breakdown

  1. 1France242
  2. 2Algeria36
  3. 3Morocco27
  4. 4United States19
  5. 5Benin16
  6. 6India13
  7. 7Canada12
  8. 8Cameroon9

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11132
Windows 10 Enterprise x6466
Windows 1045
Windows 10 Professionnel (10.0.19045) x6438
Windows 10 Pro24

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
7,306
Combolist pools
3
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.