Back

carrier.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain carrier.com has experienced a significant number of data breach and infostealer events, totaling over 15,000 incidents within the reporting period. The majority of these events are classified as historical data breaches (85.7%), with active infostealer logs accounting for the remainder (14.3%). A substantial portion of the data breach and infostealer activity appears to be linked to combolist sources and database dumps, suggesting credential stuffing or reuse attacks. Malware families such as Rhadamanthys, Acreed, and Redline are prominently associated with these events, indicating potential compromise of user credentials and sensitive information. The timeline shows a notable spike in employee and client-related events in January 2026, which warrants further investigation into the root cause and impact during that period. The targeted services primarily include various login and user management endpoints associated with carrier.com and its subdomains, indicating a focus on authentication mechanisms.

Total Events

15,069
credential exposure events

Employee Affected Events

8,856
account email domain = carrier.com

Client Affected Events

6,213
service target = carrier.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
5,0003,3331,6670
peak month 4,024
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events2,153
Share14%
Data breaches
Events12,916
Share86%
Infostealer logs (14%)
2,153events
Data breaches (86%)
12,916events

8,856 compromised employee accounts pose an infrastructure risk, while 6,213 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender56
McAfee34
AVG Antivirus4
Avast4
Windows Defender.1

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys461
Acreed345
Redline274
LummaC2251
Vidar146
RisePro32
X-Files24
Blank Grabber15
Remus11

Top Login URLs

Top exposed services found in the event results

  1. 1https://ssologin.digital.carrier.com/adfs/ls/299
  2. 2https://ssologin.digital.carrier.com233
  3. 3https://ssologin.digital.carrier.com/UserManagement/Register.aspx213
  4. 4ssologin.digital.carrier.com201
  5. 5ssologin.digital.carrier.com/adfs/ls/172
  6. 6carrier.com142
  7. 7myinfinitytouch.carrier.com138
  8. 8https://ssologin.digital.carrier.com/UserManagement/Reset.aspx130
  9. 9ssologin.digital.carrier.com/UserManagement/Register.aspx116
  10. 10android://3q0yEUVQ7jM0660WgD_wV1Q01wKjR_4I2n7f1ZmrLm6RSm06Er0VFJJnU4p37p_57Pf068PoLb_DEUO80WiePQ==@com.carrier.katta/109

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events720
Malaysia
Events240
India
Events159
Canada
Events89
Philippines
Events43
Egypt
Events32
Morocco
Events32
Mexico
Events23

Country Breakdown

  1. 1United States720
  2. 2Malaysia240
  3. 3India159
  4. 4Canada89
  5. 5Philippines43
  6. 6Egypt32
  7. 7Morocco32
  8. 8Mexico23

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft818
Salesforce38
Auth025
Intranet24
Okta10
NetSuite8
Microsoft Entra ID (External ID / B2C)8

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 24H2 build 26100 (64 Bit)515
Windows 11393
Windows 10 Pro (10.0.19045) x6493
Windows 10 Enterprise x6460
Windows 10 Home x6452

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
7,136
Combolist pools
5,780
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.