Back

jal.co.jp Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain jal.co.jp exhibits a high-risk score of 95, primarily driven by a significant volume of historical data breaches (85.2%) and active infostealer logs (14.8%) over the past year. The data indicates 46,208 data breaches and 8,014 infostealer events, impacting 83 employees and 54,139 clients. Malware families like LummaC2, Redline, and Rhadamanthys are prevalent, suggesting ongoing credential harvesting and data exfiltration attempts. The majority of leaked data originates from "Combolist sources," indicating compromised credentials are a primary concern. Targeted services include login portals, highlighting potential for account takeover. The high number of client-related events, coupled with the prevalence of infostealers and data breaches, points to a substantial risk of sensitive client information compromise. Remediation efforts should focus on strengthening authentication mechanisms, enhancing endpoint security to detect and prevent infostealer malware, and conducting thorough investigations into the identified data breaches to understand the root cause and extent of exposure. Prioritizing the security of login portals and associated user accounts is critical.

Total Events

54,222
credential exposure events

Employee Affected Events

83
account email domain = jal.co.jp

Client Affected Events

54,139
service target = jal.co.jp

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
20,00013,3336,6670
peak month 15,104
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events8,014
Share15%
Data breaches
Events46,208
Share85%
Infostealer logs (15%)
8,014events
Data breaches (85%)
46,208events

83 compromised employee accounts pose an infrastructure risk, while 54,139 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender509
Windows Defender ウイルスバスター クラウド30
Windows Defender Sophos Intercept X12
Windows Defender ウイルスバスター クラウド マカフィー McAfee11
Windows Defender マカフィー ウイルススキャン ノートン 36011
Windows Defender ESET Security10
Windows Defender ノートン 3606
Windows Defender ウイルスバスター クラウド McAfee マカフィー5
Windows Defender McAfee マカフィー5

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC2985
Redline948
Rhadamanthys876
Vidar650
Acreed542
Millenium103
X-Files91
StealC80
Raccoon80

Top Login URLs

Top exposed services found in the event results

  1. 1https://jallogin.jal.co.jp/contents/login3,217
  2. 2jallogin.jal.co.jp/contents/login1,749
  3. 3jal.co.jp1,330
  4. 4https://www121.jal.co.jp1,068
  5. 5https://jal.co.jp1,008
  6. 6https://jallogin.jal.co.jp996
  7. 7https://www.jal.co.jp/915
  8. 8www121.jal.co.jp880
  9. 9jallogin.jal.co.jp828
  10. 10https://www.jal.co.jp773

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Japan
Events3,451
United States
Events276
Thailand
Events251
Taiwan
Events155
Philippines
Events129
India
Events67
Canada
Events65
Vietnam
Events59

Country Breakdown

  1. 1Japan3,451
  2. 2United States276
  3. 3Thailand251
  4. 4Taiwan155
  5. 5Philippines129
  6. 6India67
  7. 7Canada65
  8. 8Vietnam59

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11677
Windows 11 Home489
Windows 11 24H2 build 26100 (64 Bit)431
Windows 10 Enterprise x64393
Windows 10 22H2 build 19045 (64 Bit)200

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
46,172
Combolist pools
36
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.