www.canva.com
Canva's official AI image generator page on a long-established design platform.
- Domain registered in 2001, over 25 years old.
- Zero detections across 92 antivirus engines.
- Valid SSL certificate issued by Amazon.
- Hosting IP shows zero abuse score.
- Australian company Canva Pty Ltd is registered and active with ABN 80 158 929 938.
At a glance
3 facts that matterThe Dossier
The page belongs to Canva, a well-known graphic design service founded in 2013 and operating from an Australian-registered company. Visitors reach a text-to-image tool that generates artwork from prompts inside the Canva editor. The domain itself shows no malicious code or phishing forms; instead, the main risk stems from third-party attackers who abuse Canva's public sharing links to host documents that redirect users to external credential-harvesting sites.
- No contact email, phone, or address listed on the AI image generator page itself.
- Platform's public sharing feature has been abused by attackers to host phishing lures that redirect elsewhere.
- Domain registered in 2001, over 25 years old.
- Zero detections across 92 antivirus engines.
- Valid SSL certificate issued by Amazon.
- Hosting IP shows zero abuse score.
- Australian company Canva Pty Ltd is registered and active with ABN 80 158 929 938.
Site Purpose and Visitor Flow
The URL loads Canva's AI Image Generator, an integrated feature that converts text prompts into images within the Canva workspace. The page presents navigation for design templates, photo tools, video editors, and business plans, all consistent with Canva's established product suite.
Operator Identity
Canva Pty Ltd is an active Australian corporation (ABN 80 158 929 938) with additional entities in the US and UK. The domain was registered in 2001 and has maintained continuous operation for over 25 years.
Security and Reputation Signals
No antivirus engine flagged the page. The hosting IP carries a zero abuse score, and the SSL certificate is valid and issued by Amazon. The site does not request login credentials or display countdown timers, push-notification prompts, or fake alerts.
Abuse Context
Independent reports note that malicious actors sometimes create free Canva accounts and share designs that link to phishing pages hosted elsewhere. These attacks exploit the domain's allow-list status rather than compromising Canva itself.
Visual and Technical Notes
The screenshot capture was incomplete because the page is a JavaScript-heavy application. No clone indicators or phishing layout elements were observed.
Use the page normally for design work. Avoid clicking external Canva share links from unknown sources, as those may lead to phishing pages hosted elsewhere.
Website Preview

We could not capture a fully-rendered screenshot of this page; visual analysis is inconclusive.
- 1Screenshot incomplete — site may be slow to render
Web Research
Canva is primarily used by malicious actors to create and host malicious files that redirect users to credentials phishes hosted elsewhere on the internet.
Malicious actors are abusing Canva's platform, likely to bypass traditional security tools that rely on a domain's reputation. Abused Canva designs often center on viewing a document.
Scammers created a free account on Canva and made a design that looks just like… Canva's home page... as soon as you click on the image, your browser is hijacked with a fake Microsoft alert.
Canva is an excellent design app, and arguably one of the most useful tools a small business can have in its arsenal.
It's a easy to use program that has many different helpful tools. It also promotes creative activity.
Canva Pty Ltd is an Australian corporation (ABN: 80 158 929 938). Also operates as Canva US, Inc. and Canva UK Operations Ltd.
Canva is a legitimate, globally recognized graphic design platform founded in 2013.
The platform's public design-sharing feature is frequently abused by threat actors to host phishing lures, as the 'canva.com' domain is often allow-listed by security filters.
Attackers use Canva to host documents that redirect users to external credential-harvesting sites, often mimicking Microsoft or DocuSign login pages.
Canva has experienced historical data breaches, including a major incident in 2019 involving millions of user records.
Threat Detection
Technical Details
Identity›
- Operator
- Identified
- On-domain email
- Not observed
- Phone
- Not observed
- Address
- Not observed
Domain›
- Status
- 25 years old
- Registration
- Registered May 5, 2001
- Encryption
- Valid TLSv1.3
- Certificate issuer
- Amazon · Amazon RSA 2048 M04
Infrastructure›
- Network address
- 104.16.103.112
- Hosting organization
- Cloudflare, Inc.
- Country
- US
- Server
- cloudflare
Connections›
- Redirects
- 0
- Cross-domain redirect
- No
- Referenced domains
- 5
- Final destination
- https://www.canva.com/ai-image-generator/
What to do
Use the page normally for design work. Avoid clicking external Canva share links from unknown sources, as those may lead to phishing pages hosted elsewhere.
If you paid, contact your bank or payment provider immediately and preserve receipts and messages. If you shared personal information, monitor the affected accounts and change any reused passwords through the official service.
Final Verdict
This is the legitimate Canva AI image generator. The domain is safe.
Use the page normally for design work. Avoid clicking external Canva share links from unknown sources, as those may lead to phishing pages hosted elsewhere.
Safety FAQ
Is www.canva.com safe to use?+
This is the legitimate Canva AI image generator. The domain is safe.
What should I do about www.canva.com?+
Use the page normally for design work. Avoid clicking external Canva share links from unknown sources, as those may lead to phishing pages hosted elsewhere.
How old is www.canva.com?+
www.canva.com is 25 years old and was registered may 5, 2001.
What if I already interacted with www.canva.com?+
If you paid, contact your bank or payment provider immediately and preserve receipts and messages. If you shared personal information, monitor the affected accounts and change any reused passwords through the official service.
When was this report updated?+
This report reflects the scan completed July 17, 2026 at 8:55 PM UTC.
User reviews & comments(0)
Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.