Back

airproducts.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure of 55,326 historical data breaches and 2,383 active infostealer logs targeting airproducts.com over the period of July 2025 to June 2026. The majority of infostealer activity is attributed to the Redline malware family, with a notable presence of LummaC2, Rhadamanthys, and Vidar. The data suggests a broad impact, with 53,466 employee credentials and 4,243 client credentials compromised. The primary services targeted include the airproducts.com domain itself, its login portals, and ADFS infrastructure, with the United States and Netherlands being the most affected geographies. The exposure appears to stem from combolist sources and database dumps, indicating credential stuffing or reuse of compromised credentials. The high volume of historical data breaches and active infostealer logs, coupled with the targeting of employee and client credentials, presents a critical risk of further account compromise, data exfiltration, and potential business disruption. Prioritization should focus on immediate remediation of exposed credentials, particularly those associated with employee and client accounts. A comprehensive review of access controls and authentication mechanisms for targeted services, including the airproducts.com login portals and ADFS, is recommended. Given the prevalence of Redline and LummaC2, endpoint security and malware detection should be enhanced. Investigating the sources of combolists and database dumps may reveal further attack vectors or compromised systems. The timeline shows a peak in employee and client credential exposure in September 2025 and January 2026, suggesting these periods require particular attention for incident response and forensic analysis.

Total Events

57,709
credential exposure events

Employee Affected Events

53,466
account email domain = airproducts.com

Client Affected Events

4,243
service target = airproducts.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
20,00013,3336,6670
peak month 16,961
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events2,383
Share4%
Data breaches
Events55,326
Share96%
Infostealer logs (4%)
2,383events
Data breaches (96%)
55,326events

53,466 compromised employee accounts pose an infrastructure risk, while 4,243 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender6
Bitdefender3

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,921
LummaC298
Rhadamanthys72
Vidar52
Acreed23
StealC20
RisePro12
X-Files2
Remus2

Top Login URLs

Top exposed services found in the event results

  1. 1airproducts.com1,145
  2. 2https://account.airproducts.com/login337
  3. 3account.airproducts.com/login268
  4. 4account.airproducts.com248
  5. 5https://account.airproducts.com243
  6. 6https://account.airproducts.com/login/130
  7. 7https://account.airproducts.com/82
  8. 8adfs.airproducts.com/adfs/ls/76
  9. 9https://secure.airproducts.com/login/authenticate.aspx75
  10. 10https://adfs.airproducts.com/adfs/ls/75

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Netherlands
Events435
United States
Events390
Germany
Events353
Denmark
Events175
Chile
Events82
India
Events82
Spain
Events71
United Kingdom
Events65

Country Breakdown

  1. 1Netherlands435
  2. 2United States390
  3. 3Germany353
  4. 4Denmark175
  5. 5Chile82
  6. 6India82
  7. 7Spain71
  8. 8United Kingdom65

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft637
Citrix190
Pulse Secure49
Git28
FortiNet VPN13
Cisco (AnyConnect)13
Auth010

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Enterprise x64142
Windows 10 Home x32137
Windows 10 Enterprise x32132
Windows Server 2008 R2 x32130
Windows Server 2012 x32124

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
38,272
Combolist pools
17,054
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.