Back

oshkoshcorp.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event affecting oshkoshcorp.com, with 3,188 historical data breaches and 85 active infostealer logs observed between July 2025 and June 2026. The majority of these events, 90.9%, are linked to database dumps, with a substantial portion of the remaining 9.1% attributed to combolist sources. Malware analysis reveals a prevalence of infostealer families such as RisePro (20%), Redline (7.1%), StealC (1.2%), and Vidar (1.2%). The timeline shows a sharp increase in employee-related events in January 2026, with 2,384 incidents, and a consistent number of client-related events throughout the period, totaling 324. Targeted services include guest-americas.oshkoshcorp.com and portal.oshkoshcorp.com, with Pulse Secure identified as a classified service. The primary operating system affected is Windows 10 (61.2%). Given the high volume of historical data breaches and active infostealer logs, coupled with the presence of common infostealer malware families, this incident poses a critical risk of further credential compromise and potential data exfiltration. The concentration of events in database dumps and combolists suggests a high likelihood of compromised credentials being traded or sold on illicit markets. Prioritization should focus on immediate credential hygiene, including widespread password resets for both employees and clients, enhanced monitoring for anomalous access patterns, and a thorough review of data access controls for services like guest-americas.oshkoshcorp.com and portal.oshkoshcorp.com. The prevalence of Windows 10 suggests that endpoint security and patching on these systems should be a key remediation focus.

Total Events

3,273
credential exposure events

Employee Affected Events

2,949
account email domain = oshkoshcorp.com

Client Affected Events

324
service target = oshkoshcorp.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
2,5001,6678330
peak month 2,384
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events85
Share3%
Data breaches
Events3,188
Share97%
Infostealer logs (3%)
85events
Data breaches (97%)
3,188events

2,949 compromised employee accounts pose an infrastructure risk, while 324 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

No Data Available

Malware Families Distribution

Distribution of Active Stealer Strains

RisePro17
Redline6
StealC1
Vidar1

Top Login URLs

Top exposed services found in the event results

  1. 1https://guest-americas.oshkoshcorp.com/61
  2. 2https://guest-americas.oshkoshcorp.com34
  3. 3guest-americas.oshkoshcorp.com28
  4. 4oshkoshcorp.com27
  5. 5https://guest-americas.oshkoshcorp.com:8446/portal/PortalSetup.action22
  6. 6https://gdcguest.oshkoshcorp.com/16
  7. 7guest-americas.oshkoshcorp.com/15
  8. 8defense.oshkoshcorp.com10
  9. 9portal.oshkoshcorp.com10
  10. 10https://portal.oshkoshcorp.com9

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events53
Mexico
Events21
Brazil
Events1
Israel
Events1

Country Breakdown

  1. 1United States53
  2. 2Mexico21
  3. 3Brazil1
  4. 4Israel1

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Pulse Secure15

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1052
Windows 10 Home Single Language [x64]17
Windows 11 Home Single Language x644
Windows 10 Home x643
Windows 10 Pro (10.0.19045) x641

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
290
Combolist pools
2,898
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.