Weekly intelligence Feb 18 – Feb 24, 2019 10 min read

Infostealers Weekly Report: 2019-02-18 – 2019-02-24

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 140

Infections by country

Top 25 countries

#1 Indonesia 821
#2 India 603
#3 United Kingdom 185
#4 Brazil 166
#5 Pakistan 138
#6 South Korea 130
#7 Canada 127
#8 Bangladesh 120
#9 Egypt 116
#10 Germany 75
#11 Turkey 70
#12 Malaysia 62
#13 Vietnam 56
#14 United States of America 55
#15 Philippines 51
#16 Sri Lanka 49
#17 Spain 47
#18 Russia 46
#19 France 42
#20 Algeria 42
#21 Thailand 42
#22 Hungary 37
#23 Myanmar (Burma) 36
#24 Morocco 34
#25 Serbia 28

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 2,381 users
#2 facebook.com 2,024 users
#3 live.com 1,077 users
#4 twitter.com 609 users
#5 yahoo.com 551 users
#6 489 users
#7 paypal.com 464 users
#8 instagram.com 429 users
#9 linkedin.com 411 users
#10 amazon.com 368 users
#11 netflix.com 363 users
#12 steampowered.com 357 users
#13 discordapp.com 349 users
#14 mega.nz 337 users
#15 epicgames.com 325 users
#16 dropbox.com 305 users
#17 twitch.tv 301 users
#18 roblox.com 282 users
#19 steamcommunity.com 281 users
#20 apple.com 279 users
#21 192.168.1.1 245 users
#22 ea.com 213 users
#23 chrome://FirefoxAccounts 207 users
#24 sonyentertainmentnetwork.com 206 users
#25 adobe.com 195 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 rediff.com 17 employees
#2 POP3://goodpostoffice.com:0 14 employees
#3 icicibank.com 13 employees
#4 POP3://pop.gmail.com:995 12 employees
#5 confused.com 12 employees
#6 POP3://[email protected]:0 11 employees
#7 freemail.hu 11 employees
#8 POP3://[email protected]:0 11 employees
#9 11 employees
#10 bni.co.id 9 employees
#11 secureserver.net 7 employees
#12 accenture.com 7 employees
#13 digimail.in 7 employees
#14 abv.bg 5 employees
#15 interia.pl 5 employees
#16 citromail.hu 5 employees
#17 netpnb.com 5 employees
#18 hostgator.com 4 employees
#19 POP3://outlook.office365.com:995 4 employees
#20 telecom.pt 4 employees
#21 onlinesbi.com 4 employees
#22 idbibank.co.in 4 employees
#23 freenet.de 3 employees
#24 india.com 3 employees
#25 inbox.lv 3 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 johnsoncontrols.com 1 employees
#2 boeing.com 1 employees
#3 oracle.com 1 employees
#4 rockwellautomation.com 1 employees

Compromised users

#1 google.com 2,380 users
#2 facebook.com 2,022 users
#3 paypal.com 464 users
#4 amazon.com 368 users
#5 netflix.com 362 users
#6 apple.com 279 users
#7 ebay.com 160 users
#8 oracle.com 28 users
#9 hp.com 27 users
#10 ibm.com 20 users
#11 westernunion.com 15 users
#12 ups.com 13 users
#13 intel.com 12 users
#14 microsoft.com 11 users
#15 salesforce.com 9 users
#16 americanexpress.com 8 users
#17 cisco.com 8 users
#18 adp.com 7 users
#19 walmart.com 7 users
#20 capitalone.com 7 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 2,683hits
#2 sso 1,172hits
#3 imap 332hits
#4 webmail 311hits
#5 github 187hits
#6 cpanel 172hits
#7 adfs 167hits
#8 ftp 154hits
#9 owa 99hits
#10 oracle 93hits
#11 sts 77hits
#12 sap 69hits
#13 zendesk 59hits
#14 kaspersky 51hits
#15 ping 51hits
#16 st 48hits
#17 salesforce 35hits
#18 vpn 32hits
#19 gitlab 32hits
#20 extranet 27hits
#21 zimbra 23hits
#22 zoom 22hits
#23 webex 21hits
#24 bitbucket 21hits
#25 citrix 11hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →

May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

25K machines
2K users
319K domains

View report →

May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

16K machines
4K users
200K domains

View report →