Weekly intelligence Jan 28 – Feb 3, 2019 10 min read

Infostealers Weekly Report: 2019-01-28 – 2019-02-03

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 138

Infections by country

Top 25 countries

#1 Vietnam 592
#2 Indonesia 509
#3 Brazil 488
#4 United States of America 477
#5 India 265
#6 Bangladesh 139
#7 Egypt 108
#8 Turkey 72
#9 Romania 68
#10 Mexico 67
#11 Pakistan 64
#12 Algeria 62
#13 Canada 62
#14 Malaysia 57
#15 Argentina 54
#16 Poland 47
#17 South Korea 47
#18 Hungary 46
#19 Colombia 42
#20 Serbia 40
#21 Sri Lanka 39
#22 Morocco 36
#23 Nepal 36
#24 Portugal 35
#25 Hong Kong SAR China 34

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 2,529 users
#2 facebook.com 2,284 users
#3 live.com 1,214 users
#4 twitter.com 705 users
#5 roblox.com 642 users
#6 yahoo.com 567 users
#7 paypal.com 526 users
#8 discordapp.com 513 users
#9 mega.nz 482 users
#10 instagram.com 459 users
#11 netflix.com 454 users
#12 422 users
#13 amazon.com 417 users
#14 steampowered.com 401 users
#15 epicgames.com 396 users
#16 steamcommunity.com 325 users
#17 twitch.tv 324 users
#18 linkedin.com 324 users
#19 apple.com 320 users
#20 dropbox.com 307 users
#21 192.168.1.1 281 users
#22 minecraft.net 277 users
#23 garena.com 261 users
#24 ebay.com 244 users
#25 aliexpress.com 198 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 POP3://pop.gmail.com:995 17 employees
#2 icicibank.com 11 employees
#3 10 employees
#4 rediff.com 9 employees
#5 ftp://192.168.0.1/ 8 employees
#6 vanthanhtdt.info 8 employees
#7 ftp://42.116.11.216/ 8 employees
#8 isacombank.com.vn 8 employees
#9 bni.co.id 7 employees
#10 freemail.hu 7 employees
#11 ig.com.br 6 employees
#12 abv.bg 6 employees
#13 uol.com.br 5 employees
#14 interia.pl 5 employees
#15 globo.com 5 employees
#16 browardschools.com 5 employees
#17 secureserver.net 5 employees
#18 digimail.in 4 employees
#19 vnpt.vn 4 employees
#20 IMAP://mail.vikoda.com.vn:0 4 employees
#21 mpi.gov.vn 4 employees
#22 creditinfo.org.vn 4 employees
#23 docomo.ne.jp 4 employees
#24 scb.com.vn 4 employees
#25 gmx.at 4 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 bestbuy.com 3 employees
#2 cognizant.com 2 employees
#3 pg.com 1 employees
#4 rockwellautomation.com 1 employees
#5 twc.com 1 employees
#6 apple.com 1 employees
#7 bakerhughes.com 1 employees

Compromised users

#1 google.com 2,529 users
#2 facebook.com 2,284 users
#3 paypal.com 526 users
#4 netflix.com 454 users
#5 amazon.com 417 users
#6 apple.com 320 users
#7 ebay.com 244 users
#8 walmart.com 47 users
#9 att.com 38 users
#10 oracle.com 31 users
#11 target.com 31 users
#12 wellsfargo.com 22 users
#13 adp.com 21 users
#14 bestbuy.com 21 users
#15 capitalone.com 21 users
#16 hp.com 21 users
#17 ups.com 20 users
#18 bankofamerica.com 20 users
#19 westernunion.com 19 users
#20 nike.com 15 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 3,326hits
#2 sso 1,552hits
#3 webmail 333hits
#4 imap 237hits
#5 adfs 164hits
#6 owa 135hits
#7 ftp 120hits
#8 github 109hits
#9 zendesk 80hits
#10 oracle 69hits
#11 cpanel 64hits
#12 sts 60hits
#13 sap 57hits
#14 extranet 43hits
#15 vpn 42hits
#16 st 41hits
#17 kaspersky 34hits
#18 salesforce 25hits
#19 zoom 22hits
#20 bitbucket 22hits
#21 ping 21hits
#22 zimbra 21hits
#23 citrix 17hits
#24 webex 16hits
#25 okta 11hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →