Weekly intelligence Apr 8 – Apr 14, 2019 11 min read

Infostealers Weekly Report: 2019-04-08 – 2019-04-14

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 145

Infections by country

Top 25 countries

#1 Brazil 1,263
#2 Indonesia 937
#3 India 475
#4 Russia 350
#5 Vietnam 258
#6 United States of America 226
#7 Pakistan 226
#8 Germany 160
#9 Egypt 138
#10 Romania 133
#11 Bangladesh 126
#12 France 124
#13 United Kingdom 122
#14 Poland 113
#15 Portugal 101
#16 Sri Lanka 73
#17 Serbia 69
#18 Canada 68
#19 Mexico 65
#20 Philippines 65
#21 Colombia 55
#22 Algeria 54
#23 Italy 37
#24 Hungary 34
#25 Czechia 33

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 4,197 users
#2 facebook.com 3,679 users
#3 live.com 2,062 users
#4 twitter.com 1,078 users
#5 yahoo.com 917 users
#6 netflix.com 825 users
#7 paypal.com 805 users
#8 mega.nz 801 users
#9 770 users
#10 instagram.com 712 users
#11 192.168.1.1 596 users
#12 steampowered.com 594 users
#13 linkedin.com 587 users
#14 dropbox.com 579 users
#15 discordapp.com 569 users
#16 amazon.com 525 users
#17 apple.com 522 users
#18 roblox.com 519 users
#19 steamcommunity.com 483 users
#20 epicgames.com 472 users
#21 twitch.tv 424 users
#22 aliexpress.com 394 users
#23 192.168.0.1 388 users
#24 vk.com 377 users
#25 4shared.com 364 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 POP3://pop.gmail.com:995 38 employees
#2 o2.pl 21 employees
#3 rediff.com 18 employees
#4 telecom.pt 14 employees
#5 interia.pl 13 employees
#6 sapo.pt 13 employees
#7 icicibank.com 11 employees
#8 netpnb.com 10 employees
#9 ig.com.br 10 employees
#10 onet.pl 10 employees
#11 POP3://[email protected]:0 9 employees
#12 freemail.hu 9 employees
#13 POP3://[email protected]:0 9 employees
#14 9 employees
#15 digimail.in 9 employees
#16 hostgator.com.br 7 employees
#17 bni.co.id 7 employees
#18 abv.bg 7 employees
#19 gwdg.de 6 employees
#20 iu.edu 6 employees
#21 jwpub.org 6 employees
#22 http://localhost/wordpress/wp-admin/install.php 6 employees
#23 confused.com 6 employees
#24 heanet.ie 6 employees
#25 globo.com 6 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 netflix.com 2 employees
#2 paypal.com 1 employees
#3 google.com 1 employees
#4 aecom.com 1 employees
#5 facebook.com 1 employees
#6 twc.com 1 employees
#7 microsoft.com 1 employees
#8 amazon.com 1 employees

Compromised users

#1 google.com 4,197 users
#2 facebook.com 3,679 users
#3 netflix.com 825 users
#4 paypal.com 805 users
#5 amazon.com 525 users
#6 apple.com 522 users
#7 ebay.com 302 users
#8 oracle.com 56 users
#9 hp.com 34 users
#10 walmart.com 26 users
#11 microsoft.com 26 users
#12 ups.com 20 users
#13 att.com 19 users
#14 westernunion.com 19 users
#15 adp.com 18 users
#16 wellsfargo.com 18 users
#17 bestbuy.com 16 users
#18 americanexpress.com 15 users
#19 salesforce.com 14 users
#20 nike.com 13 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 4,605hits
#2 sso 1,666hits
#3 imap 775hits
#4 webmail 644hits
#5 ftp 226hits
#6 adfs 222hits
#7 cpanel 182hits
#8 github 174hits
#9 oracle 165hits
#10 st 165hits
#11 owa 145hits
#12 zendesk 114hits
#13 rlogin 108hits
#14 extranet 98hits
#15 sts 96hits
#16 sap 88hits
#17 roundcube 58hits
#18 vpn 53hits
#19 kaspersky 52hits
#20 zimbra 41hits
#21 salesforce 40hits
#22 ping 39hits
#23 jira 34hits
#24 zoom 31hits
#25 dana-na 23hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →