Weekly intelligence Jul 8 – Jul 14, 2019 10 min read

Infostealers Weekly Report: 2019-07-08 – 2019-07-14

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 126

Infections by country

Top 25 countries

#1 Brazil 330
#2 Egypt 214
#3 Mexico 201
#4 Germany 182
#5 France 167
#6 United Kingdom 153
#7 Vietnam 152
#8 Australia 126
#9 Canada 105
#10 India 92
#11 Pakistan 87
#12 Bangladesh 56
#13 Peru 55
#14 Argentina 53
#15 Morocco 51
#16 Turkey 44
#17 Indonesia 40
#18 Colombia 33
#19 Philippines 32
#20 Nigeria 30
#21 Chile 29
#22 Sri Lanka 26
#23 Venezuela 25
#24 Jordan 25
#25 Algeria 25

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 1,554 users
#2 facebook.com 1,367 users
#3 live.com 1,049 users
#4 netflix.com 485 users
#5 twitter.com 408 users
#6 roblox.com 397 users
#7 paypal.com 395 users
#8 instagram.com 354 users
#9 com.facebook.katana 327 users
#10 epicgames.com 307 users
#11 mega.nz 300 users
#12 amazon.com 281 users
#13 yahoo.com 273 users
#14 discordapp.com 270 users
#15 twitch.tv 269 users
#16 steampowered.com 263 users
#17 com.netflix.mediaclient 240 users
#18 226 users
#19 minecraft.net 214 users
#20 apple.com 210 users
#21 steamcommunity.com 210 users
#22 linkedin.com 193 users
#23 spotify.com 172 users
#24 dropbox.com 169 users
#25 microsoftonline.com 158 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 freenet.de 7 employees
#2 mail.de 7 employees
#3 laureate.net 6 employees
#4 wp.pl 6 employees
#5 bigpond.com 5 employees
#6 telstra.com 5 employees
#7 gwdg.de 5 employees
#8 heanet.ie 5 employees
#9 rediris.es 5 employees
#10 iu.edu 5 employees
#11 interia.pl 4 employees
#12 abv.bg 4 employees
#13 ig.com.br 4 employees
#14 qld.edu.au 4 employees
#15 uol.com.br 4 employees
#16 POP3://pop.free.fr:0 4 employees
#17 tpg.com.au 4 employees
#18 ftp://192.168.0.2 3 employees
#19 SMTP://mail.groupeallianceconstruction.com:587 3 employees
#20 tcdsb.org 3 employees
#21 confused.com 3 employees
#22 hccfl.edu 3 employees
#23 IMAP://mail.tekzitel.com:993 3 employees
#24 freemail.hu 3 employees
#25 SMTP://mail.tekzitel.com:465 3 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 microsoft.com 1 employees

Compromised users

#1 google.com 1,554 users
#2 facebook.com 1,367 users
#3 netflix.com 485 users
#4 paypal.com 395 users
#5 amazon.com 281 users
#6 apple.com 210 users
#7 ebay.com 78 users
#8 oracle.com 26 users
#9 hp.com 20 users
#10 microsoft.com 18 users
#11 westernunion.com 14 users
#12 cisco.com 14 users
#13 nike.com 14 users
#14 ups.com 11 users
#15 americanexpress.com 7 users
#16 capitalone.com 5 users
#17 visa.com 4 users
#18 salesforce.com 4 users
#19 ibm.com 4 users
#20 aecom.com 4 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 2,354hits
#2 sso 882hits
#3 imap 309hits
#4 webmail 179hits
#5 adfs 144hits
#6 zoom 118hits
#7 github 98hits
#8 sts 75hits
#9 oracle 63hits
#10 ftp 57hits
#11 cpanel 48hits
#12 zendesk 41hits
#13 owa 41hits
#14 sap 40hits
#15 extranet 33hits
#16 kaspersky 30hits
#17 st 29hits
#18 vpn 26hits
#19 ping 21hits
#20 zimbra 19hits
#21 webex 14hits
#22 roundcube 13hits
#23 git 6hits
#24 okta 6hits
#25 salesforce 5hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →