Weekly intelligence Aug 5 – Aug 11, 2019 11 min read

Infostealers Weekly Report: 2019-08-05 – 2019-08-11

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 172

Infections by country

Top 25 countries

#1 Indonesia 1,133
#2 India 833
#3 Brazil 809
#4 Egypt 701
#5 Vietnam 510
#6 Turkey 472
#7 Pakistan 441
#8 Algeria 312
#9 Philippines 239
#10 Argentina 221
#11 Germany 212
#12 Thailand 201
#13 Bangladesh 152
#14 Morocco 145
#15 Peru 129
#16 Iran 114
#17 Romania 107
#18 United Kingdom 99
#19 Malaysia 91
#20 Hungary 89
#21 Iraq 86
#22 South Africa 85
#23 Saudi Arabia 82
#24 Mexico 82
#25 Chile 72

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 5,750 users
#2 facebook.com 5,205 users
#3 live.com 2,616 users
#4 twitter.com 1,262 users
#5 yahoo.com 1,125 users
#6 1,037 users
#7 instagram.com 955 users
#8 roblox.com 942 users
#9 netflix.com 917 users
#10 mega.nz 916 users
#11 discordapp.com 833 users
#12 paypal.com 803 users
#13 linkedin.com 745 users
#14 epicgames.com 736 users
#15 192.168.1.1 703 users
#16 amazon.com 624 users
#17 firefox.com 598 users
#18 steampowered.com 571 users
#19 twitch.tv 568 users
#20 steamcommunity.com 516 users
#21 dropbox.com 494 users
#22 minecraft.net 489 users
#23 apple.com 482 users
#24 chrome://FirefoxAccounts 447 users
#25 com.facebook.katana 367 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 rediff.com 37 employees
#2 icicibank.com 20 employees
#3 secureserver.net 20 employees
#4 POP3://pop.gmail.com:995 15 employees
#5 13 employees
#6 freemail.hu 12 employees
#7 freenet.de 8 employees
#8 idbibank.co.in 8 employees
#9 onlinesbi.com 7 employees
#10 tim.it 7 employees
#11 bni.co.id 7 employees
#12 confused.com 6 employees
#13 POP3://pop.mail.yahoo.com:995 6 employees
#14 POP3://mail.ztbl.com.pk:995 6 employees
#15 kabelbw.de 6 employees
#16 rediris.es 6 employees
#17 POP3://mail.in10so.com:995 6 employees
#18 heanet.ie 6 employees
#19 SMTP://mail.ztbl.com.pk:587 6 employees
#20 digimail.in 6 employees
#21 unionbankonline.co.in 6 employees
#22 SMTP://mail.in10so.com:0 6 employees
#23 gwdg.de 6 employees
#24 iu.edu 6 employees
#25 vidzaimpex.com 5 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 cognizant.com 2 employees
#2 amazon.com 1 employees
#3 avnet.com 1 employees
#4 microsoft.com 1 employees
#5 apple.com 1 employees
#6 boeing.com 1 employees

Compromised users

#1 google.com 5,750 users
#2 facebook.com 5,204 users
#3 netflix.com 917 users
#4 paypal.com 803 users
#5 amazon.com 624 users
#6 apple.com 482 users
#7 ebay.com 244 users
#8 oracle.com 66 users
#9 hp.com 47 users
#10 microsoft.com 32 users
#11 cisco.com 25 users
#12 westernunion.com 23 users
#13 ibm.com 18 users
#14 walmart.com 17 users
#15 salesforce.com 14 users
#16 visa.com 13 users
#17 ups.com 13 users
#18 americanexpress.com 10 users
#19 fedex.com 9 users
#20 att.com 9 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 5,387hits
#2 sso 2,065hits
#3 webmail 500hits
#4 imap 384hits
#5 cpanel 322hits
#6 github 236hits
#7 ftp 229hits
#8 owa 223hits
#9 sap 193hits
#10 adfs 160hits
#11 zendesk 155hits
#12 oracle 140hits
#13 st 100hits
#14 kaspersky 88hits
#15 vpn 59hits
#16 ping 50hits
#17 sts 47hits
#18 extranet 40hits
#19 citrix 39hits
#20 salesforce 37hits
#21 zoom 29hits
#22 bitbucket 28hits
#23 twilio 20hits
#24 roundcube 19hits
#25 zimbra 16hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →