Weekly intelligence Aug 12 – Aug 18, 2019 10 min read

Infostealers Weekly Report: 2019-08-12 – 2019-08-18

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 129

Infections by country

Top 25 countries

#1 Brazil 242
#2 Turkey 150
#3 Vietnam 140
#4 Indonesia 139
#5 Egypt 124
#6 Italy 83
#7 India 57
#8 Mexico 51
#9 United States of America 51
#10 Argentina 45
#11 Pakistan 44
#12 Poland 40
#13 Colombia 38
#14 Romania 35
#15 Algeria 32
#16 Hungary 30
#17 Saudi Arabia 28
#18 Morocco 27
#19 Philippines 22
#20 Venezuela 20
#21 Peru 20
#22 South Africa 19
#23 Chile 18
#24 Ecuador 18
#25 Serbia 17

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 1,589 users
#2 facebook.com 1,444 users
#3 live.com 820 users
#4 twitter.com 395 users
#5 mega.nz 329 users
#6 netflix.com 327 users
#7 322 users
#8 yahoo.com 310 users
#9 instagram.com 289 users
#10 discordapp.com 286 users
#11 roblox.com 254 users
#12 paypal.com 242 users
#13 linkedin.com 222 users
#14 epicgames.com 219 users
#15 amazon.com 218 users
#16 192.168.1.1 209 users
#17 steampowered.com 208 users
#18 twitch.tv 178 users
#19 steamcommunity.com 173 users
#20 firefox.com 173 users
#21 com.facebook.katana 170 users
#22 apple.com 168 users
#23 chrome://FirefoxAccounts 166 users
#24 dropbox.com 166 users
#25 minecraft.net 143 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 rediris.es 10 employees
#2 iu.edu 10 employees
#3 gwdg.de 10 employees
#4 heanet.ie 10 employees
#5 POP3://[email protected]:0 8 employees
#6 POP3://[email protected]:0 8 employees
#7 POP3://pop.gmail.com:995 8 employees
#8 tim.it 7 employees
#9 rediff.com 6 employees
#10 6 employees
#11 dell.com 5 employees
#12 o2.pl 5 employees
#13 whiteclean-ksa.com 5 employees
#14 alkhulafa.com 5 employees
#15 interia.pl 5 employees
#16 accenture.com 5 employees
#17 m-almahdi.com 5 employees
#18 servconfig.com 5 employees
#19 toyscate.com 5 employees
#20 abv.bg 4 employees
#21 POP3://in.alice.it:0 4 employees
#22 freemail.hu 4 employees
#23 secureserver.net 4 employees
#24 ig.com.br 3 employees
#25 sapo.pt 3 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 cognizant.com 1 employees
#2 rockwellautomation.com 1 employees

Compromised users

#1 google.com 1,589 users
#2 facebook.com 1,444 users
#3 netflix.com 327 users
#4 paypal.com 242 users
#5 amazon.com 218 users
#6 apple.com 168 users
#7 ebay.com 81 users
#8 oracle.com 38 users
#9 hp.com 19 users
#10 microsoft.com 9 users
#11 intel.com 9 users
#12 walmart.com 7 users
#13 ibm.com 7 users
#14 ups.com 7 users
#15 cisco.com 7 users
#16 westernunion.com 6 users
#17 nike.com 6 users
#18 bestbuy.com 4 users
#19 salesforce.com 3 users
#20 yum.com 3 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 1,894hits
#2 sso 786hits
#3 webmail 195hits
#4 imap 168hits
#5 ftp 118hits
#6 cpanel 115hits
#7 github 85hits
#8 sap 68hits
#9 oracle 63hits
#10 zendesk 58hits
#11 adfs 57hits
#12 owa 48hits
#13 kaspersky 37hits
#14 zoom 35hits
#15 sts 33hits
#16 vpn 31hits
#17 extranet 21hits
#18 zimbra 19hits
#19 st 13hits
#20 dana-na 8hits
#21 bitbucket 8hits
#22 ping 7hits
#23 roundcube 6hits
#24 gitlab 6hits
#25 twilio 5hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →