Infostealers Weekly Report: 2019-09-16 – 2019-09-22
InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 United States of America 149
- #2 Italy 137
- #3 Spain 75
- #4 France 68
- #5 Vietnam 60
- #6 Germany 59
- #7 Canada 45
- #8 Netherlands 22
- #9 Australia 21
- #10 South Africa 9
- #11 United Kingdom 9
- #12 Egypt 5
- #13 Austria 4
- #14 Algeria 4
- #15 Palestinian Territories 4
- #16 South Korea 4
- #17 Uruguay 3
- #18 Syria 2
- #19 Bangladesh 2
- #20 Oman 2
- #21 Poland 2
- #22 Thailand 2
- #23 Mexico 2
- #24 Switzerland 2
- #25 Norway 1
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 395 users
-
#2
facebook.com 346 users
-
#3
live.com 255 users
-
#4
amazon.com 124 users
-
#5
netflix.com 115 users
-
#6
paypal.com 110 users
-
#7
twitter.com 96 users
-
#8
discordapp.com 93 users
-
#9
epicgames.com 92 users
-
#10
91 users
-
#11
roblox.com 81 users
-
#12
dropbox.com 79 users
-
#13
mega.nz 79 users
-
#14
instagram.com 79 users
-
#15
twitch.tv 79 users
-
#16
yahoo.com 76 users
-
#17
steampowered.com 75 users
-
#18
apple.com 68 users
-
#19
sonyentertainmentnetwork.com 67 users
-
#20
minecraft.net 66 users
-
#21
steamcommunity.com 60 users
-
#22
ebay.com 53 users
-
#23
ea.com 53 users
-
#24
linkedin.com 51 users
-
#25
com.facebook.katana 49 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
pec.it 11 employees
-
#2
iu.edu 7 employees
-
#3
POP3://pop.gmail.com:995 7 employees
-
#4
gwdg.de 7 employees
-
#5
rediris.es 7 employees
-
#6
heanet.ie 7 employees
-
#7
tim.it 6 employees
-
#8
aruba.it 6 employees
-
#9
POP3://[email protected]:0 4 employees
-
#10
POP3://[email protected]:0 4 employees
-
#11
confused.com 3 employees
-
#12
enteos.it 3 employees
-
#13
senecacollege.ca 2 employees
-
#14
vic.edu.au 2 employees
-
#15
bigpond.com 2 employees
-
#16
iinet.net.au 2 employees
-
#17
tcdsb.org 2 employees
-
#18
unisa.it 2 employees
-
#19
freenet.de 2 employees
-
#20
mdc.edu 2 employees
-
#21
cox.net 2 employees
-
#22
microgame.it 2 employees
-
#23
k12.fl.us 2 employees
-
#24
utcfireandsecurity.com 2 employees
-
#25
maw.it 2 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
publix.com 1 employees
-
#2
twc.com 1 employees
-
#3
frontier.com 1 employees
Compromised users
-
#1
-
#2
-
#3
-
#4
-
#5
-
#6
-
#7
-
#8
att.com 20 users
-
#9
walmart.com 20 users
-
#10
adp.com 18 users
-
#11
capitalone.com 17 users
-
#12
target.com 13 users
-
#13
bestbuy.com 12 users
-
#14
hp.com 12 users
-
#15
ups.com 11 users
-
#16
bankofamerica.com 11 users
-
#17
wellsfargo.com 10 users
-
#18
americanexpress.com 10 users
-
#19
homedepot.com 9 users
-
#20
fedex.com 8 users
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 702hits
- #2 sso 310hits
- #3 imap 116hits
- #4 webmail 87hits
- #5 adfs 56hits
- #6 ftp 53hits
- #7 sap 34hits
- #8 github 25hits
- #9 owa 21hits
- #10 zendesk 20hits
- #11 extranet 20hits
- #12 sts 16hits
- #13 st 15hits
- #14 vpn 15hits
- #15 kaspersky 14hits
- #16 oracle 14hits
- #17 salesforce 11hits
- #18 zoom 11hits
- #19 zimbra 9hits
- #20 cpanel 9hits
- #21 okta 8hits
- #22 ping 7hits
- #23 dana-na 2hits
- #24 citrix 2hits
- #25 gitlab 2hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-05-11 – 2026-05-18
- 25K machines
- 2K users
- 319K domains
Infostealers Weekly Report: 2026-05-04 – 2026-05-11
- 16K machines
- 4K users
- 200K domains
Infostealers Weekly Report: 2026-04-27 – 2026-05-04
- 14K machines
- 4K users
- 186K domains