Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Oct 28 – Nov 3, 2019 11 min read

Infostealers Weekly Report: 2019-10-28 – 2019-11-03

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines
#2 0 Compromised Employees
#3 0 Compromised Users
#4 0 Compromised Androids
#5 0 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 178
Infections by country

Top 25 countries

  1. #1 Indonesia 983
  2. #2 India 863
  3. #3 Vietnam 796
  4. #4 Brazil 753
  5. #5 Pakistan 574
  6. #6 Egypt 540
  7. #7 Turkey 462
  8. #8 Romania 273
  9. #9 Thailand 267
  10. #10 Bangladesh 251
  11. #11 Algeria 198
  12. #12 Morocco 185
  13. #13 Philippines 183
  14. #14 Argentina 182
  15. #15 Hungary 165
  16. #16 Chile 160
  17. #17 Mexico 160
  18. #18 South Korea 143
  19. #19 Serbia 135
  20. #20 Poland 132
  21. #21 South Africa 131
  22. #22 Colombia 130
  23. #23 Malaysia 122
  24. #24 Portugal 120
  25. #25 Sri Lanka 112

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 7,276 users
  2. #2 facebook.com 5,773 users
  3. #3 live.com 3,755 users
  4. #4 twitter.com 1,736 users
  5. #5 mega.nz 1,583 users
  6. #6 1,547 users
  7. #7 yahoo.com 1,428 users
  8. #8 netflix.com 1,426 users
  9. #9 instagram.com 1,296 users
  10. #10 paypal.com 1,150 users
  11. #11 linkedin.com 1,145 users
  12. #12 discordapp.com 1,020 users
  13. #13 amazon.com 964 users
  14. #14 steampowered.com 916 users
  15. #15 roblox.com 828 users
  16. #16 dropbox.com 821 users
  17. #17 192.168.1.1 808 users
  18. #18 apple.com 788 users
  19. #19 epicgames.com 782 users
  20. #20 twitch.tv 742 users
  21. #21 steamcommunity.com 691 users
  22. #22 adobe.com 569 users
  23. #23 minecraft.net 529 users
  24. #24 firefox.com 512 users
  25. #25 spotify.com 503 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 icicibank.com 28 employees
  2. #2 27 employees
  3. #3 rediff.com 24 employees
  4. #4 freemail.hu 23 employees
  5. #5 ig.com.br 16 employees
  6. #6 secureserver.net 16 employees
  7. #7 telecom.pt 16 employees
  8. #8 interia.pl 15 employees
  9. #9 POP3://pop.gmail.com:995 13 employees
  10. #10 onet.pl 11 employees
  11. #11 sapo.pt 11 employees
  12. #12 digimail.in 10 employees
  13. #13 o2.pl 10 employees
  14. #14 inacap.cl 10 employees
  15. #15 inbox.lv 10 employees
  16. #16 yandex.com.tr 9 employees
  17. #17 indusind.com 8 employees
  18. #18 globo.com 8 employees
  19. #19 onlinesbi.com 8 employees
  20. #20 netpnb.com 8 employees
  21. #21 bni.co.id 8 employees
  22. #22 idbibank.co.in 8 employees
  23. #23 isacombank.com.vn 7 employees
  24. #24 uol.com.br 7 employees
  25. #25 accenture.com 7 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 twc.com 2 employees
  2. #2 lear.com 2 employees
  3. #3 cognizant.com 2 employees
  4. #4 apple.com 1 employees
  5. #5 walmart.com 1 employees
  6. #6 cbre.com 1 employees
  7. #7 salesforce.com 1 employees
  8. #8 hp.com 1 employees
  9. #9 rockwellautomation.com 1 employees
  10. #10 bestbuy.com 1 employees
  11. #11 emc.com 1 employees
  12. #12 fedex.com 1 employees
  13. #13 discoverfinancial.com 1 employees
  14. #14 microsoft.com 1 employees
  15. #15 netflix.com 1 employees

Compromised users

  1. #1 google.com 7,276 users
  2. #2 facebook.com 5,773 users
  3. #3 netflix.com 1,426 users
  4. #4 paypal.com 1,150 users
  5. #5 amazon.com 964 users
  6. #6 apple.com 788 users
  7. #7 ebay.com 410 users
  8. #8 oracle.com 128 users
  9. #9 hp.com 70 users
  10. #10 cisco.com 58 users
  11. #11 microsoft.com 44 users
  12. #12 ibm.com 38 users
  13. #13 westernunion.com 26 users
  14. #14 walmart.com 24 users
  15. #15 salesforce.com 24 users
  16. #16 americanexpress.com 22 users
  17. #17 ups.com 21 users
  18. #18 adp.com 19 users
  19. #19 intel.com 19 users
  20. #20 nike.com 19 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 9,735hits
  2. #2 sso 3,491hits
  3. #3 webmail 663hits
  4. #4 owa 444hits
  5. #5 adfs 395hits
  6. #6 github 355hits
  7. #7 oracle 301hits
  8. #8 sap 292hits
  9. #9 cpanel 250hits
  10. #10 imap 244hits
  11. #11 zendesk 187hits
  12. #12 ftp 167hits
  13. #13 sts 127hits
  14. #14 kaspersky 120hits
  15. #15 ping 120hits
  16. #16 extranet 111hits
  17. #17 st 74hits
  18. #18 salesforce 71hits
  19. #19 vpn 67hits
  20. #20 zoom 54hits
  21. #21 twilio 34hits
  22. #22 dana-na 32hits
  23. #23 roundcube 32hits
  24. #24 gitlab 32hits
  25. #25 webex 26hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

  • 14K machines
  • 4K users
  • 187K domains
View report →
May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

  • 25K machines
  • 2K users
  • 319K domains
View report →
May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

  • 16K machines
  • 4K users
  • 200K domains
View report →
Free Tools Check your exposure