After a messy domain takedown last week in response to phishing complaints, new research suggests that an Indian IT company’s domain is being exploited to exfiltrate the bulk of keylogger data collected by malicious programs. Zoho, an Indian company that provides office tools and IT management platforms, had its domain taken down temporarily last week as a result of complaints about phishing abuse. Cofense says that, based on an analysis of keylogger data theft where email is used for to exfiltrate the data, domains owned by Zoho account for moving more than 40 percent of stolen data. According to the report, 68 percent of the data with these two keyloggers is sent via email. Within the email category, Zoho domains (zoho.com and zoho.eu) lead the pack with 41 percent. Other domains are abused as well, but Zoho leads the pack, according to the report.