Weekly intelligence Aug 17 – Aug 23, 2020 12 min read

Infostealers Weekly Report: 2020-08-17 – 2020-08-23

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 146

Infections by country

Top 25 countries

#1 France 978
#2 Spain 806
#3 United States of America 775
#4 Pakistan 638
#5 Germany 570
#6 Turkey 412
#7 India 379
#8 Thailand 283
#9 Vietnam 281
#10 United Kingdom 241
#11 Canada 200
#12 Sweden 166
#13 Israel 157
#14 South Africa 154
#15 Philippines 150
#16 Belgium 139
#17 Saudi Arabia 137
#18 Australia 122
#19 Russia 115
#20 Portugal 110
#21 Brazil 101
#22 Poland 97
#23 Indonesia 94
#24 Romania 81
#25 Serbia 71

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 7,520 users
#2 facebook.com 5,686 users
#3 live.com 4,516 users
#4 twitter.com 2,171 users
#5 netflix.com 2,158 users
#6 instagram.com 1,873 users
#7 amazon.com 1,867 users
#8 twitch.tv 1,595 users
#9 paypal.com 1,530 users
#10 epicgames.com 1,519 users
#11 roblox.com 1,464 users
#12 mega.nz 1,397 users
#13 com.facebook.katana 1,367 users
#14 apple.com 1,344 users
#15 steampowered.com 1,331 users
#16 discordapp.com 1,245 users
#17 steamcommunity.com 1,237 users
#18 yahoo.com 1,234 users
#19 1,181 users
#20 linkedin.com 1,145 users
#21 minecraft.net 1,100 users
#22 discord.com 1,086 users
#23 com.spotify.music 1,060 users
#24 com.netflix.mediaclient 991 users
#25 riotgames.com 982 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 24 employees
#2 one.com 20 employees
#3 ovh.net 17 employees
#4 confused.com 15 employees
#5 taqat.sa 13 employees
#6 publix.com 13 employees
#7 sapo.pt 12 employees
#8 cned.fr 12 employees
#9 rediff.com 12 employees
#10 interia.pl 12 employees
#11 movistar.es 11 employees
#12 telecom.pt 11 employees
#13 o2.pl 11 employees
#14 icicibank.com 11 employees
#15 maccabi4u.co.il 10 employees
#16 mail.de 10 employees
#17 aiou.edu.pk 10 employees
#18 jcyl.es 10 employees
#19 vic.edu.au 10 employees
#20 yandex.com.tr 10 employees
#21 ovh.com 9 employees
#22 onet.pl 8 employees
#23 freenet.de 8 employees
#24 webmail.es 8 employees
#25 secureserver.net 8 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 publix.com 13 employees
#2 twc.com 4 employees
#3 microsoft.com 3 employees
#4 rockwellautomation.com 3 employees
#5 ebay.com 3 employees
#6 att.com 2 employees
#7 frontier.com 2 employees
#8 cbre.com 2 employees
#9 pg.com 1 employees
#10 halliburton.com 1 employees
#11 aa.com 1 employees
#12 level3.com 1 employees
#13 steeldynamics.com 1 employees
#14 abbott.com 1 employees
#15 centurylink.com 1 employees
#16 lear.com 1 employees
#17 csc.com 1 employees
#18 costco.com 1 employees
#19 autonation.com 1 employees
#20 csx.com 1 employees

Compromised users

#1 google.com 7,517 users
#2 facebook.com 5,683 users
#3 netflix.com 2,156 users
#4 amazon.com 1,866 users
#5 paypal.com 1,529 users
#6 apple.com 1,344 users
#7 ebay.com 587 users
#8 walmart.com 212 users
#9 ups.com 204 users
#10 oracle.com 186 users
#11 hp.com 145 users
#12 att.com 139 users
#13 capitalone.com 126 users
#14 bestbuy.com 123 users
#15 adp.com 114 users
#16 nike.com 110 users
#17 target.com 98 users
#18 wellsfargo.com 94 users
#19 cisco.com 93 users
#20 fedex.com 92 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 17,192hits
#2 sso 5,005hits
#3 adfs 1,210hits
#4 webmail 1,198hits
#5 zoom 1,144hits
#6 github 616hits
#7 sap 448hits
#8 owa 447hits
#9 oracle 389hits
#10 ftp 369hits
#11 sts 333hits
#12 imap 319hits
#13 zendesk 307hits
#14 vpn 221hits
#15 ping 211hits
#16 cpanel 211hits
#17 zimbra 205hits
#18 st 200hits
#19 kaspersky 189hits
#20 extranet 175hits
#21 webex 101hits
#22 roundcube 93hits
#23 dana-na 91hits
#24 rlogin 80hits
#25 salesforce 77hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →

May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

25K machines
2K users
319K domains

View report →

May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

16K machines
4K users
200K domains

View report →