Weekly intelligence Nov 23 – Nov 29, 2020 12 min read

Infostealers Weekly Report: 2020-11-23 – 2020-11-29

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 179

Infections by country

Top 25 countries

#1 India 2,947
#2 Brazil 1,533
#3 Indonesia 1,216
#4 United States of America 946
#5 Turkey 809
#6 Mexico 624
#7 Pakistan 543
#8 Philippines 486
#9 Thailand 439
#10 Italy 437
#11 Egypt 405
#12 Spain 360
#13 Colombia 357
#14 Vietnam 354
#15 Argentina 306
#16 France 293
#17 Poland 281
#18 Germany 278
#19 Peru 264
#20 Bangladesh 262
#21 Portugal 225
#22 Chile 224
#23 Romania 216
#24 South Korea 209
#25 Sri Lanka 191

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 15,807 users
#2 facebook.com 12,103 users
#3 live.com 9,606 users
#4 4,669 users
#5 netflix.com 4,507 users
#6 twitter.com 4,194 users
#7 instagram.com 4,077 users
#8 mega.nz 4,048 users
#9 amazon.com 3,981 users
#10 paypal.com 3,832 users
#11 steampowered.com 2,880 users
#12 linkedin.com 2,740 users
#13 yahoo.com 2,673 users
#14 discord.com 2,640 users
#15 twitch.tv 2,626 users
#16 epicgames.com 2,457 users
#17 microsoftonline.com 2,316 users
#18 roblox.com 2,133 users
#19 steamcommunity.com 2,105 users
#20 spotify.com 1,938 users
#21 discordapp.com 1,894 users
#22 apple.com 1,877 users
#23 dropbox.com 1,813 users
#24 riotgames.com 1,696 users
#25 adobe.com 1,597 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 106 employees
#2 rediff.com 96 employees
#3 icicibank.com 95 employees
#4 aruba.it 51 employees
#5 telecom.pt 46 employees
#6 accenture.com 45 employees
#7 o2.pl 41 employees
#8 onet.pl 37 employees
#9 digimail.in 35 employees
#10 pec.it 35 employees
#11 freemail.hu 33 employees
#12 interia.pl 32 employees
#13 sapo.pt 30 employees
#14 onlinesbi.com 28 employees
#15 netpnb.com 28 employees
#16 http://localhost/wordpress/wp-admin/install.php 25 employees
#17 tim.it 25 employees
#18 secureserver.net 24 employees
#19 confused.com 20 employees
#20 bluehost.com 20 employees
#21 infocert.it 19 employees
#22 unionbankonline.co.in 18 employees
#23 indusind.com 18 employees
#24 sempreser.com.br 16 employees
#25 skole.hr 15 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 microsoft.com 8 employees
#2 publix.com 8 employees
#3 cognizant.com 7 employees
#4 twc.com 6 employees
#5 rockwellautomation.com 6 employees
#6 hp.com 4 employees
#7 pepsico.com 3 employees
#8 abbott.com 2 employees
#9 ford.com 2 employees
#10 ibm.com 1 employees
#11 spglobal.com 1 employees
#12 drhorton.com 1 employees
#13 cummins.com 1 employees
#14 halliburton.com 1 employees
#15 vfc.com 1 employees
#16 netflix.com 1 employees
#17 costco.com 1 employees
#18 allstate.com 1 employees
#19 chs.net 1 employees
#20 harley-davidson.com 1 employees

Compromised users

#1 google.com 15,805 users
#2 facebook.com 12,102 users
#3 netflix.com 4,507 users
#4 amazon.com 3,981 users
#5 paypal.com 3,832 users
#6 apple.com 1,877 users
#7 ebay.com 1,035 users
#8 oracle.com 540 users
#9 hp.com 299 users
#10 walmart.com 266 users
#11 cisco.com 262 users
#12 microsoft.com 233 users
#13 ups.com 156 users
#14 att.com 140 users
#15 ibm.com 134 users
#16 capitalone.com 132 users
#17 westernunion.com 126 users
#18 intel.com 125 users
#19 target.com 121 users
#20 adp.com 112 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 37,404hits
#2 sso 12,652hits
#3 webmail 2,896hits
#4 adfs 1,918hits
#5 github 1,742hits
#6 owa 1,413hits
#7 oracle 1,174hits
#8 zoom 1,154hits
#9 sap 780hits
#10 zendesk 743hits
#11 cpanel 741hits
#12 sts 640hits
#13 ping 589hits
#14 kaspersky 501hits
#15 webex 490hits
#16 extranet 418hits
#17 ftp 343hits
#18 st 312hits
#19 zimbra 285hits
#20 vpn 228hits
#21 roundcube 155hits
#22 gitlab 142hits
#23 salesforce 133hits
#24 citrix 103hits
#25 okta 102hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →

May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

25K machines
2K users
319K domains

View report →

May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

16K machines
4K users
200K domains

View report →