Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Jan 27 – Feb 2, 2020 11 min read

Infostealers Weekly Report: 2020-01-27 – 2020-02-02

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines
#2 0 Compromised Employees
#3 0 Compromised Users
#4 0 Compromised Androids
#5 0 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 166
Infections by country

Top 25 countries

  1. #1 Indonesia 1,664
  2. #2 Brazil 1,501
  3. #3 Egypt 1,485
  4. #4 India 1,303
  5. #5 Turkey 979
  6. #6 Pakistan 649
  7. #7 Vietnam 619
  8. #8 Algeria 587
  9. #9 Bangladesh 550
  10. #10 United States of America 401
  11. #11 Philippines 381
  12. #12 Argentina 334
  13. #13 Thailand 309
  14. #14 Hungary 273
  15. #15 Romania 247
  16. #16 Morocco 223
  17. #17 Iran 202
  18. #18 Chile 198
  19. #19 United Arab Emirates 166
  20. #20 Serbia 154
  21. #21 Iraq 144
  22. #22 Greece 135
  23. #23 Malaysia 129
  24. #24 Peru 127
  25. #25 Bosnia & Herzegovina 122

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 11,177 users
  2. #2 facebook.com 9,391 users
  3. #3 live.com 5,290 users
  4. #4 twitter.com 2,879 users
  5. #5 mega.nz 2,562 users
  6. #6 instagram.com 2,272 users
  7. #7 roblox.com 2,204 users
  8. #8 yahoo.com 2,203 users
  9. #9 netflix.com 2,180 users
  10. #10 com.facebook.katana 1,935 users
  11. #11 discordapp.com 1,879 users
  12. #12 paypal.com 1,776 users
  13. #13 linkedin.com 1,672 users
  14. #14 amazon.com 1,598 users
  15. #15 192.168.1.1 1,596 users
  16. #16 1,566 users
  17. #17 steampowered.com 1,557 users
  18. #18 epicgames.com 1,462 users
  19. #19 steamcommunity.com 1,188 users
  20. #20 apple.com 1,186 users
  21. #21 twitch.tv 1,120 users
  22. #22 minecraft.net 1,093 users
  23. #23 com.netflix.mediaclient 993 users
  24. #24 dropbox.com 989 users
  25. #25 192.168.0.1 778 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 freemail.hu 64 employees
  2. #2 rediff.com 35 employees
  3. #3 icicibank.com 30 employees
  4. #4 nbg.gr 28 employees
  5. #5 POP3://pop.gmail.com:995 23 employees
  6. #6 ig.com.br 22 employees
  7. #7 digimail.in 22 employees
  8. #8 accenture.com 21 employees
  9. #9 abv.bg 21 employees
  10. #10 yandex.com.tr 20 employees
  11. #11 bluehost.com 19 employees
  12. #12 citromail.hu 18 employees
  13. #13 secureserver.net 18 employees
  14. #14 uol.com.br 16 employees
  15. #15 vic.edu.au 15 employees
  16. #16 15 employees
  17. #17 sp.gov.br 13 employees
  18. #18 telecom.pt 13 employees
  19. #19 onlinesbi.com 13 employees
  20. #20 http://localhost/wordpress/wp-admin/install.php 12 employees
  21. #21 yahoosmallbusiness.com 12 employees
  22. #22 netpnb.com 12 employees
  23. #23 sapo.pt 10 employees
  24. #24 globo.com 9 employees
  25. #25 gemseducation.com 8 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 publix.com 6 employees
  2. #2 rockwellautomation.com 4 employees
  3. #3 twc.com 4 employees
  4. #4 cognizant.com 3 employees
  5. #5 citigroup.com 2 employees
  6. #6 frontier.com 2 employees
  7. #7 microsoft.com 2 employees
  8. #8 aa.com 1 employees
  9. #9 pfizer.com 1 employees
  10. #10 verizon.com 1 employees
  11. #11 cbre.com 1 employees
  12. #12 google.com 1 employees
  13. #13 jll.com 1 employees
  14. #14 humana.com 1 employees
  15. #15 realogy.com 1 employees
  16. #16 charter.com 1 employees
  17. #17 jacobs.com 1 employees
  18. #18 netflix.com 1 employees
  19. #19 broadcom.com 1 employees
  20. #20 aig.com 1 employees

Compromised users

  1. #1 google.com 11,171 users
  2. #2 facebook.com 9,389 users
  3. #3 netflix.com 2,180 users
  4. #4 paypal.com 1,776 users
  5. #5 amazon.com 1,598 users
  6. #6 apple.com 1,185 users
  7. #7 ebay.com 563 users
  8. #8 oracle.com 175 users
  9. #9 walmart.com 103 users
  10. #10 hp.com 96 users
  11. #11 ups.com 66 users
  12. #12 capitalone.com 66 users
  13. #13 adp.com 63 users
  14. #14 cisco.com 60 users
  15. #15 microsoft.com 59 users
  16. #16 att.com 56 users
  17. #17 bestbuy.com 50 users
  18. #18 americanexpress.com 46 users
  19. #19 fedex.com 45 users
  20. #20 bankofamerica.com 45 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 12,751hits
  2. #2 sso 5,003hits
  3. #3 webmail 971hits
  4. #4 adfs 583hits
  5. #5 github 571hits
  6. #6 sap 372hits
  7. #7 oracle 356hits
  8. #8 owa 347hits
  9. #9 ftp 313hits
  10. #10 st 307hits
  11. #11 imap 306hits
  12. #12 zendesk 269hits
  13. #13 cpanel 267hits
  14. #14 sts 225hits
  15. #15 salesforce 172hits
  16. #16 kaspersky 151hits
  17. #17 vpn 130hits
  18. #18 zoom 118hits
  19. #19 ping 115hits
  20. #20 extranet 113hits
  21. #21 roundcube 64hits
  22. #22 gitlab 56hits
  23. #23 okta 51hits
  24. #24 citrix 50hits
  25. #25 webex 45hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 15 → Jun 22, 2026 13 min

Infostealers Weekly Report: 2026-06-15 – 2026-06-22

  • 16K machines
  • 3K users
  • 216K domains
View report →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
Free Tools Check your exposure