Weekly intelligence Jul 20 – Jul 26, 2020 12 min read

Infostealers Weekly Report: 2020-07-20 – 2020-07-26

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 97

Infections by country

Top 25 countries

#1 United States of America 5,113
#2 Spain 889
#3 Germany 624
#4 France 523
#5 Canada 303
#6 United Kingdom 260
#7 Israel 146
#8 Sweden 122
#9 Australia 114
#10 Belgium 78
#11 Philippines 56
#12 Japan 51
#13 India 47
#14 Ireland 38
#15 Pakistan 37
#16 Switzerland 35
#17 Italy 25
#18 Brazil 25
#19 Indonesia 21
#20 Poland 18
#21 Romania 14
#22 Bangladesh 13
#23 Egypt 13
#24 Turkey 12
#25 Mongolia 11

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 8,094 users
#2 facebook.com 5,900 users
#3 live.com 5,674 users
#4 amazon.com 4,195 users
#5 paypal.com 3,375 users
#6 netflix.com 3,186 users
#7 twitter.com 2,861 users
#8 twitch.tv 2,674 users
#9 minecraft.net 2,257 users
#10 roblox.com 2,222 users
#11 instagram.com 2,192 users
#12 epicgames.com 2,191 users
#13 discordapp.com 2,127 users
#14 steampowered.com 2,022 users
#15 yahoo.com 1,962 users
#16 apple.com 1,939 users
#17 steamcommunity.com 1,905 users
#18 spotify.com 1,833 users
#19 ebay.com 1,759 users
#20 sonyentertainmentnetwork.com 1,499 users
#21 dropbox.com 1,475 users
#22 com.netflix.mediaclient 1,461 users
#23 com.spotify.music 1,427 users
#24 com.contextlogic.wish 1,395 users
#25 linkedin.com 1,357 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 publix.com 93 employees
#2 twc.com 28 employees
#3 k12.fl.us 26 employees
#4 spectrum.net 21 employees
#5 bluehost.com 19 employees
#6 confused.com 19 employees
#7 18 employees
#8 freenet.de 18 employees
#9 rr.com 18 employees
#10 maccabi4u.co.il 17 employees
#11 peoplematter.com 17 employees
#12 ky.gov 17 employees
#13 lausd.net 16 employees
#14 ovh.net 15 employees
#15 strato.com 15 employees
#16 dadeschools.net 15 employees
#17 centurylink.net 15 employees
#18 browardschools.com 14 employees
#19 hcps.net 14 employees
#20 roadrunner.com 14 employees
#21 cox.net 14 employees
#22 ionos.com 12 employees
#23 mail.de 12 employees
#24 one.com 11 employees
#25 k12.ca.us 11 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 publix.com 93 employees
#2 twc.com 28 employees
#3 frontier.com 10 employees
#4 att.com 7 employees
#5 verizon.com 5 employees
#6 rockwellautomation.com 4 employees
#7 netflix.com 4 employees
#8 amazon.com 3 employees
#9 delta.com 3 employees
#10 cbre.com 3 employees
#11 dish.com 2 employees
#12 cigna.com 2 employees
#13 insight.com 2 employees
#14 charter.com 2 employees
#15 marriott.com 2 employees
#16 disney.com 2 employees
#17 libertymutual.com 2 employees
#18 oracle.com 2 employees
#19 facebook.com 2 employees
#20 starbucks.com 2 employees

Compromised users

#1 google.com 8,093 users
#2 facebook.com 5,899 users
#3 amazon.com 4,194 users
#4 paypal.com 3,374 users
#5 netflix.com 3,186 users
#6 apple.com 1,939 users
#7 ebay.com 1,758 users
#8 walmart.com 1,049 users
#9 att.com 665 users
#10 capitalone.com 661 users
#11 target.com 566 users
#12 adp.com 561 users
#13 ups.com 548 users
#14 bestbuy.com 533 users
#15 wellsfargo.com 487 users
#16 fedex.com 419 users
#17 bankofamerica.com 399 users
#18 costco.com 335 users
#19 homedepot.com 329 users
#20 americanexpress.com 317 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 31,966hits
#2 sso 9,532hits
#3 adfs 3,325hits
#4 webmail 1,855hits
#5 zoom 1,695hits
#6 github 889hits
#7 owa 839hits
#8 zendesk 686hits
#9 sts 628hits
#10 sap 585hits
#11 ping 571hits
#12 oracle 508hits
#13 ftp 455hits
#14 vpn 433hits
#15 imap 306hits
#16 extranet 275hits
#17 st 269hits
#18 salesforce 245hits
#19 okta 234hits
#20 roundcube 210hits
#21 cpanel 199hits
#22 webex 181hits
#23 kaspersky 165hits
#24 zimbra 143hits
#25 dana-na 141hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

25K machines
2K users
319K domains

View report →

May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

16K machines
4K users
200K domains

View report →

Apr 27 → May 4, 2026 12 min

Infostealers Weekly Report: 2026-04-27 – 2026-05-04

14K machines
4K users
186K domains

View report →