Weekly intelligence Nov 9 – Nov 15, 2020 13 min read

Infostealers Weekly Report: 2020-11-09 – 2020-11-15

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 196

Infections by country

Top 25 countries

#1 India 7,505
#2 Indonesia 3,477
#3 Brazil 3,224
#4 United States of America 1,764
#5 Pakistan 1,756
#6 Turkey 1,697
#7 Philippines 1,562
#8 Thailand 1,186
#9 Mexico 1,025
#10 Italy 1,014
#11 Egypt 998
#12 Spain 991
#13 Poland 813
#14 Vietnam 809
#15 Romania 808
#16 France 762
#17 Bangladesh 752
#18 Malaysia 751
#19 Sri Lanka 696
#20 Argentina 657
#21 Germany 647
#22 Portugal 635
#23 Colombia 624
#24 South Korea 563
#25 Hungary 467

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 39,027 users
#2 facebook.com 29,636 users
#3 live.com 22,693 users
#4 12,293 users
#5 netflix.com 10,515 users
#6 twitter.com 9,765 users
#7 instagram.com 9,379 users
#8 mega.nz 9,198 users
#9 amazon.com 8,976 users
#10 paypal.com 8,806 users
#11 yahoo.com 6,786 users
#12 steampowered.com 6,781 users
#13 linkedin.com 6,624 users
#14 epicgames.com 6,058 users
#15 twitch.tv 5,930 users
#16 discord.com 5,884 users
#17 microsoftonline.com 5,474 users
#18 steamcommunity.com 5,135 users
#19 roblox.com 5,042 users
#20 discordapp.com 4,785 users
#21 spotify.com 4,415 users
#22 dropbox.com 4,323 users
#23 apple.com 4,186 users
#24 javascript:; 3,938 users
#25 minecraft.net 3,855 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 rediff.com 236 employees
#2 231 employees
#3 icicibank.com 225 employees
#4 telecom.pt 127 employees
#5 o2.pl 121 employees
#6 accenture.com 100 employees
#7 digimail.in 91 employees
#8 netpnb.com 76 employees
#9 sapo.pt 72 employees
#10 freemail.hu 70 employees
#11 aruba.it 69 employees
#12 tim.it 69 employees
#13 ig.com.br 69 employees
#14 secureserver.net 65 employees
#15 pec.it 65 employees
#16 onlinesbi.com 63 employees
#17 interia.pl 63 employees
#18 http://localhost/wordpress/wp-admin/install.php 58 employees
#19 onet.pl 55 employees
#20 ukr.net 51 employees
#21 unionbankonline.co.in 42 employees
#22 indusind.com 41 employees
#23 confused.com 35 employees
#24 ovh.net 35 employees
#25 infocert.it 34 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 21 employees
#2 publix.com 20 employees
#3 microsoft.com 15 employees
#4 cognizant.com 8 employees
#5 netflix.com 8 employees
#6 amazon.com 7 employees
#7 paypal.com 6 employees
#8 att.com 5 employees
#9 twc.com 5 employees
#10 google.com 5 employees
#11 hp.com 4 employees
#12 jpmorganchase.com 4 employees
#13 owens-minor.com 3 employees
#14 bestbuy.com 3 employees
#15 frontier.com 3 employees
#16 costco.com 3 employees
#17 csc.com 3 employees
#18 pg.com 2 employees
#19 bakerhughes.com 2 employees
#20 wrberkley.com 2 employees

Compromised users

#1 google.com 39,020 users
#2 facebook.com 29,624 users
#3 netflix.com 10,515 users
#4 amazon.com 8,975 users
#5 paypal.com 8,805 users
#6 apple.com 4,186 users
#7 ebay.com 2,515 users
#8 oracle.com 1,102 users
#9 hp.com 619 users
#10 cisco.com 599 users
#11 microsoft.com 528 users
#12 walmart.com 475 users
#13 ups.com 415 users
#14 westernunion.com 264 users
#15 capitalone.com 258 users
#16 ibm.com 255 users
#17 adp.com 240 users
#18 att.com 235 users
#19 fedex.com 232 users
#20 bestbuy.com 194 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 86,941hits
#2 sso 29,557hits
#3 webmail 7,226hits
#4 adfs 4,317hits
#5 github 3,788hits
#6 owa 3,326hits
#7 oracle 2,512hits
#8 zoom 2,448hits
#9 sap 2,219hits
#10 cpanel 1,935hits
#11 zendesk 1,626hits
#12 ping 1,326hits
#13 sts 1,178hits
#14 webex 1,148hits
#15 extranet 1,042hits
#16 kaspersky 1,018hits
#17 ftp 772hits
#18 st 706hits
#19 salesforce 704hits
#20 vpn 691hits
#21 roundcube 455hits
#22 zimbra 445hits
#23 okta 301hits
#24 jira 263hits
#25 citrix 262hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →