Weekly intelligence Nov 16 – Nov 22, 2020 13 min read

Infostealers Weekly Report: 2020-11-16 – 2020-11-22

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 193

Infections by country

Top 25 countries

#1 India 7,795
#2 Indonesia 3,514
#3 Brazil 3,219
#4 Turkey 2,357
#5 Pakistan 1,520
#6 Italy 1,458
#7 Philippines 1,344
#8 Mexico 1,169
#9 Thailand 1,151
#10 Poland 1,131
#11 Egypt 1,129
#12 Vietnam 1,120
#13 Romania 995
#14 Spain 965
#15 France 947
#16 Germany 894
#17 Bangladesh 815
#18 Argentina 790
#19 Portugal 762
#20 Colombia 696
#21 Malaysia 581
#22 Sri Lanka 570
#23 Hungary 565
#24 Peru 556
#25 Greece 501

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 41,185 users
#2 facebook.com 30,622 users
#3 live.com 24,413 users
#4 \ 16,141 users
#5 _ 16,141 users
#6 |_) 16,141 users
#7 ___| 16,141 users
#8 15,934 users
#9 netflix.com 11,487 users
#10 twitter.com 10,482 users
#11 instagram.com 10,218 users
#12 amazon.com 9,542 users
#13 mega.nz 9,378 users
#14 paypal.com 9,160 users
#15 steampowered.com 7,318 users
#16 linkedin.com 6,810 users
#17 twitch.tv 6,745 users
#18 discord.com 6,741 users
#19 yahoo.com 6,637 users
#20 epicgames.com 6,580 users
#21 microsoftonline.com 6,074 users
#22 steamcommunity.com 5,825 users
#23 roblox.com 5,786 users
#24 com.facebook.katana 5,212 users
#25 discordapp.com 5,088 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 rediff.com 222 employees
#2 208 employees
#3 icicibank.com 197 employees
#4 telecom.pt 169 employees
#5 o2.pl 153 employees
#6 tim.it 110 employees
#7 pec.it 107 employees
#8 accenture.com 100 employees
#9 aruba.it 99 employees
#10 freemail.hu 98 employees
#11 digimail.in 93 employees
#12 interia.pl 80 employees
#13 onet.pl 74 employees
#14 sapo.pt 72 employees
#15 secureserver.net 71 employees
#16 http://localhost/wordpress/wp-admin/install.php 63 employees
#17 sch.gr 54 employees
#18 infocert.it 54 employees
#19 nbg.gr 54 employees
#20 ovh.net 51 employees
#21 netpnb.com 51 employees
#22 onlinesbi.com 50 employees
#23 confused.com 49 employees
#24 abv.bg 46 employees
#25 hostgator.com 42 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 17 employees
#2 cognizant.com 16 employees
#3 publix.com 13 employees
#4 twc.com 7 employees
#5 microsoft.com 7 employees
#6 netflix.com 5 employees
#7 pepsico.com 4 employees
#8 frontier.com 4 employees
#9 salesforce.com 4 employees
#10 johnsoncontrols.com 3 employees
#11 cisco.com 3 employees
#12 facebook.com 2 employees
#13 csc.com 2 employees
#14 interpublic.com 2 employees
#15 qualcomm.com 2 employees
#16 harman.com 2 employees
#17 cummins.com 2 employees
#18 dish.com 2 employees
#19 xerox.com 2 employees
#20 morganstanley.com 2 employees

Compromised users

#1 google.com 41,184 users
#2 facebook.com 30,620 users
#3 netflix.com 11,487 users
#4 amazon.com 9,542 users
#5 paypal.com 9,160 users
#6 apple.com 4,870 users
#7 ebay.com 2,457 users
#8 oracle.com 1,102 users
#9 hp.com 671 users
#10 cisco.com 670 users
#11 microsoft.com 503 users
#12 ups.com 401 users
#13 walmart.com 308 users
#14 westernunion.com 275 users
#15 ibm.com 268 users
#16 intel.com 250 users
#17 nike.com 232 users
#18 fedex.com 172 users
#19 americanexpress.com 172 users
#20 adp.com 161 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 87,082hits
#2 sso 30,152hits
#3 webmail 6,491hits
#4 zoom 5,168hits
#5 adfs 4,653hits
#6 github 3,906hits
#7 owa 2,933hits
#8 oracle 2,785hits
#9 zendesk 1,667hits
#10 sap 1,661hits
#11 sts 1,647hits
#12 cpanel 1,428hits
#13 webex 1,387hits
#14 ping 1,115hits
#15 ftp 1,094hits
#16 kaspersky 997hits
#17 st 967hits
#18 extranet 828hits
#19 salesforce 765hits
#20 vpn 685hits
#21 zimbra 551hits
#22 roundcube 474hits
#23 imap 435hits
#24 gitlab 304hits
#25 citrix 284hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →