Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Nov 7 – Nov 13, 2022 13 min read

Infostealers Weekly Report: 2022-11-07 – 2022-11-13

InfoStealers Weekly Report - In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in complexity and scale, our mission is to equip you with the knowledge and tools needed to safeguard your sensitive information. Join us as we analyze the top compromised domains, identify trends in compromised employees and users, and examine the global impact of InfoStealer infections. Stay informed, stay protected, and stay one step ahead of cyber threats with our weekly report.

#1 0 Compromised Machines
#2 0 Compromised Employees
#3 0 Compromised Users
#4 0 Compromised Androids
#5 0 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 212
Infections by country

Top 25 countries

  1. #1 Indonesia 25,379
  2. #2 India 15,919
  3. #3 Egypt 15,828
  4. #4 Brazil 12,142
  5. #5 Algeria 8,498
  6. #6 Vietnam 6,551
  7. #7 Morocco 6,083
  8. #8 Turkey 5,830
  9. #9 Pakistan 5,630
  10. #10 Philippines 5,366
  11. #11 Mexico 4,456
  12. #12 Colombia 4,424
  13. #13 Argentina 4,387
  14. #14 United States of America 4,377
  15. #15 Venezuela 4,286
  16. #16 Peru 4,070
  17. #17 Thailand 3,865
  18. #18 Spain 3,786
  19. #19 Poland 3,533
  20. #20 Iraq 3,241
  21. #21 France 3,213
  22. #22 Italy 3,192
  23. #23 Bangladesh 2,848
  24. #24 Germany 2,452
  25. #25 Bolivia 2,214

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 84,585 users
  2. #2 facebook.com 77,206 users
  3. #3 live.com 65,126 users
  4. #4 instagram.com 33,614 users
  5. #5 com.facebook.katana 33,233 users
  6. #6 netflix.com 29,628 users
  7. #7 discord.com 28,595 users
  8. #8 twitter.com 26,931 users
  9. #9 roblox.com 24,951 users
  10. #10 amazon.com 24,811 users
  11. #11 com.instagram.android 22,515 users
  12. #12 paypal.com 21,954 users
  13. #13 steampowered.com 21,209 users
  14. #14 microsoftonline.com 20,160 users
  15. #15 com.netflix.mediaclient 18,870 users
  16. #16 mega.nz 18,812 users
  17. #17 twitch.tv 18,219 users
  18. #18 linkedin.com 17,865 users
  19. #19 riotgames.com 16,905 users
  20. #20 com.spotify.music 15,878 users
  21. #21 apple.com 15,808 users
  22. #22 epicgames.com 15,201 users
  23. #23 yahoo.com 14,254 users
  24. #24 spotify.com 14,124 users
  25. #25 com.discord 14,019 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 1,104 employees
  2. #2 wp.pl 506 employees
  3. #3 icicibank.com 315 employees
  4. #4 hostinger.com 298 employees
  5. #5 aruba.it 279 employees
  6. #6 o2.pl 227 employees
  7. #7 rediff.com 218 employees
  8. #8 tim.it 212 employees
  9. #9 163.com 202 employees
  10. #10 abv.bg 201 employees
  11. #11 interia.pl 183 employees
  12. #12 pec.it 175 employees
  13. #13 qq.com 168 employees
  14. #14 onet.pl 149 employees
  15. #15 secureserver.net 134 employees
  16. #16 laureate.net 122 employees
  17. #17 freemail.hu 121 employees
  18. #18 telecom.pt 117 employees
  19. #19 ovh.net 112 employees
  20. #20 secop.gov.co 111 employees
  21. #21 utp.edu.pe 108 employees
  22. #22 accenture.com 107 employees
  23. #23 rockwellautomation.com 103 employees
  24. #24 bni.co.id 99 employees
  25. #25 sempreser.com.br 99 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 rockwellautomation.com 103 employees
  2. #2 microsoft.com 89 employees
  3. #3 publix.com 31 employees
  4. #4 netflix.com 22 employees
  5. #5 ibm.com 13 employees
  6. #6 facebook.com 13 employees
  7. #7 cognizant.com 9 employees
  8. #8 aa.com 9 employees
  9. #9 hp.com 8 employees
  10. #10 paypal.com 8 employees
  11. #11 newmont.com 8 employees
  12. #12 twc.com 7 employees
  13. #13 apple.com 6 employees
  14. #14 google.com 6 employees
  15. #15 pfizer.com 5 employees
  16. #16 intel.com 5 employees
  17. #17 metlife.com 5 employees
  18. #18 pepsico.com 5 employees
  19. #19 pg.com 5 employees
  20. #20 cisco.com 5 employees

Compromised users

  1. #1 google.com 84,585 users
  2. #2 facebook.com 77,206 users
  3. #3 netflix.com 29,628 users
  4. #4 amazon.com 24,811 users
  5. #5 paypal.com 21,954 users
  6. #6 apple.com 15,808 users
  7. #7 ebay.com 3,983 users
  8. #8 oracle.com 2,893 users
  9. #9 cisco.com 2,614 users
  10. #10 microsoft.com 2,381 users
  11. #11 hp.com 2,003 users
  12. #12 nike.com 1,940 users
  13. #13 ibm.com 928 users
  14. #14 walmart.com 894 users
  15. #15 intel.com 766 users
  16. #16 ups.com 700 users
  17. #17 westernunion.com 608 users
  18. #18 adp.com 446 users
  19. #19 bestbuy.com 418 users
  20. #20 fedex.com 330 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 245,545hits
  2. #2 sso 72,063hits
  3. #3 zoom 29,031hits
  4. #4 webmail 14,526hits
  5. #5 github 12,437hits
  6. #6 adfs 8,832hits
  7. #7 oracle 5,431hits
  8. #8 owa 3,893hits
  9. #9 sap 3,744hits
  10. #10 zendesk 3,668hits
  11. #11 vpn 3,248hits
  12. #12 ping 3,217hits
  13. #13 cpanel 3,028hits
  14. #14 webex 2,526hits
  15. #15 sts 2,395hits
  16. #16 kaspersky 2,308hits
  17. #17 ftp 1,925hits
  18. #18 extranet 1,843hits
  19. #19 st 1,766hits
  20. #20 roundcube 1,540hits
  21. #21 salesforce 1,385hits
  22. #22 okta 815hits
  23. #23 gitlab 655hits
  24. #24 twilio 626hits
  25. #25 zimbra 531hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure