Weekly intelligence Jul 3 – Jul 9, 2023 12 min read

Infostealers Weekly Report: 2023-07-03 – 2023-07-09

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 188

Infections by country

Top 25 countries

#1 Brazil 7,715
#2 Vietnam 4,682
#3 Egypt 4,493
#4 Pakistan 3,707
#5 Philippines 3,567
#6 United States of America 3,168
#7 Mexico 3,059
#8 Turkey 2,854
#9 Thailand 2,643
#10 Peru 2,106
#11 Colombia 1,968
#12 India 1,816
#13 Algeria 1,798
#14 Argentina 1,690
#15 Germany 1,623
#16 Bangladesh 1,574
#17 Spain 1,416
#18 Morocco 1,354
#19 Chile 1,265
#20 Sri Lanka 1,120
#21 Poland 1,102
#22 Italy 944
#23 Netherlands 942
#24 France 921
#25 Indonesia 875

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 30,796 users
#2 facebook.com 30,312 users
#3 live.com 27,006 users
#4 discord.com 14,742 users
#5 instagram.com 13,812 users
#6 com.facebook.katana 13,375 users
#7 roblox.com 13,272 users
#8 netflix.com 12,355 users
#9 steampowered.com 10,285 users
#10 twitter.com 9,975 users
#11 amazon.com 9,914 users
#12 com.instagram.android 8,657 users
#13 paypal.com 8,389 users
#14 com.netflix.mediaclient 8,270 users
#15 riotgames.com 8,237 users
#16 twitch.tv 8,152 users
#17 microsoftonline.com 7,933 users
#18 mega.nz 7,418 users
#19 epicgames.com 7,084 users
#20 apple.com 6,878 users
#21 spotify.com 6,607 users
#22 linkedin.com 6,328 users
#23 steamcommunity.com 6,085 users
#24 com.roblox.client 6,032 users
#25 com.discord 5,987 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 wp.pl 149 employees
#2 hostinger.com 129 employees
#3 qq.com 92 employees
#4 aruba.it 81 employees
#5 163.com 72 employees
#6 login.sp.gov.br 67 employees
#7 freemail.hu 61 employees
#8 banquemisr.com 60 employees
#9 interia.pl 59 employees
#10 o2.pl 55 employees
#11 tim.it 53 employees
#12 icicibank.com 53 employees
#13 fmod.dev 51 employees
#14 aiep.cl 50 employees
#15 deped.gov.ph 49 employees
#16 secureserver.net 49 employees
#17 laureate.net 48 employees
#18 buenosaires.gob.ar 47 employees
#19 santander.com.br 47 employees
#20 sts.net.pk 46 employees
#21 alxswe.com 45 employees
#22 britanico.edu.pe 44 employees
#23 pec.it 44 employees
#24 inacap.cl 43 employees
#25 jwpub.org 42 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 30 employees
#2 microsoft.com 25 employees
#3 cisco.com 9 employees
#4 ibm.com 8 employees
#5 airproducts.com 8 employees
#6 publix.com 7 employees
#7 fedex.com 6 employees
#8 ups.com 5 employees
#9 harman.com 5 employees
#10 netflix.com 4 employees
#11 nrgenergy.com 4 employees
#12 pvh.com 3 employees
#13 intel.com 3 employees
#14 frontier.com 3 employees
#15 amazon.com 3 employees
#16 paypal.com 3 employees
#17 ally.com 2 employees
#18 att.com 2 employees
#19 manpowergroup.com 1 employees
#20 twc.com 1 employees

Compromised users

#1 google.com 30,796 users
#2 facebook.com 30,312 users
#3 netflix.com 12,355 users
#4 amazon.com 9,914 users
#5 paypal.com 8,389 users
#6 apple.com 6,878 users
#7 ebay.com 1,641 users
#8 oracle.com 952 users
#9 nike.com 918 users
#10 microsoft.com 865 users
#11 cisco.com 769 users
#12 hp.com 766 users
#13 walmart.com 368 users
#14 ups.com 368 users
#15 ibm.com 256 users
#16 intel.com 247 users
#17 westernunion.com 227 users
#18 fedex.com 202 users
#19 adp.com 175 users
#20 bestbuy.com 152 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 112,919hits
#2 sso 30,663hits
#3 zoom 11,074hits
#4 github 4,966hits
#5 adfs 3,644hits
#6 sap 3,611hits
#7 webmail 3,458hits
#8 zendesk 1,870hits
#9 oracle 1,698hits
#10 owa 1,438hits
#11 vpn 1,265hits
#12 ping 1,110hits
#13 cpanel 1,044hits
#14 sts 878hits
#15 webex 702hits
#16 extranet 628hits
#17 kaspersky 619hits
#18 ftp 581hits
#19 st 574hits
#20 roundcube 522hits
#21 okta 324hits
#22 twilio 216hits
#23 salesforce 203hits
#24 gitlab 198hits
#25 sharepoint 135hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →