Weekly intelligence Jun 5 – Jun 11, 2023 13 min read

Infostealers Weekly Report: 2023-06-05 – 2023-06-11

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 197

Infections by country

Top 25 countries

#1 Brazil 10,529
#2 Egypt 7,194
#3 Vietnam 5,836
#4 Thailand 5,639
#5 Peru 5,149
#6 Philippines 5,115
#7 Mexico 4,000
#8 United States of America 3,334
#9 Pakistan 3,247
#10 India 3,105
#11 Colombia 3,012
#12 Turkey 2,994
#13 Algeria 2,814
#14 Argentina 2,712
#15 Spain 2,400
#16 Germany 1,532
#17 Bangladesh 1,511
#18 Poland 1,472
#19 Morocco 1,461
#20 Indonesia 1,425
#21 Chile 1,417
#22 Malaysia 1,293
#23 Sri Lanka 1,217
#24 Bolivia 1,120
#25 Venezuela 1,068

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 44,973 users
#2 facebook.com 41,842 users
#3 live.com 38,345 users
#4 discord.com 20,581 users
#5 roblox.com 19,401 users
#6 instagram.com 19,262 users
#7 com.facebook.katana 19,006 users
#8 netflix.com 17,980 users
#9 steampowered.com 14,568 users
#10 twitter.com 13,810 users
#11 amazon.com 13,697 users
#12 com.netflix.mediaclient 12,582 users
#13 com.instagram.android 12,297 users
#14 riotgames.com 11,936 users
#15 twitch.tv 11,821 users
#16 microsoftonline.com 11,777 users
#17 paypal.com 11,751 users
#18 mega.nz 10,838 users
#19 epicgames.com 10,195 users
#20 spotify.com 9,385 users
#21 apple.com 9,092 users
#22 com.roblox.client 8,865 users
#23 com.discord 8,820 users
#24 linkedin.com 8,706 users
#25 steamcommunity.com 8,670 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 wp.pl 199 employees
#2 laureate.net 182 employees
#3 163.com 127 employees
#4 hostinger.com 125 employees
#5 aruba.it 110 employees
#6 utp.edu.pe 109 employees
#7 upc.edu.pe 105 employees
#8 login.sp.gov.br 97 employees
#9 qq.com 92 employees
#10 bluehost.com 87 employees
#11 fmod.dev 80 employees
#12 bcb.gov.br 76 employees
#13 telecom.pt 75 employees
#14 tim.it 71 employees
#15 deped.gov.ph 69 employees
#16 buenosaires.gob.ar 68 employees
#17 sempreser.com.br 67 employees
#18 icicibank.com 64 employees
#19 ig.com.br 64 employees
#20 rediff.com 64 employees
#21 o2.pl 63 employees
#22 onet.pl 62 employees
#23 cibertec.edu.pe 60 employees
#24 interia.pl 60 employees
#25 uol.com.br 58 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 47 employees
#2 microsoft.com 35 employees
#3 facebook.com 9 employees
#4 netflix.com 9 employees
#5 twc.com 8 employees
#6 amazon.com 5 employees
#7 abbott.com 5 employees
#8 chsinc.com 5 employees
#9 frontier.com 4 employees
#10 paypal.com 4 employees
#11 ibm.com 4 employees
#12 gm.com 3 employees
#13 aramark.com 3 employees
#14 hp.com 3 employees
#15 newmont.com 3 employees
#16 ecolab.com 3 employees
#17 ups.com 2 employees
#18 cognizant.com 2 employees
#19 bestbuy.com 2 employees
#20 metlife.com 2 employees

Compromised users

#1 google.com 44,973 users
#2 facebook.com 41,842 users
#3 netflix.com 17,980 users
#4 amazon.com 13,697 users
#5 paypal.com 11,751 users
#6 apple.com 9,092 users
#7 ebay.com 1,854 users
#8 microsoft.com 1,416 users
#9 oracle.com 1,373 users
#10 nike.com 1,199 users
#11 cisco.com 1,175 users
#12 hp.com 1,122 users
#13 ibm.com 467 users
#14 walmart.com 466 users
#15 ups.com 405 users
#16 intel.com 313 users
#17 westernunion.com 249 users
#18 fedex.com 223 users
#19 adp.com 219 users
#20 bestbuy.com 204 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 155,480hits
#2 sso 45,172hits
#3 zoom 17,071hits
#4 github 6,387hits
#5 webmail 5,843hits
#6 adfs 5,010hits
#7 oracle 2,591hits
#8 sap 2,333hits
#9 zendesk 2,148hits
#10 cpanel 2,010hits
#11 owa 1,795hits
#12 sts 1,704hits
#13 ping 1,445hits
#14 vpn 1,442hits
#15 kaspersky 1,124hits
#16 webex 1,030hits
#17 roundcube 1,025hits
#18 extranet 993hits
#19 ftp 900hits
#20 st 642hits
#21 okta 510hits
#22 salesforce 372hits
#23 twilio 266hits
#24 gitlab 254hits
#25 sharepoint 209hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →

May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

25K machines
2K users
319K domains

View report →

May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

16K machines
4K users
200K domains

View report →