Weekly intelligence Jul 10 – Jul 16, 2023 13 min read

Infostealers Weekly Report: 2023-07-10 – 2023-07-16

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 204

Infections by country

Top 25 countries

#1 Brazil 19,420
#2 India 11,864
#3 Mexico 10,594
#4 Pakistan 8,005
#5 Argentina 7,643
#6 Peru 7,568
#7 Vietnam 7,527
#8 Colombia 7,306
#9 Turkey 6,428
#10 Egypt 6,355
#11 Thailand 6,034
#12 Philippines 6,011
#13 Indonesia 5,853
#14 Bangladesh 4,429
#15 Spain 4,229
#16 Chile 4,201
#17 United States of America 3,529
#18 Ecuador 2,811
#19 Algeria 2,747
#20 Morocco 2,512
#21 Germany 2,397
#22 France 2,394
#23 Italy 2,192
#24 Bolivia 2,131
#25 Sri Lanka 1,908

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 93,401 users
#2 facebook.com 90,239 users
#3 live.com 76,937 users
#4 instagram.com 19,553 users
#5 discord.com 19,459 users
#6 com.facebook.katana 18,533 users
#7 netflix.com 17,770 users
#8 roblox.com 16,041 users
#9 steampowered.com 14,191 users
#10 yahoo.com 14,169 users
#11 twitter.com 14,127 users
#12 amazon.com 13,799 users
#13 com.instagram.android 12,066 users
#14 com.netflix.mediaclient 11,878 users
#15 paypal.com 11,506 users
#16 microsoftonline.com 11,120 users
#17 riotgames.com 11,064 users
#18 twitch.tv 10,965 users
#19 mega.nz 10,511 users
#20 apple.com 9,665 users
#21 epicgames.com 9,223 users
#22 spotify.com 9,052 users
#23 linkedin.com 8,961 users
#24 steamcommunity.com 8,405 users
#25 com.discord 8,189 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 wp.pl 204 employees
#2 hostinger.com 182 employees
#3 laureate.net 104 employees
#4 163.com 103 employees
#5 qq.com 103 employees
#6 secop.gov.co 87 employees
#7 utp.edu.pe 77 employees
#8 aiou.edu.pk 77 employees
#9 freemail.hu 75 employees
#10 buenosaires.gob.ar 74 employees
#11 fmod.dev 73 employees
#12 interia.pl 73 employees
#13 onet.pl 71 employees
#14 aruba.it 70 employees
#15 sts.net.pk 68 employees
#16 inacap.cl 63 employees
#17 deped.gov.ph 62 employees
#18 o2.pl 61 employees
#19 yandex.com.tr 57 employees
#20 uol.com.br 55 employees
#21 bcb.gov.br 55 employees
#22 icicibank.com 55 employees
#23 login.sp.gov.br 53 employees
#24 sempreser.com.br 53 employees
#25 tim.it 49 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 36 employees
#2 microsoft.com 30 employees
#3 parker.com 8 employees
#4 ups.com 6 employees
#5 facebook.com 5 employees
#6 bakerhughes.com 4 employees
#7 ibm.com 4 employees
#8 paypal.com 3 employees
#9 ingrammicro.com 3 employees
#10 publix.com 3 employees
#11 cbre.com 2 employees
#12 jetblue.com 2 employees
#13 cognizant.com 2 employees
#14 netflix.com 2 employees
#15 lowes.com 1 employees
#16 google.com 1 employees
#17 generalmills.com 1 employees
#18 entergy.com 1 employees
#19 firstam.com 1 employees
#20 metlife.com 1 employees

Compromised users

#1 google.com 93,401 users
#2 facebook.com 90,239 users
#3 netflix.com 17,770 users
#4 amazon.com 13,799 users
#5 paypal.com 11,506 users
#6 apple.com 9,665 users
#7 ebay.com 1,965 users
#8 microsoft.com 1,417 users
#9 oracle.com 1,360 users
#10 hp.com 1,155 users
#11 nike.com 1,154 users
#12 cisco.com 1,113 users
#13 walmart.com 543 users
#14 ups.com 403 users
#15 ibm.com 391 users
#16 westernunion.com 307 users
#17 intel.com 304 users
#18 fedex.com 231 users
#19 bestbuy.com 226 users
#20 adp.com 199 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 157,749hits
#2 sso 41,999hits
#3 zoom 15,404hits
#4 github 7,028hits
#5 webmail 4,855hits
#6 adfs 4,432hits
#7 oracle 2,508hits
#8 sap 2,282hits
#9 zendesk 2,079hits
#10 owa 1,699hits
#11 vpn 1,615hits
#12 cpanel 1,400hits
#13 ping 1,317hits
#14 sts 1,091hits
#15 extranet 993hits
#16 webex 954hits
#17 kaspersky 874hits
#18 roundcube 711hits
#19 ftp 709hits
#20 st 607hits
#21 okta 458hits
#22 salesforce 438hits
#23 gitlab 345hits
#24 twilio 295hits
#25 dana-na 180hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →