Malware Activity in Domain Registrars
July 1,2024 - September 30,2024
Malware attackers compose hostnames and URLs from domain names that they register purposely for malware attacks or from domain names that they have exploited in some way (e.g., by hijacking a domain registration account or by compromising a host such as a web site). They embed these into URLs in the emails, texts, or social media posts that lure victims to malware download sites.
To determine where gTLD domain names were purchased and managed, and where reported malware domains are concentrated in gTLD registrars’ domain portfolios, we identify the domain name Registrar - the business entity that processed the domain name registration – of domain names reported for malware activity from domain name registration data obtained via the Whois or RDAP services.
Measurements of reported malware domains can identify registrars where analyses of business practices, account security, or pricing might prove useful. We currently collect domain registration data for generic Top-level Domains only; thus, the tables on this page present gTLD domains under management for each registrar.
In the table below, we show the twenty domain name Registrars with the highest number of reported malware domains under management. A complete list of gTLD registrars where malware was reported for the quarter can be downloaded in CSV format from the Records page.
Ranking of Domain Registrars by Malware Domains (July to September 2024)
Registrars with a minimum of 30,000 domains and 25 malware domains
| Rank | IANA_ID | Registrar | Total Malware Domains ▼ |
| 1 | 2482 | Stichting Registrar of Last Resort Foundation | 7,981 |
| 2 | 1068 | NameCheap, Inc. | 2,112 |
| 3 | 146 | GoDaddy.com, LLC | 1,886 |
| 4 | 472 | Dynadot Inc | 1,628 |
| 5 | 1479 | NameSilo, LLC | 1,212 |
| 6 | 303 | PDR Ltd. d/b/a PublicDomainRegistry.com | 999 |
| 7 | 379 | Arsys Internet, S.L. dba NICLINE.COM | 429 |
| 8 | 69 | Tucows Domains Inc. | 414 |
| 9 | 1418 | Danesco Trading Ltd. | 345 |
| 10 | 3862 | Spaceship, Inc. | 343 |
| 11 | 1636 | HOSTINGER operations, UAB | 330 |
| 12 | 48 | eNom, LLC | 270 |
| 13 | 433 | OVH sas | 242 |
| 14 | 1923 | Gname.com Pte. Ltd. | 228 |
| 15 | 420 | Alibaba Cloud Computing (Beijing) Co., Ltd. | 210 |
| 16 | 49 | GMO Internet Group, Inc. d/b/a Onamae.com | 204 |
| 17 | 3765 | NICENIC INTERNATIONAL GROUP CO., LIMITED | 195 |
| 18 | 1599 | Alibaba Cloud Computing Ltd. d/b/a HiChina (www.net.cn) | 191 |
| 19 | 460 | Web Commerce Communications Limited dba WebNic.cc | 190 |
| 20 | 895 | Squarespace Domains II LLC | 178 |
| Quarterly Update: Key Statistics |
Quarterly Update: Top Level Domains |
Quarterly Update: Registrars |
Quarterly Update: Hosting Networks |
| Quarter over Quarter: Registrars |