Malware Activity: Key Statistics
Quarter over Quarter comparison: October 1,2022 - December 31,2022

Each reporting period, we analyze URLs, domain names, and IP addresses reported for serving up or distributing malware. We use these and other metadata — domain and IP address registration data, ICANN registry and registrar monthly reports, routing data, attack type, and other indicators — to report key statistics for each reporting period.

We compare number of domains reported for hosting malware in TLDs for two consecutive quarters in the table below.

Complete lists of Top-level Domains, gTLD registrars and hosting networks (ASNs) where malware was reported for the quarter can be downloaded in CSV format from the Records page.

Measurement July to September 2022 October to December 2022 Change
in
Measurement
Total number of malware reports collected from feeds (per quarter) 1,236,748 1,517,451 280,703
Total number of malware records produced from malware reports 1,067,309 1,168,789 101,480
Endpoint malware (targets user-attended devices) 87,845 115,346 27,501
Internet of Things (IoT) malware (targets sensors, wearables, appliances...) 51,086 68,294 17,208
Malicious IP address malware records (Traffic Injectors and Attackware) 885,854 595,209 -290,645
Uncategorized malware (Verified as malware but not classified) 42,524 389,940 347,416
Unique domain names reported for serving up malware 23,814 52,664 28,850
Top-level Domains (TLDs) where we observed malware hosting 294 454 160
Registrars that had gTLD domains under management reported for serving malware 323 399 76
Hosting Networks (ASNs) where we observed malware hosting or distribution 16,272 18,069 1,797
Unique IPv4 addresses reported as serving or distributing malware 923,428 985,255 61,827

Quarterly Update:
Key Statistics
Quarter over Quarter:
Key Statistics		 Quarter over Quarter:
Top Level Domains		 Quarter over Quarter:
Registrars		 Quarter over Quarter:
Hosting Networks