Malware Activity: Top-level Domains
Quarter over Quarter Comparison:
July 1, 2021 - September 30, 2021
For purposes of observing change over time, it is useful to compare measurements and metrics over successive reporting periods. Such comparisons illustrate whether malware activities are increasing or decreasing, and where such changes are occurring. Such comparisons can identify TLDs that are persistently abused or exploited to host malware. Investigators or policy makers may focus on these for deeper analyses.
In the table below, we compare number of domains reported for hosting malware in TLDs for the two consecutive quarters.
Ranking of TLDs by Malware Domains, Quarter over Quarter (July to September 2021)
TLDs with a minimum of 30,000 domains under management and 25 malware domains
| Number of Malware Domains | |||||
| Rank | TLD | April to June 2021 | July to September 2021 ▼ | ||
| 1 | — | com | 8,026 | 12,418 | (+55%) |
| 2 | ▲ +1* | xyz | 819 | 11,117 | (+1,257%) |
| 3 | ▲ +2 | net | 630 | 861 | (+37%) |
| 4 | — | buzz | 666 | 659 | (-1%) |
| 5 | ▲ +39 | club | 52 | 639 | (+1,129%) |
| 6 | ▲ +2 | top | 391 | 570 | (+46%) |
| 7 | ▼ -1 | br | 565 | 567 | (+0%) |
| 8 | ▼ -1 | org | 467 | 512 | (+10%) |
| 9 | ▼ -7 | ru | 997 | 495 | (-50%) |
| 10 | ▲ +2 | info | 214 | 425 | (+99%) |
| 11 | ▲ +16 | biz | 84 | 414 | (+393%) |
| 12 | ▼ -3 | in | 351 | 348 | (-1%) |
| 13 | ▲ +2 | online | 159 | 322 | (+103%) |
| 14 | ▼ -3 | cn | 278 | 254 | (-9%) |
| 15 | ▲ +24 | cc | 59 | 223 | (+278%) |
| 16 | — | co | 156 | 222 | (+42%) |
| 17 | — | cloud | 153 | 205 | (+34%) |
| 18 | ▲ +4 | id | 91 | 202 | (+122%) |
| 19 | ▼ -5 | uk | 171 | 193 | (+13%) |
| 20 | ▲ +9 | us | 82 | 174 | (+112%) |
Quarter over Quarter Comparisons of:
Activity in TLDs