Malware Activity in Top-level Domains (TLDs)
January 1 - March 31, 2022
We analyzed the domains reported as serving up malware to see how they were distributed across the top-level domains. For our analysis, we extract the Top-level Domain (e.g., com, xyz, uk) from the hostnames we found in malware reports.
For the period, we identified 104 TLDs with a minimum of 30,000 domains and 25 malware domains; among these were 73 ccTLDs and 31 gTLDs.
104 TLDs had more than 100 domain names reported for serving up malware
10 TLDs had more than 500 domain names reported for serving up malware
5 TLDs had more than 1000 domain names reported for serving up malware
In the table below, we present the twenty TLDs that had the highest number of domains reported as serving up malware.
Ranking of TLDs by Malware Domains (January to March 2022)
TLDs with a minimum of 30,000 domains and 25 malware domains
| Rank | TLD | Total Malware Domains ▼ |
| 1 | com | 24,476 |
| 2 | ru | 2,153 |
| 3 | net | 2,122 |
| 4 | org | 1,456 |
| 5 | br | 1,010 |
| 6 | pl | 782 |
| 7 | in | 754 |
| 8 | cn | 677 |
| 9 | it | 649 |
| 10 | de | 632 |
| 11 | eu | 467 |
| 12 | hu | 464 |
| 13 | cz | 464 |
| 14 | xyz | 462 |
| 15 | vn | 439 |
| 16 | nl | 430 |
| 17 | fr | 416 |
| 18 | uk | 395 |
| 19 | id | 362 |
| 20 | top | 358 |