Malware Activity: Key Statistics
Quarter over Quarter comparison: January 1,2023 - March 31,2023

Each reporting period, we analyze URLs, domain names, and IP addresses reported for serving up or distributing malware. We use these and other metadata — domain and IP address registration data, ICANN registry and registrar monthly reports, routing data, attack type, and other indicators — to report key statistics for each reporting period.

We compare number of domains reported for hosting malware in TLDs for two consecutive quarters in the table below.

Complete lists of Top-level Domains, gTLD registrars and hosting networks (ASNs) where malware was reported for the quarter can be downloaded in CSV format from the Records page.

Measurement October to December 2022 January to March 2023 Change
in
Measurement
Total number of malware reports collected from feeds (per quarter) 1,517,451 2,026,863 509,412
Total number of malware records produced from malware reports 1,168,789 1,169,853 1,064
Endpoint malware (targets user-attended devices) 115,346 68,473 -46,873
Internet of Things (IoT) malware (targets sensors, wearables, appliances...) 68,294 82,440 14,146
Malicious IP address malware records (Traffic Injectors and Attackware) 595,209 420,977 -174,232
Uncategorized malware (Verified as malware but not classified) 389,940 597,963 208,023
Unique domain names reported for serving up malware 52,664 32,606 -20,058
Top-level Domains (TLDs) where we observed malware hosting 454 362 -92
Registrars that had gTLD domains under management reported for serving malware 399 369 -30
Hosting Networks (ASNs) where we observed malware hosting or distribution 18,069 17,529 -540
Unique IPv4 addresses reported as serving or distributing malware 985,255 980,457 -4,798

Quarterly Update:
Key Statistics
Quarter over Quarter:
Key Statistics		 Quarter over Quarter:
Top Level Domains		 Quarter over Quarter:
Registrars		 Quarter over Quarter:
Hosting Networks