Malware Activity: Key Statistics
October 1, 2021 - December 31, 2021

We analyzed URLs, domain names, and IP addresses that have been reported for malware. These and other metadata - e.g., registration data, DNS zone data, and malware typing provided by the feed - allow us to determine what malware was most prevalent, where malware was served from or distributed, and what resources criminals used to pursue their attacks.

Indicators of compromise allow us to distinguish hostnames delegated from domains that were purposely registered for malware campaigns from hostnames assigned to compromised web sites that were delegated from domain names for legitimate purposes.

During this period, we measured the number of unique domain names or IPv4 addresses that were reported as serving up malware. We classified malware as targeting endpoint devices or Internet of Things (IoT) devices, and measured these by class as well.

In many cases the identification of a malware in reports that we ingest is definitive, but the malware report lacks the information necessary to confidently classify the malware as “Endpoint Malware” or “IoT Malware”. For the purposes of analysis and reporting, these cases are represented as “uncategorized”.

We include counts of uncategorized malware in our TLD, Registrar and Hosting Networks rankings.

  Measurement
    
Count

    Total number of malware reports collected from feeds this quarter
    1,053,971
  
    Total number of malware records produced from malware reports
    613,478
  
    Endpoint malware (targets user-attended devices)
    207,129
  
    Internet of Things (IoT) malware (targets sensors, wearables, appliances...) 
    215,317
  
    Uncategorized malware (Verified as malware but not classified)
    204,399
  
    Unique domain names reported for serving up malware
    38,176
  
    Top-level Domains (TLDs) where we observed malware hosting
    360
  
    Registrars that had gTLD domains under management reported for serving malware
    375
  
    Hosting Networks (ASNs) where we observed malware hosting or distribution
    3,981
  
    Unique IPv4 addresses reported as serving or distributing malware
    167,339

Measurement	Count
Total number of malware reports collected from feeds this quarter	1,053,971
Total number of malware records produced from malware reports	613,478
Endpoint malware (targets user-attended devices)	207,129
Internet of Things (IoT) malware (targets sensors, wearables, appliances...)	215,317
Uncategorized malware (Verified as malware but not classified)	204,399
Unique domain names reported for serving up malware	38,176
Top-level Domains (TLDs) where we observed malware hosting	360
Registrars that had gTLD domains under management reported for serving malware	375
Hosting Networks (ASNs) where we observed malware hosting or distribution	3,981
Unique IPv4 addresses reported as serving or distributing malware	167,339

Key Statistics

Activity in TLDs

Activity in Domain Registrars

Activity in Hosting Networks (ASNs)

Malware Activity: Key Statistics October 1, 2021 - December 31, 2021

Malware Activity: Key Statistics
October 1, 2021 - December 31, 2021