Malware Activity in Hosting Networks (ASNs)
January 1, 2022 - March 31, 2022
To see where malware was being served up, or distributed among peer-to-peer hosts, we collected the IP addresses that malware domains and malware URLs were resolving to when malware activity was reported. We then identified the Autonomous System (ASN) where the IP prefix containing the IP address to identif the hosting network where malware were reported.
For the period, we identified 411 with IPv4 addresses reported as serving up or distributing malware:
- 94 hosting networks had 100 or more IPv4 addresses reported,
- 30 hosting networks had 500 or more IPv4 addresses reported,
- 16 hosting networks had 1000 or more IPv4 addresses reported, and
- 4 hosting networks had 5000 or more reported IPv4 addresses reported.
In the table below, we show the twenty hosting networks with the highest numbers of IPv4 addresses reported as serving up or distributing malware (“Unique Malware Addresses”).
IPv4 addresses may be reported for hosting one or more malware; for example, two or several URLs may contain the same IPv4 address but the PATHS or QUERIES may identify different malware.
In the next table, we rank by the total number of malware records that identify the IPv4 address as serving or distributing malware in ASNs.
Ranking of Hosting Networks (ASNs) by Number of Malware Records (January to March 2022)
| Rank | AS Name | AS number | # Routed IPv4 Addresses |
Unique Malware Addresses | Total Malware Records ▼ |
| 1 | CHINA169-BACKBONE CHINA UNICOM China169 Backbone | 4837 | 59,099,904 | 52,739 | 177,392 |
| 2 | CLOUDFLARENET | 13335 | 2,400,768 | 3,279 | 76,555 |
| 3 | AMAZON-02 | 16509 | 42,591,744 | 1,308 | 62,804 |
| 4 | BSNL-NIB National Internet Backbone | 9829 | 10,849,792 | 18,134 | 32,278 |
| 5 | CHINANET-BACKBONE No.31 | 4134 | 113,161,984 | 12,641 | 29,259 |
| 6 | CHINA169-GZ China Unicom IP network China169 Guangdong province | 17816 | 3,948,288 | 9,115 | 15,668 |
| 7 | QUANTILNETWORKS | 54994 | 116,992 | 40 | 7,758 |
| 8 | ALIBABA-CN-NET Hangzhou Alibaba Advertising Co. | 37963 | 18,478,592 | 667 | 6,782 |
| 9 | UNICOM-CN China Unicom IP network | 133119 | 219,904 | 5 | 6,274 |
| 10 | DIGITALOCEAN-ASN | 14061 | 2,696,960 | 2,453 | 3,975 |
| 11 | CDN77 - Datacamp Limited | 60068 | 61,696 | 20 | 3,871 |
| 12 | UNIFIEDLAYER-AS-1 | 46606 | 1,133,568 | 1,887 | 3,862 |
| 13 | HATHWAY-NET-AP Hathway IP Over Cable Internet | 17488 | 1,006,592 | 2,241 | 3,647 |
| 14 | OVH - OVH SAS | 16276 | 4,043,520 | 1,239 | 3,485 |
| 15 | HINET Data Communication Business Group | 3462 | 17,026,048 | 1,651 | 3,148 |
| 16 | AS-26496-GO-DADDY-COM-LLC | 26496 | 1,554,688 | 880 | 2,425 |
| 17 | CNCGROUP-GZ China Unicom Guangzhou network | 17622 | 1,371,648 | 1,742 | 2,411 |
| 18 | AS-COLOCROSSING | 36352 | 771,328 | 335 | 2,075 |
| 19 | TENCENT-NET-AP-CN Tencent Building | 132203 | 2,061,568 | 1,919 | 2,067 |
| 20 | VNPT-AS-VN VNPT Corp | 45899 | 19,409,408 | 892 | 2,024 |
Ranking of Hosting Networks (ASNs) by Number of Unique Malware Address (January to March 2022)
| Rank | AS Name | AS number | # Routed IPv4 Addresses |
Unique Malware Addresses ▼ | Total Malware Records |
| 1 | CHINA169-BACKBONE CHINA UNICOM China169 Backbone | 4837 | 59,099,904 | 52,739 | 177,392 |
| 2 | BSNL-NIB National Internet Backbone | 9829 | 10,849,792 | 18,134 | 32,278 |
| 3 | CHINANET-BACKBONE No.31 | 4134 | 113,161,984 | 12,641 | 29,259 |
| 4 | CHINA169-GZ China Unicom IP network China169 Guangdong province | 17816 | 3,948,288 | 9,115 | 15,668 |
| 5 | CLOUDFLARENET | 13335 | 2,400,768 | 3,279 | 76,555 |
| 6 | DIGITALOCEAN-ASN | 14061 | 2,696,960 | 2,453 | 3,975 |
| 7 | HATHWAY-NET-AP Hathway IP Over Cable Internet | 17488 | 1,006,592 | 2,241 | 3,647 |
| 8 | TENCENT-NET-AP-CN Tencent Building | 132203 | 2,061,568 | 1,919 | 2,067 |
| 9 | UNIFIEDLAYER-AS-1 | 46606 | 1,133,568 | 1,887 | 3,862 |
| 10 | CNCGROUP-GZ China Unicom Guangzhou network | 17622 | 1,371,648 | 1,742 | 2,411 |
| 11 | HINET Data Communication Business Group | 3462 | 17,026,048 | 1,651 | 3,148 |
| 12 | AMAZON-02 | 16509 | 42,591,744 | 1,308 | 62,804 |
| 13 | OVH - OVH SAS | 16276 | 4,043,520 | 1,239 | 3,485 |
| 14 | Telefonica del Sur S.A. | 14117 | 913,920 | 1,157 | 1,158 |
| 15 | MTNL-AP Mahanagar Telephone Nigam Limited | 17813 | 2,729,728 | 1,062 | 1,995 |
| 16 | CNCGROUP-SZ China Unicom Shenzen network | 17623 | 942,336 | 1,051 | 1,738 |
| 17 | VNPT-AS-VN VNPT Corp | 45899 | 19,409,408 | 892 | 2,024 |
| 18 | AS-26496-GO-DADDY-COM-LLC | 26496 | 1,554,688 | 880 | 2,425 |
| 19 | KIXS-AS-KR Korea Telecom | 4766 | 68,267,008 | 829 | 1,625 |
| 20 | TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited | 45090 | 11,942,912 | 793 | 912 |
Activity in Hosting Networks (ASNs)