Malware Activity in Hosting Networks (ASNs)
October 1, 2021 - December 31, 2021

To see where malware was being served up, or distributed among peer-to-peer hosts, we collected the IP addresses that malware domains and malware URLs were resolving to when malware activity was reported. We then identified the Autonomous System (ASN) where the IP prefix containing the IP address to identif the hosting network where malware were reported.

For the period, we identified 233 with IPv4 addresses reported as serving up or distributing malware:

- 149 hosting networks had 100 or more IPv4 addresses,

- 51 hosting networks had 500 or more IPv4 addresses,

- 32 hosting networks had 1000 or more IPv4 addresses, and

- 9 hosting networks had 5000 or more reported IPv4 addresses.

In the table below, we show the twenty hosting networks with the highest numbers of IPv4 addresses reported as serving up or distributing malware.

Ranking of Hosting Networks (ASNs) by Number of Malware Records
(October to December 2021)

Rank AS Name AS number # Routed
IPv4 Addresses		 Unique Malware Addresses Total Malware Records ▼
1 CHINA169-BACKBONE CHINA UNICOM China169 Backbone 4837 59,096,064 64,932 151,079
2 CHINANET-BACKBONE No.31 4134 112,990,720 19,767 43,552
3 BSNL-NIB National Internet Backbone 9829 10,828,288 24,153 43,511
4 CLOUDFLARENET 13335 2,368,256 3,032 36,035
5 CHINA169-GZ China Unicom IP network China169 Guangdong province 17816 3,948,288 13,409 25,397
6 CNCGROUP-GZ China Unicom Guangzhou network 17622 1,365,504 7,781 14,189
7 WIND Telecom S.A. 27887 63,488 4,066 9,324
8 HATHWAY-NET-AP Hathway IP Over Cable Internet 17488 1,008,128 4,770 7,596
9 UNIFIEDLAYER-AS-1 46606 1,393,920 1,787 6,087
10 VNPT-AS-VN VNPT Corp 45899 19,346,432 1,994 4,217
11 QUANTILNETWORKS 54994 122,112 32 3,259
12 CNCGROUP-SZ China Unicom Shenzen network 17623 950,528 1,882 3,141
13 DIGITALOCEAN-ASN 14061 2,652,416 873 3,088
14 AMAZON-02 16509 42,019,328 695 2,737
15 MTNL-AP Mahanagar Telephone Nigam Limited 17813 2,729,984 1,393 2,656
16 AS-26496-GO-DADDY-COM-LLC 26496 1,523,200 797 2,646
17 UNICOM-CN China Unicom IP network 133119 219,904 6 2,635
18 HINET Data Communication Business Group 3462 17,025,792 1,314 2,610
19 OVH - OVH SAS 16276 3,979,264 751 2,501
20 GOOGLE 15169 23,096,832 282 2,417

Ranking of Hosting Networks (ASNs) by Number of Unique Malware Address (October to December 2021)

Rank AS Name AS number # Routed
IPv4 Addresses		 Unique Malware Addresses ▼ Total Malware Records
1 CHINA169-BACKBONE CHINA UNICOM China169 Backbone 4837 59,096,064 64,932 151,079
2 BSNL-NIB National Internet Backbone 9829 10,828,288 24,153 43,511
3 CHINANET-BACKBONE No.31 4134 112,990,720 19,767 43,552
4 CHINA169-GZ China Unicom IP network China169 Guangdong province 17816 3,948,288 13,409 25,397
5 CNCGROUP-GZ China Unicom Guangzhou network 17622 1,365,504 7,781 14,189
6 HATHWAY-NET-AP Hathway IP Over Cable Internet 17488 1,008,128 4,770 7,596
7 WIND Telecom S.A. 27887 63,488 4,066 9,324
8 CLOUDFLARENET 13335 2,368,256 3,032 36,035
9 VNPT-AS-VN VNPT Corp 45899 19,346,432 1,994 4,217
10 CNCGROUP-SZ China Unicom Shenzen network 17623 950,528 1,882 3,141
11 UNIFIEDLAYER-AS-1 46606 1,393,920 1,787 6,087
12 MTNL-AP Mahanagar Telephone Nigam Limited 17813 2,729,984 1,393 2,656
13 HINET Data Communication Business Group 3462 17,025,792 1,314 2,610
14 DIGITALOCEAN-ASN 14061 2,652,416 873 3,088
15 TOT-NET TOT Public Company Limited 23969 5,656,064 801 2,096
16 AS-26496-GO-DADDY-COM-LLC 26496 1,523,200 797 2,646
17 ASIANET Cable ISP in India 17465 116,736 773 1,325
18 OVH - OVH SAS 16276 3,979,264 751 2,501
19 ROSTELECOM-AS - PJSC Rostelecom 12389 16,412,416 712 1,224
20 AMAZON-02 16509 42,019,328 695 2,737