Malware Activity in Hosting Networks (ASNs)
October 1,2022 - December 31,2022
To see where malware was being served up, or distributed among peer-to-peer hosts, we collected the IP addresses that malware domains and malware URLs were resolving to when malware activity was reported. We then identified the Autonomous System (ASN) where the IP prefix containing the IP address to identify the hosting network where malware were reported.
IPv4 addresses may be reported for hosting one or more malware; for example, two or several URLs may contain the same IPv4 address but the PATHS or QUERIES may identify different malware.
In the table below, we show the twenty hosting networks with the highest numbers of IPv4 addresses reported as serving up or distributing malware (“Unique Malware Addresses”). Complete lists of ASNs where malware was reported for the quarter can be downloaded in CSV format from the Records page.
Ranking of Hosting Networks (ASNs) by Number of Malware Records (October to December 2022)
| Rank | AS Name | AS number | # Routed IPv4 Addresses |
Unique Malware Addresses | Total Malware Records ▼ |
| 1 | CHINA169-BACKBONE CHINA UNICOM China169 Backbone | 4837 | 58,780,928 | 57,202 | 96,919 |
| 2 | CHINANET-BACKBONE No.31 | 4134 | 111,800,064 | 86,671 | 93,534 |
| 3 | DIGITALOCEAN-ASN | 14061 | 2,769,664 | 35,763 | 36,306 |
| 4 | BSNL-NIB National Internet Backbone | 9829 | 10,912,000 | 28,490 | 32,874 |
| 5 | HINET Data Communication Business Group | 3462 | 17,015,808 | 20,608 | 20,802 |
| 6 | UNIFIEDLAYER-AS-1 | 46606 | 979,712 | 3,555 | 16,317 |
| 7 | AMAZON-02 | 16509 | 44,221,696 | 10,757 | 14,667 |
| 8 | AMAZON-AES | 14618 | 16,415,488 | 13,350 | 13,756 |
| 9 | CLOUDFLARENET | 13335 | 2,466,560 | 8,334 | 13,330 |
| 10 | PHMGMT-AS1 | 22363 | 98,816 | 12,980 | 12,980 |
| 11 | ROSTELECOM-AS - PJSC Rostelecom | 12389 | 16,577,024 | 12,371 | 12,494 |
| 12 | AKAMAI-AP Akamai Technologies | 63949 | 718,336 | 12,200 | 12,424 |
| 13 | GOOGLE-CLOUD-PLATFORM | 396982 | 24,240,128 | 10,618 | 11,316 |
| 14 | MICROSOFT-CORP-MSN-AS-BLOCK | 8075 | 48,738,048 | 10,805 | 11,005 |
| 15 | OVH - OVH SAS | 16276 | 4,144,896 | 8,311 | 10,434 |
| 16 | HETZNER-AS - Hetzner Online GmbH | 24940 | 2,292,736 | 6,682 | 8,935 |
| 17 | CHINA169-GZ China Unicom IP network China169 Guangdong province | 17816 | 3,948,544 | 6,812 | 8,490 |
| 18 | TCI - Iran Telecommunication Company PJS | 58224 | 4,076,800 | 8,434 | 8,449 |
| 19 | KIXS-AS-KR Korea Telecom | 4766 | 69,058,816 | 8,226 | 8,351 |
| 20 | AS-COLOCROSSING | 36352 | 767,488 | 6,938 | 8,343 |
Ranking of Hosting Networks (ASNs) by Number of Unique Malware Address (October to December 2022)
| Rank | AS Name | AS number | # Routed IPv4 Addresses |
Unique Malware Addresses ▼ | Total Malware Records |
| 1 | CHINANET-BACKBONE No.31 | 4134 | 111,800,064 | 86,671 | 93,534 |
| 2 | CHINA169-BACKBONE CHINA UNICOM China169 Backbone | 4837 | 58,780,928 | 57,202 | 96,919 |
| 3 | DIGITALOCEAN-ASN | 14061 | 2,769,664 | 35,763 | 36,306 |
| 4 | BSNL-NIB National Internet Backbone | 9829 | 10,912,000 | 28,490 | 32,874 |
| 5 | HINET Data Communication Business Group | 3462 | 17,015,808 | 20,608 | 20,802 |
| 6 | AMAZON-AES | 14618 | 16,415,488 | 13,350 | 13,756 |
| 7 | PHMGMT-AS1 | 22363 | 98,816 | 12,980 | 12,980 |
| 8 | ROSTELECOM-AS - PJSC Rostelecom | 12389 | 16,577,024 | 12,371 | 12,494 |
| 9 | AKAMAI-AP Akamai Technologies | 63949 | 718,336 | 12,200 | 12,424 |
| 10 | MICROSOFT-CORP-MSN-AS-BLOCK | 8075 | 48,738,048 | 10,805 | 11,005 |
| 11 | AMAZON-02 | 16509 | 44,221,696 | 10,757 | 14,667 |
| 12 | GOOGLE-CLOUD-PLATFORM | 396982 | 24,240,128 | 10,618 | 11,316 |
| 13 | TCI - Iran Telecommunication Company PJS | 58224 | 4,076,800 | 8,434 | 8,449 |
| 14 | CLOUDFLARENET | 13335 | 2,466,560 | 8,334 | 13,330 |
| 15 | OVH - OVH SAS | 16276 | 4,144,896 | 8,311 | 10,434 |
| 16 | KIXS-AS-KR Korea Telecom | 4766 | 69,058,816 | 8,226 | 8,351 |
| 17 | HATHWAY-NET-AP Hathway IP Over Cable Internet | 17488 | 1,010,944 | 7,445 | 7,495 |
| 18 | AS-COLOCROSSING | 36352 | 767,488 | 6,938 | 8,343 |
| 19 | O2-CZECH-REPUBLIC - O2 Czech Republic, a.s. | 5610 | 2,296,320 | 6,895 | 6,895 |
| 20 | CHINA169-GZ China Unicom IP network China169 Guangdong province | 17816 | 3,948,544 | 6,812 | 8,490 |
| Quarterly Update: Key Statistics |
Quarterly Update: Top Level Domains |
Quarterly Update: Registrars |
Quarterly Update: Hosting Networks |
| Quarter over Quarter: Hosting Networks |