Malware Activity:Hosting Networks (ASNs) Quarter over Quarter Comparison
October 1,2022 - December 31,2022
For purposes of observing change over time, it is useful to compare measurements and metrics over successive reporting periods. Such comparisons illustrate whether malware activities are increasing or decreasing, and where such changes are occurring. Such comparisons can identify identify hosting networks where malware is being hosted and whether or not such activity is persistent or atypical. Investigators or policy makers may focus on these hosting networks for deeper analyses.
Complete lists of Top-level Domains, gTLD registrars and hosting networks (ASNs) where malware was reported for the quarter can be downloaded in CSV format from the Records page.
In the table below, we compare the numbers of malware records reported for hosting malware in hosting networks (ASNs) for two consecutive quarters.
Ranking of Hosting Networks (ASNs) by Number of Malware Records, Quarter over Quarter (October to December 2022)
Hosting Providers with a minimum of 50,000 addresses assigned to the ASN and 25 malware records
| IPv4 Addresses Assigned | Unique Malware Addresses | Total Malware Records | ||||||||||
| Rank | Hosting Provider | ASN | July to September 2022 | October to December 2022 | July to September 2022 | October to December 2022 | July to September 2022 | October to December 2022 ▼ | ||||
| 1 | ▲ +1* | CHINA169-BACKBONE CHINA UNICOM China169 Backbone | 4837 | 58,780,416 | 58,780,928 | (0%) | 26,839 | 57,202 | (+113%) | 46,878 | 96,919 | (+107%) |
| 2 | ▼ -1 | CHINANET-BACKBONE No.31 | 4134 | 111,800,832 | 111,800,064 | (-0%) | 51,057 | 86,671 | (+70%) | 58,485 | 93,534 | (+60%) |
| 3 | ▲ +4 | DIGITALOCEAN-ASN | 14061 | 2,730,496 | 2,769,664 | (+1%) | 17,945 | 35,763 | (+99%) | 18,689 | 36,306 | (+94%) |
| 4 | ▲ +2 | BSNL-NIB National Internet Backbone | 9829 | 10,909,696 | 10,912,000 | (0%) | 11,832 | 28,490 | (+141%) | 19,430 | 32,874 | (+69%) |
| 5 | ▲ +10 | HINET Data Communication Business Group | 3462 | 17,024,768 | 17,015,808 | (-0%) | 6,823 | 20,608 | (+202%) | 7,549 | 20,802 | (+176%) |
| 6 | ▲ +4 | UNIFIEDLAYER-AS-1 | 46606 | 1,072,640 | 979,712 | (-9%) | 2,954 | 3,555 | (+20%) | 16,340 | 16,317 | (-0%) |
| 7 | ▲ +2 | AMAZON-02 | 16509 | 43,891,200 | 44,221,696 | (+1%) | 14,982 | 10,757 | (-28%) | 16,722 | 14,667 | (-12%) |
| 8 | ▲ +15 | AMAZON-AES | 14618 | 16,449,024 | 16,415,488 | (-0%) | 4,329 | 13,350 | (+208%) | 4,946 | 13,756 | (+178%) |
| 9 | ▲ +4 | CLOUDFLARENET | 13335 | 2,430,976 | 2,466,560 | (+1%) | 6,507 | 8,334 | (+28%) | 8,276 | 13,330 | (+61%) |
| 10 | ▲ +2 | PHMGMT-AS1 | 22363 | 98,816 | 98,816 | (0%) | 8,864 | 12,980 | (+46%) | 8,873 | 12,980 | (+46%) |
| 11 | ▲ +13 | ROSTELECOM-AS - PJSC Rostelecom | 12389 | 16,510,720 | 16,577,024 | (0%) | 4,815 | 12,371 | (+157%) | 4,926 | 12,494 | (+154%) |
| 12 | ▲ +23 | AKAMAI-AP Akamai Technologies | 63949 | 697,856 | 718,336 | (+3%) | 3,207 | 12,200 | (+280%) | 3,410 | 12,424 | (+264%) |
| 13 | ▲ +4 | GOOGLE-CLOUD-PLATFORM | 396982 | 23,911,680 | 24,240,128 | (+1%) | 5,586 | 10,618 | (+90%) | 5,929 | 11,316 | (+91%) |
| 14 | — | MICROSOFT-CORP-MSN-AS-BLOCK | 8075 | 48,727,296 | 48,738,048 | (0%) | 7,311 | 10,805 | (+48%) | 7,869 | 11,005 | (+40%) |
| 15 | ▲ +4 | OVH - OVH SAS | 16276 | 4,128,000 | 4,144,896 | (0%) | 4,221 | 8,311 | (+97%) | 5,371 | 10,434 | (+94%) |
| 16 | ▲ +13 | HETZNER-AS - Hetzner Online GmbH | 24940 | 2,294,784 | 2,292,736 | (-0%) | 2,940 | 6,682 | (+127%) | 3,902 | 8,935 | (+129%) |
| 17 | ▲ +15 | CHINA169-GZ China Unicom IP network China169 Guangdong province | 17816 | 3,948,544 | 3,948,544 | (0%) | 2,668 | 6,812 | (+155%) | 3,576 | 8,490 | (+137%) |
| 18 | ▲ +71 | TCI - Iran Telecommunication Company PJS | 58224 | 4,029,440 | 4,076,800 | (+1%) | 1,047 | 8,434 | (+706%) | 1,106 | 8,449 | (+664%) |
| 19 | ▼ -11 | KIXS-AS-KR Korea Telecom | 4766 | 68,784,128 | 69,058,816 | (0%) | 17,236 | 8,226 | (-52%) | 17,514 | 8,351 | (-52%) |
| 20 | ▼ -4 | AS-COLOCROSSING | 36352 | 768,512 | 767,488 | (-0%) | 4,576 | 6,938 | (+52%) | 6,372 | 8,343 | (+31%) |
* Indicates change over prior quarter
In the table below, we compare the numbers of unique malware addresses reported for hosting malware in hosting networks (ASNs) for two consecutive quarters.
Ranking of Hosting Networks (ASNs) by Number of Unique Malware Addresses, Quarter over Quarter (October to December 2022)
Hosting Providers with a minimum of 50,000 addresses assigned to the ASN and 25 malware records
| IPv4 Addresses Assigned | Unique Malware Addresses | Total Malware Records | ||||||||||
| Rank | Hosting Provider | ASN | July to September 2022 | October to December 2022 | July to September 2022 | October to December 2022 ▼ | July to September 2022 | October to December 2022 | ||||
| 1 | — | CHINANET-BACKBONE No.31 | 4134 | 111,800,832 | 111,800,064 | (-0%) | 51,057 | 86,671 | (+70%) | 58,485 | 93,534 | (+60%) |
| 2 | — | CHINA169-BACKBONE CHINA UNICOM China169 Backbone | 4837 | 58,780,416 | 58,780,928 | (0%) | 26,839 | 57,202 | (+113%) | 46,878 | 96,919 | (+107%) |
| 3 | ▲ +2* | DIGITALOCEAN-ASN | 14061 | 2,730,496 | 2,769,664 | (+1%) | 17,945 | 35,763 | (+99%) | 18,689 | 36,306 | (+94%) |
| 4 | ▲ +4 | BSNL-NIB National Internet Backbone | 9829 | 10,909,696 | 10,912,000 | (0%) | 11,832 | 28,490 | (+141%) | 19,430 | 32,874 | (+69%) |
| 5 | ▲ +7 | HINET Data Communication Business Group | 3462 | 17,024,768 | 17,015,808 | (-0%) | 6,823 | 20,608 | (+202%) | 7,549 | 20,802 | (+176%) |
| 6 | ▲ +18 | AMAZON-AES | 14618 | 16,449,024 | 16,415,488 | (-0%) | 4,329 | 13,350 | (+208%) | 4,946 | 13,756 | (+178%) |
| 7 | ▲ +3 | PHMGMT-AS1 | 22363 | 98,816 | 98,816 | (0%) | 8,864 | 12,980 | (+46%) | 8,873 | 12,980 | (+46%) |
| 8 | ▲ +11 | ROSTELECOM-AS - PJSC Rostelecom | 12389 | 16,510,720 | 16,577,024 | (0%) | 4,815 | 12,371 | (+157%) | 4,926 | 12,494 | (+154%) |
| 9 | ▲ +22 | AKAMAI-AP Akamai Technologies | 63949 | 697,856 | 718,336 | (+3%) | 3,207 | 12,200 | (+280%) | 3,410 | 12,424 | (+264%) |
| 10 | ▲ +1 | MICROSOFT-CORP-MSN-AS-BLOCK | 8075 | 48,727,296 | 48,738,048 | (0%) | 7,311 | 10,805 | (+48%) | 7,869 | 11,005 | (+40%) |
| 11 | ▼ -4 | AMAZON-02 | 16509 | 43,891,200 | 44,221,696 | (+1%) | 14,982 | 10,757 | (-28%) | 16,722 | 14,667 | (-12%) |
| 12 | ▲ +2 | GOOGLE-CLOUD-PLATFORM | 396982 | 23,911,680 | 24,240,128 | (+1%) | 5,586 | 10,618 | (+90%) | 5,929 | 11,316 | (+91%) |
| 13 | ▲ +72 | TCI - Iran Telecommunication Company PJS | 58224 | 4,029,440 | 4,076,800 | (+1%) | 1,047 | 8,434 | (+706%) | 1,106 | 8,449 | (+664%) |
| 14 | ▼ -1 | CLOUDFLARENET | 13335 | 2,430,976 | 2,466,560 | (+1%) | 6,507 | 8,334 | (+28%) | 8,276 | 13,330 | (+61%) |
| 15 | ▲ +11 | OVH - OVH SAS | 16276 | 4,128,000 | 4,144,896 | (0%) | 4,221 | 8,311 | (+97%) | 5,371 | 10,434 | (+94%) |
| 16 | ▼ -10 | KIXS-AS-KR Korea Telecom | 4766 | 68,784,128 | 69,058,816 | (0%) | 17,236 | 8,226 | (-52%) | 17,514 | 8,351 | (-52%) |
| 17 | ▲ +30 | HATHWAY-NET-AP Hathway IP Over Cable Internet | 17488 | 1,008,128 | 1,010,944 | (0%) | 2,033 | 7,445 | (+266%) | 2,146 | 7,495 | (+249%) |
| 18 | ▲ +4 | AS-COLOCROSSING | 36352 | 768,512 | 767,488 | (-0%) | 4,576 | 6,938 | (+52%) | 6,372 | 8,343 | (+31%) |
| 19 | ▲ +498 | O2-CZECH-REPUBLIC - O2 Czech Republic, a.s. | 5610 | 2,300,160 | 2,296,320 | (-0%) | 91 | 6,895 | (+7,477%) | 91 | 6,895 | (+7,477%) |
| 20 | ▲ +19 | CHINA169-GZ China Unicom IP network China169 Guangdong province | 17816 | 3,948,544 | 3,948,544 | (0%) | 2,668 | 6,812 | (+155%) | 3,576 | 8,490 | (+137%) |
* Indicates change over prior quarter
| Quarterly Update: Hosting Networks |
|||
| Quarter over Quarter: Key Statistics |
Quarter over Quarter: Top Level Domains |
Quarter over Quarter: Registrars |
Quarter over Quarter: Hosting Networks |