Malware Activity in Hosting Networks (ASNs)
January 1, 2021 - March 31, 2021
To see where malware was being served up, or distributed among peer-to-peer hosts, we collected the IP addresses that malware domains and malware URLs were resolving to when malware activity was reported. We then identified the Autonomous System (ASN) where the IP prefix containing the IP address to identif the hosting network where malware were reported.
For the period, we identified 317 with IPv4 addresses reported as serving up or distributing malware:
- 100 hosting networks had 100 or more IPv4 addresses,
- 36 hosting networks had 500 or more IPv4 addresses,
- 23 hosting networks had 1000 or more IPv4 addresses, and
- 5 hosting networks had 5000 or more reported IPv4 addresses.
In the table below, we show the twenty hosting networks with the highest numbers of IPv4 addresses reported as serving up or distributing malware (“Unique Malware Addresses”).
Ranking of Hosting Networks (ASNs) by Number of Malware Records (January to March 2021)
| Rank | AS Name | AS number | # Routed IPv4 Addresses |
Unique Malware Addresses | Total Malware Records ▼ |
| 1 | CHINA169-BACKBONE CHINA UNICOM China169 Backbone | 4837 | 58,760,448 | 37,731 | 78,364 |
| 2 | PTK - Telekomi i Kosoves SH.A. | 8661 | 84,224 | 13,112 | 37,665 |
| 3 | BSNL-NIB National Internet Backbone | 9829 | 10,840,832 | 15,148 | 29,171 |
| 4 | CHINANET-BACKBONE No.31 | 4134 | 115,596,032 | 6,192 | 12,763 |
| 5 | UNIFIEDLAYER-AS-1 | 46606 | 1,393,664 | 955 | 6,607 |
| 6 | CLOUDFLARENET | 13335 | 2,353,664 | 1,106 | 4,154 |
| 7 | CHINA169-GZ China Unicom IP network China169 Guangdong province | 17816 | 3,948,288 | 2,258 | 3,393 |
| 8 | CNCGROUP-GZ China Unicom Guangzhou network | 17622 | 1,352,960 | 1,866 | 2,777 |
| 9 | KIXS-AS-KR Korea Telecom | 4766 | 69,337,344 | 901 | 2,684 |
| 10 | HATHWAY-NET-AP Hathway IP Over Cable Internet | 17488 | 999,680 | 1,690 | 2,652 |
| 11 | DIGITALOCEAN-ASN | 14061 | 2,553,088 | 534 | 2,650 |
| 12 | AS-COLOCROSSING | 36352 | 783,616 | 247 | 2,585 |
| 13 | WIND Telecom S.A. | 27887 | 63,744 | 707 | 2,570 |
| 14 | 15169 | 23,095,552 | 216 | 2,297 | |
| 15 | CMNET-GD Guangdong Mobile Communication Co.Ltd. | 9808 | 62,860,800 | 359 | 1,883 |
| 16 | CNCGROUP-SZ China Unicom Shenzen network | 17623 | 953,856 | 897 | 1,726 |
| 17 | ASIANET Cable ISP in India | 17465 | 116,736 | 742 | 1,698 |
| 18 | VNPT-AS-VN VNPT Corp | 45899 | 19,107,328 | 1,269 | 1,554 |
| 19 | TOT-NET TOT Public Company Limited | 23969 | 5,654,272 | 742 | 1,358 |
| 20 | DROPBOX | 19679 | 131,584 | 4 | 1,305 |
IPv4 addresses may be reported for hosting one or more malware; for example, two or several URLs may contain the same IPv4 address but the PATHS or QUERIES may identify different malware.
In the next table, we rank by the total number of malware records that identify the IPv4 address as serving or distributing malware in ASNs.
Ranking of Hosting Networks (ASNs) by Number of Unique Malware Address (January to March 2021)
| Rank | AS Name | AS number | # Routed IPv4 Addresses |
Unique Malware Addresses ▼ | Total Malware Records |
| 1 | CHINA169-BACKBONE CHINA UNICOM China169 Backbone | 4837 | 58,760,448 | 37,731 | 78,364 |
| 2 | BSNL-NIB National Internet Backbone | 9829 | 10,840,832 | 15,148 | 29,171 |
| 3 | PTK - Telekomi i Kosoves SH.A. | 8661 | 84,224 | 13,112 | 37,665 |
| 4 | CHINANET-BACKBONE No.31 | 4134 | 115,596,032 | 6,192 | 12,763 |
| 5 | CHINA169-GZ China Unicom IP network China169 Guangdong province | 17816 | 3,948,288 | 2,258 | 3,393 |
| 6 | CNCGROUP-GZ China Unicom Guangzhou network | 17622 | 1,352,960 | 1,866 | 2,777 |
| 7 | HATHWAY-NET-AP Hathway IP Over Cable Internet | 17488 | 999,680 | 1,690 | 2,652 |
| 8 | VNPT-AS-VN VNPT Corp | 45899 | 19,107,328 | 1,269 | 1,554 |
| 9 | CLOUDFLARENET | 13335 | 2,353,664 | 1,106 | 4,154 |
| 10 | UNIFIEDLAYER-AS-1 | 46606 | 1,393,664 | 955 | 6,607 |
| 11 | KIXS-AS-KR Korea Telecom | 4766 | 69,337,344 | 901 | 2,684 |
| 12 | CNCGROUP-SZ China Unicom Shenzen network | 17623 | 953,856 | 897 | 1,726 |
| 13 | TELKOMNET-AS-AP PT Telekomunikasi Indonesia | 7713 | 8,194,816 | 862 | 872 |
| 14 | HINET Data Communication Business Group | 3462 | 17,030,144 | 816 | 973 |
| 15 | TOT-NET TOT Public Company Limited | 23969 | 5,654,272 | 742 | 1,358 |
| 16 | ASIANET Cable ISP in India | 17465 | 116,736 | 742 | 1,698 |
| 17 | VIETEL-AS-AP Viettel Group | 7552 | 19,299,584 | 718 | 744 |
| 18 | WIND Telecom S.A. | 27887 | 63,744 | 707 | 2,570 |
| 19 | ROSTELECOM-AS - PJSC Rostelecom | 12389 | 16,430,592 | 652 | 858 |
| 20 | MTNL-AP Mahanagar Telephone Nigam Limited | 17813 | 2,744,320 | 642 | 1,149 |
Activity in Hosting Networks (ASNs)