Malware Activity in Hosting Networks (ASNs)
July 1, 2021 - September 30, 2021

To see where malware was being served up, or distributed among peer-to-peer hosts, we collected the IP addresses that malware domains and malware URLs were resolving to when malware activity was reported. We then identified the Autonomous System (ASN) where the IP prefix containing the IP address to identif the hosting network where malware were reported.

For the period, we identified 266 with IPv4 addresses reported as serving up or distributing malware:

- 56 hosting networks had 100 or more IPv4 addresses,

- 18 hosting networks had 500 or more IPv4 addresses,

- 33 hosting networks had 1000 or more IPv4 addresses, and

- 6 hosting networks had 5000 or more reported IPv4 addresses.

In the table below, we show the twenty hosting networks with the highest numbers of IPv4 addresses reported as serving up or distributing malware (“Unique Malware Addresses”).

Ranking of Hosting Networks (ASNs) by Number of Malware Records (July to September 2021)

Rank AS Name AS number # Routed
IPv4 Addresses		 Unique Malware Addresses Total Malware Records ▼
1 CHINA169-BACKBONE CHINA UNICOM China169 Backbone 4837 59,102,208 64,332 144,373
2 BSNL-NIB National Internet Backbone 9829 10,832,128 24,843 53,319
3 CHINA169-GZ China Unicom IP network China169 Guangdong province 17816 3,948,288 20,697 42,184
4 CHINANET-BACKBONE No.31 4134 115,205,120 14,508 35,045
5 CNCGROUP-GZ China Unicom Guangzhou network 17622 1,355,776 7,054 12,380
6 HATHWAY-NET-AP Hathway IP Over Cable Internet 17488 999,168 5,264 8,844
7 CNSERVERS 40065 569,600 30 8,152
8 VNPT-AS-VN VNPT Corp 45899 19,169,536 2,387 5,445
9 CLOUDFLARENET 13335 2,355,968 3,032 5,097
10 WIND Telecom S.A. 27887 63,744 1,882 4,582
11 CNCGROUP-SZ China Unicom Shenzen network 17623 958,976 2,590 4,395
12 GOOGLE 15169 23,095,040 234 3,276
13 CMNET-GD Guangdong Mobile Communication Co.Ltd. 9808 63,492,608 326 2,749
14 DIGITALOCEAN-ASN 14061 2,599,168 477 2,404
15 HINET Data Communication Business Group 3462 17,027,328 1,114 2,400
16 AS-COLOCROSSING 36352 783,104 228 2,366
17 TOT-NET TOT Public Company Limited 23969 5,655,808 869 2,344
18 MTNL-AP Mahanagar Telephone Nigam Limited 17813 2,729,984 1,088 2,244
19 TELEFONICA BRASIL S.A 26599 23,453,184 949 1,907
20 NAMECHEAP-NET 22612 91,392 739 1,854

IPv4 addresses may be reported for hosting one or more malware; for example, two or several URLs may contain the same IPv4 address but the PATHS or QUERIES may identify different malware.

In the next table, we rank by the total number of malware records that identify the IPv4 address as serving or distributing malware in ASNs.

Ranking of Hosting Networks (ASNs) by Number of Unique Malware Address (July to September 2021)

Rank AS Name AS number # Routed
IPv4 Addresses		 Unique Malware Addresses ▼ Total Malware Records
1 CHINA169-BACKBONE CHINA UNICOM China169 Backbone 4837 59,102,208 64,332 144,373
2 BSNL-NIB National Internet Backbone 9829 10,832,128 24,843 53,319
3 CHINA169-GZ China Unicom IP network China169 Guangdong province 17816 3,948,288 20,697 42,184
4 CHINANET-BACKBONE No.31 4134 115,205,120 14,508 35,045
5 CNCGROUP-GZ China Unicom Guangzhou network 17622 1,355,776 7,054 12,380
6 HATHWAY-NET-AP Hathway IP Over Cable Internet 17488 999,168 5,264 8,844
7 CLOUDFLARENET 13335 2,355,968 3,032 5,097
8 CNCGROUP-SZ China Unicom Shenzen network 17623 958,976 2,590 4,395
9 VNPT-AS-VN VNPT Corp 45899 19,169,536 2,387 5,445
10 WIND Telecom S.A. 27887 63,744 1,882 4,582
11 HINET Data Communication Business Group 3462 17,027,328 1,114 2,400
12 MTNL-AP Mahanagar Telephone Nigam Limited 17813 2,729,984 1,088 2,244
13 ASIANET Cable ISP in India 17465 116,736 1,014 1,496
14 TELEFONICA BRASIL S.A 26599 23,453,184 949 1,907
15 TOT-NET TOT Public Company Limited 23969 5,655,808 869 2,344
16 UNIFIEDLAYER-AS-1 46606 1,393,152 851 1,607
17 ROSTELECOM-AS - PJSC Rostelecom 12389 16,400,128 796 1,282
18 NAMECHEAP-NET 22612 91,392 739 1,854
19 AS-26496-GO-DADDY-COM-LLC 26496 1,522,944 490 1,463
20 DIGITALOCEAN-ASN 14061 2,599,168 477 2,404