Malware Activity: Hosting Networks (ASNs) Quarter over Quarter Comparison January 1, 2022 – March 31, 2022
For purposes of observing change over time, it is useful to compare measurements and metrics over successive reporting periods. Such comparisons illustrate whether malware activities are increasing or decreasing, and where such changes are occurring. Such comparisons can identify identify hosting networks where malware is being hosted and whether or not such activity is persistent or atypical. Investigators or policy makers may focus on these hosting networks for deeper analyses.
Complete lists of Top-level Domains, gTLD registrars and hosting networks (ASNs) where malware was reported for the quarter can be downloaded in CSV format from the Records page.
In the table below, we compare the numbers of malware records reported for hosting malware in hosting networks (ASNs) for two consecutive quarters.
Ranking of Hosting Networks (ASNs) by Number of Malware Records, Quarter over Quarter (January to March 2022)
Hosting Providers with a minimum of 50,000 addresses assigned to the ASN and 25 malware records
| IPv4 Addresses Assigned | Unique Malware Addresses | Total Malware Records | ||||||||||
| Rank | Hosting Provider | ASN | October to December 2021 | January to March 2022 | October to December 2021 | January to March 2022 | October to December 2021 | January to March 2022 ▼ | ||||
| 1 | — | CHINA169-BACKBONE CHINA UNICOM China169 Backbone | 4837 | 59,096,064 | 59,099,904 | (0%) | 64,932 | 52,739 | (-19%) | 151,079 | 177,392 | (+17%) |
| 2 | ▲ +2* | CLOUDFLARENET | 13335 | 2,368,256 | 2,400,768 | (+1%) | 3,032 | 3,279 | (+8%) | 36,035 | 76,555 | (+112%) |
| 3 | ▲ +11 | AMAZON-02 | 16509 | 42,019,328 | 42,591,744 | (+1%) | 695 | 1,308 | (+88%) | 2,737 | 62,804 | (+2,195%) |
| 4 | ▼ -1 | BSNL-NIB National Internet Backbone | 9829 | 10,828,288 | 10,849,792 | (0%) | 24,153 | 18,134 | (-25%) | 43,511 | 32,278 | (-26%) |
| 5 | ▼ -3 | CHINANET-BACKBONE No.31 | 4134 | 112,990,720 | 113,161,984 | (0%) | 19,767 | 12,641 | (-36%) | 43,552 | 29,259 | (-33%) |
| 6 | ▼ -1 | CHINA169-GZ China Unicom IP network China169 Guangdong province | 17816 | 3,948,288 | 3,948,288 | (0%) | 13,409 | 9,115 | (-32%) | 25,397 | 15,668 | (-38%) |
| 7 | ▲ +4 | QUANTILNETWORKS | 54994 | 122,112 | 116,992 | (-4%) | 32 | 40 | (+25%) | 3,259 | 7,758 | (+138%) |
| 8 | ▲ +19 | ALIBABA-CN-NET Hangzhou Alibaba Advertising Co. | 37963 | 16,118,016 | 18,478,592 | (+15%) | 491 | 667 | (+36%) | 1,465 | 6,782 | (+363%) |
| 9 | ▲ +8 | UNICOM-CN China Unicom IP network | 133119 | 219,904 | 219,904 | (0%) | 6 | 5 | (-17%) | 2,635 | 6,274 | (+138%) |
| 10 | ▲ +3 | DIGITALOCEAN-ASN | 14061 | 2,652,416 | 2,696,960 | (+2%) | 873 | 2,453 | (+181%) | 3,088 | 3,975 | (+29%) |
| 11 | ▲ +58 | CDN77 - Datacamp Limited | 60068 | 62,464 | 61,696 | (-1%) | 9 | 20 | (+122%) | 286 | 3,871 | (+1,253%) |
| 12 | ▼ -3 | UNIFIEDLAYER-AS-1 | 46606 | 1,393,920 | 1,133,568 | (-19%) | 1,787 | 1,887 | (+6%) | 6,087 | 3,862 | (-37%) |
| 13 | ▼ -5 | HATHWAY-NET-AP Hathway IP Over Cable Internet | 17488 | 1,008,128 | 1,006,592 | (-0%) | 4,770 | 2,241 | (-53%) | 7,596 | 3,647 | (-52%) |
| 14 | ▲ +5 | OVH - OVH SAS | 16276 | 3,979,264 | 4,043,520 | (+2%) | 751 | 1,239 | (+65%) | 2,501 | 3,485 | (+39%) |
| 15 | ▲ +3 | HINET Data Communication Business Group | 3462 | 17,025,792 | 17,026,048 | (0%) | 1,314 | 1,651 | (+26%) | 2,610 | 3,148 | (+21%) |
| 16 | N/R** | MICROSOFT-CORP-MSN-AS-BLOCK | 8068 | 18,688 | 18,176 | (-3%) | 6 | 4 | (-33%) | 20,217 | 2,535 | (-87%) |
| 17 | ▼ -1 | AS-26496-GO-DADDY-COM-LLC | 26496 | 1,523,200 | 1,554,688 | (+2%) | 797 | 880 | (+10%) | 2,646 | 2,425 | (-8%) |
| 18 | ▼ -12 | CNCGROUP-GZ China Unicom Guangzhou network | 17622 | 1,365,504 | 1,371,648 | (0%) | 7,781 | 1,742 | (-78%) | 14,189 | 2,411 | (-83%) |
| 19 | ▲ +4 | AS-COLOCROSSING | 36352 | 782,848 | 771,328 | (-1%) | 272 | 335 | (+23%) | 1,979 | 2,075 | (+5%) |
| 20 | ▲ +63 | TENCENT-NET-AP-CN Tencent Building | 132203 | 1,937,664 | 2,061,568 | (+6%) | 111 | 1,919 | (+1,629%) | 221 | 2,067 | (+835%) |
* Indicates change over prior quarter
** Indicates not ranked in prior quarter; either number of addresses or number of malware records did not meet minimum threshold for ranking
Ranking of Hosting Networks (ASNs) by Number of Unique Malware Addresses, Quarter over Quarter (January to March 2022)
Hosting Providers with a minimum of 50,000 addresses assigned to the ASN and 25 malware records
| IPv4 Addresses Assigned | Unique Malware Addresses | Total Malware Records | ||||||||||
| Rank | Hosting Provider | ASN | October to December 2021 | January to March 2022 | October to December 2021 | January to March 2022 ▼ | October to December 2021 | January to March 2022 | ||||
| 1 | — | CHINA169-BACKBONE CHINA UNICOM China169 Backbone | 4837 | 59,096,064 | 59,099,904 | (0%) | 64,932 | 52,739 | (-19%) | 151,079 | 177,392 | (+17%) |
| 2 | — | BSNL-NIB National Internet Backbone | 9829 | 10,828,288 | 10,849,792 | (0%) | 24,153 | 18,134 | (-25%) | 43,511 | 32,278 | (-26%) |
| 3 | — | CHINANET-BACKBONE No.31 | 4134 | 112,990,720 | 113,161,984 | (0%) | 19,767 | 12,641 | (-36%) | 43,552 | 29,259 | (-33%) |
| 4 | — | CHINA169-GZ China Unicom IP network China169 Guangdong province | 17816 | 3,948,288 | 3,948,288 | (0%) | 13,409 | 9,115 | (-32%) | 25,397 | 15,668 | (-38%) |
| 5 | ▲ +3* | CLOUDFLARENET | 13335 | 2,368,256 | 2,400,768 | (+1%) | 3,032 | 3,279 | (+8%) | 36,035 | 76,555 | (+112%) |
| 6 | ▲ +8 | DIGITALOCEAN-ASN | 14061 | 2,652,416 | 2,696,960 | (+2%) | 873 | 2,453 | (+181%) | 3,088 | 3,975 | (+29%) |
| 7 | ▼ -1 | HATHWAY-NET-AP Hathway IP Over Cable Internet | 17488 | 1,008,128 | 1,006,592 | (-0%) | 4,770 | 2,241 | (-53%) | 7,596 | 3,647 | (-52%) |
| 8 | ▲ +58 | TENCENT-NET-AP-CN Tencent Building | 132203 | 1,937,664 | 2,061,568 | (+6%) | 111 | 1,919 | (+1,629%) | 221 | 2,067 | (+835%) |
| 9 | ▲ +2 | UNIFIEDLAYER-AS-1 | 46606 | 1,393,920 | 1,133,568 | (-19%) | 1,787 | 1,887 | (+6%) | 6,087 | 3,862 | (-37%) |
| 10 | ▼ -5 | CNCGROUP-GZ China Unicom Guangzhou network | 17622 | 1,365,504 | 1,371,648 | (0%) | 7,781 | 1,742 | (-78%) | 14,189 | 2,411 | (-83%) |
| 11 | ▲ +2 | HINET Data Communication Business Group | 3462 | 17,025,792 | 17,026,048 | (0%) | 1,314 | 1,651 | (+26%) | 2,610 | 3,148 | (+21%) |
| 12 | ▲ +8 | AMAZON-02 | 16509 | 42,019,328 | 42,591,744 | (+1%) | 695 | 1,308 | (+88%) | 2,737 | 62,804 | (+2,195%) |
| 13 | ▲ +5 | OVH - OVH SAS | 16276 | 3,979,264 | 4,043,520 | (+2%) | 751 | 1,239 | (+65%) | 2,501 | 3,485 | (+39%) |
| 14 | N/R** | Telefonica del Sur S.A. | 14117 | 912,640 | 913,920 | (0%) | 5 | 1,157 | (+23,040%) | 6 | 1,158 | (+19,200%) |
| 15 | ▼ -3 | MTNL-AP Mahanagar Telephone Nigam Limited | 17813 | 2,729,984 | 2,729,728 | (-0%) | 1,393 | 1,062 | (-24%) | 2,656 | 1,995 | (-25%) |
| 16 | ▼ -6 | CNCGROUP-SZ China Unicom Shenzen network | 17623 | 950,528 | 942,336 | (-1%) | 1,882 | 1,051 | (-44%) | 3,141 | 1,738 | (-45%) |
| 17 | ▼ -8 | VNPT-AS-VN VNPT Corp | 45899 | 19,346,432 | 19,409,408 | (0%) | 1,994 | 892 | (-55%) | 4,217 | 2,024 | (-52%) |
| 18 | ▼ -2 | AS-26496-GO-DADDY-COM-LLC | 26496 | 1,523,200 | 1,554,688 | (+2%) | 797 | 880 | (+10%) | 2,646 | 2,425 | (-8%) |
| 19 | ▲ +4 | KIXS-AS-KR Korea Telecom | 4766 | 68,272,384 | 68,267,008 | (-0%) | 541 | 829 | (+53%) | 1,615 | 1,625 | (+1%) |
| 20 | ▲ +14 | TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited | 45090 | 11,675,904 | 11,942,912 | (+2%) | 274 | 793 | (+189%) | 356 | 912 | (+156%) |
* Indicates change over prior quarter
** Indicates not ranked in prior quarter; either number of addresses or number of malware records did not meet minimum threshold for ranking
Quarter over Quarter Comparisons of:
Activity in Hosting Networks (ASNs)