World Hosts Report - March 2013


As malware continues to evolve, and cybercriminals continue to learn, one particular fundamental remains constant – almost all malicious threats are physically hosted somewhere. For this reason, it remains as important as ever to examine hosting practices and standards and consider how they can be improved.

One such way is to measure levels of cybercriminal activity on servers around the world, and attempt to quantify the results. Such has been the aim of HostExploit’s World Hosts Report (formerly Top 50 Bad Hosts) since publication began in 2009. The quarterly reports examine all 43,000+ publicly-routed Autonomous Systems in the world, gathering data on infected websites, botnets, spam and other activity, before combining the research with trusted community sources and analyzing the results.

The report makes suitable reading for service providers, security professionals, webmasters and policymakers alike. For the most part, the reader is left to draw their own conclusions, as numbers speak for themselves. However, it should be stressed that most malicious content is not hosted knowingly – often it is as a result of inaction, and sometimes hosts can be the victims.

This quarter we see the return of Dutch hosting provider Ecatel to the #1 rank, having held the position at various times in the past. Ecatel does not top the rankings for any particular category of activity, but rather for a consistently poor showing across the board.


PDF document
English 926.17K Download
PDF document
German 946.51K Download
PDF document
Russian 838.46K Download


Editor Jart Armin
Contributors Steve Burn
Greg Feezel
Andrew Fields
David Glosser
Niels Groeneveld
Matthias Simonis
Will Rogofsky
Philip Stranger
Bryn Thompson
DeepEnd Research
Reviewers Dr. Bob Bruen
Raoul Chiesa
Peter Kruse
Andre’ DiMino
Thorsten Kraft
Andrey Komarov
Godert Jan van Manen
Steven Dondorp


We welcome any feedback relating to this paper or assistance in this area of research from the community.

Get in touch.