World Hosts Report - September 2013


For the first time, hosts registered in a single country – the United States – occupy the worst three places in the Top 50 list of hosts and networks.

Examining hosting practices and standards is as relevant as ever in the quest for much needed improvements to a system that has few enforceable restraints.

Quantification through the measurement of levels of cybercriminal activity on servers around the world is one way to achieve this aim. Since 2009, HostExploit’s World Hosts Report (formerly Top 50 Bad Hosts) has been examining all 44,000+ publicly-routed Autonomous Systems in the world, gathering data on infected websites, botnets, spam and other activity, before combining the research with trusted community sources and to arrive at a reliable analysis of the results.

The report makes suitable reading for service providers, security professionals, webmasters and policymakers alike. For the most part, the reader is left to draw their own conclusions, as numbers speak for themselves. However, it should be stressed that most malicious content is not hosted knowingly – often it is as a result of inaction, and sometimes hosts can be the victims.

However, it remains true that all cybercrime, cyber-attacks, and Internet badness is hosted from someone and from somewhere; i.e. located on and allocated to an ASN. So it makes sense that this is where we should start in the continuing quest for solutions.

The reports continue to add value within a wider scope of cyber threat mitigation, as demonstrated by HostExploit's participation in the EU-funded Advanced Cyber Defence Centre project (ACDC).

The project has been publicly introduced this week at the Internet Security Days 2013 conference in Cologne. Topics covered include a Centralized Clearing House, standards workflow and European wide cyber defence centres, and how these assets can contribute to an improved understanding and mitigation of complex botnets. Ultimately, this will have knock-on effects in improving standards of malware detection, research, and related scientific activities within the security industry.

Additionally, Jart Armin will be presenting at the M3AAWG General Meeting in Montreal, Canada, October 21 - 24 2013 on the subject of hosts and the World Hosts Report.


PDF document
English 943.05K Download
PDF document
German 960.18K Download
PDF document
Russian 846.08K Download
PDF document
Spanish 969.44K Download


Editor Jart Armin
Contributors Steve Burn
Greg Feezel
Andrew Fields
David Glosser
Niels Groeneveld
Matthias Simonis
Will Rogofsky
Philip Stranger
Bryn Thompson
DeepEnd Research
Reviewers Dr. Bob Bruen
Raoul Chiesa
Peter Kruse
Andre’ DiMino
Thorsten Kraft
Andrey Komarov
Godert Jan van Manen
Steven Dondorp
Edgardo Montes de Oca


We welcome any feedback relating to this paper or assistance in this area of research from the community.

Get in touch.