Statistics
Most Delivery Payload
Average Takedown TimeNumber of submissions (past 30 days)
The chart below documents the number of submissions (unique malware URL) to URLhaus per day over a period of 30 days.
Top Reporters
It wouldn't be possible to operate URLhaus without the help of volunteers who report malware URLs to URLhaus. The table below shows the top reporters and their Twitter handle.
| Rank | Reporter | Submissions |
|---|---|---|
| 1 | @zbetcheckin | 92'298 |
| 2 | @Gandylyan1 | 40'532 |
| 3 | @Cryptolaemus1 | 39'807 |
| 4 | @spamhaus | 33'044 |
| 5 | @p5yb34m | 22'639 |
| 6 | @shotgunner101 | 19'126 |
| 7 | @JayTHL | 19'041 |
| 8 | @abuse_ch | 16'632 |
| 9 | @JRoosen | 16'481 |
| 10 | @0xrb | 12'460 |
| 11 | @unixronin | 8'469 |
| 12 | @JAMESWT_MHT | 7'688 |
| 13 | @ps66uk | 5'019 |
| 14 | @cocaman | 4'334 |
| 15 | @oppimaniac | 3'852 |
Blacklist Comparison
URLhaus reports malware distribution sites to Spamhaus DBL, SURBL and Google Safe Browsing (GSB). In addition, several vendors of IT-security software are consuming URLhaus feeds to enrich their product(s). The statistics below measures the perfomance of several blacklist and DNS providers by counting the number of blacklisted domain names and compare them against each other.
Spamhaus DBL
SURBL
AdGuard DNS
Quad9 DNS
Most Delivered Payload
Malware URLs deliver all kind of different payloads. This chart shows the number of payload per malware family (signature) identified / crawled by URLhaus.
Top Tags
Most seen tag associated with malware URLs tracked by URLhaus.
Top Malware Hosting Networks
The chart below shows the top malware hosting network by ASN. Please consider that some of them just offer CDN or proxy services and are hence not hosting the malicious content it self rather than facilitate delivering the malicious payload to the user.
Top malware hosting networks in total (counting online and offline malware distribution sites):
| Rank | ASN | Country | Average Reaction Time | Malware URLs |
|---|---|---|---|---|
| 1 | AS14061 DIGITALOCEAN-ASN |  US | 5 days, 3 hours, 7 minutes | 35'255 |
| 2 | AS15169 GOOGLE | US | 9 days, 15 hours, 29 minutes | 16'444 |
| 3 | AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone |  CN | 6 days, 4 hours, 21 minutes | 12'385 |
| 4 | AS13335 CLOUDFLARENET | US | 10 days, 19 hours, 0 minutes | 11'381 |
| 5 | AS16276 OVH |  FR | 11 days, 17 hours, 55 minutes | 11'295 |
| 6 | AS46606 UNIFIEDLAYER-AS-1 | US | 15 days, 6 hours, 7 minutes | 10'819 |
| 7 | AS26496 AS-26496-GO-DADDY-COM-LLC | US | 21 days, 1 hours, 44 minutes | 10'223 |
| 8 | AS4134 CHINANET-BACKBONE No.31,Jin-rong Street | CN | 16 days, 4 hours, 4 minutes | 8'711 |
| 9 | AS132525 CMNET-HEILONGJIANG-CN HeiLongJiang Mobile Communication Company Limited | CN | 1 day, 6 hours, 31 minutes | 5'769 |
| 10 | AS54290 HOSTWINDS | US | 8 days, 20 hours, 16 minutes | 4'585 |
| 11 | AS22611 IMH-WEST | US | 2 days, 14 hours, 46 minutes | 4'435 |
| 12 | AS32244 LIQUIDWEB | US | 16 days, 11 hours, 48 minutes | 4'125 |
| 13 | AS16509 AMAZON-02 |  IE | 10 days, 21 hours, 34 minutes | 3'511 |
| 14 | AS7506 INTERQ GMO Internet,Inc |  JP | 5 days, 15 hours, 10 minutes | 3'495 |
| 15 | AS208286 MAXTV |  XK | 16 days, 22 hours, 7 minutes | 3'477 |
Top malware hosting networks, hosting active malware content (counting online malware distribution sites only):
| Rank | ASN | Country | Average Reaction Time | Malware URLs |
|---|---|---|---|---|
| 1 | AS8068 MICROSOFT-CORP-MSN-AS-BLOCK | US | 1 month, 21 days, 17 hours, 36 minutes | 540 |
| 2 | AS15169 GOOGLE | US | 9 days, 15 hours, 29 minutes | 156 |
| 3 | AS42864 GIGANET-HU GigaNet Internet Service Provider Co |  HR | 9 days, 15 hours, 5 minutes | 117 |
| 4 | AS4766 KIXS-AS-KR Korea Telecom |  KR | 1 month, 3 days, 14 hours, 28 minutes | 109 |
| 5 | AS9318 SKB-AS SK Broadband Co Ltd | KR | 2 months, 5 days, 8 hours, 24 minutes | 104 |
| 6 | AS4134 CHINANET-BACKBONE No.31,Jin-rong Street | CN | 16 days, 4 hours, 4 minutes | 82 |
| 7 | AS206898 BLADESERVERS |  NL | 26 days, 6 hours, 35 minutes | 81 |
| 8 | AS44685 REBECCAHOST | US | 18 days, 17 hours, 10 minutes | 61 |
| 9 | AS8551 BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone |  IL | 2 months, 10 days, 16 hours, 55 minutes | 45 |
| 10 | AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone | CN | 6 days, 4 hours, 21 minutes | 44 |
| 11 | AS7018 ATT-INTERNET4 | US | 1 month, 20 days, 10 hours, 10 minutes | 41 |
| 12 | AS6849 UKRTELNET |  UA | 10 days, 18 hours, 14 minutes | 33 |
| 13 | AS7922 COMCAST-7922 | US | 1 month, 21 days, 8 hours, 44 minutes | 32 |
| 14 | AS48161 NG-AS Sos. Bucuresti - Ploiesti nr. 42-44 |  RO | 4 months, 5 days, 17 hours, 4 minutes | 31 |
| 15 | AS199264 XEMU XEMU |  EE | 4 days, 15 hours, 53 minutes | 29 |
Takedown Statistics
URLhaus is sending out abuse reports to hosting providers, hosting malware distribution sites. The following chart shows the number of active malware distribution sites and the number of unique abuse reports sent per day.
The following table shows the top 15 hosting providers with the fastest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.
| Rank | ASN  | Country | Online | Offline | Average Reaction Time |
|---|---|---|---|---|---|
| 1 | AS136665 ELLFIBER-AS Ell Innovations Pvt Ltd |  IN | 0 | 1 | 1 minute |
| 2 | AS13022 STREAMS_GMBH |  AT | 0 | 1 | 5 minutes |
| 3 | AS22438 CLEAR-RATE-COMMUNICATIONS | US | 0 | 1 | 7 minutes |
| 4 | AS34243 WEBAGE |  GB | 0 | 1 | 9 minutes |
| 5 | AS10103 HKBN-AS-AP HK Broadband Network Ltd. |  HK | 0 | 1 | 9 minutes |
| 6 | AS6789 CRELCOM-NET | UA | 0 | 1 | 11 minutes |
| 7 | AS46652 SERVERSTACK-ASN | US | 0 | 4 | 11 minutes |
| 8 | AS16912 4-LESS-NETWORK | US | 0 | 1 | 11 minutes |
| 9 | AS43578 BITNAP bitNAP Datacenter 01 Barcelona |  ES | 0 | 1 | 11 minutes |
| 10 | AS52078 MARTEL |  PL | 0 | 1 | 14 minutes |
| 11 | AS263891 TURBONET INFO E TELECOM |  BR | 0 | 1 | 14 minutes |
| 12 | AS56977 ASSTILAR |  RU | 0 | 1 | 15 minutes |
| 13 | AS38186 FTG-AS-AP Forewin Telecom Group Limited, ISP at | HK | 0 | 2 | 17 minutes |
| 14 | AS133699 ZIPTELIT-AS-IN Ziptel IT Solutions Pvt Ltd | IN | 0 | 1 | 18 minutes |
| 15 | AS29953 MORNCOMM |  CA | 0 | 1 | 18 minutes |
The following table shows the top 15 hosting providers with the slowest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.
| Rank | ASN  | Country | Online | Offline | Average Reaction Time |
|---|---|---|---|---|---|
| 1 | AS61165 UMOS-AS | RU | 0 | 1 | 19 months, 29 days, 16 hours, 34 minutes |
| 2 | AS48278 UKRDATACOM-NET-AS | UA | 0 | 1 | 19 months, 10 days, 8 hours, 22 minutes |
| 3 | AS137693 CHINATELECOM-GUANGXI-NANNING-IDC CHINATELECOM Guangxi Nanning IDC networkdescr: NanningGuangxi Province, P.R.China. | CN | 0 | 7 | 17 months, 25 days, 21 hours, 44 minutes |
| 4 | AS134768 CHINANET-SHAANXI-CLOUD-BASE CHINANET SHAANXI province Cloud Base network | CN | 0 | 1 | 16 months, 29 days, 21 hours, 3 minutes |
| 5 | AS7843 TWC-7843-BB | US | 1 | 1 | 16 months, 16 days, 22 hours, 26 minutes |
| 6 | AS34320 MNW-AS | RU | 0 | 4 | 15 months, 27 days, 12 hours, 15 minutes |
| 7 | AS6354 LYCOS | US | 0 | 1 | 14 months, 28 days, 16 hours, 13 minutes |
| 8 | AS29713 ELIA-60 | US | 0 | 2 | 14 months, 25 days, 10 hours, 35 minutes |
| 9 | AS58542 CHINATELECOM-TIANJIN Tianjij,300000 | CN | 1 | 1 | 14 months, 16 days, 7 hours, 0 minutes |
| 10 | AS9811 BJGY srit corp.,beijing. | CN | 4 | 1 | 14 months, 13 days, 9 hours, 1 minutes |
| 11 | AS35401 SUNLINK-AS Sunlink Telecom ISP, Tula, Russia | RU | 0 | 1 | 14 months, 13 days, 3 hours, 56 minutes |
| 12 | AS204736 NIDATLKM |  TR | 0 | 1 | 14 months, 10 days, 18 hours, 16 minutes |
| 13 | AS24165 UBBNET-AS-TW UNION BROADBAND NETWORK |  TW | 0 | 1 | 14 months, 9 days, 6 hours, 12 minutes |
| 14 | AS29413 KOMRO-AS Komro Telekommunikations GmbH |  DE | 0 | 1 | 14 months, 5 days, 20 hours, 49 minutes |
| 15 | AS17227 ATT-CERFNET-BLOCK | US | 0 | 1 | 14 months, 3 days, 19 hours, 1 minutes |
The full list of average reaction time over all hosting providers (ASNs) can be found here:
If you are a hosting provider, network owner or national CERT, you can subscribe to the URLhaus feed for your ASN or country here: