Statistics
Most Delivery Payload
Average Takedown TimeNumber of submissions (past 30 days)
The chart below documented the number of submissions (unique malware URL) to URLhaus per day over a period of 30 days.
Top Reporters
It wouldn't be possible to operate URLhaus without the help of volunters who report malware URLs to URLhaus. The table below shows the top reporters and their Twitter handle.
| Rank | Reporter | Submissions |
|---|---|---|
| 1 | @zbetcheckin | 76'016 |
| 2 | @Cryptolaemus1 | 36'192 |
| 3 | @shotgunner101 | 19'093 |
| 4 | @spamhaus | 16'668 |
| 5 | @JRoosen | 16'477 |
| 6 | @Gandylyan1 | 10'483 |
| 7 | @0xrb | 9'853 |
| 8 | @JayTHL | 9'593 |
| 9 | @abuse_ch | 8'769 |
| 10 | @unixronin | 8'445 |
| 11 | @JAMESWT_MHT | 6'699 |
| 12 | @ps66uk | 4'536 |
| 13 | @cocaman | 4'084 |
| 14 | @p5yb34m | 3'907 |
| 15 | @oppimaniac | 3'554 |
Blacklist Comparison
URLhaus reports malware distribution sites to Spamhaus DBL, SURBL and Google Safe Browsing (GSB). The statistics below measures the perfomance of these three blacklist providers by counting the number of blacklisted URLs/domain names and compare them against each other.
Spamhaus DBL
SURBL
Google Safe Browsing
Most Delivered Payload
Malware URLs deliver all kind of different payloads. This chart shows the number of payload per malware family (signature) identified / crawled by URLhaus.
Top Tags
Most seen tag associated with malware URLs tracked by URLhaus.
Top Malware Hosting Networks
The chart below shows the top malware hosting network by ASN. Please consider that some of them just offer CDN or proxy services and are hence not hosting the malicious content it self rather than facilitate delivering the malicious payload to the user.
Top malware hosting networks in total (counting online and offline malware distribution sites):
| Rank | ASN | Country | Average Reaction Time | Malware URLs |
|---|---|---|---|---|
| 1 | AS14061 DIGITALOCEAN-ASN - DigitalOcean, LLC |  SG | 5 days, 21 hours, 5 minutes | 29'786 |
| 2 | AS15169 GOOGLE - Google LLC |  US | 7 days, 19 hours, 30 minutes | 11'276 |
| 3 | AS16276 OVH |  FR | 13 days, 11 hours, 53 minutes | 8'513 |
| 4 | AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC | US | 1 month, 4 days, 16 hours, 39 minutes | 7'907 |
| 5 | AS13335 CLOUDFLARENET - Cloudflare, Inc. | US | 20 days, 11 hours, 6 minutes | 5'855 |
| 6 | AS46606 UNIFIEDLAYER-AS-1 - Unified Layer | US | 25 days, 14 hours, 30 minutes | 4'873 |
| 7 | AS16509 AMAZON-02 - Amazon.com, Inc. |  IE | 11 days, 20 hours, 15 minutes | 3'184 |
| 8 | AS4134 CHINANET-BACKBONE No.31,Jin-rong Street |  CN | 20 days, 1 hours, 38 minutes | 3'142 |
| 9 | AS19679 DROPBOX - Dropbox, Inc. |  NL | 4 days, 0 hours, 3 minutes | 2'846 |
| 10 | AS54290 HOSTWINDS - Hostwinds LLC. | US | 9 days, 20 hours, 36 minutes | 2'801 |
| 11 | AS60144 THREE-W-INFRA-AS -- TRANSIT -- | NL | 17 days, 6 hours, 40 minutes | 2'734 |
| 12 | AS36352 AS-COLOCROSSING - ColoCrossing | US | 7 days, 0 hours, 59 minutes | 2'444 |
| 13 | AS53667 PONYNET - FranTech Solutions | US | 21 days, 4 hours, 1 minutes | 2'419 |
| 14 | AS24940 HETZNER-AS |  DE | 12 days, 15 hours, 56 minutes | 2'348 |
| 15 | AS51659 ASBAXET |  RU | 10 days, 0 hours, 16 minutes | 2'166 |
Top malware hosting networks, hosting active malware content (counting online malware distribution sites only):
| Rank | ASN | Country | Average Reaction Time | Malware URLs |
|---|---|---|---|---|
| 1 | AS4134 CHINANET-BACKBONE No.31,Jin-rong Street | CN | 20 days, 1 hours, 38 minutes | 719 |
| 2 | AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC | US | 1 month, 4 days, 16 hours, 39 minutes | 236 |
| 3 | AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone | CN | 19 days, 11 hours, 44 minutes | 186 |
| 4 | AS9318 SKB-AS SK Broadband Co Ltd |  KR | 2 months, 20 days, 15 hours, 47 minutes | 90 |
| 5 | AS16276 OVH | US | 13 days, 11 hours, 53 minutes | 86 |
| 6 | AS37963 CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd. | CN | 1 month, 15 days, 5 hours, 31 minutes | 83 |
| 7 | AS132525 CMNET-HEILONGJIANG-CN HeiLongJiang Mobile Communication Company Limited | CN | 1 day, 3 hours, 58 minutes | 81 |
| 8 | AS46606 UNIFIEDLAYER-AS-1 - Unified Layer | US | 25 days, 14 hours, 30 minutes | 79 |
| 9 | AS54113 FASTLY - Fastly | NL | 14 days, 9 hours, 15 minutes | 77 |
| 10 | AS4766 KIXS-AS-KR Korea Telecom | KR | 1 month, 0 days, 22 hours, 19 minutes | 69 |
| 11 | AS48161 NG-AS Sos. Bucuresti - Ploiesti nr. 42-44 |  RO | 3 months, 0 days, 0 hours, 56 minutes | 60 |
| 12 | AS6877 AS6877 |  UA | 1 month, 22 days, 7 hours, 8 minutes | 60 |
| 13 | AS45090 CNNIC-TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited | CN | 19 days, 17 hours, 3 minutes | 54 |
| 14 | AS14061 DIGITALOCEAN-ASN - DigitalOcean, LLC |  GB | 5 days, 21 hours, 5 minutes | 53 |
| 15 | AS17816 CHINA169-GZ China Unicom IP network China169 Guangdong province | CN | 7 months, 11 days, 23 hours, 24 minutes | 52 |
Takedown Statistics
URLhaus is sending out abuse reports to hosting providers, hosting malware distribution sites. The following chart shows the number of active malware distribution sites and the number of unique abuse reports sent per day.
The following table shows the top 15 hosting providers with the fastest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.
| Rank | ASN  | Country | Online | Offline | Average Reaction Time |
|---|---|---|---|---|---|
| 1 | AS13022 |  AT | 0 | 1 | 5 minutes |
| 2 | AS22438 CLEAR-RATE-COMMUNICATIONS - Clear Rate Communications, Inc. | US | 0 | 1 | 7 minutes |
| 3 | AS34243 WEBAGE | GB | 0 | 1 | 9 minutes |
| 4 | AS8739 ICDSOFT |  HK | 0 | 1 | 9 minutes |
| 5 | AS8267 CYFRONET-AS Metropolitan Area Network Autonomous System |  PL | 0 | 1 | 11 minutes |
| 6 | AS6789 CRELCOM-NET | UA | 0 | 1 | 11 minutes |
| 7 | AS16912 4-LESS-NETWORK - 4 Less Communications, Inc. | US | 0 | 1 | 11 minutes |
| 8 | AS263891 TURBONET INFO E TELECOM |  BR | 0 | 1 | 14 minutes |
| 9 | AS56977 ASSTILAR | RU | 0 | 1 | 15 minutes |
| 10 | AS29953 MORNCOMM - Cygnet Internet Services Inc |  CA | 0 | 1 | 18 minutes |
| 11 | AS29083 DE-WORLDBONE-AS | DE | 0 | 1 | 18 minutes |
| 12 | AS20926 PULSATION-AS | FR | 0 | 1 | 19 minutes |
| 13 | AS12296 ADANET- |  TR | 0 | 1 | 20 minutes |
| 14 | AS35266 EXN-AS | GB | 0 | 2 | 20 minutes |
| 15 | AS16101 ORDIPAT | FR | 0 | 1 | 21 minutes |
The following table shows the top 15 hosting providers with the slowest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.
| Rank | ASN  | Country | Online | Offline | Average Reaction Time |
|---|---|---|---|---|---|
| 1 | AS29713 ELIA-60 - Reliable Hosting Services | US | 0 | 2 | 14 months, 25 days, 10 hours, 35 minutes |
| 2 | AS24165 PHOENIX-NET-TW PHOENIX CATV CO.,LTD |  TW | 0 | 1 | 14 months, 9 days, 2 hours, 5 minutes |
| 3 | AS131259 QX-AS-AP QOXY PTE LTD | SG | 0 | 5 | 13 months, 22 days, 4 hours, 46 minutes |
| 4 | AS44234 GAYA-AS P.O.Hviezdoslava 23B |  SK | 0 | 3 | 13 months, 18 days, 2 hours, 48 minutes |
| 5 | AS38099 KAKAO-AS-KR Kakao Corp | KR | 0 | 2 | 13 months, 3 days, 17 hours, 17 minutes |
| 6 | AS29889 FSNET-1 - Fast Serv Networks, LLC | US | 0 | 7 | 12 months, 20 days, 9 hours, 4 minutes |
| 7 | AS63119 AS-63119 - netirons | US | 0 | 5 | 12 months, 13 days, 11 hours, 35 minutes |
| 8 | AS19332 Marcatel Com, S.A. de C.V. |  MX | 0 | 1 | 12 months, 7 days, 10 hours, 52 minutes |
| 9 | AS16504 GRANITE - Granite Telecommunications LLC | US | 0 | 1 | 12 months, 7 days, 3 hours, 2 minutes |
| 10 | AS20321 Alternativa Gratis |  AR | 0 | 9 | 12 months, 5 days, 9 hours, 11 minutes |
| 11 | AS21500 TNS-AS | UA | 0 | 1 | 12 months, 5 days, 0 hours, 38 minutes |
| 12 | AS14600 MXL-PROD - MX Logic, Inc. | US | 0 | 1 | 12 months, 3 days, 20 hours, 31 minutes |
| 13 | AS132925 |  IN | 0 | 2 | 12 months, 2 days, 22 hours, 52 minutes |
| 14 | AS8468 ENTANET ENTANET International Limited | GB | 0 | 7 | 11 months, 23 days, 1 hours, 56 minutes |
| 15 | AS1756 HAMYAR-AS |  IR | 0 | 1 | 11 months, 22 days, 22 hours, 25 minutes |
The full list of average reaction time over all hosting providers (ASNs) can be found here:
If you are a hosting provider, network owner or national CERT, you can subscribe to the URLhaus feed for your ASN or country here: