Statistics

Most Delivery Payload

Heodo

Show

Average Takedown Time

17 days, 21 hours, 34 minutes

Show

Top Malware Hosting Network

AS4134 CHINANET-BACKBONE

Show

Number of submissions (past 30 days)

The chart below documented the number of submissions (unique malware URL) to URLhaus per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate URLhaus without the help of volunters who report malware URLs to URLhaus. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Submissions
1	@zbetcheckin	71'836
2	@Cryptolaemus1	30'663
3	@shotgunner101	19'093
4	@JRoosen	16'479
5	@spamhaus	12'727
6	@0xrb	9'716
7	@JayTHL	8'713
8	@unixronin	8'406
9	@abuse_ch	8'243
10	@JAMESWT_MHT	6'545
11	@ps66uk	4'511
12	@cocaman	3'841
13	@p5yb34m	3'800
14	@Petras_Simeon	3'485
15	@oppimaniac	3'393

Blacklist Comparison

URLhaus reports malware distribution sites to Spamhaus DBL, SURBL and Google Safe Browsing (GSB). The statistics below measures the perfomance of these three blacklist providers by counting the number of blacklisted URLs/domain names and compare them against each other.

Spamhaus DBL

SURBL

Google Safe Browsing

Disclaimer: The blacklist comparison does only consider active malware distribution sites tracked by URLhaus. While Google Safe Browsing is a URL based blacklist, Spamhaus DBL and SURBL are domain based datasets.

Most Delivered Payload

Malware URLs deliver all kind of different payloads. This chart shows the number of payload per malware family (signature) identified / crawled by URLhaus.

Top Tags

Most seen tag associated with malware URLs tracked by URLhaus.

Top Malware Hosting Networks

The chart below shows the top malware hosting network by ASN. Please consider that some of them just offer CDN or proxy services and are hence not hosting the malicious content it self rather than facilitate delivering the malicious payload to the user.

Top malware hosting networks in total (counting online and offline malware distribution sites):

Rank	ASN	Country	Average Reaction Time	Malware URLs
1	AS14061 DIGITALOCEAN-ASN - DigitalOcean, LLC	SG	4 days, 1 hours, 34 minutes	28'581
2	AS16276 OVH	FR	9 days, 21 hours, 43 minutes	7'905
3	AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC	US	10 days, 15 hours, 46 minutes	7'182
4	AS15169 GOOGLE - Google LLC	US	10 days, 22 hours, 43 minutes	6'202
5	AS46606 UNIFIEDLAYER-AS-1 - Unified Layer	US	9 days, 17 hours, 35 minutes	4'532
6	AS13335 CLOUDFLARENET - Cloudflare, Inc.	US	9 days, 19 hours, 9 minutes	4'337
7	AS16509 AMAZON-02 - Amazon.com, Inc.	IE	8 days, 11 hours, 32 minutes	2'876
8	AS60144 THREE-W-INFRA-AS -- TRANSIT --	NL	17 days, 6 hours, 40 minutes	2'733
9	AS54290 HOSTWINDS - Hostwinds LLC.	US	8 days, 6 hours, 56 minutes	2'451
10	AS36352 AS-COLOCROSSING - ColoCrossing	US	5 days, 16 hours, 10 minutes	2'367
11	AS53667 PONYNET - FranTech Solutions	US	13 days, 20 hours, 57 minutes	2'312
12	AS24940 HETZNER-AS	DE	4 days, 21 hours, 22 minutes	2'221
13	AS51659 ASBAXET	RU	10 days, 2 hours, 35 minutes	2'149
14	AS31034 ARUBA-ASN	IT	7 days, 9 hours, 1 minutes	2'027
15	AS40034 CONFLUENCE-NETWORK-INC - Confluence Networks Inc	VG	2 days, 1 hours, 38 minutes	1'869

Top malware hosting networks, hosting active malware content (counting online malware distribution sites only):

Rank	ASN	Country	Average Reaction Time	Malware URLs
1	AS15169 GOOGLE - Google LLC	US	10 days, 22 hours, 43 minutes	950
2	AS4134 CHINANET-BACKBONE No.31,Jin-rong Street	CN	2 months, 9 days, 9 hours, 30 minutes	464
3	AS4766 KIXS-AS-KR Korea Telecom	KR	25 days, 12 hours, 20 minutes	108
4	AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone	CN	2 months, 15 days, 2 hours, 59 minutes	92
5	AS46606 UNIFIEDLAYER-AS-1 - Unified Layer	US	9 days, 17 hours, 35 minutes	90
6	AS54290 HOSTWINDS - Hostwinds LLC.	US	8 days, 6 hours, 56 minutes	81
7	AS54113 FASTLY - Fastly	NL	9 days, 19 hours, 3 minutes	75
8	AS16276 OVH	FR	9 days, 21 hours, 43 minutes	73
9	AS6877 AS6877	UA	0 minute	65
10	AS13335 CLOUDFLARENET - Cloudflare, Inc.	US	9 days, 19 hours, 9 minutes	64
11	AS48161 NG-AS Sos. Bucuresti - Ploiesti nr. 42-44	RO	3 months, 0 days, 0 hours, 27 minutes	63
12	AS53667 PONYNET - FranTech Solutions	US	13 days, 20 hours, 57 minutes	51
13	AS8068 MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation	US	18 days, 21 hours, 6 minutes	41
14	AS36352 AS-COLOCROSSING - ColoCrossing	US	5 days, 16 hours, 10 minutes	40
15	AS58563 CHINATELECOM-HUBEI-IDC CHINANET Hubei province network	CN	15 days, 12 hours, 42 minutes	37

Takedown Statistics

URLhaus is sending out abuse reports to hosting providers, hosting malware distribution sites. The following chart shows the number of active malware distribution sites and the number of unique abuse reports sent per day.

The following table shows the top 15 hosting providers with the fastest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.

Rank	ASN	Country	Offline	Average Reaction Time
1	AS13022	AT	1	5 minutes
2	AS22438 CLEAR-RATE-COMMUNICATIONS - Clear Rate Communications, Inc.	US	1	7 minutes
3	AS34243 WEBAGE	GB	1	9 minutes
4	AS8267 CYFRONET-AS Metropolitan Area Network Autonomous System	PL	1	11 minutes
5	AS6789 CRELCOM-NET	UA	1	11 minutes
6	AS16912 4-LESS-NETWORK - 4 Less Communications, Inc.	US	1	11 minutes
7	AS197595 OBE	SE	1	12 minutes
8	AS206566 SAVANA	CZ	1	12 minutes
9	AS263891 TURBONET INFO E TELECOM	BR	1	14 minutes
10	AS56977 ASSTILAR	RU	1	15 minutes
11	AS34240 MANITU	DE	1	15 minutes
12	AS43758 H88-PL-AS	PL	1	17 minutes
13	AS29953 MORNCOMM - Cygnet Internet Services Inc	CA	1	18 minutes
14	AS29083 DE-WORLDBONE-AS	DE	1	18 minutes
15	AS20926 PULSATION-AS	FR	1	19 minutes

The following table shows the top 15 hosting providers with the slowest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.

Rank	ASN	Country	Online	Offline	Average Reaction Time
1	AS17911 BRAINPK-AS-AP Brain Telecommunication Ltd.	PK	0	4	11 months, 14 days, 10 hours, 17 minutes
2	AS1756 HAMYAR-AS	IR	0	1	10 months, 29 days, 9 hours, 20 minutes
3	AS9394 CTTNET China TieTong Telecommunications Corporation	CN	0	1	10 months, 27 days, 8 hours, 23 minutes
4	AS58779 I4HKLIMITED-AS i4HK Limited	HK	0	2	10 months, 22 days, 12 hours, 19 minutes
5	AS198721 PROGETTO8 PROGETTO8	IT	0	1	10 months, 21 days, 15 hours, 31 minutes
6	AS62121 BITGUARDIANS	DK	0	1	10 months, 20 days, 2 hours, 20 minutes
7	AS6315 XMISSION - XMission, L.C.	US	0	1	10 months, 17 days, 22 hours, 28 minutes
8	AS53508 CABLELYNX - Cablelynx	US	0	1	10 months, 14 days, 16 hours, 5 minutes
9	AS10219 SKYCC-AS-MAIN SKYMEDIA CORPORATION LLC	MN	0	8	10 months, 8 days, 22 hours, 9 minutes
10	AS6412 KW KEMS Block-A, Floor 7, Souq Al-Kabeer Kuwait City, State of Kuwait P O Box 3623, Safat 13037	KW	0	1	10 months, 0 days, 22 hours, 1 minutes
11	AS44090 MAHANNET-AS	IR	0	1	9 months, 20 days, 10 hours, 10 minutes
12	AS41297 ABAKS-AS	PL	0	1	9 months, 19 days, 16 hours, 24 minutes
13	AS41801 DATAFON-ASN	TR	0	1	9 months, 16 days, 9 hours, 48 minutes
14	AS19863 Guyana Telephone & Telegraph Co.	GY	0	1	9 months, 6 days, 6 hours, 8 minutes
15	AS42841 ANTIK	SK	2	1	9 months, 5 days, 13 hours, 28 minutes

The full list of average reaction time over all hosting providers (ASNs) can be found here:

Average Reaction Time (for all hosting providers)

If you are a hosting provider, network owner or national CERT, you can subscribe to the URLhaus feed for your ASN or country here:

URLhaus Feeds