Statistics
Most Delivery Payload
Average Takedown TimeNumber of submissions (past 30 days)
The chart below documents the number of submissions (unique malware URL) to URLhaus per day over a period of 30 days.
Top Reporters
It wouldn't be possible to operate URLhaus without the help of volunteers who report malware URLs to URLhaus. The table below shows the top reporters and their Twitter handle.
| Rank | Reporter | Submissions |
|---|---|---|
| 1 | @lrz_urlhaus | 951'631 |
| 2 | @geenensp | 262'113 |
| 3 | @cryptolaemus1 | 130'517 |
| 4 | @zbetcheckin | 116'407 |
| 5 | @Gandylyan1 | 93'029 |
| 6 | @tammeto | 53'216 |
| 7 | @p5yb34m | 48'052 |
| 8 | @spamhaus | 38'730 |
| 9 | @abuse_ch | 29'772 |
| 10 | @Petras_Simeon | 26'161 |
| 11 | @tolisec | 23'712 |
| 12 | @shotgunner101 | 19'193 |
| 13 | @JayTHL | 19'037 |
| 14 | @0xrb | 13'762 |
| 15 | @r3dbU7z | 10'939 |
Blocklist Comparison
URLhaus reports malware distribution sites to Spamhaus DBL, SURBL and Google Safe Browsing (GSB). In addition, several vendors of IT-security software are consuming URLhaus feeds to enrich their product(s). The statistics below measures the perfomance of several blocklists and DNS providers by counting the number of blacklisted domain names and compare them against each other.
Spamhaus DBL
SURBL
AdGuard DNS
Quad9 DNS
Cloudflare DNS
Most Delivered Payload
Malware URLs deliver all kind of different payloads. This chart shows the number of payload per malware family (signature) identified / crawled by URLhaus.
Top Tags
Most seen tag associated with malware URLs tracked by URLhaus.
Top Malware Hosting Networks
The chart below shows the top malware hosting network by ASN. Please consider that some of them just offer CDN or proxy services and are hence not hosting the malicious content it self rather than facilitate delivering the malicious payload to the user.
Top malware hosting networks in total (counting online and offline malware distribution sites):
| Rank | ASN | Country | Average Reaction Time | Malware URLs |
|---|---|---|---|---|
| 1 | AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone |  CN | 2 days, 18 hours, 30 minutes | 510'723 |
| 2 | AS9829 BSNL-NIB National Internet Backbone |  IN | 8 hours, 33 minutes | 147'893 |
| 3 | AS17488 HATHWAY-NET-AP Hathway IP Over Cable Internet | IN | 5 hours, 21 minutes | 136'147 |
| 4 | AS8661 PTK PTK IP/MPLS Network |  AL | 2 days, 1 hours, 16 minutes | 97'517 |
| 5 | AS4134 CHINANET-BACKBONE No.31,Jin-rong Street | CN | 4 days, 9 hours, 2 minutes | 91'836 |
| 6 | AS14061 DIGITALOCEAN-ASN |  DE | 4 days, 2 hours, 2 minutes | 49'515 |
| 7 | AS17816 CHINA169-GZ China Unicom IP network China169 Guangdong province | CN | 1 day, 4 hours, 19 minutes | 48'998 |
| 8 | AS17622 CNCGROUP-GZ China Unicom Guangzhou network | CN | 22 hours, 29 minutes | 47'356 |
| 9 | AS13335 CLOUDFLARENET |  US | 2 days, 3 hours, 15 minutes | 44'270 |
| 10 | AS46606 UNIFIEDLAYER-AS-1 | US | 8 days, 10 hours, 0 minutes | 30'279 |
| 11 | AS15169 GOOGLE | US | 9 days, 9 hours, 16 minutes | 28'992 |
| 12 | AS16276 OVH |  FR | 9 days, 23 hours, 7 minutes | 22'213 |
| 13 | AS17813 MTNL-AP Mahanagar Telephone Nigam Limited | IN | 11 hours, 14 minutes | 20'048 |
| 14 | AS8075 MICROSOFT-CORP-MSN-AS-BLOCK |  IE | 8 days, 21 hours, 44 minutes | 18'439 |
| 15 | AS8068 MICROSOFT-CORP-MSN-AS-BLOCK | US | 2 days, 1 hours, 39 minutes | 18'205 |
Top malware hosting networks, hosting active malware content (counting online malware distribution sites only):
| Rank | ASN | Country | Average Reaction Time | Malware URLs |
|---|---|---|---|---|
| 1 | AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone | CN | 2 days, 18 hours, 28 minutes | 2'909 |
| 2 | AS4134 CHINANET-BACKBONE No.31,Jin-rong Street | CN | 4 days, 9 hours, 2 minutes | 810 |
| 3 | AS46606 UNIFIEDLAYER-AS-1 | US | 8 days, 10 hours, 0 minutes | 726 |
| 4 | AS13335 CLOUDFLARENET | US | 2 days, 3 hours, 15 minutes | 471 |
| 5 | AS36352 AS-COLOCROSSING | US | 9 days, 11 hours, 40 minutes | 231 |
| 6 | AS9808 CMNET-GD Guangdong Mobile Communication Co.Ltd. | CN | 14 days, 9 hours, 5 minutes | 201 |
| 7 | AS17816 CHINA169-GZ China Unicom IP network China169 Guangdong province | CN | 1 day, 4 hours, 19 minutes | 201 |
| 8 | AS13335 CLOUDFLARENET |  | 2 days, 3 hours, 15 minutes | 185 |
| 9 | AS4766 KIXS-AS-KR Korea Telecom |  KR | 14 days, 19 hours, 11 minutes | 185 |
| 10 | AS9318 SKB-AS SK Broadband Co Ltd | KR | 1 month, 29 days, 5 hours, 52 minutes | 164 |
| 11 | AS394695 PUBLIC-DOMAIN-REGISTRY | US | 6 days, 2 hours, 56 minutes | 124 |
| 12 | AS394695 PUBLIC-DOMAIN-REGISTRY | IN | 6 days, 2 hours, 56 minutes | 118 |
| 13 | AS9924 TFN-TW Taiwan Fixed Network, Telco and Network Service Provider. |  TW | 29 days, 3 hours, 24 minutes | 111 |
| 14 | AS9829 BSNL-NIB National Internet Backbone | IN | 8 hours, 33 minutes | 110 |
| 15 | AS15169 GOOGLE | US | 9 days, 9 hours, 16 minutes | 95 |
Takedown Statistics
URLhaus is sending out abuse reports to hosting providers, hosting malware distribution sites. The following chart shows the number of active malware distribution sites and the number of unique abuse reports sent per day.
The following table shows the top 15 hosting providers with the fastest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.
| Rank | ASN  | Country | Online | Offline | Average Reaction Time |
|---|---|---|---|---|---|
| 1 | AS267065 MSA TELECOMUNICACAO LTDA - ME |  BR | 0 | 1 | 2 minutes |
| 2 | AS64050 BCPL-SG BGPNET Global ASN | CN | 4 | 1 | 5 minutes |
| 3 | AS141293 AAHCR953-AS Rajasthan Internet Hub Pvt. Ltd. | IN | 0 | 1 | 5 minutes |
| 4 | AS13022 STREAMS_GMBH |  AT | 0 | 1 | 5 minutes |
| 5 | AS133983 SBB-AS-IN Shivraj Broadband Internet Pvt Ltd | IN | 0 | 3 | 5 minutes |
| 6 | AS197746 HYPERHOSTING Georgios Vardikos trading as HYPERHOSTING |  GR | 0 | 1 | 6 minutes |
| 7 | AS52564 Biazi Telecomunicacoes Ltda Epp | BR | 0 | 1 | 6 minutes |
| 8 | AS7020 QDATA-AS |  ZA | 0 | 1 | 7 minutes |
| 9 | AS263948 NEW LIFE TELECOM | BR | 0 | 1 | 7 minutes |
| 10 | AS134929 ORANGECITY-AS ORANGE CITY INTERNET SERVICES PVT. LTD. | IN | 0 | 1 | 7 minutes |
| 11 | AS55486 NETWORX-AS-AP Networx Australia |  AU | 0 | 1 | 8 minutes |
| 12 | AS269715 INFINITYGO TELECOM LTDA | BR | 0 | 1 | 8 minutes |
| 13 | AS141329 UDUPI-AS-IN Udupi Fastnet Private Limited | IN | 0 | 1 | 8 minutes |
| 14 | AS39425 ELECTROSIM-AS |  RO | 0 | 9 | 8 minutes |
| 15 | AS42960 CLOUD-MANAGEMENT-LLC | US | 0 | 1 | 9 minutes |
The following table shows the top 15 hosting providers with the slowest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.
| Rank | ASN  | Country | Online | Offline | Average Reaction Time |
|---|---|---|---|---|---|
| 1 | AS9811 BJGY srit corp.,beijing. | CN | 2 | 3 | 26 months, 28 days, 0 hours, 42 minutes |
| 2 | AS51214 VIKS-NET |  UA | 0 | 1 | 26 months, 26 days, 4 hours, 16 minutes |
| 3 | AS37677 SCPT |  CD | 0 | 1 | 26 months, 13 days, 3 hours, 59 minutes |
| 4 | AS135523 MULTINET-IE-AS-AP Multinet Broadband |  PK | 0 | 1 | 26 months, 12 days, 21 hours, 7 minutes |
| 5 | AS27742 Amnet Telecomunicaciones S.A. |  NI | 0 | 1 | 26 months, 1 days, 15 hours, 39 minutes |
| 6 | AS37230 SWIFTTALK |  NG | 0 | 1 | 25 months, 26 days, 22 hours, 42 minutes |
| 7 | AS25374 ESCOMBG-AS Local Internet Service Provider Bulgaria |  BG | 0 | 1 | 25 months, 18 days, 0 hours, 15 minutes |
| 8 | AS20766 GITOYEN-MAIN-AS The main Autonomous System of Gitoyen (Paris, France). | FR | 0 | 11 | 25 months, 16 days, 0 hours, 13 minutes |
| 9 | AS131325 CHINATELECOM-JIANGSU-NANTONG-MAN CHINATELECOM JIANGSU province NANTONG MAN network | CN | 1 | 7 | 24 months, 24 days, 14 hours, 56 minutes |
| 10 | AS49893 BITRACE-TELECOM |  RU | 0 | 1 | 24 months, 12 days, 5 hours, 3 minutes |
| 11 | AS11681 INTEGRITY | US | 0 | 1 | 24 months, 10 days, 23 hours, 45 minutes |
| 12 | AS28917 FIORD-AS IP-transit operator in Russia, Ukraine and Baltics | RU | 2 | 1 | 23 months, 9 days, 7 hours, 33 minutes |
| 13 | AS56385 NTKTV-AS | UA | 0 | 1 | 23 months, 2 days, 5 hours, 4 minutes |
| 14 | AS197013 SPRINTEL-SRO |  CZ | 0 | 1 | 22 months, 29 days, 9 hours, 9 minutes |
| 15 | AS52940 NEMESIS Provedor de Acesso as Redes de Comunicacao | BR | 0 | 1 | 22 months, 13 days, 6 hours, 9 minutes |
The full list of average reaction time over all hosting providers (ASNs) can be found here:
If you are a hosting provider, network owner or national CERT, you can subscribe to the URLhaus feed for your ASN or country here: