Statistics
Most Delivery Payload
Average Takedown TimeNumber of submissions (past 30 days)
The chart below documented the number of submissions (unique malware URL) to URLhaus per day over a period of 30 days.
Top Reporters
It wouldn't be possible to operate URLhaus without the help of volunters who report malware URLs to URLhaus. The table below shows the top reporters and their Twitter handle.
| Rank | Reporter | Submissions |
|---|---|---|
| 1 | @JRoosen | 16'434 |
| 2 | @zbetcheckin | 15'552 |
| 3 | @unixronin | 7'786 |
| 4 | @Techhelplistcom | 5'388 |
| 5 | @Cryptolaemus1 | 4'595 |
| 6 | @JAMESWT_MHT | 4'503 |
| 7 | @ps66uk | 4'225 |
| 8 | @abuse_ch | 3'727 |
| 9 | @cocaman | 3'299 |
| 10 | @lovemalware | 2'455 |
| 11 | @p5yb34m | 2'181 |
| 12 | @oppimaniac | 2'117 |
| 13 | @bjornruberg | 1'564 |
| 14 | @de_aviation | 1'151 |
| 15 | @_nt1 | 796 |
Most Delivered Payload
Malware URLs deliver all kind of different payloads. This chart shows the number of payload per malware family (signature) identified / crawled by URLhaus.
Top Tags
Most seen tag associated with malware URLs tracked by URLhaus.
Top Malware Hosting Networks
The chart below shows the top malware hosting network by ASN. Please consider that some of them just offer CDN or proxy services and are hence not hosting the malicious content it self rather than facilitate delivering the malicious payload to the user.
Top malware hosting networks in total (counting online and offline malware distribution sites):
| Rank | ASN | Country | Average Reaction Time | Malware URLs |
|---|---|---|---|---|
| 1 | AS14061 DIGITALOCEAN-ASN - DigitalOcean, LLC |  IN | 6 days, 14 hours, 44 minutes | 5'239 |
| 2 | AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC |  US | 9 days, 1 hours, 57 minutes | 5'007 |
| 3 | AS16276 OVH |  FR | 5 days, 13 hours, 14 minutes | 2'642 |
| 4 | AS46606 UNIFIEDLAYER-AS-1 - Unified Layer | US | 2 days, 11 hours, 1 minutes | 2'481 |
| 5 | AS50673 SERVERIUS-AS |  NL | 4 days, 7 hours, 15 minutes | 2'182 |
| 6 | AS20013 CYRUSONE - CyrusOne LLC | US | 5 days, 2 hours, 24 minutes | 1'112 |
| 7 | AS16509 AMAZON-02 - Amazon.com, Inc. |  AU | 7 days, 8 hours, 34 minutes | 1'040 |
| 8 | AS31034 ARUBA-ASN |  IT | 5 days, 15 hours, 27 minutes | 1'014 |
| 9 | AS6724 STRATO STRATO AG |  DE | 1 day, 7 hours, 49 minutes | 909 |
| 10 | AS24940 HETZNER-AS | DE | 2 days, 14 hours, 38 minutes | 883 |
| 11 | AS13335 CLOUDFLARENET - Cloudflare, Inc. | US | 14 days, 6 hours, 25 minutes | 862 |
| 12 | AS32244 LIQUIDWEB - Liquid Web, L.L.C | US | 15 days, 11 hours, 10 minutes | 837 |
| 13 | AS198610 BEGET-AS |  RU | 1 day, 22 hours, 12 minutes | 763 |
| 14 | AS22612 NAMECHEAP-NET - Namecheap, Inc. | US | 11 days, 11 hours, 9 minutes | 761 |
| 15 | AS15169 GOOGLE - Google LLC | US | 9 days, 15 hours, 24 minutes | 753 |
Top malware hosting networks, hosting active malware content (counting online malware distribution sites only):
| Rank | ASN | Country | Average Reaction Time | Malware URLs |
|---|---|---|---|---|
| 1 | AS14061 DIGITALOCEAN-ASN - DigitalOcean, LLC | US | 6 days, 14 hours, 41 minutes | 283 |
| 2 | AS12876 ONLINE S.A.S. | NL | 12 days, 22 hours, 36 minutes | 216 |
| 3 | AS4134 CHINANET-BACKBONE No.31,Jin-rong Street |  CN | 25 days, 10 hours, 54 minutes | 206 |
| 4 | AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC | US | 9 days, 1 hours, 57 minutes | 171 |
| 5 | AS16276 OVH | FR | 5 days, 13 hours, 14 minutes | 151 |
| 6 | AS46606 UNIFIEDLAYER-AS-1 - Unified Layer | US | 2 days, 11 hours, 1 minutes | 130 |
| 7 | AS36352 AS-COLOCROSSING - ColoCrossing | US | 11 days, 15 hours, 21 minutes | 106 |
| 8 | AS51659 ASBAXET | RU | 8 days, 6 hours, 53 minutes | 91 |
| 9 | AS8342 RTCOMM-AS | RU | 9 days, 17 hours, 36 minutes | 87 |
| 10 | AS53667 PONYNET - FranTech Solutions | US | 12 days, 6 hours, 47 minutes | 86 |
| 11 | AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone | CN | 1 month, 2 days, 8 hours, 49 minutes | 79 |
| 12 | AS31034 ARUBA-ASN | IT | 5 days, 15 hours, 27 minutes | 77 |
| 13 | AS32244 LIQUIDWEB - Liquid Web, L.L.C | US | 15 days, 11 hours, 10 minutes | 63 |
| 14 | AS25535 ASN-RUCENTER-HOSTING | RU | 9 days, 17 hours, 33 minutes | 53 |
| 15 | AS37963 CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd. | CN | 1 month, 4 days, 9 hours, 41 minutes | 52 |
Takedown Statistics
URLhaus is sending out abuse reports to hosting providers, hosting malware distribution sites. The following chart shows the number of active malware distribution sites and the number of unique abuse reports sent per day.
The following table shows the top 15 hosting providers with the fastest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.
| Rank | ASN  | Country | Online | Offline | Average Reaction Time |
|---|---|---|---|---|---|
| 1 | AS34243 WEBAGE |  GB | 0 | 1 | 9 minutes |
| 2 | AS16912 4-LESS-NETWORK - 4 Less Communications, Inc. | US | 0 | 1 | 11 minutes |
| 3 | AS19873 S C SOLUCOES EM TECNOLOGIA S A |  BR | 0 | 1 | 21 minutes |
| 4 | AS204983 CYBERFUSION | NL | 0 | 1 | 23 minutes |
| 5 | AS7859 PAIR-NETWORKS - pair Networks | US | 0 | 1 | 26 minutes |
| 6 | AS132937 DIADEM-AS Diadem Technologies Pvt. Ltd. | IN | 0 | 1 | 26 minutes |
| 7 | AS8278 TUC-AS |  GR | 0 | 1 | 32 minutes |
| 8 | AS62370 SNEL | NL | 0 | 9 | 36 minutes |
| 9 | AS59504 Hosting vpsville.ru | RU | 0 | 14 | 40 minutes |
| 10 | AS197781 AVERS-AS |  UA | 0 | 1 | 44 minutes |
| 11 | AS42363 PHPNET-AS | FR | 0 | 5 | 49 minutes |
| 12 | AS34011 GD-EMEA-DC-CGN1 | DE | 0 | 2 | 52 minutes |
| 13 | AS47236 CITYLINK-AS | RU | 0 | 2 | 52 minutes |
| 14 | AS15830 TELECITY-LON |  No | 0 | 2 | 52 minutes |
| 15 | AS197021 MADNET-AS |  RS | 0 | 2 | 1 hour, 4 minutes |
The following table shows the top 15 hosting providers with the slowest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.
| Rank | ASN  | Country | Online | Offline | Average Reaction Time |
|---|---|---|---|---|---|
| 1 | AS136800 XIAOZHIYUN-AS ICIDC NETWORK |  HK | 0 | 1 | 3 months, 0 days, 3 hours, 31 minutes |
| 2 | AS136639 SCUD-AS-IN Scud Communication Pvt Ltd | IN | 3 | 3 | 2 months, 27 days, 2 hours, 1 minutes |
| 3 | AS23889 MauritiusTelecom |  MU | 1 | 2 | 2 months, 22 days, 4 hours, 51 minutes |
| 4 | AS1916 | BR | 0 | 1 | 2 months, 21 days, 5 hours, 31 minutes |
| 5 | AS30152 BEYOND-HOSTING - Beyond Hosting, LLC | US | 0 | 2 | 2 months, 20 days, 1 hours, 56 minutes |
| 6 | AS26202 KINEX-NETWORKING - Kinex Networking Solutions, Inc. | US | 0 | 4 | 2 months, 19 days, 1 hours, 24 minutes |
| 7 | AS8048 CANTV Servicios, Venezuela |  VE | 1 | 12 | 2 months, 13 days, 9 hours, 15 minutes |
| 8 | AS55697 USU-AS-ID Universitas Sumatera Utara |  ID | 2 | 7 | 2 months, 12 days, 12 hours, 2 minutes |
| 9 | AS12714 TI-AS Moscow, Russia | RU | 1 | 1 | 2 months, 11 days, 3 hours, 41 minutes |
| 10 | AS33363 BHN-TAMPA - BRIGHT HOUSE NETWORKS, LLC | US | 2 | 9 | 2 months, 10 days, 19 hours, 17 minutes |
| 11 | AS20202 CRUCIAL - Crucial Paradigm | US | 4 | 1 | 2 months, 9 days, 6 hours, 45 minutes |
| 12 | AS38030 ALAP-AS-BD ALAP COMMUNICATION LTD. DOMESTIC DATA CONNECTIVITY SERVICE & |  BD | 0 | 2 | 2 months, 9 days, 5 hours, 11 minutes |
| 13 | AS2561 EUN |  EG | 0 | 6 | 2 months, 9 days, 1 hours, 58 minutes |
| 14 | AS131414 LVSOFT-AS-VN Long Van Soft Solution JSC |  VN | 2 | 3 | 2 months, 7 days, 16 hours, 5 minutes |
| 15 | AS134771 CHINANET-SICHUAN-CHENGDU-MAN CHINANET Sichuan province Chengdu MAN network | CN | 6 | 4 | 2 months, 7 days, 5 hours, 43 minutes |
The full list of average reaction time over all hosting providers (ASNs) can be found here:
If you are a hosting provider, network owner or national CERT, you can subscribe to the URLhaus feed for your ASN or country here: