Statistics

Most Delivery Payload

Heodo

Show

Average Takedown Time

1 day, 22 hours, 55 minutes

Show

Top Malware Hosting Network

AS4134 CHINANET-BACKBONE

Show

Number of submissions (past 30 days)

The chart below documents the number of submissions (unique malware URL) to URLhaus per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate URLhaus without the help of volunteers who report malware URLs to URLhaus. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Submissions
1	@lrz_urlhaus	1'052'871
2	@geenensp	310'242
3	@cryptolaemus1	139'895
4	@zbetcheckin	119'088
5	@Gandylyan1	97'042
6	@tammeto	61'897
7	@p5yb34m	48'052
8	@spamhaus	38'730
9	@abuse_ch	33'936
10	@tolisec	28'613
11	@Petras_Simeon	26'161
12	@shotgunner101	19'193
13	@JayTHL	19'037
14	@0xrb	13'773
15	@switchcert	12'873

Blocklist Comparison

URLhaus reports malware distribution sites to Spamhaus DBL, SURBL and Google Safe Browsing (GSB). In addition, several vendors of IT-security software are consuming URLhaus feeds to enrich their product(s). The statistics below measures the perfomance of several blocklists and DNS providers by counting the number of blacklisted domain names and compare them against each other.

Spamhaus DBL

SURBL

AdGuard DNS

Quad9 DNS

Cloudflare DNS

Disclaimer: The blacklist comparison does only consider active malware distribution sites tracked by URLhaus.

Most Delivered Payload

Malware URLs deliver all kind of different payloads. This chart shows the number of payload per malware family (signature) identified / crawled by URLhaus.

Top Tags

Most seen tag associated with malware URLs tracked by URLhaus.

Top Malware Hosting Networks

The chart below shows the top malware hosting network by ASN. Please consider that some of them just offer CDN or proxy services and are hence not hosting the malicious content it self rather than facilitate delivering the malicious payload to the user.

Top malware hosting networks in total (counting online and offline malware distribution sites):

Rank	ASN	Country	Average Reaction Time	Malware URLs
1	AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone	CN	2 days, 18 hours, 8 minutes	619'738
2	AS9829 BSNL-NIB National Internet Backbone	IN	8 hours, 39 minutes	181'734
3	AS17488 HATHWAY-NET-AP Hathway IP Over Cable Internet	IN	5 hours, 30 minutes	139'784
4	AS4134 CHINANET-BACKBONE No.31,Jin-rong Street	CN	4 days, 4 hours, 28 minutes	118'552
5	AS8661 PTK PTK IP/MPLS Network	AL	2 days, 1 hours, 20 minutes	97'519
6	AS17816 CHINA169-GZ China Unicom IP network China169 Guangdong province	CN	1 day, 4 hours, 13 minutes	66'436
7	AS14061 DIGITALOCEAN-ASN	US	4 days, 0 hours, 20 minutes	52'096
8	AS17622 CNCGROUP-GZ China Unicom Guangzhou network	CN	22 hours, 37 minutes	50'796
9	AS13335 CLOUDFLARENET	US	2 days, 16 hours, 10 minutes	49'790
10	AS46606 UNIFIEDLAYER-AS-1	US	8 days, 15 hours, 32 minutes	36'128
11	AS15169 GOOGLE	US	9 days, 10 hours, 59 minutes	30'718
12	AS8075 MICROSOFT-CORP-MSN-AS-BLOCK	US	9 days, 5 hours, 4 minutes	25'551
13	AS16276 OVH	FR	9 days, 15 hours, 23 minutes	24'208
14	AS17813 MTNL-AP Mahanagar Telephone Nigam Limited	IN	11 hours, 16 minutes	21'772
15	AS8068 MICROSOFT-CORP-MSN-AS-BLOCK	US	2 days, 0 hours, 35 minutes	21'572

Top malware hosting networks, hosting active malware content (counting online malware distribution sites only):

Rank	ASN	Country	Average Reaction Time	Malware URLs
1	AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone	CN	2 days, 18 hours, 9 minutes	1'114
2	AS13335 CLOUDFLARENET	US	2 days, 16 hours, 10 minutes	553
3	AS4134 CHINANET-BACKBONE No.31,Jin-rong Street	CN	4 days, 4 hours, 27 minutes	533
4	AS4766 KIXS-AS-KR Korea Telecom	KR	16 days, 17 hours, 36 minutes	331
5	AS36352 AS-COLOCROSSING	US	10 days, 8 hours, 47 minutes	281
6	AS46606 UNIFIEDLAYER-AS-1	US	8 days, 15 hours, 33 minutes	271
7	AS17816 CHINA169-GZ China Unicom IP network China169 Guangdong province	CN	1 day, 4 hours, 13 minutes	201
8	AS9318 SKB-AS SK Broadband Co Ltd	KR	2 months, 9 days, 16 hours, 22 minutes	133
9	AS211252 AS_DELIS	US	6 days, 3 hours, 19 minutes	132
10	AS53667 PONYNET	US	13 days, 21 hours, 44 minutes	127
11	AS9924 TFN-TW Taiwan Fixed Network, Telco and Network Service Provider.	TW	1 month, 5 days, 18 hours, 37 minutes	116
12	AS139884 AGPL-AS-AP Apeiron Global Pvt. Ltd.	IN	8 days, 17 hours, 12 minutes	97
13	AS15169 GOOGLE	US	9 days, 10 hours, 59 minutes	92
14	AS9416 MULTIMEDIA-AS-AP Hoshin Multimedia Center Inc.	TW	1 month, 14 days, 21 hours, 51 minutes	90
15	AS7922 COMCAST-7922	US	1 month, 10 days, 6 hours, 5 minutes	72

Takedown Statistics

URLhaus is sending out abuse reports to hosting providers, hosting malware distribution sites. The following chart shows the number of active malware distribution sites and the number of unique abuse reports sent per day.

The following table shows the top 15 hosting providers with the fastest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.

Rank	ASN	Country	Online	Offline	Average Reaction Time
1	AS399587 UT	NL	0	1	1 minute
2	AS63835 CT-HUNAN-CHANGSHA-IDC No.293,Wanbao Avenue	CN	0	8	2 minutes
3	AS25369 BANDWIDTH-AS	CH	2	2	5 minutes
4	AS64050 BCPL-SG BGPNET Global ASN	CN	2	1	5 minutes
5	AS141293 AAHCR953-AS Rajasthan Internet Hub Pvt. Ltd.	IN	0	1	5 minutes
6	AS13022 STREAMS_GMBH	AT	0	1	5 minutes
7	AS133983 SBB-AS-IN Shivraj Broadband Internet Pvt Ltd	IN	0	3	5 minutes
8	AS197746 HYPERHOSTING Georgios Vardikos trading as HYPERHOSTING	GR	0	1	6 minutes
9	AS52564 Biazi Telecomunicacoes Ltda Epp	BR	0	1	6 minutes
10	AS7020 QDATA-AS	ZA	0	1	7 minutes
11	AS263948 NEW LIFE TELECOM	BR	0	1	7 minutes
12	AS197684 ASHOSTUA	US	0	2	7 minutes
13	AS134929 ORANGECITY-AS ORANGE CITY INTERNET SERVICES PVT. LTD.	IN	0	1	7 minutes
14	AS55486 NETWORX-AS-AP Networx Australia	AU	0	1	8 minutes
15	AS269715 INFINITYGO TELECOM LTDA	BR	0	1	8 minutes

The following table shows the top 15 hosting providers with the slowest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.

Rank	ASN	Country	Online	Offline	Average Reaction Time
1	AS135523 MULTINET-IE-AS-AP Multinet Broadband	PK	0	1	32 months, 0 days, 20 hours, 34 minutes
2	AS12556 internet-solutions-ke	UG	0	1	31 months, 28 days, 5 hours, 16 minutes
3	AS43627 KLI-AS	LT	0	1	31 months, 26 days, 22 hours, 17 minutes
4	AS25374 ESCOMBG-AS Local Internet Service Provider Bulgaria	BG	0	1	31 months, 26 days, 4 hours, 6 minutes
5	AS10292 CWJ-1	JM	0	1	31 months, 25 days, 16 hours, 36 minutes
6	AS56385 NTKTV-AS	UA	0	1	31 months, 23 days, 13 hours, 51 minutes
7	AS51622 IV-COM-AS	UA	0	1	30 months, 26 days, 18 hours, 39 minutes
8	AS48422 IT-STARCOM-AS http://www.itstarcom.net	UA	0	1	29 months, 22 days, 11 hours, 30 minutes
9	AS12426 MADNET-AS	SK	0	1	28 months, 2 days, 5 hours, 53 minutes
10	AS27742 Amnet Telecomunicaciones S.A.	NI	0	1	26 months, 1 days, 15 hours, 39 minutes
11	AS37230 SWIFTTALK	NG	0	1	25 months, 26 days, 22 hours, 42 minutes
12	AS20766 GITOYEN-MAIN-AS The main Autonomous System of Gitoyen (Paris, France).	FR	0	11	25 months, 16 days, 0 hours, 13 minutes
13	AS131325 CHINATELECOM-JIANGSU-NANTONG-MAN CHINATELECOM JIANGSU province NANTONG MAN network	CN	1	7	24 months, 24 days, 14 hours, 56 minutes
14	AS49893 BITRACE-TELECOM	RU	0	1	24 months, 12 days, 5 hours, 3 minutes
15	AS11681 INTEGRITY	US	0	1	24 months, 10 days, 23 hours, 45 minutes

The full list of average reaction time over all hosting providers (ASNs) can be found here:

Average Reaction Time (for all hosting providers)

If you are a hosting provider, network owner or national CERT, you can subscribe to the URLhaus feed for your ASN or country here:

URLhaus Feeds