Statistics

Most Delivery Payload

Heodo

Show

Average Takedown Time

7 days, 10 hours, 53 minutes

Show

Top Malware Hosting Network

AS4134 CHINANET-BACKBONE

Show

Number of submissions (past 30 days)

The chart below documents the number of submissions (unique malware URL) to URLhaus per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate URLhaus without the help of volunteers who report malware URLs to URLhaus. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Submissions
1	@zbetcheckin	97'090
2	@lrz_security	66'730
3	@Cryptolaemus1	48'075
4	@Gandylyan1	47'163
5	@geenensp	40'756
6	@spamhaus	38'730
7	@p5yb34m	32'721
8	@shotgunner101	19'126
9	@JayTHL	19'041
10	@abuse_ch	17'593
11	@JRoosen	16'482
12	@0xrb	13'417
13	@unixronin	8'497
14	@JAMESWT_MHT	8'020
15	@malware_traffic	5'927

Blocklist Comparison

URLhaus reports malware distribution sites to Spamhaus DBL, SURBL and Google Safe Browsing (GSB). In addition, several vendors of IT-security software are consuming URLhaus feeds to enrich their product(s). The statistics below measures the perfomance of several blocklists and DNS providers by counting the number of blacklisted domain names and compare them against each other.

Spamhaus DBL

SURBL

AdGuard DNS

Quad9 DNS

Disclaimer: The blacklist comparison does only consider active malware distribution sites tracked by URLhaus.

Most Delivered Payload

Malware URLs deliver all kind of different payloads. This chart shows the number of payload per malware family (signature) identified / crawled by URLhaus.

Top Tags

Most seen tag associated with malware URLs tracked by URLhaus.

Top Malware Hosting Networks

The chart below shows the top malware hosting network by ASN. Please consider that some of them just offer CDN or proxy services and are hence not hosting the malicious content it self rather than facilitate delivering the malicious payload to the user.

Top malware hosting networks in total (counting online and offline malware distribution sites):

Rank	ASN	Country	Average Reaction Time	Malware URLs
1	AS17488 HATHWAY-NET-AP Hathway IP Over Cable Internet	IN	4 hours, 47 minutes	85'445
2	AS14061 DIGITALOCEAN-ASN	US	5 days, 0 hours, 4 minutes	36'392
3	AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone	CN	5 days, 2 hours, 48 minutes	17'873
4	AS15169 GOOGLE	US	10 days, 7 hours, 28 minutes	16'997
5	AS16276 OVH	FR	11 days, 5 hours, 41 minutes	12'653
6	AS13335 CLOUDFLARENET	US	9 days, 5 hours, 42 minutes	12'550
7	AS46606 UNIFIEDLAYER-AS-1	US	15 days, 4 hours, 49 minutes	11'767
8	AS4134 CHINANET-BACKBONE No.31,Jin-rong Street	CN	13 days, 15 hours, 49 minutes	11'696
9	AS26496 AS-26496-GO-DADDY-COM-LLC	US	20 days, 3 hours, 38 minutes	10'786
10	AS132525 CMNET-HEILONGJIANG-CN HeiLongJiang Mobile Communication Company Limited	CN	1 day, 6 hours, 54 minutes	5'869
11	AS17813 MTNL-AP Mahanagar Telephone Nigam Limited	IN	7 hours, 59 minutes	5'031
12	AS54290 HOSTWINDS	US	8 days, 14 hours, 5 minutes	4'831
13	AS22611 IMH-WEST	US	2 days, 18 hours, 10 minutes	4'607
14	AS32244 LIQUIDWEB	US	15 days, 22 hours, 24 minutes	4'398
15	AS36352 AS-COLOCROSSING	US	12 days, 17 hours, 47 minutes	4'285

Top malware hosting networks, hosting active malware content (counting online malware distribution sites only):

Rank	ASN	Country	Average Reaction Time	Malware URLs
1	AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone	CN	5 days, 2 hours, 48 minutes	1'688
2	AS17488 HATHWAY-NET-AP Hathway IP Over Cable Internet	IN	4 hours, 47 minutes	1'517
3	AS8068 MICROSOFT-CORP-MSN-AS-BLOCK	US	1 month, 19 days, 12 hours, 44 minutes	579
4	AS9808 CMNET-GD Guangdong Mobile Communication Co.Ltd.	CN	15 days, 1 hours, 2 minutes	472
5	AS19429 ETB - Colombia	CO	1 day, 7 hours, 49 minutes	386
6	AS4134 CHINANET-BACKBONE No.31,Jin-rong Street	CN	13 days, 15 hours, 49 minutes	377
7	AS15169 GOOGLE	US	10 days, 7 hours, 28 minutes	279
8	AS46606 UNIFIEDLAYER-AS-1	US	15 days, 4 hours, 49 minutes	223
9	AS4766 KIXS-AS-KR Korea Telecom	KR	1 month, 2 days, 4 hours, 8 minutes	187
10	AS44685 REBECCAHOST	US	19 days, 4 hours, 57 minutes	168
11	AS9318 SKB-AS SK Broadband Co Ltd	KR	2 months, 2 days, 23 hours, 3 minutes	148
12	AS36352 AS-COLOCROSSING	US	12 days, 17 hours, 47 minutes	134
13	AS17813 MTNL-AP Mahanagar Telephone Nigam Limited	IN	7 hours, 59 minutes	128
14	AS24961 MYLOC-AS IP Backbone of myLoc managed IT AG	US	5 days, 19 hours, 0 minutes	106
15	AS32244 LIQUIDWEB	US	15 days, 22 hours, 24 minutes	105

Takedown Statistics

URLhaus is sending out abuse reports to hosting providers, hosting malware distribution sites. The following chart shows the number of active malware distribution sites and the number of unique abuse reports sent per day.

The following table shows the top 15 hosting providers with the fastest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.

Rank	ASN	Country	Offline	Average Reaction Time
1	AS52715 SCORPION TELECOMUNICACAO RIBEIRAO PRETO LTDA - ME	BR	1	3 minutes
2	AS13022 STREAMS_GMBH	AT	1	5 minutes
3	AS22438 CLEAR-RATE-COMMUNICATIONS	US	1	7 minutes
4	AS137344 IDNIC-TRANSTEKNO-AS-ID PT. TRANS NASIONAL TEKNOLOGI	ID	1	7 minutes
5	AS17716 NTU-TW National Taiwan University	TW	1	8 minutes
6	AS34243 WEBAGE	GB	1	9 minutes
7	AS58966 BENCHMARK-AS-IN Benchmark Infotech Services Pvt.Ltd.	IN	1	10 minutes
8	AS52602 SKORPION SISTEMA DE TELECOMUNICACOES LTDA	BR	1	10 minutes
9	AS6789 CRELCOM-NET	UA	1	11 minutes
10	AS46652 SERVERSTACK-ASN	US	4	11 minutes
11	AS16912 4-LESS-NETWORK	US	1	11 minutes
12	AS43578 BITNAP bitNAP Datacenter 01 Barcelona	ES	1	11 minutes
13	AS42676 SMARTKOM ======Uplinks======	RU	1	13 minutes
14	AS52078 MARTEL	PL	1	14 minutes
15	AS268355 RESENDE & GONCALVES TELECOM LTDA	BR	1	14 minutes

The following table shows the top 15 hosting providers with the slowest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.

Rank	ASN	Country	Online	Offline	Average Reaction Time
1	AS63581 GXRTVNET GUANGXI RADIO & TELEVISION INFORMATION NETWORK CO.,LTD.	CN	0	1	20 months, 4 days, 19 hours, 23 minutes
2	AS61165 UMOS-AS	RU	0	1	19 months, 29 days, 16 hours, 34 minutes
3	AS48278 UKRDATACOM-NET-AS	UA	0	1	19 months, 28 days, 11 hours, 8 minutes
4	AS137693 CHINATELECOM-GUANGXI-NANNING-IDC CHINATELECOM Guangxi Nanning IDC networkdescr: NanningGuangxi Province, P.R.China.	CN	0	7	17 months, 25 days, 21 hours, 44 minutes
5	AS43356 COMTECH-AS	CY	0	1	17 months, 22 days, 17 hours, 2 minutes
6	AS23620 DMM DMM.com LLC	JP	0	2	17 months, 15 days, 23 hours, 56 minutes
7	AS134768 CHINANET-SHAANXI-CLOUD-BASE CHINANET SHAANXI province Cloud Base network	CN	0	1	16 months, 29 days, 21 hours, 3 minutes
8	AS34320 MNW-AS	RU	0	4	15 months, 27 days, 12 hours, 15 minutes
9	AS43050 CHOKOLOVKA-AS ChokolovkaNet	UA	0	1	15 months, 23 days, 21 hours, 38 minutes
10	AS15231 STARNOVA-LLC	US	0	6	15 months, 6 days, 4 hours, 25 minutes
11	AS6354 LYCOS	US	0	1	14 months, 28 days, 16 hours, 13 minutes
12	AS29713 ELIA-60	US	0	2	14 months, 25 days, 10 hours, 35 minutes
13	AS58542 CHINATELECOM-TIANJIN Tianjij,300000	CN	1	1	14 months, 16 days, 7 hours, 0 minutes
14	AS9811 BJGY srit corp.,beijing.	CN	4	1	14 months, 13 days, 9 hours, 1 minutes
15	AS35401 SUNLINK-AS Sunlink Telecom ISP, Tula, Russia	RU	0	1	14 months, 13 days, 3 hours, 56 minutes

The full list of average reaction time over all hosting providers (ASNs) can be found here:

Average Reaction Time (for all hosting providers)

If you are a hosting provider, network owner or national CERT, you can subscribe to the URLhaus feed for your ASN or country here:

URLhaus Feeds