Most Delivery Payload


Average Takedown Time

19 days, 6 hours, 38 minutes

Top Malware Hosting Network



Number of submissions (past 30 days)

The chart below documented the number of submissions (unique malware URL) to URLhaus per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate URLhaus without the help of volunters who report malware URLs to URLhaus. The table below shows the top reporters and their Twitter handle.


Blacklist Comparison

URLhaus reports malware distribution sites to Spamhaus DBL, SURBL and Google Safe Browsing (GSB). The statistics below measures the perfomance of these three blacklist providers by counting the number of blacklisted URLs/domain names and compare them against each other.

Spamhaus DBL


Google Safe Browsing

Disclaimer: The blacklist comparison does only consider active malware distribution sites tracked by URLhaus. While Google Safe Browsing is a URL based blacklist, Spamhaus DBL and SURBL are domain based datasets.

Most Delivered Payload

Malware URLs deliver all kind of different payloads. This chart shows the number of payload per malware family (signature) identified / crawled by URLhaus.

Top Tags

Most seen tag associated with malware URLs tracked by URLhaus.

Top Malware Hosting Networks

The chart below shows the top malware hosting network by ASN. Please consider that some of them just offer CDN or proxy services and are hence not hosting the malicious content it self rather than facilitate delivering the malicious payload to the user.

Top malware hosting networks in total (counting online and offline malware distribution sites):

RankASNCountryAverage Reaction TimeMalware URLs
1AS14061 DIGITALOCEAN-ASN - DigitalOcean, LLC- SG4 days, 12 hours, 2 minutes23'956
2AS16276 OVH- FR9 days, 21 hours, 35 minutes6'841
3AS26496 AS-26496-GO-DADDY-COM-LLC -, LLC- US11 days, 0 hours, 40 minutes6'541
4AS15169 GOOGLE - Google LLC- US8 days, 17 hours, 45 minutes4'694
5AS46606 UNIFIEDLAYER-AS-1 - Unified Layer- US8 days, 22 hours, 25 minutes4'245
6AS13335 CLOUDFLARENET - Cloudflare, Inc.- US9 days, 23 hours, 49 minutes3'395
7AS16509 AMAZON-02 -, Inc.- IE8 days, 19 hours, 41 minutes2'579
8AS60144 THREE-W-INFRA-AS -- TRANSIT --- NL15 days, 7 hours, 30 minutes2'425
9AS53667 PONYNET - FranTech Solutions- US16 days, 14 hours, 31 minutes1'955
10AS24940 HETZNER-AS- DE3 days, 14 hours, 11 minutes1'921
11AS36352 AS-COLOCROSSING - ColoCrossing- US5 days, 10 hours, 15 minutes1'906
12AS31034 ARUBA-ASN- IT7 days, 13 hours, 2 minutes1'848
13AS51659 ASBAXET- RU9 days, 23 hours, 24 minutes1'750
14AS54290 HOSTWINDS - Hostwinds LLC.- US7 days, 18 hours, 44 minutes1'502
15AS32244 LIQUIDWEB - Liquid Web, L.L.C- US18 days, 5 hours, 6 minutes1'356

Top malware hosting networks, hosting active malware content (counting online malware distribution sites only):

RankASNCountryAverage Reaction TimeMalware URLs
1AS4134 CHINANET-BACKBONE No.31,Jin-rong Street- CN1 month, 25 days, 12 hours, 36 minutes533
2AS4766 KIXS-AS-KR Korea Telecom- KR27 days, 3 hours, 12 minutes109
3AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone- CN2 months, 9 days, 2 hours, 11 minutes88
4AS9318 SKB-AS SK Broadband Co Ltd- KR1 month, 4 days, 3 hours, 56 minutes86
5AS54113 FASTLY - Fastly- NL8 days, 15 hours, 0 minutes70
6AS8926 MOLDTELECOM-AS Moldtelecom Autonomous System- MD1 month, 5 days, 22 hours, 12 minutes64
7AS48161 NG-AS Sos. Bucuresti - Ploiesti nr. 42-44- RO3 months, 3 days, 12 hours, 30 minutes60
8AS16276 OVH- FR9 days, 21 hours, 35 minutes53
9AS26228 SERVEPATH - DataPipe, Inc.- US0 minute53
10AS54290 HOSTWINDS - Hostwinds LLC.- US7 days, 18 hours, 44 minutes52
11AS15169 GOOGLE - Google LLC- No8 days, 17 hours, 45 minutes47
12AS134542 UNICOM-GUIAN China Unicom IP network- CN2 months, 3 days, 22 hours, 22 minutes47
13AS18403 FPT-AS-AP The Corporation for Financing & Promoting Technology- VN14 days, 23 hours, 1 minutes42
14AS36352 AS-COLOCROSSING - ColoCrossing- US5 days, 10 hours, 15 minutes42
15AS53667 PONYNET - FranTech Solutions- US16 days, 14 hours, 31 minutes40

Takedown Statistics

URLhaus is sending out abuse reports to hosting providers, hosting malware distribution sites. The following chart shows the number of active malware distribution sites and the number of unique abuse reports sent per day.

The following table shows the top 15 hosting providers with the fastest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.

RankASN GoodCountryOnlineOfflineAverage Reaction Time
1AS13022 - AT015 minutes
2AS22438 CLEAR-RATE-COMMUNICATIONS - Clear Rate Communications, Inc.- US017 minutes
3AS34243 WEBAGE- GB019 minutes
4AS8267 CYFRONET-AS Metropolitan Area Network Autonomous System- PL0111 minutes
5AS16912 4-LESS-NETWORK - 4 Less Communications, Inc.- US0111 minutes
6AS197595 OBE- SE0112 minutes
7AS51790 SIEL- SI0112 minutes
8AS206566 SAVANA- CZ0112 minutes
9AS34240 MANITU- DE0115 minutes
10AS43758 H88-PL-AS- PL1117 minutes
11AS29953 MORNCOMM - Cygnet Internet Services Inc- CA0118 minutes
12AS29083 DE-WORLDBONE-AS- DE0118 minutes
13AS20926 PULSATION-AS- FR0119 minutes
14AS12296 ADANET-- TR0120 minutes
15AS35266 EXN-AS- GB0220 minutes

The following table shows the top 15 hosting providers with the slowest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.

RankASN PoorCountryOnlineOfflineAverage Reaction Time
1AS9394 CTTNET China TieTong Telecommunications Corporation- CN019 months, 7 days, 21 hours, 10 minutes
2AS42841 ANTIK- SK219 months, 5 days, 13 hours, 28 minutes
3AS10226 ETL-IX-AS-AP Enterprise of Telecommunications Lao- LA029 months, 3 days, 6 hours, 26 minutes
4AS58779 I4HKLIMITED-AS i4HK Limited- HK028 months, 26 days, 9 hours, 29 minutes
5AS24323 AAMRA-NETWORKS-AS-AP aamra networks limited- BD0148 months, 17 days, 18 hours, 3 minutes
6AS198721 PROGETTO8 PROGETTO8- IT018 months, 0 days, 1 hours, 17 minutes
7AS134768 CHINANET-SICHUAN-CHENGDU-MAN CHINANET Sichuan province Chengdu MAN network- CN017 months, 15 days, 17 hours, 44 minutes
8AS48278 UKRDATACOM-NET-AS- UA017 months, 9 days, 2 hours, 42 minutes
9AS9443 INTERNETPRIMUS-AS-AP Primus Telecommunications- AU017 months, 6 days, 8 hours, 9 minutes
10AS27775 Telecommunicationcompany Suriname - TeleSur- SR217 months, 2 days, 12 hours, 40 minutes
11AS17638 CHINATELECOM-TJ-AS-AP ASN for TIANJIN Provincial Net of CT- CN026 months, 27 days, 12 hours, 32 minutes
12AS63612 XIAONIAOYUN Shenzhen Qianhai bird cloud computing Co. Ltd.- CN116 months, 25 days, 22 hours, 38 minutes
13AS196705 ARDINVEST- UA016 months, 24 days, 15 hours, 50 minutes
14AS33947 WLA-NET-HU-AS- HU016 months, 23 days, 19 hours, 54 minutes
15AS58852 GZGD Guizhou provincial radio and television information Network Inc- CN016 months, 22 days, 20 hours, 37 minutes

The full list of average reaction time over all hosting providers (ASNs) can be found here:

If you are a hosting provider, network owner or national CERT, you can subscribe to the URLhaus feed for your ASN or country here: