Statistics

Most Delivery Payload

Heodo

Show

Average Takedown Time

12 days, 3 hours, 7 minutes

Show

Top Malware Hosting Network

AS4134 CHINANET-BACKBONE

Show

Number of submissions (past 30 days)

The chart below documented the number of submissions (unique malware URL) to URLhaus per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate URLhaus without the help of volunters who report malware URLs to URLhaus. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Submissions
1	@zbetcheckin	46'409
2	@Cryptolaemus1	26'404
3	@shotgunner101	19'043
4	@JRoosen	16'467
5	@spamhaus	11'570
6	@unixronin	8'370
7	@Techhelplistcom	6'767
8	@0xrb	6'350
9	@abuse_ch	5'937
10	@JAMESWT_MHT	4'806
11	@ps66uk	4'331
12	@cocaman	3'612
13	@oppimaniac	2'989
14	@lovemalware	2'902
15	@p5yb34m	2'260

Blacklist Comparison

URLhaus reports malware distribution sites to Spamhaus DBL, SURBL and Google Safe Browsing (GSB). The statistics below measures the perfomance of these three blacklist providers by counting the number of blacklisted URLs/domain names and compare them against each other.

Spamhaus DBL

SURBL

Google Safe Browsing

Disclaimer: The blacklist comparison does only consider active malware distribution sites tracked by URLhaus. While Google Safe Browsing is a URL based blacklist, Spamhaus DBL and SURBL are domain based datasets.

Most Delivered Payload

Malware URLs deliver all kind of different payloads. This chart shows the number of payload per malware family (signature) identified / crawled by URLhaus.

Top Tags

Most seen tag associated with malware URLs tracked by URLhaus.

Top Malware Hosting Networks

The chart below shows the top malware hosting network by ASN. Please consider that some of them just offer CDN or proxy services and are hence not hosting the malicious content it self rather than facilitate delivering the malicious payload to the user.

Top malware hosting networks in total (counting online and offline malware distribution sites):

Rank	ASN	Country	Average Reaction Time	Malware URLs
1	AS14061 DIGITALOCEAN-ASN - DigitalOcean, LLC	GB	5 days, 3 hours, 39 minutes	20'195
2	AS36352 AS-COLOCROSSING - ColoCrossing	US	5 days, 5 hours, 56 minutes	14'486
3	AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC	US	10 days, 12 hours, 44 minutes	6'565
4	AS16276 OVH	FR	7 days, 5 hours, 53 minutes	6'163
5	AS46606 UNIFIEDLAYER-AS-1 - Unified Layer	US	7 days, 13 hours, 9 minutes	4'395
6	AS13335 CLOUDFLARENET - Cloudflare, Inc.	US	9 days, 7 hours, 32 minutes	3'010
7	AS15169 GOOGLE - Google LLC	US	7 days, 12 hours, 45 minutes	2'797
8	AS16509 AMAZON-02 - Amazon.com, Inc.	IE	7 days, 14 hours, 1 minutes	2'403
9	AS60144 THREE-W-INFRA-AS -- TRANSIT --	NL	10 days, 23 hours, 10 minutes	2'275
10	AS24940 HETZNER-AS	DE	3 days, 2 hours, 28 minutes	2'008
11	AS31034 ARUBA-ASN	IT	7 days, 13 hours, 41 minutes	1'775
12	AS50673 SERVERIUS-AS	NL	4 days, 8 hours, 59 minutes	1'697
13	AS51659 ASBAXET	RU	10 days, 15 hours, 26 minutes	1'612
14	AS53667 PONYNET - FranTech Solutions	US	13 days, 10 hours, 3 minutes	1'564
15	AS32244 LIQUIDWEB - Liquid Web, L.L.C	US	16 days, 5 hours, 26 minutes	1'333

Top malware hosting networks, hosting active malware content (counting online malware distribution sites only):

Rank	ASN	Country	Average Reaction Time	Malware URLs
1	AS4134 CHINANET-BACKBONE No.31,Jin-rong Street	CN	1 month, 28 days, 11 hours, 29 minutes	430
2	AS16276 OVH	CA	7 days, 5 hours, 53 minutes	201
3	AS4766 KIXS-AS-KR Korea Telecom	KR	1 month, 0 days, 14 hours, 59 minutes	105
4	AS15169 GOOGLE - Google LLC	US	7 days, 12 hours, 45 minutes	103
5	AS9318 SKB-AS SK Broadband Co Ltd	KR	1 month, 0 days, 1 hours, 19 minutes	83
6	AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone	CN	1 month, 27 days, 14 hours, 17 minutes	78
7	AS8926 MOLDTELECOM-AS Moldtelecom Autonomous System	MD	4 days, 9 hours, 28 minutes	66
8	AS32244 LIQUIDWEB - Liquid Web, L.L.C	US	16 days, 5 hours, 26 minutes	63
9	AS54113 FASTLY - Fastly	NL	12 days, 15 hours, 8 minutes	61
10	AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC	SG	10 days, 12 hours, 44 minutes	58
11	AS18403 FPT-AS-AP The Corporation for Financing & Promoting Technology	VN	11 days, 3 hours, 48 minutes	54
12	AS13768 COGECO-PEER1 - Cogeco Peer 1	CA	8 days, 23 hours, 1 minutes	45
13	AS22612 NAMECHEAP-NET - Namecheap, Inc.	US	12 days, 10 hours, 10 minutes	45
14	AS45102 CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd.	US	20 days, 2 hours, 54 minutes	41
15	AS45899 VNPT-AS-VN VNPT Corp	VN	12 days, 5 hours, 12 minutes	41

Takedown Statistics

URLhaus is sending out abuse reports to hosting providers, hosting malware distribution sites. The following chart shows the number of active malware distribution sites and the number of unique abuse reports sent per day.

The following table shows the top 15 hosting providers with the fastest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.

Rank	ASN	Country	Offline	Average Reaction Time
1	AS200628 BGO-MEDIA	BG	1	4 minutes
2	AS13022	AT	1	5 minutes
3	AS22438 CLEAR-RATE-COMMUNICATIONS - Clear Rate Communications, Inc.	US	1	7 minutes
4	AS34243 WEBAGE	GB	1	9 minutes
5	AS8267 CYFRONET-AS Metropolitan Area Network Autonomous System	PL	1	11 minutes
6	AS16912 4-LESS-NETWORK - 4 Less Communications, Inc.	US	1	11 minutes
7	AS197595 OBE	SE	1	12 minutes
8	AS51790 SIEL	SI	1	12 minutes
9	AS206566 SAVANA	CZ	1	12 minutes
10	AS34240 MANITU	DE	1	15 minutes
11	AS43758 H88-PL-AS	PL	1	17 minutes
12	AS29083 DE-WORLDBONE-AS	DE	1	18 minutes
13	AS7540 HKCIX-AS-AP HongKong Commercial Internet Exchange	HK	1	18 minutes
14	AS29522 KEI	PL	1	19 minutes
15	AS20926 PULSATION-AS	FR	1	19 minutes

The following table shows the top 15 hosting providers with the slowest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.

Rank	ASN	Country	Online	Offline	Average Reaction Time
1	AS10226 ETL-IX-AS-AP Enterprise of Telecommunications Lao	LA	1	1	7 months, 23 days, 14 hours, 37 minutes
2	AS24323 AAMRA-NETWORKS-AS-AP aamra networks limited	BD	0	14	6 months, 11 days, 16 hours, 0 minutes
3	AS58779 I4HKLIMITED-AS i4HK Limited	HK	0	2	6 months, 1 days, 11 hours, 22 minutes
4	AS56264 TOMATOWEB-BD Tomato Web (Pvt) Limited	BD	0	1	5 months, 27 days, 20 hours, 3 minutes
5	AS19332 Marcatel Com, S.A. de C.V.	MX	0	1	5 months, 26 days, 16 hours, 55 minutes
6	AS61165 UMOS-AS	RU	0	1	5 months, 25 days, 15 hours, 2 minutes
7	AS23816 YAHOO Yahoo Japan Corporation	JP	0	1	5 months, 12 days, 7 hours, 36 minutes
8	AS35401 SUNLINK-AS Sunlink Telecom ISP, Tula, Russia	RU	0	1	5 months, 11 days, 21 hours, 29 minutes
9	AS58962 SCSJLX-CN SiChuan Century LiXin Financial Management Consulting Co., LTD	CN	0	11	5 months, 8 days, 5 hours, 27 minutes
10	AS29256 INT-PDN-STE-AS STE PDN Internal AS	SY	0	1	5 months, 5 days, 23 hours, 2 minutes
11	AS48815 CRITICALCASE	IT	0	227	5 months, 2 days, 21 hours, 22 minutes
12	AS6315 XMISSION - XMission, L.C.	US	0	1	4 months, 29 days, 4 hours, 9 minutes
13	AS17638 CHINATELECOM-TJ-AS-AP ASN for TIANJIN Provincial Net of CT	CN	0	3	4 months, 28 days, 11 hours, 41 minutes
14	AS58852 GZGD Guizhou provincial radio and television information Network Inc	CN	0	1	4 months, 21 days, 22 hours, 9 minutes
15	AS262197 MILLICOM CABLE COSTA RICA S.A.	CR	0	1	4 months, 21 days, 14 hours, 54 minutes

The full list of average reaction time over all hosting providers (ASNs) can be found here:

Average Reaction Time (for all hosting providers)

If you are a hosting provider, network owner or national CERT, you can subscribe to the URLhaus feed for your ASN or country here:

URLhaus Feeds