Statistics

Most Delivery Payload

Heodo

Show

Average Takedown Time

12 days, 11 hours, 23 minutes

Show

Top Malware Hosting Network

AS4134 CHINANET-BACKBONE

Show

Number of submissions (past 30 days)

The chart below documents the number of submissions (unique malware URL) to URLhaus per day over a period of 30 days.

Top Reporters

It wouldn't be possible to operate URLhaus without the help of volunteers who report malware URLs to URLhaus. The table below shows the top reporters and their Twitter handle.

Rank	Reporter	Submissions
1	@zbetcheckin	80'362
2	@Cryptolaemus1	39'809
3	@Gandylyan1	28'650
4	@spamhaus	19'457
5	@shotgunner101	19'110
6	@JRoosen	16'480
7	@JayTHL	12'289
8	@abuse_ch	11'536
9	@0xrb	11'000
10	@unixronin	8'469
11	@JAMESWT_MHT	7'046
12	@ps66uk	4'902
13	@cocaman	4'201
14	@p5yb34m	3'937
15	@oppimaniac	3'739

Blacklist Comparison

URLhaus reports malware distribution sites to Spamhaus DBL, SURBL and Google Safe Browsing (GSB). In addition, several vendors of IT-security software are consuming URLhaus feeds to enrich their product(s). The statistics below measures the perfomance of several blacklist and DNS providers by counting the number of blacklisted domain names and compare them against each other.

Spamhaus DBL

SURBL

AdGuard DNS

Quad9 DNS

Disclaimer: The blacklist comparison does only consider active malware distribution sites tracked by URLhaus.

Most Delivered Payload

Malware URLs deliver all kind of different payloads. This chart shows the number of payload per malware family (signature) identified / crawled by URLhaus.

Top Tags

Most seen tag associated with malware URLs tracked by URLhaus.

Top Malware Hosting Networks

The chart below shows the top malware hosting network by ASN. Please consider that some of them just offer CDN or proxy services and are hence not hosting the malicious content it self rather than facilitate delivering the malicious payload to the user.

Top malware hosting networks in total (counting online and offline malware distribution sites):

Rank	ASN	Country	Average Reaction Time	Malware URLs
1	AS14061 DIGITALOCEAN-ASN - DigitalOcean, LLC	US	5 days, 16 hours, 39 minutes	31'121
2	AS15169 GOOGLE - Google LLC	US	10 days, 3 hours, 17 minutes	13'877
3	AS16276 OVH	FR	13 days, 1 hours, 23 minutes	9'396
4	AS13335 CLOUDFLARENET - Cloudflare, Inc.	US	13 days, 18 hours, 52 minutes	8'375
5	AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone	CN	6 days, 21 hours, 9 minutes	8'375
6	AS26496 AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC	US	1 month, 2 days, 2 hours, 3 minutes	8'136
7	AS4134 CHINANET-BACKBONE No.31,Jin-rong Street	CN	17 days, 14 hours, 6 minutes	6'920
8	AS46606 UNIFIEDLAYER-AS-1 - Unified Layer	US	26 days, 11 hours, 4 minutes	5'079
9	AS132525 CMNET-HEILONGJIANG-CN HeiLongJiang Mobile Communication Company Limited	CN	1 day, 6 hours, 58 minutes	4'512
10	AS16509 AMAZON-02 - Amazon.com, Inc.	IE	11 days, 23 hours, 6 minutes	3'313
11	AS54290 HOSTWINDS - Hostwinds LLC.	US	10 days, 13 hours, 35 minutes	3'158
12	AS53667 PONYNET - FranTech Solutions	US	20 days, 1 hours, 36 minutes	2'956
13	AS19679 DROPBOX - Dropbox, Inc.	NL	3 days, 23 hours, 7 minutes	2'862
14	AS36352 AS-COLOCROSSING - ColoCrossing	US	7 days, 1 hours, 9 minutes	2'741
15	AS60144 THREE-W-INFRA-AS -- TRANSIT --	NL	17 days, 6 hours, 40 minutes	2'734

Top malware hosting networks, hosting active malware content (counting online malware distribution sites only):

Rank	ASN	Country	Average Reaction Time	Malware URLs
1	AS4134 CHINANET-BACKBONE No.31,Jin-rong Street	CN	17 days, 14 hours, 6 minutes	453
2	AS4837 CHINA169-BACKBONE CHINA UNICOM China169 Backbone	CN	6 days, 21 hours, 9 minutes	159
3	AS4766 KIXS-AS-KR Korea Telecom	KR	1 month, 0 days, 14 hours, 54 minutes	136
4	AS37963 CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd.	CN	1 month, 13 days, 2 hours, 21 minutes	117
5	AS9318 SKB-AS SK Broadband Co Ltd	KR	2 months, 6 days, 3 hours, 16 minutes	105
6	AS15169 GOOGLE - Google LLC	US	10 days, 3 hours, 17 minutes	97
7	AS8068 MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation	US	2 months, 22 days, 1 hours, 57 minutes	69
8	AS54113 FASTLY - Fastly	NL	23 days, 10 hours, 45 minutes	69
9	AS4812 CHINANET-SH-AP China Telecom (Group)	CN	3 months, 6 days, 11 hours, 17 minutes	59
10	AS13335 CLOUDFLARENET - Cloudflare, Inc.	US	13 days, 18 hours, 52 minutes	54
11	AS206898 BLADESERVERS	NL	1 month, 3 days, 13 hours, 23 minutes	53
12	AS46606 UNIFIEDLAYER-AS-1	US	26 days, 11 hours, 4 minutes	43
13	AS16276 OVH	FR	13 days, 1 hours, 23 minutes	38
14	AS36352 AS-COLOCROSSING	US	7 days, 1 hours, 9 minutes	36
15	AS58054 TV-NET-UA-AS	UA	20 days, 9 hours, 41 minutes	36

Takedown Statistics

URLhaus is sending out abuse reports to hosting providers, hosting malware distribution sites. The following chart shows the number of active malware distribution sites and the number of unique abuse reports sent per day.

The following table shows the top 15 hosting providers with the fastest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.

Rank	ASN	Country	Offline	Average Reaction Time
1	AS13022	AT	1	5 minutes
2	AS22438 CLEAR-RATE-COMMUNICATIONS - Clear Rate Communications, Inc.	US	1	7 minutes
3	AS34243 WEBAGE	GB	1	9 minutes
4	AS8739 ICDSOFT	HK	1	9 minutes
5	AS6789 CRELCOM-NET	UA	1	11 minutes
6	AS16912 4-LESS-NETWORK - 4 Less Communications, Inc.	US	1	11 minutes
7	AS263891 TURBONET INFO E TELECOM	BR	1	14 minutes
8	AS56977 ASSTILAR	RU	1	15 minutes
9	AS133699 ZIPTELIT-AS-IN Ziptel IT Solutions Pvt Ltd	IN	1	18 minutes
10	AS29953 MORNCOMM - Cygnet Internet Services Inc	CA	1	18 minutes
11	AS29083 DE-WORLDBONE-AS	DE	1	18 minutes
12	AS20926 PULSATION-AS	FR	1	19 minutes
13	AS12296 ADANET-	TR	1	20 minutes
14	AS35266 EXN-AS	GB	2	20 minutes
15	AS16101 ORDIPAT	FR	1	21 minutes

The following table shows the top 15 hosting providers with the slowest abuse desks. To generated these statistics, URLhaus measures the time between when URLhaus sent the abuse complaint to the hosting provider and when the reported content goes offline. Please consider that the accuracy is +/- 1 hour.

Rank	ASN	Country	Online	Offline	Average Reaction Time
1	AS61165 UMOS-AS	RU	0	1	17 months, 5 days, 13 hours, 26 minutes
2	AS58852 GZGD Guizhou provincial radio and television information Network Inc	CN	0	1	16 months, 10 days, 12 hours, 17 minutes
3	AS29713 ELIA-60 - Reliable Hosting Services	US	0	2	14 months, 25 days, 10 hours, 35 minutes
4	AS11426 TWC-11426-CAROLINAS - Charter Communications Inc	US	2	1	14 months, 18 days, 13 hours, 33 minutes
5	AS35401 SUNLINK-AS Sunlink Telecom ISP, Tula, Russia	RU	0	1	14 months, 13 days, 3 hours, 56 minutes
6	AS24165 PHOENIX-NET-TW PHOENIX CATV CO.,LTD	TW	0	1	14 months, 9 days, 6 hours, 12 minutes
7	AS131259 QX-AS-AP QOXY PTE LTD	SG	0	5	13 months, 22 days, 4 hours, 46 minutes
8	AS44234 GAYA-AS P.O.Hviezdoslava 23B	SK	0	3	13 months, 18 days, 2 hours, 48 minutes
9	AS38099 KAKAO-AS-KR Kakao Corp	KR	1	2	13 months, 3 days, 17 hours, 17 minutes
10	AS136958 UNICOM-GUANGZHOU-IDC China Unicom Guangdong IP network	CN	0	1	13 months, 2 days, 16 hours, 4 minutes
11	AS63119 AS-63119 - netirons	US	0	5	12 months, 13 days, 11 hours, 35 minutes
12	AS17490 ETFIBER-AS Broadhand IP Network based DWDM	CN	0	1	12 months, 11 days, 8 hours, 7 minutes
13	AS19332 Marcatel Com, S.A. de C.V.	MX	0	1	12 months, 7 days, 10 hours, 52 minutes
14	AS16504 GRANITE - Granite Telecommunications LLC	US	0	1	12 months, 7 days, 3 hours, 2 minutes
15	AS20321 Alternativa Gratis	AR	0	9	12 months, 5 days, 9 hours, 11 minutes

The full list of average reaction time over all hosting providers (ASNs) can be found here:

Average Reaction Time (for all hosting providers)

If you are a hosting provider, network owner or national CERT, you can subscribe to the URLhaus feed for your ASN or country here:

URLhaus Feeds