On Tuesday, February 14, 2017, 5:26:19 PM, Rubens Kuhl wrote:
Is there an abuse combat feed available at SURBL ? The hope was to get information that would trigger abuse investigations and possible domain take-downs of phishing/malware that is enjoying benefit from the domain name (e.g., using a domain name like bank-name-security.TLD)... parsing the full URI data seems the most logical option, but that there doesn't seem to exist a TLD-specific feed or an specific $ condition for TLD registries.
Ideas ?
Tks, Rubens
Hi Rubens, Thanks very much for your questions. We would be very glad if our data could be used to help with investigations, and we feel we have some of the most accurate, careful and actionable data available.
SURBL has a main list of abuse, phishing, malware, and cracked hosts (domains and IPs). Most of the abuse hosts are used for spam. Cracked hosts tend to be used for spam, phishing, malware, botnets, DDOS, etc. SURBL also has full URI data available in different ways. Both types of data may be useful for you, but it may be simplest to start with the host data and then try URIs. There is also a logical process to check our host data first, then check our URI data for deeper information where available. (Not all blacklisted hosts have corresponding blacklisted URIs, and vice versa.)
We can make reports about specific TLDs, for example .br or even Brazilian brands, but the .br domains are also trivially searchable in our main host blacklist.
Let us ask Arnie or Allen of our reseller SecurityZones to please follow up with you about these questions. They can also explain some of our other datasets and services which may be useful.
SecurityZones web site is:
Hi Arnie and Allen, Please reply to Rubens and include SURBL so we can also follow up with any technical questions as needed.
Cheers,
Jeff C.