[SURBL-Discuss] Abuse combat feed

Jeff Chan jeffc at surbl.org
Wed Feb 15 03:13:32 CET 2017

On Tuesday, February 14, 2017, 5:26:19 PM, Rubens Kuhl wrote:

> Is there an abuse combat feed available at SURBL ? The hope was to
> get information that would trigger abuse investigations and possible
> domain take-downs of phishing/malware that is enjoying benefit from
> the domain name (e.g., using a domain name like
> bank-name-security.TLD)... parsing the full URI data seems the most
> logical option, but that there doesn't seem to exist a TLD-specific
> feed or an specific $ condition for TLD registries. 

> Ideas ? 

> Tks,
> Rubens

Hi Rubens,
Thanks very much for your questions.  We would be very glad if our
data could be used to help with investigations, and we feel we have
some of the most accurate, careful and actionable data available.

SURBL has a main list of abuse, phishing, malware, and cracked hosts
(domains and IPs).  Most of the abuse hosts are used for spam.
Cracked hosts tend to be used for spam, phishing, malware, botnets,
DDOS, etc.  SURBL also has full URI data available in different ways.
Both types of data may be useful for you, but it may be simplest to
start with the host data and then try URIs.  There is also a logical
process to check our host data first, then check our URI data for
deeper information where available.  (Not all blacklisted hosts have
corresponding blacklisted URIs, and vice versa.)

We can make reports about specific TLDs, for example .br or even
Brazilian brands, but the .br domains are also trivially searchable
in our main host blacklist.

Let us ask Arnie or Allen of our reseller SecurityZones to please
follow up with you about these questions.  They can also explain some
of our other datasets and services which may be useful.

SecurityZones web site is:


Hi Arnie and Allen,
Please reply to Rubens and include SURBL so we can also follow up
with any technical questions as needed.


Jeff C.
Jeff Chan
mailto:jeffc at surbl.org

More information about the Discuss mailing list