HashBL from SURBL – Block Malicious Shorteners / Redirector URIs, Crypto-wallets, and More
Latest Threat Intelligence Feed from SURBL: HASHBL
Cybercriminals are constantly evolving their methods to evade filtering. The HashBL from SURBL kicks in where traditional domain and IP blocklists stop. This latest blocklist helps identify threats beyond the domain or IP address of the sender for more precise protection.
Mail filters can identify malicious items (including shortener URIs, “free-mail” addresses, crypto-wallets, etc) by computing a hash and querying the Hash Blocklist. HashBL from SURBL is a new data feed to help identify and block these threats using hash strings for enhanced coverage.
Shortener / Redirector Feed
In an attempt to evade highly effective domain blocklists, cybercriminals have begun trying to hide behind shortener URIs (example: Bit.ly). Now customers can query hashes of URIs using the SURBL Hash Blocklist – Shortener / Redirector Feed. The query will return a code signaling if and why that hash is known to be malicious.
The following codes will be returned if the hash of the URI is listed:
●127.0.0.0×08 – Phishing URIs
●127.0.0.0×10 – URIs used to host malware
●127.0.0.0×40 – URI used in general spam. Exact type of abuse has not been identified yet.
●127.0.0.0×80 – Cracked Site URIs
●127.0.0.0xfe – Test Point queried
Note: Multiple codes will be returned for URIs listed in multiple categories
Additional Hash Feeds
The HashBL from SURBL can also be used to block hashes related to malicious email addresses, crypto-wallets, and phone numbers.
Email Addresses
Cybercriminals often use large “free-mail” providers (ex. Yahoo or Gmail). These large email providers domains cannot be blocked, as users will not be able to receive email from the millions of legitimate email addresses. SURBL HashBL now allows customers to block the known malicious free-mail addresses based on hash strings.
Users can query using the md5 hash of the entire email address.
HashBL also allows users to filter based on hash strings of known malicious phone numbers.
Phone numbers known to be associated with malicious activity are often included in email scams. These phone numbers can now be hashed and query to further protect your users from known threats.
Latest Threat Intelligence Feed from SURBL: HASHBL
Cybercriminals are constantly evolving their methods to evade filtering. The HashBL from SURBL kicks in where traditional domain and IP blocklists stop. This latest blocklist helps identify threats beyond the domain or IP address of the sender for more precise protection.
Mail filters can identify malicious items (including shortener URIs, “free-mail” addresses, crypto-wallets, etc) by computing a hash and querying the Hash Blocklist. HashBL from SURBL is a new data feed to help identify and block these threats using hash strings for enhanced coverage.
Shortener / Redirector Feed
In an attempt to evade highly effective domain blocklists, cybercriminals have begun trying to hide behind shortener URIs (example: Bit.ly). Now customers can query hashes of URIs using the SURBL Hash Blocklist – Shortener / Redirector Feed. The query will return a code signaling if and why that hash is known to be malicious.
The following codes will be returned if the hash of the URI is listed:
● 127.0.0.0×08 – Phishing URIs
● 127.0.0.0×10 – URIs used to host malware
● 127.0.0.0×40 – URI used in general spam. Exact type of abuse has not been identified yet.
● 127.0.0.0×80 – Cracked Site URIs
● 127.0.0.0xfe – Test Point queried
Note: Multiple codes will be returned for URIs listed in multiple categories
Additional Hash Feeds
The HashBL from SURBL can also be used to block hashes related to malicious email addresses, crypto-wallets, and phone numbers.
Email Addresses
Cybercriminals often use large “free-mail” providers (ex. Yahoo or Gmail). These large email providers domains cannot be blocked, as users will not be able to receive email from the millions of legitimate email addresses. SURBL HashBL now allows customers to block the known malicious free-mail addresses based on hash strings.
Users can query using the md5 hash of the entire email address.
Example:
Address: spammer @ yahoo . com
Md5sum: 2460071d622d1e714ce20897cdca25a5
Query: 2460071d622d1e714ce20897cdca25a5.$PQSKEY.surbl.net
Return Code if Listed: 127.0.1.2
Phone Numbers
HashBL also allows users to filter based on hash strings of known malicious phone numbers.
Phone numbers known to be associated with malicious activity are often included in email scams. These phone numbers can now be hashed and query to further protect your users from known threats.
Example:
Phone number: +0012345678
md5sum: 506c5e6bb3d2ef3b3fd36b7cf7bfb26a
Query: 506c5e6bb3d2ef3b3fd36b7cf7bfb26a.$PQSKEY.surbl.net
Return Code if Listed: 127.0.3.2
Crypto-wallets
As cryptocurrency has risen in popularity, cybercriminals have been increasingly using cryptocurrency in new scams. More information on how scammers used cryptocurrency can be found in this article from the FTC. https://consumer.ftc.gov/articles/what-know-about-cryptocurrency-and-scams
HashBL from SURBL can also be used to filter and block hashes related to malicious crypto-wallets.
Query the HashBL using the md5 hash of the entire wallet address string.
Example:
Address:bc1examplebitcoinwalletaddress
Md5sum: 3a90d2e29f657f27e411692120d2eb04
Query: 3a90d2e29f657f27e411692120d2eb04.$PQSKEY.surbl.net
Return Code if Listed: 127.0.2.2
Try the HashBL Today:
Recent Posts
Recent Comments
Popular Categories
Popular Tags
Archives