HashBL from SURBL – Block Malicious Shorteners / Redirector URIs, Crypto-wallets, and More

  • Home
  • HashBL from SURBL – Block Malicious Shorteners / Redirector URIs, Crypto-wallets, and More

Latest Threat Intelligence Feed from SURBL: HASHBL

Cybercriminals are constantly evolving their methods to evade filtering.  The HashBL from SURBL kicks in where traditional domain and IP blocklists stop. This latest blocklist helps identify threats beyond the domain or IP address of the sender for more precise protection. 

Mail filters can identify malicious items (including shortener URIs, “free-mail” addresses, crypto-wallets, etc) by computing a hash and querying the Hash Blocklist. HashBL from SURBL is a new data feed to help identify and block these threats using hash strings for enhanced coverage.

 Shortener / Redirector Feed


In an attempt to evade highly effective domain blocklists, cybercriminals have begun trying to hide behind shortener URIs (example: Bit.ly).  Now customers can query hashes of URIs using the SURBL Hash Blocklist – Shortener / Redirector Feed. The query will return a code signaling if and why that hash is known to be malicious. 


The following codes will be returned if the hash of the URI is listed:×08 – Phishing URIs×10 – URIs used to host malware×40 – URI used in general spam. Exact type of abuse has not been identified yet.×80 – Cracked Site URIs – Test Point queried 

Note: Multiple codes will be returned for URIs listed in multiple categories

Additional Hash Feeds

The HashBL from SURBL can also be used to block hashes related to malicious email addresses, crypto-wallets, and phone numbers.

Email Addresses

Cybercriminals often use large “free-mail” providers (ex. Yahoo or Gmail). These large email providers domains cannot be blocked, as users will not be able to receive email from the millions of legitimate email addresses.  SURBL HashBL now allows customers to block the known malicious free-mail addresses based on hash strings. 

Users can query using the md5 hash of the entire email address. 


Address: spammer @ yahoo . com

Md5sum: 2460071d622d1e714ce20897cdca25a5 

Query: 2460071d622d1e714ce20897cdca25a5.$PQSKEY.surbl.net

Return Code if Listed:

Phone Numbers

HashBL also allows users to filter based on hash strings of known malicious phone numbers.  

Phone numbers known to be associated with malicious activity are often included in email scams.  These phone numbers can now be hashed and query to further protect your users from known threats. 


Phone number: +0012345678

md5sum: 506c5e6bb3d2ef3b3fd36b7cf7bfb26a

Query: 506c5e6bb3d2ef3b3fd36b7cf7bfb26a.$PQSKEY.surbl.net

Return Code if Listed:



As cryptocurrency has risen in popularity, cybercriminals have been increasingly using cryptocurrency in new scams. More information on how scammers used cryptocurrency can be found in this article from the FTC. https://consumer.ftc.gov/articles/what-know-about-cryptocurrency-and-scams

HashBL from SURBL can also be used to filter and block hashes related to malicious crypto-wallets.   

Query the HashBL using the md5 hash of the entire wallet address string. 



Md5sum: 3a90d2e29f657f27e411692120d2eb04  

Query: 3a90d2e29f657f27e411692120d2eb04.$PQSKEY.surbl.net

Return Code if Listed:

Try the HashBL Today: