ICANN Domain Metrica provides a global view of domain abuse. It relies on key threat intelligence providers to identify domains participating in abusive activity. One of the key contributors to the Domain Metrica report is SURBL.
This article will highlight the SURBL Domain Intelligence threat feed and explore how ICANN’s Domain Metrica leverages threat information on malicious domains from SURBL.
What is ICANN Domain Metrica?
ICANN Domain Metrica is a flexible platform that provides insights in the form of metadata into domain name registration, usage, and behavior. While initially developed for DNS abuse, the Domain Metrica system was expanded over time to cover more aspects of the domain name ecosystem. The system is designed to evolve over time with the acquisition of new data and metrics. In this way, it helps the internet community understand how domains are used, how trends are shifting, and how to differentiate good traffic from bad.
ICANN Domain Metrica observes the following types of abuse:
Phishing: Domain names that support web pages that disguise as a trustworthy entity such as a bank, known brand, online merchant, or government agency.
Malware: Domain names that facilitate the hosting and/or spreading of hostile or intrusive software that is installed on end systems, potentially without the permission of the user.
Botnet command-and-control: Domain names that are used to identify hosts that control botnets. Botnets are collections of malware-infected computers that can be used to perpetrate various abusive activities like launching denial of service attacks, and sending spam email or phishing campaigns, among others.
ICANN Leverages SURBL Data to Provide Accurate, Actionable Domain Threat Intelligence
After an extensive evaluation of RBL providers, ICANN Domain Metrica selected SURBL as one of their primary sources to identify abusive domains, including phishing and malware.
SURBL Multi data contains domain names, URLs, and IP addresses associated with entities that are “seen” to be participating or distributing malicious activity or attacks. This data is ingested daily to power the ICANN dashboard and API that tracks abuse trends and provides actionable insights for mitigation. In this way, SURBL data serves as a key input feed to identify, aggregate, and measure DNS abuse across top-level domains and registrars.
As stated previously, SURBL data feeds are widely adopted and leveraged across the cybersecurity industry. In particular, the Internet Corporation for Assigned Names and Numbers (ICANN) values and trusts SURBL data, which is considered a significant stamp of approval where experts are concerned.
What is SURBL?
SURBL B.V. (www.surbl.org) is an independent cyber research organization with over 20 years of experience. Their full-time, dedicated staff of researchers are specialized in domain reputation and are committed to protecting users on the internet. SURBL has the expertise to find abusive domains and flag them for malicious activity. The SURBL team is constantly hunting down and identifying the latest phishing and cybercriminal techniques to keep the Internet safe.
Spam URL Realtime Blocklist (SURBL) is a specialized database that lists website domains found in spam, phishing, and malware emails in near real-time. SURBL defines itself from traditional blocklists that target sender IP addresses by focusing instead on links within message bodies to detect malicious content. Because of this, SURBL is considered a highly regarded expert in domain reputations, and its data feeds are considered a critical tool for improving security.
Fast, dynamic intel to identify advanced phishing, malware data sources.
SURBL provides a highly accurate and highly dynamic list of current, active, bad domains; providing highly dynamic, real-time threat data on malicious websites.
SURBL is highly effective at controlling the hard-to-detect phishing and bot-net domains. SURBL data contains approximately 800,000 current, active, bad domains, is updated continuously (updated every 1-2 minutes), and greatly improves detection of phishing, malware and bot-net domains.
Trusted to protect over 2 billion mailboxes worldwide
Highly Regarded Experts in Domain Reputation
SURBL data helps identify malicious or spammy websites that are often used in phishing attacks and malware distribution. Over the years, SURBL has built a reputation as an industry authority. This is due to several factors:
Comprehensive Collection and Rapid Intelligence:Databases like SURBL MULTI and SURBL FRESH update as frequently as possible (1-2 minutes), drawing from a massive network of resources to provide near real-time protection against newly registered domains.
Wide Adoption: ISPs around the world leverage SURBL data feeds, as well as webmail providers, governments, and large enterprises.
Conclusions
SURBL data underpins the ICANN Domain Metrica system, but it also empowers thousands of other security services and supports forensic investigations into compromised networks. SURBL is very highly regarded as an expert in domain reputation, such that key organizations can use their data for abuse monitoring and reporting cybercrime with a high degree of confidence.
SURBL is a Key Input into ICANN Domain Metrica
ICANN Domain Metrica provides a global view of domain abuse. It relies on key threat intelligence providers to identify domains participating in abusive activity. One of the key contributors to the Domain Metrica report is SURBL.
This article will highlight the SURBL Domain Intelligence threat feed and explore how ICANN’s Domain Metrica leverages threat information on malicious domains from SURBL.
What is ICANN Domain Metrica?
ICANN Domain Metrica is a flexible platform that provides insights in the form of metadata into domain name registration, usage, and behavior. While initially developed for DNS abuse, the Domain Metrica system was expanded over time to cover more aspects of the domain name ecosystem. The system is designed to evolve over time with the acquisition of new data and metrics. In this way, it helps the internet community understand how domains are used, how trends are shifting, and how to differentiate good traffic from bad.
ICANN Domain Metrica observes the following types of abuse:
ICANN Leverages SURBL Data to Provide Accurate, Actionable Domain Threat Intelligence
After an extensive evaluation of RBL providers, ICANN Domain Metrica selected SURBL as one of their primary sources to identify abusive domains, including phishing and malware.
SURBL Multi data contains domain names, URLs, and IP addresses associated with entities that are “seen” to be participating or distributing malicious activity or attacks. This data is ingested daily to power the ICANN dashboard and API that tracks abuse trends and provides actionable insights for mitigation. In this way, SURBL data serves as a key input feed to identify, aggregate, and measure DNS abuse across top-level domains and registrars.
As stated previously, SURBL data feeds are widely adopted and leveraged across the cybersecurity industry. In particular, the Internet Corporation for Assigned Names and Numbers (ICANN) values and trusts SURBL data, which is considered a significant stamp of approval where experts are concerned.
What is SURBL?
SURBL B.V. (www.surbl.org) is an independent cyber research organization with over 20 years of experience. Their full-time, dedicated staff of researchers are specialized in domain reputation and are committed to protecting users on the internet. SURBL has the expertise to find abusive domains and flag them for malicious activity. The SURBL team is constantly hunting down and identifying the latest phishing and cybercriminal techniques to keep the Internet safe.
Spam URL Realtime Blocklist (SURBL) is a specialized database that lists website domains found in spam, phishing, and malware emails in near real-time. SURBL defines itself from traditional blocklists that target sender IP addresses by focusing instead on links within message bodies to detect malicious content. Because of this, SURBL is considered a highly regarded expert in domain reputations, and its data feeds are considered a critical tool for improving security.
Highly Regarded Experts in Domain Reputation
SURBL data helps identify malicious or spammy websites that are often used in phishing attacks and malware distribution. Over the years, SURBL has built a reputation as an industry authority. This is due to several factors:
Accurate, Actionable Data: The high accuracy and efficacy of its intelligence datasets, which are proven to detect up to 95% of unsolicited messages and nearly zero false positives.
Comprehensive Collection and Rapid Intelligence: Databases like SURBL MULTI and SURBL FRESH update as frequently as possible (1-2 minutes), drawing from a massive network of resources to provide near real-time protection against newly registered domains.
Wide Adoption: ISPs around the world leverage SURBL data feeds, as well as webmail providers, governments, and large enterprises.
Conclusions
SURBL data underpins the ICANN Domain Metrica system, but it also empowers thousands of other security services and supports forensic investigations into compromised networks. SURBL is very highly regarded as an expert in domain reputation, such that key organizations can use their data for abuse monitoring and reporting cybercrime with a high degree of confidence.
Contact us to learn more or start a free trial.
Recent Posts
Recent Comments
Popular Categories
Popular Tags
Archives