SURBL – Fresh

SURBL Fresh Provides Accurate Threat Intelligence on New Domains 

It’s highly unlikely that domains less than 1 day old would be used by legitimate companies or applications.

With the SURBL Fresh feed, you get access to critical, accurate information on active new domains. With this information, you can easily apply security policies like blocks, quarantines, and walled gardens to prevent the resolution of new malicious domains.

SURBL Fresh is designed for use in a wide variety of security system applications, including:

  • Email filtering
  • DNS firewall
  • Web filtering
  • SIEM platforms
  • And more

‘Fresh’ dataset:
continuous stream of newly registered or newly observed domains – an additional layer of protection against use of fast flux domains by cyber criminals that aim to bypass reputation filters

How SURBL Fresh Works

Information about the DNS insertion time of new domains for most of the top-level domains (TLD) on the internet is contained onage.surbl.org.  For each domain, age.surbl.org has the UNIX epoch time of when SURBL first saw the domain in the global TLD zone files. TLD zone files are used for source material on age.surbl.org.

– SURBL Fresh feed provides critical, accurate, information on the time new domains are placed into service.  

  • Security policy can be easily applied… (block, quarantine, walled garden, etc) to prevent resolution of malicious new domains, based on your defined policies.
  • Designed for use in wide variety of security systems… including email filtering, DNS firewall, web filtering, SIEM platforms, etc
  • It’s highly unlikely that domains less then (one) (day) old, would be used in a viable company / application.

age.surbl.org contains information about the DNS insertion time ofnew domains for most of the TLDs on the Internet.  For each domain, age.surbl.org has the UNIX epoch time that SURBL first saw the domain in the global TLD zone files.