SURBL – Fresh

SURBL Fresh Provides Accurate Threat Intelligence on New Domains

SURBL ‘Fresh’ complements SURBL’s already highly effective and accurate lists of ‘bad domains’ by identifying newly registered domains

Cyber criminals cycle through new domains to evade filters.  The vast majority of newly registered domains are used for malicious activity. With SURBL ‘Fresh’, add an extra layer of protection against malware, ransomware and spamming by blocking traffic associated with recently registered domains whose reputations have yet to be established .

SURBL Fresh is designed for use in a wide variety of security system applications, including:



Information about the DNS insertion time of new domains for most of the top-level domains (TLD) on the internet is contained  For each domain, has the UNIX epoch time of when SURBL first saw the domain in the global TLD zone files. TLD zone files are used for source material on

SURBL Fresh feed provides critical, accurate, information on the time new domains are placed into service.  

  • Security policy can be easily applied to prevent resolution of malicious new domains, based on your defined policies. (Example policy: block, quarantine, walled garden) 
  • Designed for use in variety of security systems, like email filtering or DNS firewall
  • It’s highly unlikely that domains less then (one) (day) old, would be used in a viable company / application. contains information about the DNS insertion time of new domains for most of the TLDs on the Internet.  For each domain, has the UNIX epoch time that SURBL first saw the domain in the global TLD zone files.  

Key Features and Benefits

  • Continuously Updated: New domains are added to the Fresh feed every minute.  Customers are protected from these domains before the cyber criminal even have a chance to use them.
  • Trusted Partnerships: Data-sharing relationships with domain registrars and ICANN community allow SURBL to list domains before they can be used maliciously.
  • Current Data: Within 72 hours, if and when the domain is determined to be malicious, it will be removed from Fresh and placed into other domain threat intelligence feeds, like SURBL Multi. 
  • Easily Apply Security Policies: Organizations can define their policy for new domains using the Fresh data. Depending on organizations risk tolerance, they can choose to block, quarantine, walled garden, etc
  • Quick Deployment: Works with existing infrastructure and email filtering / security platforms.
  • Flexible Delivery Options: Organizations can choose which option works best for their workflow: Via Rsync, CSV file drops, or private query service.

Uses of Fresh Data

Data feed of newly registered domains can be useful for the following applications:

Start your free trial.

Design the best set of data feeds to meet your needs!

Experience improved cybersecurity and stop phishing emails, ransomware, malware, and other cyber threats. Sign up for your free consultation and receive an in-depth technical deep dive and a 30-day free trial.