• Malicious URL Data Feed

Whether your goal is to protect your enterprise network from infections and data loss, shield your customers from harm, or incorporate awareness of malicious URLs into software or hardware, the Malicious URL Data Feed is a cost-effective, easy-to-implement solution that brings real-time awareness of dangerous programs spreading across the web. Rather than week- or month-old malware samples, the Malicious URL Data Feed is dynamically updated, showing the online locations where malicious programs originate: the websites infecting users’ machines right now. Our partners’ analysts identify the malicious pages being used to lure or engage users, the hosting points for the malicious code itself, and test malware against a large bank of anti-viruses and honey pots to provide an accurate list of threats to systems and users.

  • Phishing URL Data Feed

Cyber criminals use phishing webpages to impersonate legitimate websites and leverage well-known brands in order to trick people into visiting rogue websites and capture their log-in credentials. Fraudsters then use this information to compromise banking and social networking accounts, and to distribute spam and malware via compromised email accounts. The Phishing URL Data Feed is a continuous feed of these pages discovered live, minute by minute, on the Internet.


Whether your goal is to protect your employees from social engineering, guard your network from malicious content or downloads, shield your customers from harm, or incorporate phishing awareness into software or hardware, the Phishing URL Data Feed is a cost-effective, easy-to-implement method to get “Phish-Aware” quickly and easily.


 

  • Malware Total Lifecycle Protection Data Feed Bundle

Malware Total Lifecycle Protection (TLP) provides pre-infection protection from malicious web pages, emails and phishing attacks and prevents post-infection malware from reaching command and control (C2) servers. Malware TLP offers immediate, actionable intelligence in the form of known bad URLs, host names, and domain names that can be used to complement your security automation procedures by delivering machine-readable threat intelligence (MRTI) to a capable firewall, network intrusion detection or prevention (IDS/IPS) system, or compatible threat intelligence platform.

  • Newly-Registered Domain Data Feed

More than half of the world’s registered domain names – and more than half of live websites – are contained in the top five traditional top-level domain names (gTLDs), including .com, .net, .org, .biz, and .info. These five extensions account for nearly 80 percent of all newly registered domains.
For those and more than 825 new gTLD extensions (e.g., .school, .guru, etc.), Our partners have the systems and business relationships that enable us to harvest the zone files, which are the authoritative lists of every new domain name registered (whether live or not), in those extensions each day.

Therefore, our data include the vast majority of new domain names from the day they are registered. We run deltas each day, aggregate all 825+ gTLDs, and generate a daily file containing all of the newly registered domain names for these hundreds of TLDs: essentially a list of new domain names registered in the last 24 hours.
Given the speed with which cyber threat actors leverage and discard domain names, brand new ones are, as a group, much riskier than general traffic and, as such, can constitute an excellent set of indicators for watching or blocking at the firewall, perimeter, or gateway.

In addition, many domain name-generating algorithms and botnets register, use, and throw away domain names with recognizable patterns in the text strings. By leveraging these patterns, often traded in industry forums and information sharing groups such as Information Sharing and Analysis Centers (ISACs), a text-analytics scheme applied to the data can provide potential indications-and-warnings of future attacks or the pre-positioning of infrastructure for future cyber threat activity.

Other Data Feeds