Defense against Domain Generation Algorithms
Domain-based block lists for near real-time protection against your users’ computers connecting to bad domains generated by Domain Generation Algorithms (DGAs), preventing infected computers from communicating with botnet C&Cs.
Because we know that all the listed domains are bad, with zero false positives, our domain-based data can also be used to identify infected computers on your network by showing you which machines have tried to connect to Spamhaus-listed domains.
In-depth Domain information
If your organisation requires more fine-grained information on domains, wants to track a particular domain’s score over a longer period, or you would like to combine DBL with information from your own threat intelligence platform, then DBL is also available as an API ‘eDBL’ allowing you to query the DBL engine.
eDBL information includes the DBL score, the date that the domain was first seen and last seen, along with additional data fields.
For selected security organisations and cyber incident response teams, Spamhaus makes available the extended eXploits Block List (eXBL). It is is a real-time database of raw and filtered feeds that provides additional information on hijacked IP addresses:
- Timestamp of the last connection
- Name of the botnet controlling infected nodes
- IP address and port number of the C&C server for some connections
- Countries where compromised devices are located
- Type of malware used to exploit devices
To find out more about these specialised services, contact us.