OpenPhish, Reddit, and Twitter: Domain Feeds Update, September 2017
We’ve been working to add additional sources of malicious domains since our last update. These sources provide malicious domains that we block to keep them from causing harm on our customers’ networks. The past couple of months we focused on finding sources of domains that are used for phishing. Continue reading for details on five new domain feeds we have added since July. As always, if you have a source of malicious domains, please send it our way.
OpenPhish attempts to find zero-day phishing URLs using algorithms. You might remember that Strongarm previously added support for OpenPhish back in February of 2016. We removed this feed a few months later due to the high number of false positives that were on the list. In the past year, we’ve made great strides in how we validate data and guard against false positives and felt it was time to re-integrate this data source as phishing is a problem that many of our customers are concerned about.
Reddit & Twitter
The Strongarm analysis team has also been working hard to find non-traditional sources of malicious domains. Why? Well, newly discovered malicious domains are commonly posted to Twitter and Reddit by security professionals before they are released in more official feeds. We’re now scraping this information and using it inside of Strongarm.
- The /r/Malware_Domains subreddit has links to lists of malicious domains posted in it.
- The Twitter users @illegalFawn, @cheapbyte, and @PhishingAlert regularly post phishing domains. Their posts often contain domains that are specific to a certain brand or industry.
These four Reddit & Twitter sources currently contain about 1,000 domains, are very unique, and are constantly being updated with additional domains, usually in an extremely timely fashion.
These five new domain feeds are now available and enabled for all Strongarm users. You can configure your domain feeds at any time by logging into your account. If you have any questions, or would like to suggest additional sources of domains, please contact us!