Recently we added the ScamAdviser feed to our DNS Abuse Monitoring system. Based on the input and experience from our customers, I thought it would be helpful to cover a few items.
ScamAdviser is a reputation-based feed that differs from the Google Safety Browsing feed. If Google marks a domain name as malicious, it is no longer accessible as many browsers will now warn internet users not to visit the website.
ScamAdviser will inform you if the reputation of the domain name is poor. Of course, a lousy score depends on many factors, and ScamAdviser uses plenty. But a poor …
Last month, Realtime Register partnered with the Global Cyber Alliance (GCA) to expand the Realtime Register Insights Domain Abuse Platform capabilities.
At Realtime Register, we have been collecting abuse/intelligence feeds like Pokémon this year. By adding the GCA Domain Trust Feed we are now up to 72 feeds. The information gathered we make available to our resellers, providing them with deep insight into how criminals are using their services.
However, the Domain Trust Feed is not just a feed; it is much more.
Let’s get technical
The GCA uses the Quad9 feed. Quad9 protects users from accessing known malicious websites, …
In this article/faq, I will explain the security threat dashboarding/monitoring.
What is it?
In the first beta phase, we will make the threat intelligence we download from Pulsedive available to our customers in the domain manager.
If you are a customer of Realtime Register you can join the beta program.
Please contact our support team for information.
As a customer, you will be able to see the active security threats.
Security threats could be phishing domain names or malware domain names.
The Abuse Dashboarding provides you with information that usually does not get reported to Registrars.
As a result, you …
We are currently working on a project to provide abuse monitoring information to our customers.
Giving our customers just the raw data is not helpful, so our goal is to contextualize the data.
We still have long ways to go, but the basics are there.
So what do I see right now on our platform?
- Malware (67%)
- Phishing (23%)
- The rest falls into somewhat general buckets like BEC fraud, DGA, botnets, dark lists, crypto mining, etc. Very low incidental percentages.
The above-mentioned data is from two years of monitoring.
On the left is displayed the overall abuse percentage since …
RiskReact is a service of Realtime Register B.V. with a focus on security threats, cyber intelligence & OSINT.
Last year a registrar employee was the victim of social engineering resulting in an unauthorized transfer of a domain name.
A few months ago, a registrar employee was the victim of a spear-phishing attack, resulting in a DNS hijack.
A possible solution to counter such issues and other risks is a Domain Name Registry Lock.
Domain name registry locks are available for many TLDs. They all cover the same basic level of protection.
- Domain name update lock, preventing unauthorized or accidental updates …
In addition to the recent introduction of adding API keys, now we are adding Multi-Factor Authentication support. Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.
Multifactor authentication combines two or more independent credentials: what the user knows (password), what the user has (security token) and what the user is (biometric verification).
We will support the following methods for MFA:
- Webauthn (FIDO2) supporting Touch or Pin and Touch sensor like Yubikey with secure elements, Software authenticators and also …
In addition to the recent introduction of adding API keys, now we are adding Multi-Factor Authentication support. Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.
Multifactor authentication combines two or more independent credentials: what the user knows (password), what the user has (security token) and what the user is (biometric verification).
We will support the following methods for MFA:
- Webauthn (FIDO2) supporting Touch or Pin and Touch sensor like Yubikey with secure elements, Software authenticators and also …
Last year in the new Registry-Registrar agreement the Swedish registry has made “everyday life easier” by lifting the required transfer form that needed to be filled in when transferring a domain / changing a registrant.
Due to this from February 3rd onward no more manual work is needed with a .SE/NU transfer and every change will have a digital timestamp. The implications and changes in behavior compared to the current situation that you may be used to are:
- Domain update with registrant change is not charged anymore.
- No more registrant change form/mail.
- External & internal transfers will no longer keep …
We released a few new features, one of them, RDAP reseller Vcard.
To further streamline abuse reports & disclosure requests, Realtime Register introduces the Abuse Vcard. This Vcard will display your (reseller role) abuse contact details through RDAP.
Showing your (external) abuse contact information will increase the speed of abuse reporting.
Internal abuse email address/information.
Resellers can also enter abuse contact information for our abuse & support staff.
We are not setting requirements here for our resellers, but it would be good if this email address is monitored 24/7. We intend to use this info for emergency communications when dealing …
“Behavior reflects personality. The best indicator of future violence is past violence. To understand the “artist,” you must study his “art.” The crime must be evaluated in its totality. There is no substitute for experience, and if you want to understand the criminal mind, you must go directly to the source and learn to decipher what he tells you. And, above all: Why + How = Who.”
― John E. Douglas, Mindhunter: Inside the FBI’s Elite Serial Crime Unit
The above quote is also applicable when you deal with cybercrime investigations. Though registrars usually do not deal with serial killers, …
