Last month, Realtime Register partnered with the Global Cyber Alliance (GCA) to expand the Realtime Register Insights Domain Abuse Platform capabilities.
At Realtime Register, we have been collecting abuse/intelligence feeds like Pokémon this year. By adding the GCA Domain Trust Feed we are now up to 72 feeds. The information gathered we make available to our resellers, providing them with deep insight into how criminals are using their services.
However, the Domain Trust Feed is not just a feed; it is much more.
Let’s get technical
The GCA uses the Quad9 feed. Quad9 protects users from accessing known malicious websites, leveraging threat intelligence from multiple industry leaders, and currently blocks an average of more than 60 million threats per day for users in 90 countries. Pretty impressive, right?
Quad9 checks websites against IBM X-Force’s threat intelligence database of over 40 billion analyzed web pages and images.
The fun does not stop there as IBM X-Force taps into 18 different intelligence partners.
- The Anti-Phishing Working Group
- Bambenek Consulting
- Hybrid Analysis GmbH
There is an inevitable overlap of feeds since we already use Pulsedive, which offers around 30+ feeds and already includes Bambeneks C2 feed and Abuse.ch to detect malware. But better be safe than sorry.
But the Domain Trust platform offers more.
As you can see in the above picture, the CGA Domain Trust Platform uses categories. The result is that multiple scenarios can unfold with more than one entity adding information to the feed.
Quad9 flags a domain as suspicious. For registrars, this information is not actionable. But an ISP who is scanning some part of the internet could also see something dodgy. If the ISP marks the domain as suspicious on the feed, the registrar now has two insights.
There could also be the situation that a law enforcement officer just concluded the investigation of the domain name and marks it as malicious, and decides it should be taken down or not. With three independent sources, a registrar has much more information to act on to check if a takedown is justified or not.
If the domain name is taken offline by us/the registrar, we pass that information to the GCA Domain Trust Platform users. It is pretty cool that registrars or registries can ping back the feed results through an API.
All in all, the Domain Trust intelligence platform is a powerful tool for registrars and registries to use in their fight against domain name abuse.