abuse.ch is a non-profit project that fights malware and botnets. One of the platforms that abuse.ch operates is URLhaus. URLhaus is a platform where vetted, trusted security researchers can exchange information on sites that are being used for malware distribution. So far, the project has identified and taken down over 1 million sites that are being used by bad actors to spread malware. IT security researchers, vendors, and law enforcement agencies rely on data from abuse.ch, which tries to make the internet a safer place for all.
The problem I regularly face is that some of the bad actors try to block automated requests made by URLhaus since this platform regularly checks whether a site is still malicious; it does so by trying to connect to the remote site to check their content. Some bad actors are aware of this process and attempt to block those requests by URLhaus.
This is why I use Bright Data’s services. By using the data collection platform, I can track these bad actors’ sites and provide this valuable data for free to the community so they can protect themselves from threats originating from these bad websites.
As part of my work, I need to verify in an automated way whether a site poses a threat. As you know, bad actors are getting more and more sophisticated. They have not only figured out how to identify URLhaus’s automated requests sent to these sites but have also started blocking those requests. As a result, these malicious websites did not appear on our list of potential security threats. They passed as if they were legitimate sites when, in fact, they were clearly not.
To fight these sites, I started using Bright Data’s infrastructure to truly verify whether a site poses a threat. By using Bright Data’s services, I can overcome the bad actors’ methods and identify and differentiate the bad sites from the good ones. This obviously also helps the community – by letting them know about current cyber threats.
Once I identify a website that is causing harm, and once I can verify it by using Bright Data, I immediately publish the information on the project website where security researchers, security solutions vendors, or law enforcement teams can use this information and take action. This includes legal action as well as using the information to protect their own networks and users from these proven threats. This data is available for free for everyone to use. In fact, it protects millions of users and anyone can access this data and download it to protect themselves.
I know that these datasets are used very broadly by open-source tools, for example, and also by DNS service/software providers like Cloudflare or Quad9. Using these datasets in such a way clearly protects and saves millions from cybersecurity threats.