If you would like to contact CRDF Labs, you are on the right page. In order to best respond to your request, please select the reason for contacting us from the menu below.
Please note that the CRDF Threat Center and CRDF Labs are non-commercial projects. CRDF Labs maintains this system for free and on a voluntary basis to make the Web better. We try to provide a precise and rapid response to our users. However, it is quite impossible to respond to all the requests we personally receive since we are providing voluntary assistance. The procedures allow us to process requests quickly and we thank you for using them to make our life easier and so that we can respond quickly to your request. Thanks for your understanding.
The answer to this problem can already be found in our FAQ. You can find the answer below:
What is the CRDF Threat Center?
The CRDF Threat Center is a service published by the independent French laboratory CRDF Labs. This service detects malicious URLs that violate our detection criteria and integrates these URLs into our databases to combat cybercrime.The answer to this problem can already be found in our FAQ. You can find the answer below:
How do you detect malicious URLs?
The CRDF Labs laboratory has its own R & D and its own detection and analysis tools. The CRDF Threat Center is a demonstration of our unique know-how in the detection of security risks on the Internet.The answer to this problem can already be found in our FAQ. You can find the answer below:
Why are URLs censored on your homepage?
We do not want anyone to be infected with this homepage accessible to everyone. We prefer someone interested in our databases to come forward and contact us to discuss possible access to CRDF Threat Center's private area.The answer to this problem can already be found in our FAQ. You can find the answer below:
Do you sell your technologies?
No. The CRDF Threat Center is a non-commercial project and our internal technologies are not for sale.The answer to this problem can already be found in our FAQ. You can find the answer below:
Your database is distributed under what license?
If you wish to use our services or our database, you must comply with this license and our terms of use (ToS).The answer to this problem can already be found in our FAQ. You can find the answer below:
Why is my website in your database?
If your website is contained in our database, our systems have found a violation of our detection criteria. Thank you for complying with it to be removed from our database and make a false positive statement. CRDF Labs never indicates exactly why a URL is embedded in our database.The answer to this problem can already be found in our FAQ. You can find the answer below:
Can you tell me exactly which detection criteria my website does not respect?
No, sorry. CRDF Labs never gives more information about a website considered contrary to our detection criteria. CRDF Labs is not intended to provide any evidence that a website is against our detection criteria. The purpose of CRDF Labs is to protect its users against security risks associated with a browser over the Internet.The answer to this problem can already be found in our FAQ. You can find the answer below:
Why does your false positive reporting system tell me that the URL is not contained in our databases?
If our system tells you that the URL is not contained in our database, your website is not contained in our database and your website is not blacklisted. No need to contact us to ask for information, we would have nothing more to communicate to you.The answer to this problem can already be found in our FAQ. You can find the answer below:
I made a false positive statement and your system tells me that the offending URL has been removed and yet I still see on Virustotal. Is it normal?
This is perfectly normal. The propagation can take several hours to get synchronized with VirusTotal. It is not necessary to contact us to report this error. Everything is automatic and the process will automatically delete the detection on VirusTotal at the next occurrence.The answer to this problem can already be found in our FAQ. You can find the answer below:
Do your services have products that block websites?
No. We no longer have any products that allow us to block malicious sites in our database. Only users / companies using our database will block websites that we report as not meeting our detection criteria.The answer to this problem can already be found in our FAQ. You can find the answer below:
Where are you based?
We are French and we are based in Paris. We are not a company but an independent laboratory and without any legal status.The answer to this problem can already be found in our FAQ. You can find the answer below:
The captcha on your forms is not showing and tells me it is blocked. Why ?
If our captcha tells you that your IP address is suspicious and that it is not displayed, it means that you are using a VPN, Proxy, an IP address of a non-private Internet connection, an anonymized Internet connection, etc. .. If you want the captcha to appear, you must deactivate your VPN, Proxy or anonymization system.The answer to this problem can already be found in our FAQ. You can find the answer below:
I would like free access to your entire database, is it possible?
Yes it is possible as long as you respect our license of use, that you use it non-commercial and that you share threat intelligence data with us.The answer to this problem can already be found in our FAQ. You can find the answer below:
Classification of malicious URLs
* Phishing:URL : this web address is recognized by our engines as a phishing addressThe answer to this problem can already be found in our FAQ. You can find the answer below:
Are malicious domain names deleted from your databases?
Yes, we have an automatic system that ensures the overall consistency of the database. A website that meets our new detection criteria will be automatically removed from the database after a certain period of time. This time is random and we can not guarantee that your Site will be deleted. Please refer to the false positive statement.The answer to this problem can already be found in our FAQ. You can find the answer below:
How do I get whitelisted and never get into the CRDF Threat Center again?
WARNING: this procedure does not allow you to have CRDF Labs remove your website from our databases. This PROCEDURE ONLY allows you to request that your domain name be added to our system so that it is never added again. If you wish to report a false positive and have your website removed from our database, please go to the appropriate procedure accessible from the CRDF Threat Center.The answer to this problem can already be found in our FAQ. You can find the answer below:
Can you provide evidence of non-compliance with your detection criteria?
CRDF Labs is under no obligation to provide evidence of non-compliance with our detection criteria. The service is provided as is without warranty and is non-commercial. CRDF Labs is completely independent and when we add a site to our database, it is not blocked anywhere and it can not be harmful such as antivirus or blockages from Google SafeBrowing for example. We will provide evidence in specific cases and within a legal framework governed by French law.The answer to this problem can already be found in our FAQ. You can find the answer below:
Why did I not receive a response to my emails?
If you have not received a response to your email, you should not have followed the procedure indicated to declare a false positive, declare an error in the treatment of your false positive or you did not follow a specific procedure. These procedures allow us to deal with the many requests that we constantly receive.The answer to this problem can already be found in our FAQ. You can find the answer below:
What antiviral engines do you use?
For our static analyzes, we use the following engines:The answer to this problem can already be found in our FAQ. You can find the answer below:
From which IP addresses do you scan the Internet network?
We cannot clearly tell you our output IP addresses from our scanning tools for security reasons. Indeed, malicious individuals could block our IP addresses to prevent us from scanning their infrastructures.The answer to this problem can already be found in our FAQ. You can find the answer below:
What is the forensic tool?
The CRDF Threat Center Forensic allows you to search for markers (IoCs) corresponding to infections. This system allows you to view the data associated with an IP address or a domain name over time. Thus, the system will be able to correlate all the data.The answer to this problem can already be found in our FAQ. You can find the answer below:
I am a service provider who receives your abuse reports. How to stop these alerts?
To stop these alerts, you can click on this link indicated in our emails which will allow you to block all future alerts.The answer to this problem can already be found in our FAQ. You can find the answer below:
You are impacting my business with your company because you consider us malicious. Is it possible ?
This argument is totally false. We cannot impact your business with our detection because we are not blocking anything.The answer to this problem can already be found in our FAQ. You can find the answer below:
How to increase the limitation imposed by the API?
To increase the limitations imposed by your API key, you must contact us with a precise description of your needs.The answer to this problem can already be found in our FAQ. You can find the answer below:
I received an email after a false positive request asking me for more information. How can I provide it?
After a false positive request via our form, you may be contacted by our experts to ask you for information and to clarify certain things.
Hello,
False Positive Reference #XXXXXXXXXXXXXXX
At your request, CRDF Labs conducted a new analysis of the domain name "domain.com".
We regret to inform you that we can not delete your domain name to our database since it corresponds to a malicious website (in confirmation with our criteria for detection and characterization of malicious websites).
Thank you kindly refer to the following page in our Knowledge Base to know our detection criteria: https://threatcenter.crdf.fr/criteria.html.
Thank you kindly note that we take very seriously the claims of false positives and we take all measures to respond favorably to your request.
///////
WARNING
///////
PLEASE READ CAREFULLY THE INFORMATION CONTAINED BELOW. THIS INFORMATION WILL LET YOU KNOW THAT YOU DO NOT AGREE WITH OUR DECISION.
PLEASE DO NOT CONTACT US WITHOUT FOLLOWING THIS PROCEDURE.
*** Important notes ***: CRDF Labs never gives more information about a website considered contrary to our detection criteria. CRDF Labs is not intended to provide any evidence that a website is against our detection criteria. The purpose of CRDF Labs is to protect its users against security risks associated with a browser over the Internet. So, you have to understand we cannot give you more details on adding a domain name in our database.
----
If you do not agree with this decision, please follow these few steps:
1/ A report containing additional data on your application is available at the following address:
https://threatcenter.crdf.fr/false_positive.php?ref=XXXXXXXXXXXXXXX
2/ If you want to report an error from our expert during the analysis of the website, please click on the following URL:
https://threatcenter.crdf.fr/false_positive.php?ref=XXXXXXXXXXXXXXX&recall
(By clicking on this URL, an expert will analyze the website again, please do not contact us if you do not click on this link)
WARNING: If you wish to report an error in the processing of your request, please report it to us by the above procedure (by following this link: https://threatcenter.crdf.fr/false_positive.php?ref=XXXXXXXXXXXXXXX&recall). We will not respond to your request if you do not follow the procedure.
----
The answer to this problem can already be found in our FAQ. You can find the answer below:
What is the background check?
The background check is an internal investigation carried out by the CRDF Labs manager to determine whether you can access our data based on the information you have provided.The answer to this problem can already be found in our FAQ. You can find the answer below:
What is CRDF Foresight?
CRDF Labs Foresight is a machine learning technology developed by CRDF Labs.The answer to this problem can already be found in our FAQ. You can find the answer below:
What is the TLP (TRAFFIC LIGHT PROTOCOL)?
The Traffic Light Protocol (TLP) was created in order to facilitate greater sharing of information. TLP is a set of designations used to ensure that sensitive information is shared with the appropriate audience. It employs four colors to indicate expected sharing boundaries to be applied by the recipient(s). TLP only has four colors; any designations not listed in this standard are not considered valid by FIRST.Community: Under TLP, a community is a group who share common goals, practices, and informal trust relationships. A community can be as broad as all cybersecurity practitioners in a country (or in a sector or region).
Organization: Under TLP, an organization is a group who share a common affiliation by formal membership and are bound by common policies set by the organization. An organization can be as broad as all members of an information sharing organization, but rarely broader.
Clients: Under TLP, clients are those people or entities that receive cybersecurity services from an organization. Clients are by default included in TLP:AMBER so that the recipients may share information further downstream in order for clients to take action to protect themselves. For teams with national responsibility this definition includes stakeholders and constituents.
a. TLP:RED = For the eyes and ears of individual recipients only, no further disclosure. Sources may use TLP:RED when information cannot be effectively acted upon without significant risk for the privacy, reputation, or operations of the organizations involved. Recipients may therefore not share TLP:RED information with anyone else. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting.
b. TLP:AMBER = Limited disclosure, recipients can only spread this on a need-to-know basis within their organization and its clients. Note that TLP:AMBER+STRICT restricts sharing to the organization only. Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risk to privacy, reputation, or operations if shared outside of the organizations involved. Recipients may share TLP:AMBER information with members of their own organization and its clients, but only on a need-to-know basis to protect their organization and its clients and prevent further harm. Note: if the source wants to restrict sharing to the organization only, they must specify TLP:AMBER+STRICT.
c. TLP:GREEN = Limited disclosure, recipients can spread this within their community. Sources may use TLP:GREEN when information is useful to increase awareness within their wider community. Recipients may share TLP:GREEN information with peers and partner organizations within their community, but not via publicly accessible channels. TLP:GREEN information may not be shared outside of the community. Note: when “community” is not defined, assume the cybersecurity/defense community.
d. TLP:CLEAR = Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction.
The answer to this problem can already be found in our FAQ. You can find the answer below:
I am a journalist or a media, I would like to get some information. Is it possible?
CRDF Labs does not communicate with journalists or the media. We will systematically refuse any request from an entity related to this environment.The answer to this problem can already be found in our FAQ. You can find the answer below:
How does the procedure for reporting a false positive work?
If you believe your Website is misclassified in our database, you should follow the procedure for notifying us that we have made an error. There is no need to contact us to do this. You can access the URL "https://threatcenter.crdf.fr/false_positive.html" to report a false positive.To report a false positive, you must click on the button below to go to the form allowing you to report a false positive. There is no need to contact us as this form is used to answer these requests.
If you wish to submit malicious sites that do not match our detection criteria, you can click on the button below to access the form provided. Thank you for your help in making the web a better place.
The answer to this problem can already be found in our FAQ. You can find the answer below:
I made a false positive statement and your system tells me that the offending URL has been removed and yet I still see on Virustotal. Is it normal?
This is perfectly normal. The propagation can take several hours to get synchronized with VirusTotal. It is not necessary to contact us to report this error. Everything is automatic and the process will automatically delete the detection on VirusTotal at the next occurrence.The answer to this problem can already be found in our FAQ. You can find the answer below:
How do I get whitelisted and never get into the CRDF Threat Center again?
WARNING: this procedure does not allow you to have CRDF Labs remove your website from our databases. This PROCEDURE ONLY allows you to request that your domain name be added to our system so that it is never added again. If you wish to report a false positive and have your website removed from our database, please go to the appropriate procedure accessible from the CRDF Threat Center.The answer to this problem can already be found in our FAQ. You can find the answer below:
How to increase the limitation imposed by the API?
To increase the limitations imposed by your API key, you must contact us with a precise description of your needs.If you want to encrypt our exchanges, you can use our public PGP keys: pgp.crdf.fr
Please make sure to check that our FAQ/procedures do not answer your questions/query before contacting us. As a reminder, if your website has been added to our databases and you contact us, you will not receive a response from us.