FAQ

All the answers to your questions can be found in our frequently asked questions. If you can not find the answer to your question on this webpage, you can contact us.

What is the CRDF Threat Center?

The CRDF Threat Center is a service published by the independent French laboratory CRDF Labs. This service detects malicious URLs that violate our detection criteria and integrates these URLs into our databases to combat cybercrime.

CRDF Labs develops its own detection systems, sharing with others our threat intelligence data and technologies to fight and detect security risks. CRDF Labs is a nonprofit laboratory, independent and completely transparent to its users.

How do you detect malicious URLs?

The CRDF Labs laboratory has its own R & D and its own detection and analysis tools. The CRDF Threat Center is a demonstration of our unique know-how in the detection of security risks on the Internet.

These technologies are based on our old Blockulicious, Blockulicious DNS and CRDF Sandbox products.

Why are URLs censored on your homepage?

We do not want anyone to be infected with this homepage accessible to everyone. We prefer someone interested in our databases to come forward and contact us to discuss possible access to CRDF Threat Center's private area.

Do you sell your technologies?

No. The CRDF Threat Center is a non-commercial project and our internal technologies are not for sale.

Your database is distributed under what license?

The CRDF Threat Center website and the database under Creative Commons - Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0). If you wish to use our services or our database, you must comply with this license and our terms of use (ToS).

I would like a sample of your database. Is it possible ?

Yes, it is completely possible. Please go to the "Get private access" webpage for 7 day access to daily feed. Of course, you will not have access to the entire database, it is only a daily flow.

Why is my website in your database?

If your website is contained in our database, our systems have found a violation of our detection criteria. Thank you for complying with it to be removed from our database and make a false positive statement. CRDF Labs never indicates exactly why a URL is embedded in our database.

Can you tell me exactly which detection criteria my website does not respect?

No, sorry. CRDF Labs never gives more information about a website considered contrary to our detection criteria. CRDF Labs is not intended to provide any evidence that a website is against our detection criteria. The purpose of CRDF Labs is to protect its users against security risks associated with a browser over the Internet.

Why does your false positive reporting system tell me that the URL is not contained in our databases?

If our system tells you that the URL is not contained in our database, your website is not contained in our database and your website is not blacklisted. No need to contact us to ask for information, we would have nothing more to communicate to you.

I made a false positive statement and your system tells me that the offending URL has been removed and yet I still see on Virustotal. Is it normal?

This is perfectly normal. The propagation can take several hours to get synchronized with VirusTotal. It is not necessary to contact us to report this error. Everything is automatic and the process will automatically delete the detection on VirusTotal at the next occurrence.

If you still have it after hours, consider refreshing the report when scanning a VirusTotal URL.

What types of private access are available?

We have two types of private access which are reserves to IT security professionals or companies working in specific sectors. The two types of access are:


  • Private access: access reserved for IT security professionals. This access provides access to the complete database with csv as the output format.

  • FastAccess: limited access for a period of 7 days and allowing you to access daily data without any history.

In any case, our database is private, non-commercial and based on data exchange. In order to gain access to this sensitive data, you must justify to our services your motivation.

How to get access to the private part?

If you wish to have access to our database, please contact us by answering the following questions:

- who are you ?
- what are you looking for ?
- your motivations
- how are you going to use our data?
- your company ?
- will you exchange data with us (threat intelligence)?
- are you a computer security professional?

We will study your request and we will get back to you shortly.

How to contact you?

@ : labs@crdf.fr
PGP Keys : https://www.crdf.fr/pgp/

Do your services have products that block websites?

No. We no longer have any products that allow us to block malicious sites in our database. Only users / companies using our database will block websites that we report as not meeting our detection criteria.

Why do not you reply to my false positive email?

As noted on our pages, there is a unique and simple procedure that allows you to declare a false positive. If you send us an email without using this procedure, we will not reply as indicated on our pages. Unfortunately, we have a lot of requests and the procedure allows us to save time while eliminating the tedious procedures. If you wish to contact us about a false positive request, please indicate the references of your request and we will answer you with pleasure.

Where are you based?

We are French and we are based in Paris. We are not a company but an independent laboratory and without any legal status.

Why do not you have a legal notice on your website?

French law authorizes it. Please read this article: https://www.service-public.fr/professionnels-entreprises/vosdroits/F31228

The captcha on your forms is not showing and tells me it is blocked. Why ?

Our captha system detects suspicious IP addresses (VPN, Proxy, etc.) that are used by the robots. If you see that the captcha is blocked, we invite you to contact us.

I would like free access to your entire database, is it possible?

Yes it is possible as long as you respect our license of use, that you use it non-commercial and that you share threat intelligence data with us.

Why do you prevent automatic download of your files in the "/ public" directory?

We only accept manual downloads in this directory to prevent abuse and to prevent our data from being unauthorized. If you want to test our database, you can get temporary or permanent access. By going to this directory, we will automatically test if your request is not automated.

Classification of malicious URLs

* Phishing: URL: this web address is recognized by our engines as a phishing address
* Malware: URL: this address is recognized by our engines as an address distributing malware (exe, dll, dmg, etc.)
* Malicious: URL: this address is recognized by our engines as an address being in disharmony with our detection criteria
* Suspect: URL: this address is recognized by our engines as a suspicious address and is probably an infection source / does not meet our detection criteria

Are malicious domain names deleted from your databases?

Yes, we have an automatic system that ensures the overall consistency of the database. A website that meets our new detection criteria will be automatically removed from the database after a certain period of time. This time is random and we can not guarantee that your Site will be deleted. Please refer to the false positive statement.

How to make a domain name no longer integrate your database?

If your domain name often includes our database, you can ask to integrate our whitelist. To do this, you must contact us.

However, your site must comply with the following to be added:

- have been detected more than twice and two false positive procedures completed / processed
- be a site with a large audience