All the answers to your questions can be found in our frequently asked questions. If you can not find the answer to your question on this webpage, you can contact us.
The CRDF Threat Center is a service published by the independent French laboratory CRDF Labs. This service detects malicious URLs that violate our detection criteria and integrates these URLs into our databases to combat cybercrime.
CRDF Labs develops its own detection systems, sharing with others our threat intelligence data and technologies to fight and detect security risks. CRDF Labs is a nonprofit laboratory, independent and completely transparent to its users.
The CRDF Labs laboratory has its own R & D and its own detection and analysis tools. The CRDF Threat Center is a demonstration of our unique know-how in the detection of security risks on the Internet.
These technologies are based on our old Blockulicious, Blockulicious DNS and CRDF Sandbox products.
We do not want anyone to be infected with this homepage accessible to everyone. We prefer someone interested in our databases to come forward and contact us to discuss possible access to CRDF Threat Center's private area.
No. The CRDF Threat Center is a non-commercial project and our internal technologies are not for sale.
Yes, it is completely possible. Please go to the "Get private access" webpage for 7 day access to daily feed. Of course, you will not have access to the entire database, it is only a daily flow.
If your website is contained in our database, our systems have found a violation of our detection criteria. Thank you for complying with it to be removed from our database and make a false positive statement. CRDF Labs never indicates exactly why a URL is embedded in our database.
No, sorry. CRDF Labs never gives more information about a website considered contrary to our detection criteria. CRDF Labs is not intended to provide any evidence that a website is against our detection criteria. The purpose of CRDF Labs is to protect its users against security risks associated with a browser over the Internet.
If our system tells you that the URL is not contained in our database, your website is not contained in our database and your website is not blacklisted. No need to contact us to ask for information, we would have nothing more to communicate to you.
This is perfectly normal. The propagation can take several hours to get synchronized with VirusTotal. It is not necessary to contact us to report this error. Everything is automatic and the process will automatically delete the detection on VirusTotal at the next occurrence.
If you still have it after hours, consider refreshing the report when scanning a VirusTotal URL.
We have two types of private access which are reserves to IT security professionals or companies working in specific sectors. The two types of access are:
If you wish to have access to our database, please contact us by answering the following questions:
- who are you ?
- what are you looking for ?
- your motivations
- how are you going to use our data?
- your company ?
- will you exchange data with us (threat intelligence)?
- are you a computer security professional?
- Will you use our threat intelligence as commercial in your company?
- How do you integrate our data in your project?
- What is the valuable of our feed in your project?
- Can you send an sample of your threat intelligence that we can integrate in our feed in back of our private access?
We will study your request and we will get back to you shortly.
Required conditions :
- prohibited use of our database in a commercial context
- share data from the private party without authorization
- exchange data or Threat Intelligence with us on a regular basis
Please send your email to our unique email address: email@example.com
@ : firstname.lastname@example.org
PGP Keys : https://pgp.crdf.fr/
No. We no longer have any products that allow us to block malicious sites in our database. Only users / companies using our database will block websites that we report as not meeting our detection criteria.
As noted on our pages, there is a unique and simple procedure that allows you to declare a false positive. If you send us an email without using this procedure, we will not reply as indicated on our pages. Unfortunately, we have a lot of requests and the procedure allows us to save time while eliminating the tedious procedures. If you wish to contact us about a false positive request, please indicate the references of your request and we will answer you with pleasure.
We are French and we are based in Paris. We are not a company but an independent laboratory and without any legal status.
French law authorizes it. Please read this article: https://www.service-public.fr/professionnels-entreprises/vosdroits/F31228
If our captcha tells you that your IP address is suspicious and that it is not displayed, it means that you are using a VPN, Proxy, an IP address of a non-private Internet connection, an anonymized Internet connection, etc. .. If you want the captcha to appear, you must deactivate your VPN, Proxy or anonymization system.
We no longer whitelist IP addresses except in specific and specific cases. Please contact us only if you are a regular user of our systems. In all cases and for simplicity, we invite you to use our API which allows you to submit simply and without this restriction.
Yes it is possible as long as you respect our license of use, that you use it non-commercial and that you share threat intelligence data with us.
We only accept manual downloads in this directory to prevent abuse and to prevent our data from being unauthorized. If you want to test our database, you can get temporary or permanent access. By going to this directory, we will automatically test if your request is not automated.
* Phishing: URL: this web address is recognized by our engines as a phishing address
* Malware: URL: this address is recognized by our engines as an address distributing malware (exe, dll, dmg, etc.)
* Malicious: URL: this address is recognized by our engines as an address being in disharmony with our detection criteria
* Suspect: URL: this address is recognized by our engines as a suspicious address and is probably an infection source / does not meet our detection criteria
Yes, we have an automatic system that ensures the overall consistency of the database. A website that meets our new detection criteria will be automatically removed from the database after a certain period of time. This time is random and we can not guarantee that your Site will be deleted. Please refer to the false positive statement.
If your domain name often includes our database, you can ask to integrate our whitelist. To do this, you must contact us.
However, your site must comply with the following to be added:
- have been detected more than twice and two false positive procedures completed / processed
- be a site with a large audience
CRDF Labs is under no obligation to provide evidence of non-compliance with our detection criteria. The service is provided as is without warranty and is non-commercial. CRDF Labs is completely independent and when we add a site to our database, it is not blocked anywhere and it can not be harmful such as antivirus or blockages from Google SafeBrowing for example. We will provide evidence in specific cases and within a legal framework governed by French law.
Whenever a URL is discovered and added to our databases, a complaint is sent to the service provider to warn him of the security risk. So, he can react and stop the threat immediately.
We also share our database with our partners who may or may not block the site concerned. In any case, all our results are public and accessible on VirusTotal or on our website (search engine or API).
The Free Feed allows you to download our hashed database to verify that a domain name is included in our database. You should not use our feed for commercial use. By using this feed, you agree to accept our legal notice and conditions of use.
We make a hash256 which domain name to prevent theft of our data. If you wish to obtain our database without this constraining system, you can contact us to obtain access to the private part of the CRDF Threat Center.
This feed is updated every 3 days. No need to download it 20 times a day therefore. We will block malicious behavior that does not follow these rules.
Each domain name is hashed with sha256 and each line corresponds respectively to a domain name without the www.
On your side, you must process this file to make it readable. With this hash system, you can for example search for a domain name in our database. Example: sha256 (the domain name to search for) = hashA - Search in each line of hashA. If it is contained in the file then it is in our database. If it is no longer contained or not contained, then it is not in our database.
Example of use of our database:
The hashes correspond to the sha256 of domain names. Example: sha256 (www.crdf.fr) = sha256 (crdf.fr) = 05deeefd3ed03fe034b55100256306dad3ceaecd51ea8a58c6b253a43a96d7e3 (You must delete the "www." in the domain name.).