General Methodology

All League Tables map Global Signal Exchange (GSE) reported threat signals to various entities within the Internet infrastructure, such as Top-Level Domain (TLD) registries and Registrars.

1. GSE Data Overview

GSE signals are distinct pieces of data—including domains, IP addresses, URLs, email addresses, IBAN numbers, phone numbers, among others—that are associated with confirmed or suspected fraudulent activity.

We currently track signals connected to activities such as: scam, fraud, malware, phishing, spam, cloaking, impersonation, copyright/trademark infringement, gambling, exploit, and piracy.

The GSE combines confirmed reports and predictive reports from over 40 data partners. Predictive reports are based on AI and pattern recognition and are at present excluded from the analysis.

Currently, the GSE contains over 450 million signals and continues to grow. Our data partners include JustGuard, Cyber Defence Alliance, CERT.PL, NZ Phishing Feed, Abusix, Zetalytics, MPA, Google Shopping, Seraph Secure, URL Abuse, URLHaus, ZeroFox, SpamHaus, and APWG.

For the latest information on the number of signals in the GSE and data partners, please visit our documentation: https://www.globalsignalexchange.org/docs.

The core principle of our methodology for both League Tables is to calculate a Report Rate by comparing the number of unique reported domains to the total size of the entity (the TLD or Registrar in the League Tables available to date). This ensures a fair, size-neutral comparison across the industry, preventing bias due to the sheer volume of domains managed by larger entities.

2. Methodology Change Notification
Methodology Change Notification

We are committed to an objective and transparent process. In the event of a material change to our methodology, data sourcing, or ranking algorithm, we will provide algorithmic change notifications to the community prior to implementation. Please check this section regularly for any updates to the League Table rules or methodology.