Open DNS has embraced the power of big data analysis for some time now to determine the chance an URL contains malware. Read this: https://labs.opendns.com/2013/01/08/quick-stats-and-visuals-on-the-likelihood-of-a-malicious-domain/ They 'just' extended this capability to traffic sniplets. It feeds their reputation rating mechanism. URL blacklisting is a numbers game: use leading DNS-service (1) with malware filter - browse with Chrome - use Smartscreen on the desktop and these three simple measures will keep you out of dodgy neighborhoods. Add an AV with large user base(2) or AV associated with URL filtering devices (3) and your good to go. No need to fuzz with IP-blocklists and Malware domain lists etc. You can test it yourself, install uBlock origin, enable all possible malware list, run it for a month and count the number of times a malware third-party list caused a block in ublock origin's excellent log monitor. 1) Opend DNS, Norton DNS, etc. 2) Bid Defender, Avast, etc. 3) Trend Micro, Fortinet, etc.