Whois API Blog http://www.linggao57.com/blog Fri, 01 Nov 2019 06:03:55 +0000 en-US hourly 1 https://wordpress.org/?v=5.1.2 What to Consider When Choosing a Web Categorization API Vendor http://www.linggao57.com/blog/what-to-consider-when-choosing-a-web-categorization-api-vendor/ http://www.linggao57.com/blog/what-to-consider-when-choosing-a-web-categorization-api-vendor/#respond Fri, 01 Nov 2019 06:03:53 +0000 http://www.linggao57.com/blog/?p=2438 Organizations committed to becoming a leader in the Web filtering market need to provide adequate and secure Web access, which applies to unified threat management (UTM) appliance manufacturers, managed detection and response (MDR) service providers, or any other network security … Continue reading ]]>

Organizations committed to becoming a leader in the Web filtering market need to provide adequate and secure Web access, which applies to unified threat management (UTM) appliance manufacturers, managed detection and response (MDR) service providers, or any other network security vendor.

For a security provider, the protection of users is critical to success. Any vendor should be aware of the nature of online threats that include malware, botnets, and more. Since threats are continually evolving, a successful provider needs to offer a product or service that exceeds clients’ expectations.

Two critical elements of an ideal filtering solution are its domain database and classification technology. These enable users to distinguish good traffic from bad. Therefore, to improve their Web filtering capabilities cybersecurity companies need the help of a reliable third-party provider.

In this post, we listed the essential considerations when evaluating potential website categorization technology partners.


Coverage is an essential quality indicator when evaluating a website categorization database. Comprehensive coverage means that a provider has a system that monitors even the most recently launched websites.

Protecting customers against malicious threats requires a solution that covers the entire top-level domain (TLD) space. Although Web filtering and categorization tools don’t actively detect malicious code or quarantine malware, they still help identify and block access to threat sources before they can cause damage. A filtering solution that isn’t expansive enough won’t be able to serve as a good data source.

Performance and Speed

Performance and speed are also crucial to a website categorization API. A vendor that wants to become a Web filtering market leader should enable users to run shorter, more focused tests on questionable sites for quick results. They should, however, also be able to conduct longer tests for local software development kits (SDKs) or APIs. In any network, traffic flows at different speeds and only a solution that can cope with these can be considered adequate.


Accuracy is the primary indicator that separates the best website categorization technologies from the rest. Vendors claiming an accuracy rate of 99% or more are confident that their product is finely tuned for service. Validating a tool’s accuracy with manual verification is a good test. Companies should choose a vendor that confidently claims a high accuracy rating.

Additional Considerations

Besides the parameters mentioned above, here are other things to consider when choosing a website categorization partner:

  • Number of categories supported: The higher the number of unique categories supported by the product, the better its filtering capabilities are.
  • Threat detection: Website categorization APIs should be capable of detecting malicious activity. Since threat life spans vary, continuous analysis and reevaluation are needed to stay abreast of status changes.
  • Supported languages: A web filtering technology provider that supports various languages is essential due to the global nature of the Internet.

What WhoisXML API Offers

WhoisXML API provides cybersecurity companies with a machine learning (ML)-based website categorization API. It is capable of retrieving website content and assign categories using natural language processing. The company parses more than 152 million websites and crawls 4 million sites daily.

Besides domain names, users can also find the contact information of the owners in the database. This data includes the domain registrant’s name and contact details, along with dates of registration and expiration, and more. A reliable database contains information on all active domains. Users don’t need to do manual queries as such since the API does that for them.

The product currently supports 25 categories, which should be more than enough for most users. However, if a particular category isn’t listed, users are free to submit requests.

All of the information provided by the API are normalized and follow a standard format. Users can acquire both parsed and raw databases through downloads. Databases can come in the form of database dumps or CSV files. This allows for easy integration with existing business applications and processes.

The API can help teams block access to malicious content and its sources. It does so by providing security solutions with response queries that categorize URLs as safe to access or otherwise. It also performs well even under heavy load.

In a nutshell, our web categorization products can help users improve their own cybersecurity.

The characteristics mentioned above are just some of the things a company needs to consider when choosing a Web filtering partner.

It’s important to remember that no solution is foolproof. Not all providers are equally good and some are certainly better than others as the former use more advanced technologies and tools. What’s important is finding a website categorization partner that best meets your needs.

WhoisXML API’s website categorization offerings may be what you need to enrich your products’ capabilities. We have been gathering domain and website records for more than 10 years, accounting for our vast data set. If you want to learn more about our products, contact us at

http://www.linggao57.com/blog/what-to-consider-when-choosing-a-web-categorization-api-vendor/feed/ 0
How DNS Filtering and Website Categorization Lists Can Empower In-House Cybersecurity Teams http://www.linggao57.com/blog/how-dns-filtering-and-website-categorization-lists-can-empower-in-house-cybersecurity-teams/ http://www.linggao57.com/blog/how-dns-filtering-and-website-categorization-lists-can-empower-in-house-cybersecurity-teams/#respond Mon, 28 Oct 2019 06:48:05 +0000 http://www.linggao57.com/blog/?p=2435 The IT security climate these days is pretty unpredictable. A study by the University of Maryland states that a security incident occurs every 39 seconds. Companies around the world are, in fact, increasingly suffering from Web-based attacks, not to mention … Continue reading ]]>

The IT security climate these days is pretty unpredictable. A study by the University of Maryland states that a security incident occurs every 39 seconds. Companies around the world are, in fact, increasingly suffering from Web-based attacks, not to mention the fact that the average cost of a data breach has skyrocketed.

The good news is that there is a wide range of measures that in-house cybersecurity professionals can employ against threats. One effective solution is Domain Name System (DNS) filtering.

Depending on how it is implemented, DNS filtering can provide advanced network setting controls to enhance online safety. It can protect organizations from threats like botnet, phishing, and other malware-instigated attacks. The great thing about it is that a website categorization database can supplement it. Such a database is thus an excellent resource for managed security service providers (MSSPs) and the like.

DNS Filtering Basics

In essence, DNS filtering is a method of blocking or restricting access to specific domains or websites on the Internet. By doing so, this approach provides organizations with the protection they need to ensure a safer working environment.

DNS filtering can effectively allow companies to employ advanced network security configurations at the domain level. For instance, users arriving at a malicious website are instead redirected to a secure page by a DNS filtering solution. This will, of course, depend on how the solution is configured.

DNS filters can also be employed to block access to web pages under specific categories. Pages with content related to pornography, gambling, illegal file sharing, and the like can be tagged as unsafe. Because classification needs to happen in real time, a DNS filter needs to be a low-latency solution. It should not delay access to websites, particularly those that are considered safe.

By default, most DNS filtering solutions offer a certain level of protection against malware. There are also more advanced solutions that can detect and block access to phishing websites and other malicious pages.

The Benefits of DNS Filtering

A DNS filtering solution offers several key advantages. One of the most important is the ability to block access to compromised websites and other malicious domains. These pages include “objectionable” sites such as those that host content related to violence, terrorism, and others.

DNS filtering solutions are also scalable, fast, and lightweight. Enterprise-level offerings come with even greater flexibility for customization. With these, security teams can easily input their desired configurations.

Proactively blocking potentially malicious websites may, however, be the main advantage of using a DNS filtering solution. This practice is especially crucial since human error has been identified as the most common cause of cyber incidents. When complemented by a website categorization list, for instance, internal security teams can improve defenses against online threats.

Company owners also get the added benefit of preventing employees from accessing prohibited materials such as those that decrease productivity or are offensive to others during work hours.

DNS Filtering Limitations

Despite being a powerful technology, DNS filtering does come with its limitations. Since it is tied to DNS, its filtering and protective approaches are restricted to DNS boundaries. It can only act on the domain and subdomain levels. It does not offer users any visibility at the page level. As such, teams won’t tag a domain as dangerous if only one page on it has a malicious payload.

Blocking harmful content requires website categorization. DNS filtering solutions on their own don’t analyze websites for redirection or blocking. They depend on an external source of data for that. If you plan to employ a DNS filtering solution, you should first understand the security and granularity that it offers.

It can, however, go a long way in improving an in-house security team’s capabilities. It does so by providing them with the essential infrastructure to protect both the network and its users. However, DNS filtering requires organizations to have a robust strategy and help from trusted third parties (APIs, feeds, etc.).

By itself, DNS filtering lets companies enforce comprehensive and forward-thinking Internet usage policies. These same policies let them block access to potentially harmful websites and threats. Any company is always a potential target, but it can significantly reduce the chances of being compromised.

WhoisXML API offers a machine learning (ML)-powered website categorization API and database that complements DNS filtering solutions. We parse more than 150 million websites and crawl millions more on a daily basis.

All of our data sets are well-parsed and normalized for consistency. Users can download both parsed and raw data in the form of a CSV file or a database dump. Our consolidated and coherent data makes integration with existing systems and processes easy. If you’d like to learn more about what we have to offer, contact us today.

http://www.linggao57.com/blog/how-dns-filtering-and-website-categorization-lists-can-empower-in-house-cybersecurity-teams/feed/ 0
The Domain Research Suite That Aids Financial Fraud Investigations http://www.linggao57.com/blog/the-domain-research-suite-that-aids-financial-fraud-investigations/ http://www.linggao57.com/blog/the-domain-research-suite-that-aids-financial-fraud-investigations/#respond Thu, 24 Oct 2019 18:10:14 +0000 http://www.linggao57.com/blog/?p=2419 Cryptocurrency Exchanges Go Unregulated Bitsane, a cryptocurrency exchange based in Ireland, vanished in the June of 2019. Its founders took with them the crypto deposits of 246,000 users. The platform traded an average of $7 million each day. Worldwide, fraudsters stole … Continue reading ]]>

Cryptocurrency Exchanges Go Unregulated

Bitsane, a cryptocurrency exchange based in Ireland, vanished in the June of 2019. Its founders took with them the crypto deposits of 246,000 users. The platform traded an average of $7 million each day.

Worldwide, fraudsters stole nearly $1.5 billion’s worth of cryptocurrencies in the first two months of 2018 alone. It’s estimated that since then, criminals have made off with an average of $9 million a day.

So how can law enforcement authorities, legitimate financial institutions, and even individuals know whether a cryptocurrency exchange is planning to steal customer investments?

WHOISXMLAPI.com’s Domain Research Suite can reveal indicators that financial institutions like cryptocurrency exchanges may be committing fraud.

Fraud Detection Data Solutions | Whois XML API

WHOISXMLAPI.com researchers decided to apply a combination of traditional online investigation with WHOISXMLAPI.com’s Domain Research Suite to determine whether a current cryptocurrency exchange had intentions to defraud customers. Though perhaps not attributable to luck so much as a high probability of discovery in today’s crypto Wild West, WHOISXMLAPI.com researchers did discover an operational exchange that was already collecting customer complaints.

Though we can’t name the company we investigated, we will show you the tools and publicly available online databases we used to delve beneath the surface hype of the Exchange.

Financial Fraud – Consumers Cheated

Ripoff Report is one of the most popular repositories on the Internet for filing “complaints, reviews, scams, lawsuits, and frauds. It happens to have categories for Bitcoin Fraud and BTC Fraud, among other listings. It’s in these categories that we discovered complaints against what we’ll call ExchangeXYZ (not its real name). Googling “ExchangeXYZ Reviews” revealed even more complaints over the past seven months from customers (with attendant entries from individuals promoting services to reclaim lost funds).

Typical complaints we took as red flags were much like this one:

“… they have held my bitcoin for over 7 months even after going through the verification process[,] they refuse to allow my bitcoin to be sent to my whitelisted wallet … [ExchangeXYZ] has given me every excuse imaginable … [It is] how they are holding value in their Exchange… [ExchangeXYZ] wants to operate in the USA[,] but with my experience I would never recommend putting any crypto currency in this exchange as you will not get it back…”

A look at ExchangeXYZ’s website revealed no contact details: addresses, phone numbers, or even a chat line. However, there are about a half dozen email addresses that have to do with PR relations, product information, coin exchange information, etc. The only means of customer support is through a form on the website. Several of the complainants noted that any responses they received by using the form were clearly from bots, without any human intervention.

Using the Domain Research Suite to Investigate

The WHOISXMLAPI.com Domain Research Suite revealed that the registrar for the company’s website was a registration service based in Denver, Colorado.

Using the Domain Research Suite to Investigate

The Domain Research Suite sports a dashboard with easy-to-use tools that excavate the backgrounds of websites. The tools include:

Reverse WHOIS Search | Domain Research Suite

The WHOIS Search delivers data about the owner of a domain, the owner’s address, as well as the administrator and similar contact information. In the event of a WHOIS Search on ExchangeXYZ, the location of the registrar would initially lead a consumer to believing the company is based in the U.S. At the very least, as we’ve seen from the representative customer complaint above, ExchangeXYZ is servicing consumers in the U.S.

WHOIS Search | Domain Research Suite

According to the WHOIS records of the top ten cryptocurrency exchanges, four of those either used agents to protect their identities or they edited contact information to block prying eyes. So it is not extraordinary that

The U.S. Securities and Exchange Commission (SEC) cites that “…if a platform offers trading of digital assets that are securities and operates as an “exchange,” as defined by the federal securities laws, then the platform must register with the SEC as a national securities exchange or be exempt from registration.” A search of the SEC’s EDGAR database of registered corporations showed no record of ExchangeXYZ. Nowhere on the website does it indicate it has either registered with the SEC or been exempt by the regulatory body. In other words, the SEC could not protect American consumers who traded on the suspect cryptocurrency platform.

The New York State Attorney General also believes that ExchangeXYZ and others are indeed servicing customers in the United States, including New York State. In 2018, the New York State Attorney General released a voluntary survey for 13 cryptocurrency Exchanges to complete about their operations. All but four Exchanges returned the surveys. ExchangeXYZ was one of the four that refused to respond. The Attorney General’s office concluded in its September 2018 report that as their report details, “many virtual currency platforms lack the necessary policies and procedures to ensure fairness, integrity, and security of their exchanges.” The Attorney General’s report detailed how some of the platforms practice overlapping lines of business that present “serious conflicts of interest”. Some, the report observed, traded for their own account on their own venues.

Indeed, Bitwise Asset Management, a cryptocurrency asset advisory and management firm, cited in a report that upwards of 95% of cryptocurrency trading originated from suspect sources. Research firms Crypto Integrity and The TIE concluded that 88% and 75% of reported exchange trading data were suspicious, according to the The Wall Street Journal (WSJ). The WSJ report pointed out that “the unregulated exchanges are inflating trading volume to get a higher ranking on data services like CoinMarketCap and leverage that ranking to attract listing fees.”

In light of its own findings, the New York Attorney General’s office has since formally referred three of the Exchanges to the New York State Financial Services department to investigate whether the Exchanges are operating illegally in New York State. One of the three is ExchangeXYZ.

So why is it that ExchangeXYZ can ignore some of the most powerful financial regulatory agencies in the world? A peek at its domain history may give some clues.

A Look at the WHOIS History of ExchangeXYZ

The WHOIS History shows the domain name was registered in China on April 1, 2017. This occurred during China’s own cryptocurrency Wild West when Mainland Chinese residents were desperate to move their money offshore through cryptocurrency exchanges. The exchanges at the time afforded customers an unregulated way to realize foreign exchange beyond the limits set by the government. The timing also suggests how ExchangeXYZ got so big so quickly. But the Chinese government effectively outlawed cryptocurrency exchanges later in 2017. ExchangeXYZ’s founders had started the business in China at the worst possible time, it seemed.

So it chose to go West.

WHOIS HISTORY API (on October 2, 2017)

WHOIS HISTORY API (on October 2, 2017)

WHOIS HISTORY API (on October 2, 2017)

WHOIS HISTORY API (on October 2, 2017)

In December 2017, ExchangeXYZ chose to use a professional domain service firm based in the United States to protect the national origin of its domain.

WHOIS HISTORY API (on October 2, 2017)

WHOIS HISTORY API (on December 18, 2017)

Note that the Created and Expired dates of the October 2, 2017 and December 18, 2017 coincide. On December 18, 2017, the domain creator chose to mask the origin of the domain with a U.S.-based service provider. The time frame fits in with the operation wanting to hide its China-based domain registration, more likely from the authorities on Mainland China and, perhaps, even from the Japanese authorities.

So the question remains: is it common practice for cryptocurrency exchanges to hide their provenance? The answer is “no”. Of the ten most popular exchanges, six have made their ownership history explicit in the WHOIS historical record. Two explicitly state their records have been “edited”, while a truly U.S.-based one has used a Panama-based administrator to maintain its current record.

Why, then, would ExchangeXYZ choose to hide its origins from occasional viewers?

Shell Companies, Shell Game

ExchangeXYZ moved its operations to Malta during the spring of 2018, according to its Wikipedia entry. Malta is known best for three things: the 1941 film The Maltese Falcon; its government-sanctioned sales of European Union passports to Russian oligarchs; and its reputation as an offshore banking financial center. Malta’s lax financial regulatory environment is a magnet for companies that wish to escape scrutiny.

However, just because a business is registered in Malta, it isn’t necessarily looking to escape the regulations of other countries.

Perhaps an investment entity is offering local services. A search on Google, however, indicated no website based in the island-nation related to the company, and no business activities to speak of. Further, a search with WHOIS API on the several Maltese business names of ExchangeXYZ did not reveal any domains.

As the noted financial fraud investigator Travis Birch observes:

“These days, it makes sense for almost every business to have a web presence, even if they aren’t dealing directly with end customers. This could be an Alibaba shop, a Yellow Pages listing, a proprietary website, or anything that states the company’s line of business. A lack of effort to promote itself suggests that the company may not want to be known.”

Further, a search on the address of the two Maltese addresses at which ExchangeXYZ entities are registered reveal dozens of companies at the same street address revealed as shell companies in The Offshore Leaks Database. The Database houses the Panama Papers as an indexed repository of the business entities in offshore locations revealed in 2015 as shell companies.



An advanced Reverse WHOIS search on the original company name “ExchangeXYZ” in the Country of Malta revealed more than 20 related domain names. Most of the websites have not been developed, while one is a cryptocurrency exchange to bet on professional sports events. It is entirely feasible that the site is a front for laundering proceeds.



Money Laundering for Tax Avoidance

According to the global companies database OpenCorporates, the oldest legally registered business for ExchangeXYZ was in Hong Kong, dated back to 2017. Database records show the Hong Kong entity currently inactive. However, ExchangeXYZ was very busy from the spring of 2018 to early 2019 establishing business entities in a dozen other countries.

Of greater note are the locations that are well-known offshore centers. In addition to Malta, they have established entities in Jersey, Uganda (well, maybe not so well-known), Singapore, and Switzerland.

Birch also notes that:

“Beneficial owners typically want to keep bank accounts nearby so they’re easier to use, or they may start accounts in places with banking secrecy like Switzerland or Liechtenstein. As a result, shell companies are often domiciled far from associated accounts.”

The Exchange also created three entities in India, the business name of one of which implies an investment in the clubs and resorts industry. The Exchange also has addresses in London.



The London addresses found in the companies incorporation record in OpenCorporates.com reveal residences. Indeed, the address pictured above has had eight other shell companies associated with it, according to the Panama and Paradise Papers.



Reverse WHOIS searches on each of the entity names of the offshore entities did not reveal any related domains; however, searches on Domain Names that included ExchangeXYZ and contained Registrant Contact:Country that included a country name (e.g., India) in some cases displayed domain names related to the ExchangeXYZ domain name. In the overwhelming number of instances in which domain names did display in the Reverse WHOIS results, the domains were inactive.

The circumstantial indicators discussed above should signal to consumers and regulators that business operations at ExchangeXYZ may not be in the best interest of its customers. Instead, it appears that ExchangeXYZ has created itself a financial ecosystem in which business occurs between entities.

Researchers could be forgiven if they were under the impression that the store of wealth the Exchange has accumulated may be stashed in far away and exotic locations. These locations lie beyond the reach of law enforcement authorities in the United States, the European Union, and even China. If and when the Exchange shutters its operations, consumers in the United States may lose hundreds of millions of dollars without legal recourse.

Beyond Cryptocurrency Exchange Fraud

Cryptocurrency fraud is not the only form of online financial crime investigators can apply WHOISXMLAPI.com’s Domain Research Suite to. The FBI cited in its Internet Crime Report for 2019 that the year before had seen a dramatic spike in Internet-based theft and fraud. The report estimated that in 2018 in the United States alone, cybercriminals stole $2.7 billion from consumers and organizations.

WHOISXMLAPI.com’s Domain Research Suite tools and traditional online investigative practices may not stop most of the crimes from happening. However, the integrated approach may help authorities and investors more readily get to the source of cryptocurrency and other forms of financial fraud on the Internet. Possibly, investment recovery rates may rise and the data collected during investigations may inform policymakers about viable ways to bring law and order to the Wild West of the Web.

http://www.linggao57.com/blog/the-domain-research-suite-that-aids-financial-fraud-investigations/feed/ 0
Web Page Categorization: How Next-Generation Technologies Can Benefit MSSPs http://www.linggao57.com/blog/web-page-categorization-how-next-generation-technologies-can-benefit-mssps/ http://www.linggao57.com/blog/web-page-categorization-how-next-generation-technologies-can-benefit-mssps/#respond Thu, 24 Oct 2019 14:18:29 +0000 http://www.linggao57.com/blog/?p=2415 The demand for managed security services has been growing by leaps and bounds over the past years. The reason for this trend is that organizations of all sizes need to monitor their IT systems around the clock and manage incidents … Continue reading ]]>

The demand for managed security services has been growing by leaps and bounds over the past years. The reason for this trend is that organizations of all sizes need to monitor their IT systems around the clock and manage incidents and breaches in real time. Yet, they may not have the means necessary to do that on their own as it requires significant investment in infrastructure and human resources.

Adding to that, traditional security measures have a hard time catching up with today’s more advanced threats. The fast-paced and increasingly connected environments require next-generation technologies and techniques, which enable MSSPs to protect their clients’ complex environments.

In this post, we’ll discuss what these next-generation capabilities are, why they are essential, and how web page categorization can improve them.

Next-Generation Technologies Needed by MSSPs

There are at least three primary technologies that MSSPs require to stay on top of the game — big data analytics, automation, and artificial intelligence (AI).

Big Data Analytics

Big data analytics refers to the ability of an organization to analyze vast amounts of information. The process allows data scientists and other users to make sense of potential threat indicators in a way that standard business systems are incapable of.

Time is of the essence in the world of cybersecurity, but legacy systems are not sufficient when it comes to tackling large-scale data sets. Traditional databases are meant to take on predictable information concerning scale and volume — something that today’s data sources do not adhere to.

That is why it is recommended to use systems that are big-data-friendly. However, the ability of a platform to process large amounts of information depends mostly on its built-in big data architecture and what’s fed into it.

Therefore, MSSPs can remain effective by using systems that can handle big data. Also, each tool should be able to adapt to the continuous growth of the databases attached to it.


This process refers to the development and application of technologies that automatically control and keep track of various processes. Automation takes over and performs recurrent tasks previously done by system operators.

Built on these principles, MSSPs can implement automation techniques to work in a more scalable manner. Automation has, in fact, become a standard feature of many of their offerings. It alleviates many of the burdens of data analysts. Bottom line: the more automated MSSP processes become, the better specialists can focus on essential tasks that add more value to their clients.

AI and Machine Learning (ML)

AI is the broader concept of using machines to perform tasks in a so-called “smart” manner. ML, on the other hand, is a byproduct of AI. It refers to entrusting machines to perform data analytics based on predefined steps.

Many cybersecurity professionals are now using AI and ML to automate the performance of repetitive tasks. These allow automation and eliminate a lot of the noise that comes with processing big data.

WhoisXML API Uses Next-Generation Technologies

WhoisXML API is a known provider of updated and well-structured databases that contain information on billions of domains. All of the domains in our website contacts database are classified into 25 different categories. These categories are regularly updated, and users can always request to add more.

Each domain record comes with the contact information of its owner. The database also reveals the registration and expiration dates of domains. Domain records can be particularly helpful in supplementing evidence gathered during investigations.

Our products can be configured to match users’ preferred data set format. It’s possible to acquire the outputs as database dumps or as comma-separated value (.csv) files. Users can also download customized databases that contain only the information they require. 

What’s more, our products come with a built-in ML engine. As such, they crawl website content and meta tags to extract text and categorize a page by using natural language processing. Content analysis is thus easier and performed automatically. Additionally, this means saving time to perform manual queries later on.

MSSPs can use our database to enrich available information that may be related to a wide range of threats. These include incidents of phishing, fraud, and more. Integrating our database into systems can provide users with more detailed information on websites. This data can help analysts determine whether or not sites are safe to access in less time.

Those who are not averse to using third-party APIs, on the other hand, can integrate our web page categorization API into already existing systems. This eases the addition of sources of information to enhance threat correlation.

To stay competitive, MSSPs must keep using next-generation technologies. To support this process, WhoisXML API offers web page categorization products that can enhance MSSPs’ capabilities. Our solutions are particularly useful in detecting and resolving cybersecurity threats. Want to know more? Contact us.

http://www.linggao57.com/blog/web-page-categorization-how-next-generation-technologies-can-benefit-mssps/feed/ 0
WHOIS Database Download: A Quick Look at the Newly Launched TLDs http://www.linggao57.com/blog/whois-database-download-a-quick-look-at-the-newly-launched-tlds/ http://www.linggao57.com/blog/whois-database-download-a-quick-look-at-the-newly-launched-tlds/#respond Thu, 24 Oct 2019 11:00:14 +0000 http://www.linggao57.com/blog/?p=2404 As the Internet continues to grow older, the number of interesting domain names available for use is starting to diminish. If you have ever tried to register a .com address, you probably felt a little frustrated trying to find a … Continue reading ]]>

As the Internet continues to grow older, the number of interesting domain names available for use is starting to diminish.

If you have ever tried to register a .com address, you probably felt a little frustrated trying to find a domain that matches your brand. With a meager 22 generic top-level domains (gTLDs) available, the World Wide Web is starting to get a bit crowded. This is the reason why new TLDs such as .tech, .space, .actor, and more have recently been introduced.

These newly created gTLDs can be considered the latest online real estate for individuals and companies who wish to stand out on the Web. Many of them are proving useful to businesses that want to carve a niche through a more creative approach amid the lack of domains with more commonly known gTLDs.

The demand for domains has grown, making it harder for companies to get the domains they want. This is where a WHOIS database download service can help.

The ICANN’s Role in the Creation of New gTLDs

The Internet Corporation for Assigned Names and Numbers (ICANN) is a nonprofit organization that maintains the Domain Name System (DNS). It is responsible for making decisions on expanding the domain space.

In 2012, the ICANN allowed businesses to apply for new TLDs so the Internet could keep up with the rising demand for domain names. These TLD additions included .art, .app, .love, and .shop. More than a thousand new gTLDs have entered the public domain space since then. Now that users have more choice, how will they choose the right one?

Considerations When Selecting a Domain with a Newly Created gTLD Extension

Although newer gTLDs may seem unconventional compared to what we’re used to seeing, they bring about many benefits, especially for businesses. A company that wishes to stand out from the competition, for example, can be more creative with its domain name given more choices. If the domain a business wants is already taken but isn’t trademarked, it can use a variation of the name for its own site. Regardless of the organization’s plans, however, it should take the following reminders into consideration when purchasing domains with newer TLDs.

Know Your Audience

Not all businesses are the same. Different people will be attracted to varying aspects of a company. And so businesses would normally employ a marketing strategy for millennials that differs from that for the middle-aged.

Understanding your current audience will help you choose the right domain and TLD for your business. A pizza parlor, for example, can opt for a domain with the .pizza extension rather than, say, pizza.com. Not only is this more appropriate for its brand, but this approach could also generate a better authority for it within the pizza selling industry.

The following are some newly created gTLDs that can fit a niche market:

  • .tennis
  • .toys
  • .photography
  • .coffee
  • .yoga

As you can see, each extension has that certain level of “exactness” for their target markets.

Be More Specific

Knowing the type of business you operate or the service you provide can narrow down your domain choices within the realm of newly created gTLDs. Using the right domain extension can tell your visitors exactly what they can expect when they get to your website. This can also help you reduce the length of your website’s URL, making it easier to remember.

Here are some newly created gTLDs that your company can consider using:

  • .luxury: Great for sellers of high-end accessories, fashion items, cars, and the like.
  • .tech: Can be used by many tech start-ups that wish to stand out from the crowd.
  • .design: More in tune with artists or people in creative professions like web designers, interior decorators, and more.


As new gTLDs continue to be added to the market, the domain space will become bigger, allowing more companies to obtain shorter yet more descriptive Web addresses that match their brands. This is particularly useful since nearly half of all registered domains today have the .com extension.

However, with this newfound availability come different prices for domain names. Users won’t find a standard price for domains with the new gTLD extensions. Some may be cheap but others can be quite expensive depending in how much demand they are.

To help you sift through all available domains, use a WHOIS database download service that has a comprehensive list of not just those that use the more commonly seen gTLDs and ccTLDs but also those with the newly created gTLDs.

How Can a WHOIS Database Download Service Help?

A WHOIS database download service basically provides people with current and historical WHOIS records. With it, users can get information on active domains. It lets users see all available domain names. It also shows key data points on domains such as the name of its registrant, the organization it is affiliated with, the registrant’s contact information, and many more. These details can serve users in a variety of ways. They can, for one, allow you to get in touch with a domain of interest’s current owner if you would like to ask them if they are willing to part with it.

The newly created gTLDs provide a fun and creative way for companies to be unique and express their identity by using their Web address. And users can obtain all the information they need with the help of a WHOIS database download service.

Are you interested in learning more about the service? Leave us a message at support@whoisxmlapi.com today and we’ll get back to you shortly.

http://www.linggao57.com/blog/whois-database-download-a-quick-look-at-the-newly-launched-tlds/feed/ 0
The Role of Domain Search and Monitoring in Enabling MDR and MSSP Teams http://www.linggao57.com/blog/the-role-of-domain-search-and-monitoring-in-enabling-mdr-and-mssp-teams/ http://www.linggao57.com/blog/the-role-of-domain-search-and-monitoring-in-enabling-mdr-and-mssp-teams/#respond Tue, 15 Oct 2019 15:12:06 +0000 http://www.linggao57.com/blog/?p=2398 Based on findings by ESG, more than 80% of cybersecurity professionals today agree that their organizations are seeking to enhance their threat detection and response capabilities. In fact, 77% said their business managers are constantly pressuring them to do so. … Continue reading ]]>

Based on findings by ESG, more than 80% of cybersecurity professionals today agree that their organizations are seeking to enhance their threat detection and response capabilities. In fact, 77% said their business managers are constantly pressuring them to do so.

The problem, however, is that enhancing threat detection and response is no mean feat. In fact, 76% of those surveyed mentioned that this has become more challenging compared to a couple of years back. Cybersecurity professionals are pointing to concerns such as the surge in the sophistication and volume of threats, a growing attack surface, and increasing workload. Additionally, many firms lack the right skills and staff to make significant changes in this area.

So rather than deploy new tools that they are not even sure to work, many CISOs are now turning their attention toward asking third-party service providers for help. This is where managed detection and response (MDR) and managed security service providers (MSSPs) come in.

But despite their growing demand and popularity, these services face some major challenges that can hinder many providers and have already done so.

In this post, we’ll take a look at the hurdles these two are contending with right now and how domain search and monitoring tools can enhance their overall effectiveness.

Let’s get started.

Challenges Faced by MDR and MSSPs

As providers of outsourced services, MDR and MSSPs are constantly pressured to provide the best in cybersecurity today. MDR and MSSPs are looked upon for proactive solutions in hunting down threats across an organization’s network. This translates into searching for indicators of compromise (IoCs) that can help thwart malicious activity.

Besides that, there is a continuous need to leverage the latest research and threat intelligence as they are expected to provide their customers with actionable insights into prompt threat identification and response. This is particularly important as analyzing threat data from various endpoints and networks can help paint a clearer picture of an attack.

MDR and MSSPs also have to know where the attacks come from, how infections spread, and if any of their systems have already been affected. And this can only be achieved when a range of data inputs from threat intelligence feeds, detection tools, and third-party data sources are combined.

Lastly, there is also a need for them to have global monitoring capabilities. This is essential as it can help provide specialists with the information they need to anticipate emerging threats.

How Does Domain Search and Monitoring Fit Into All This?

As you can already tell, up-to-date threat data is one of the key elements that both MDR and MSSPs should possess. Relevant search and monitoring capabilities allow users to obtain the latest information available on domains. This is particularly handy since many of the attack campaigns by threat actors begin and end with the use of websites.

With WHOIS data close at hand, these cybersecurity firms can get details such as the name and contact information of a domain registrant, the organization they are linked to, their location, the registrar hosting the domain, and more. All of these key data points add up so that specialists can use them for cybersecurity analysis, threat detection, and research purposes.

Here’s What WhoisXML API’s Service Has to Offer

Our Domain Research Suite can supply users with WHOIS records — including current and historic registrations — for both gTLDs and ccTLDs. Several thousand gTLDs are supported, including .com, .net, .us, .biz, and more including those that have been newly created. This means that you can keep track of even the more unique extensions like .yoga, .country, and .business. We also offer details on thousands of ccTLDs like .uk, .cn, and .ru so MDR and MSSPs can perform WHOIS searches globally.

Cybersecurity experts can acquire accurate information on more than 300 million active domain names and can expect to get access to hundreds of thousands of additional records on a daily basis. This means that the service is able to track down even those domains that have been recently registered. Doing so can be quite useful in identifying cases of phishing as threat actors commonly employ numerous newly registered domains for this activity.

Apart from that, you can get both parsed and raw WHOIS data from downloads as database dumps, CSV files, or in the form of a variety of APIs. This allows for easy integration with existing systems or other cybersecurity processes as the information provided is all normalized.

By having access to such data, MDR and MSSPs can enrich their existing threat intelligence on domain information with global capabilities. This allows them to give their customers better threat monitoring and response moving forward.

MDR together with MSSPs can avail of a cost-effective means to address cybersecurity threats. With the help of domain research and monitoring, they can better meet their customers’ cybersecurity needs.

If you’re interested in learning more about what our service has to offer, send us a message at support@whoisxmlapi.com.

http://www.linggao57.com/blog/the-role-of-domain-search-and-monitoring-in-enabling-mdr-and-mssp-teams/feed/ 0
Check a Website’s Reputation with Website Categorization API and Other Tools http://www.linggao57.com/blog/check-a-websites-reputation-with-website-categorization-api-and-other-tools/ http://www.linggao57.com/blog/check-a-websites-reputation-with-website-categorization-api-and-other-tools/#respond Tue, 15 Oct 2019 12:29:33 +0000 http://www.linggao57.com/blog/?p=2386 In an era riddled with highly skilled threat actors and sophisticated attack methods, determining whether you can safely access a website or not is critical. After all, the only certain way of preventing a breach is to keep well away … Continue reading ]]>

In an era riddled with highly skilled threat actors and sophisticated attack methods, determining whether you can safely access a website or not is critical. After all, the only certain way of preventing a breach is to keep well away from every potential threat source online, including anywhere inappropriate you may land on the Web.

With that purpose in mind, this long-form article presents three case studies on how Website Categorization API, in conjunction with other domain and IP data feeds and APIs, can help organizations avoid the pitfalls that come with visiting harmful web pages.

Table of Contents

Check Website Trust or Land in a Sea of Trouble

Many system infections result from the simple act of visiting a compromised or outright malicious website. While some sites have been specially crafted to host malware or exploit that automatically get dropped onto vulnerable systems, others are legitimate but have been under the control of hackers and/or used in attacks. Whatever the case may be, these malware- or exploit-laden sites often employ the same tactic to rein in victims — a drive-by download.

So how does this work? What happens once a piece of malware makes your computer its new home? Cyber attacks that rely on drive-by downloads often use these elements:

  • Entry point: Attackers create credible sites or hijack popular ones to act as malware hosts. These pages are designed to silently drop a piece of malware onto unsuspecting visitors’ systems.
  • Distribution and exploration: The malware that initially ends up on a user’s computer is designed to pinpoint exploitable vulnerabilities on it, its apps, and the devices connected to it. You can think of it as an added reconnaissance tool to reach the attacker’s end goal.
  • Exploitation and infection: After a comprehensive diagnosis of the infected system, the initial malware identifies the exploit that would work best on it. Attackers typically have commercially available (from underground marketplaces or the Deep Web) exploit kits in their attack arsenals. From there, cybercriminals choose what would run on a victim’s computer and drop this onto it to continue the attack. In turn, the attackers gain control of one or more devices and so initiate the loss of data and related breach.
  • Infrastructure hacking: Every attack designed to siphon off confidential data from an infected system makes use of a command-and-control (C&C) server owned and controlled by the attackers. In a ransomware attack, for instance, the C&C server issues commands to the actual payload such as “look for files with the .doc extension, copy then, and send the copies back.”

What can companies do to prevent such malicious incidents from happening? While it may be impossible to tell if a website is a potential threat carrier at first glance, avoiding those that have been identified as unsafe to visit is highly recommended. Blacklisting sites so even the most reckless employees won’t end up visiting them is good practice too.

Additionally, the aid of a Website Categorization API and other tools configured to adhere to security policies can help organizations safeguard their digital assets against e-commerce formjacking, phishing, and ransomware attacks. Let’s see how with the following use cases.

Case Studies

Case Study 1: E-Commerce (Magecart)

Before digging into this first case study, let’s take a look at what website categorization entails. In short, website classification is an easy way for businesses to get to know their customers as well as to flag inconsistencies and potential cases of fraud.

In fact, in three simple steps, users would already know more about a specific customer or potential threat source. For instance:

  • Log in to https://website-categorization-api.whoisxmlapi.com.
  • Click Give API a Try. You should land on the desired section.
  • Type the domain name into the Get website categorization input field and hit the Enter key. Up to three categories to which the user’s site belongs should appear.
Up to three categories to which the user’s site belongs should appear.

These categories are just a few examples among many. The API currently has 25 categories that include Autos and Vehicles, Beauty and Fitness, and more. If the categories you’re interested in aren’t on the current list, you can send WhoisXML API a request.

So what do you do this with data? Pooling the customers’ domains into categories can help sales and marketing teams identify which industries to prioritize. They can then come up with informed strategies that would yield a more significant profit margin for their companies.

Not all site visitors are prospective customers, however. And neither should everyone be welcome with open arms. If you’re a cybersecurity specialist, you already know that businesses must be wary of threat actors that want to gain access to their networks and prey on their customers. This is illustrated by one threat in particular — e-commerce formjacking.

E-commerce formjacking, which we explored by using Magecart attacks, involves implanting malicious code into the forms that online buyers fill in when placing their orders on online shops. This code allows attackers to steal users’ credit card information as they input it into the checkout page.

Importantly, Magecart refers to an attack category, that is, e-commerce formjacking, and not a specific organization or entity. Several cybercriminal groups have used Magecart in high-profile attacks. like those that targeted British AirwaysTicketmaster, and Newegg.

Magecart attacks use a malicious JavaScript code that listens for and collects personal information. Some monitor all of a user’s keypresses within a page while others only intercept inputs into specific parts of a form like credit card numbers and card verification values (CVVs). In general, however, all attackers hide the malicious code inside benign-looking code to evade detection.

The latest report on Magecart incidents revealed that more than 17,000 domains fell prey to the threat. Even worse, experts say they see no end to the attacks any time soon. The only course of action left for businesses then is to beef up the security of their e-commerce sites.

Organizations that want to safeguard their infrastructure and customers can use their website categorization findings with reports that give out indicators of compromise (IoCs) to identify unwanted site visitors. URL blacklisting, in the event of a potential e-commerce formjacking attempt, would help users safeguard their digital properties and customer data from malicious individuals.

Case Study #2: Brand Protection (PayPal)

Web categorization is a worthwhile endeavor when it comes to brand protection. For any business to succeed, its brand always has to be reputable. Succumbing to a cyber attack can leave a lasting negative impression on a company’s existing and potential customers.

Phishing, for example, is an age-old but ever-reliable threat that remains one of the most significant challenges even for today’s biggest brands. While lesser-known targets also struggle with it, it isn’t surprising that the most popular vendors comprise phishers’ list of go-to targets. There’s a straightforward reason for that — the bigger the brand, the wider the potential victim pool is and the profit margin for attackers.

If you’re wondering about the prevalence of phishing in actual numbers, the latest Anti-Phishing Working Group (APWG) Phishing Activity Trends Report showed a constant increase in the number of unique phishing websites month-over-month — from 48,663 in January 2019 to 50,983 in February to 81,122 in March. Verizon’s 2019 Data Breach Investigations Report (DBIR) identified phishing as the leading data breach attack vector. Another report said one in every 99 messages is a phishing email. These are alarming trends, but the danger can usually be avoided by employing tools that add an extra layer of defense against the threat.

Like in the e-commerce case study, users can rely on Website Categorization API to determine if a potential client, for instance, is worth trusting or should potentially be flagged as a “phisher.” A payment processor like PayPal can follow the same three steps to verify if a user’s claims are valid. It can search for the client’s domain to check if it corresponds to the email sender’s supposed company category. Calling the organization for confirmation, of course, enhances the verification process.

Let’s take a look at a hypothetical scenario. Say that John Smith wishes to sign up for a PayPal account to start his new business. He claims to have recently put up an online shopping site that sells sports apparel called Sports R Us. (IMPORTANT NOTE: We used a randomly chosen domain name for this scenario. That domain name is not malicious.)

The PayPal representative in charge of John Smith’s account registration can look up sports-r-us.com (his domain) on Website Categorization API to verify its existence. To do that, type the domain name into the “Get website categorization input” field and hit the Enter key. A list of the categories the customer’s site belongs to should appear.

A list of the categories the customer’s site belongs to should appear.

For our made-up scenario, the results don’t necessarily confirm John Smith’s claims. You may need to employ further Internet research by visiting the said site and seeing if it is indeed an online shopping site for sports apparel. Our search for the domain shows this:

Our search for the domain shows this

A result like that makes John Smith’s claims about putting up a sports goods shopping site less credible. If you do happen to land on an active site, you can check for visible signs of credibility. For instance:

  • The URL should start with HTTPS instead of the usual HTTP. The additional S at the end means the site is encrypted and is thus harder to compromise than one that isn’t. A lock icon preceding the URL also indicates the website security.
  • The presence of a website privacy policy is also a good indication of a site’s reliability. That means its owner adheres to the stipulations of data privacy laws such as the General Data Protection Regulation (GDPR).
  • Every reputable company provides accurate contact information on its website. You can check these out by emailing or calling them.
  • Some vendors even go the extra mile and have their sites verified by certified authorities to guarantee that they look out for their customers’ welfare.
  • No reputable vendor site has third-party ads that offer things for free. Even an accidental hover or click on a malicious ad can lead to a drive-by download.

In light of these approaches of checking a website reputation, financial service providers like PayPal can support or reject an applicant’s account registration. These are just some of the ways in which they can avoid being abused by a potential phisher.

Cybersecurity professionals can also opt for specially designed tools to check the validity of a site’s Secure Sockets Layer (SSL) certificate. All reputable vendors’ sites have valid SSL certificates which digitally bind a cryptographic key to their organizations.

Finally, when complemented by brand protection and monitoring tools, IT security teams and employees can avoid dealings with malicious individuals and engage in unintended interactions that may have severe repercussions for their reputation.

Case Study #3: Cybersecurity Against Ransomware (Businesses in Major U.S. Cities)

We’ve seen many organizations worldwide lose massive amounts of data and incur huge financial losses after suffering a ransomware attack. A Florida city is likely to be holding the record for shelling out the biggest ransomware payout amounting to US$600,000 to date. It gave in to the hackers’ demand when it lost access to all its records and when its email system was disabled. What’s more, it had to resort to paying employees and vendors by check, and its 911 dispatchers were left unable to pass on calls to the responders.

Another example of a ransomware attack involved Maersk, a global container shipping giant, in one of the most prominent casualties of the NotPetya outbreak in June 2017. The company reportedly lost an estimated US$300 million due to the attack that resulted in a severe business interruption across 600 of its sites located in 130 countries.

Ransomware isn’t just a problem for large enterprises, though. Small and medium-sized businesses (SMBs) are also prone to attack. Take the case of a local medical service provider in Michigan, for instance, whose owners preferred to close shop rather than deal with an attack’s aftereffects. Not paying the ransom is justifiable as those who opt to sometimes end up with nothing but a gaping hole in their bank accounts.

These aren’t isolated cases. Security experts believe that the ransomware damage could reach as much as US$11.5 billion this year. Reasons for this include an expected rise in attack frequency and code innovations.

In light of recently reported events in major cities across the U.S. alone, we’re bound to see the prediction come true. Local city halls, public libraries, and other government offices in Dallas, Baltimore, Albany, and Laredo in Texas and Lake City, Florida were just some of the recent victims.

As with any online threat, one way of countering the ill effects of a ransomware attack lies in identifying risky sites. To do that, organizations can determine where their site visitors originate from. Website categorization and IP geolocation can work hand in hand to enable that. For instance, a website categorization API can help assess if anyone under a specific domain (and its related categories) has a legitimate reason to be accessing the company website.

Let’s say, for demonstration purposes, that you work as an IT security personnel for the Dallas Public Library. Because of the recent spate of attacks against similar institutions, you decided to sift through your network’s traffic logs. While at it, you discover a suspicious domain such as emend.com that keeps trying to access your network. (IMPORTANT NOTE: The domain in this scenario isn’t necessarily related to the attacks discussed in this section. It has been randomly chosen and does not have to be malicious.)

A Website Categorization API lookup using the domain as a search term should give you this result:

A Website Categorization API lookup using the domain as a search term should give you this result.

The word “emend,” according to a dictionary, means “to correct usually by text alterations.” You should probably wonder why it was classified under the Health category. It may be a good idea to dig deeper into the site. Accessing the site does take you to a healthcare provider’s site, so it’s safe to visit so long as it doesn’t appear on any blacklist such as the Abuse.ch Ransomware Tracker Blocklist. To more safely navigate the Web, including all sites in the said blocklist in your organization’s own URL blacklist is a very good idea. That way, you can avoid landing on a known ransomware-laden site.

In the case of the U.S. cities, it may be a good idea to spot inconsistencies between say what’s claimed in an email and the information contained in IP addresses. For that, you can use an IP geolocation tool.

For example, let’s say that your company received an email with a suspicious attachment that claims to originate from a partner in Canada. Keep in mind that a lot of ransomware variations could come in the guise of documents. You can enter the email sender’s domain name into the API’s search field to determine the message’s real source.

For demonstration purposes, let’s say the email address soon_be_to_nothing@yahoo.com was used. The IP Geolocation API should give you this result:

For demonstration purposes, let’s say the email address soon_be_to_nothing@yahoo.com was used.

As you can see, the inbox isn’t registered in Canada. While this alone doesn’t justify distrusting the sender, you might want to dig further. You could, for example, check for website category before clicking URLs and potentially end up on unknown sites containing malware.

Bottom line: Check Website Reputation & Trust with the Right Intelligence Sources

Fortifying one’s network against e-commerce formjacking, phishing, ransomware, and other cyber attacks requires careful scrutiny of who website visitors are and where they originate. Organizations need to know which websites to trust and which ones should be avoided.

Security solutions are great at preventing malicious files from being executed on vulnerable systems, but not all can distinguish between safe from damaging traffic. Bolstering their capability to distinguish between malicious and non malicious site visits is possible with Website Categorization API and other domain and IP data feeds and APIs — providing for more proactive defense.

Indeed, by preventing malicious individuals from interacting with your network and dropping unwanted files into gaping holes, organizations can effectively stop attacks before they even take root.

http://www.linggao57.com/blog/check-a-websites-reputation-with-website-categorization-api-and-other-tools/feed/ 0
How a Website Categorization Database Can Contribute to Fraud Monitoring http://www.linggao57.com/blog/how-a-website-categorization-database-can-contribute-to-fraud-monitoring/ http://www.linggao57.com/blog/how-a-website-categorization-database-can-contribute-to-fraud-monitoring/#respond Fri, 11 Oct 2019 13:12:54 +0000 http://www.linggao57.com/blog/?p=2378 Fraud detection and prevention solutions are on the rise, and so are expectations from vendors. Many enterprises users are looking for providers that can offer holistic products and augmented capabilities. Let’s dive into that point and talk about how a … Continue reading ]]>

Fraud detection and prevention solutions are on the rise, and so are expectations from vendors. Many enterprises users are looking for providers that can offer holistic products and augmented capabilities. Let’s dive into that point and talk about how a Website Categorization Database can prove useful as a means for data enrichment.


What Makes a Good Fraud Monitoring Tool?


To start, a good solution should be able to detect and respond to a variety of cases of fraud, either applying to an entire industry or specific to an organization. What’s more, it should identify odd occurrences (if and when these happen) as well as easily integrate into existing ecosystems. That’s a given.


In 2019, however, some advanced capabilities are starting to become necessary, driving the emergence of next-generation solutions that modern fraud detection teams can no longer live without. For instance:


The Ability to Detect a Wide Range of Cases of Fraud via Machine Learning


An ideal fraud monitoring tool should run a solid rule engine with an advanced set of rules, one that can identify potential cases of fraud based on certain criteria. It shouldn’t, however, rely on this feature alone — primarily because rule-based systems may no longer be able to keep up with today’s more advanced attacks.


The good news is that some tools use machine learning (ML) to meet this requirement. ML hastens a tool’s ability to analyze a larger volume and variety of data. It does away with the human factor as well, thus reducing human error. An ML-based solution can employ different algorithms to come up with relevant findings for expert verification.


Using a Dynamic Approach to Determining Authentication Flow


A fraud monitoring system should be compatible with already existing systems and solutions as well as even the most advanced multifactor authentication tools. It must constantly evaluate risks tied to a certain event and facilitate seamless authentication flow based on its analysis. Furthermore, it should be able to dynamically trigger the best solution for a given scenario based on the risk it poses.


For instance, if a specific transaction has been categorized as suspicious due to an information mismatch, solutions should be able to move on to the next authentication criteria. Then it is necessary to test the event against all parameters first, rather than simply reject or put a transaction on hold for manual review as soon as it is flagged.


Having Out-of-the-Box Fraud Prevention Capabilities


An effective anti-fraud tool should be capable of detecting a fraudulent transaction right from the start. Be sure though that it can support business continuity demands by ensuring smooth transitions. The reason why? Companies can’t afford for their tools to freeze while processing risk analytics and cases. As such, a solution that can provide an acceptable level of protection in a timely fashion is essential.


Although an out-of-the-box solution is a good start, its capabilities need to be flexible so it can be customized according to a client’s needs.


What’s the Link between Website Categorization and Fraud Monitoring?


Companies that specialize in offering fraud monitoring solutions can benefit from a website categorization database as this serves as an additional source of website intelligence. It provides users with a well-structured domain name database that is updated for accuracy on a daily basis.


Our solutions, including Website Categorization API, use ML for near real-time results even when dealing with new cases. They also come with versatile rules that have been predefined by industry experts, allowing users to acquire data on active domain names without needing to conduct manual web scraping or research.


This capability is particularly useful since most cases of fraud involve the use of several websites. In fact, millions of domains are registered each year by threat actors who aim to scam organizations.


WhoisXML API Offers Streamlined Website Categorization


Our web categorization database can be filtered according to a variety of categories. This allows users to analyze data in different ways, depending on what they are looking for. The information in the database can be filtered and analyzed by:


  • Website location: Our database provides website information for a single country, several countries, or all countries should users be identifying cases of fraud in specific locations. It does so because it covers domains registered worldwide, including those that use ccTLD and the newly created gTLD extensions.
  • Website category: We currently classify websites into 25 categories. Note that a website can appear in several of them at once. Fraud investigators that require additional categories can send in requests to fulfill their threat data requirements.



Our website categorization database gives fraud detection and monitoring companies accurate website information practically in real time with the aid of ML technology. Although not an all-in-one solution, the categorization tool still offers a step in the right direction for those in the fraud investigation business. If you want to know more about our products, send us a message.

http://www.linggao57.com/blog/how-a-website-categorization-database-can-contribute-to-fraud-monitoring/feed/ 0