Whois API Blog http://www.chuangshi32.top/blog Fri, 11 Oct 2019 13:15:57 +0000 en-US hourly 1 https://wordpress.org/?v=5.1.2 How a Website Categorization Database Can Contribute to Fraud Monitoring http://www.chuangshi32.top/blog/how-a-website-categorization-database-can-contribute-to-fraud-monitoring/ http://www.chuangshi32.top/blog/how-a-website-categorization-database-can-contribute-to-fraud-monitoring/#respond Fri, 11 Oct 2019 13:12:54 +0000 http://www.chuangshi32.top/blog/?p=2378 Fraud detection and prevention solutions are on the rise, and so are expectations from vendors. Many enterprises users are looking for providers that can offer holistic products and augmented capabilities. Let’s dive into that point and talk about how a … Continue reading ]]>

Fraud detection and prevention solutions are on the rise, and so are expectations from vendors. Many enterprises users are looking for providers that can offer holistic products and augmented capabilities. Let’s dive into that point and talk about how a Website Categorization Database can prove useful as a means for data enrichment.

 
 

What Makes a Good Fraud Monitoring Tool?

 

To start, a good solution should be able to detect and respond to a variety of cases of fraud, either applying to an entire industry or specific to an organization. What’s more, it should identify odd occurrences (if and when these happen) as well as easily integrate into existing ecosystems. That’s a given.

 

In 2019, however, some advanced capabilities are starting to become necessary, driving the emergence of next-generation solutions that modern fraud detection teams can no longer live without. For instance:

 

The Ability to Detect a Wide Range of Cases of Fraud via Machine Learning

 

An ideal fraud monitoring tool should run a solid rule engine with an advanced set of rules, one that can identify potential cases of fraud based on certain criteria. It shouldn’t, however, rely on this feature alone — primarily because rule-based systems may no longer be able to keep up with today’s more advanced attacks.

 

The good news is that some tools use machine learning (ML) to meet this requirement. ML hastens a tool’s ability to analyze a larger volume and variety of data. It does away with the human factor as well, thus reducing human error. An ML-based solution can employ different algorithms to come up with relevant findings for expert verification.

 

Using a Dynamic Approach to Determining Authentication Flow

 

A fraud monitoring system should be compatible with already existing systems and solutions as well as even the most advanced multifactor authentication tools. It must constantly evaluate risks tied to a certain event and facilitate seamless authentication flow based on its analysis. Furthermore, it should be able to dynamically trigger the best solution for a given scenario based on the risk it poses.

 

For instance, if a specific transaction has been categorized as suspicious due to an information mismatch, solutions should be able to move on to the next authentication criteria. Then it is necessary to test the event against all parameters first, rather than simply reject or put a transaction on hold for manual review as soon as it is flagged.

 

Having Out-of-the-Box Fraud Prevention Capabilities

 

An effective anti-fraud tool should be capable of detecting a fraudulent transaction right from the start. Be sure though that it can support business continuity demands by ensuring smooth transitions. The reason why? Companies can’t afford for their tools to freeze while processing risk analytics and cases. As such, a solution that can provide an acceptable level of protection in a timely fashion is essential.

 

Although an out-of-the-box solution is a good start, its capabilities need to be flexible so it can be customized according to a client’s needs.

 
 

What’s the Link between Website Categorization and Fraud Monitoring?

 

Companies that specialize in offering fraud monitoring solutions can benefit from a website categorization database as this serves as an additional source of website intelligence. It provides users with a well-structured domain name database that is updated for accuracy on a daily basis.

 

Our solutions, including Website Categorization API, use ML for near real-time results even when dealing with new cases. They also come with versatile rules that have been predefined by industry experts, allowing users to acquire data on active domain names without needing to conduct manual web scraping or research.

 

This capability is particularly useful since most cases of fraud involve the use of several websites. In fact, millions of domains are registered each year by threat actors who aim to scam organizations.

 
 

WhoisXML API Offers Streamlined Website Categorization

 

Our web categorization database can be filtered according to a variety of categories. This allows users to analyze data in different ways, depending on what they are looking for. The information in the database can be filtered and analyzed by:

 

  • Website location: Our database provides website information for a single country, several countries, or all countries should users be identifying cases of fraud in specific locations. It does so because it covers domains registered worldwide, including those that use ccTLD and the newly created gTLD extensions.
  • Website category: We currently classify websites into 25 categories. Note that a website can appear in several of them at once. Fraud investigators that require additional categories can send in requests to fulfill their threat data requirements.

 


 

Our website categorization database gives fraud detection and monitoring companies accurate website information practically in real time with the aid of ML technology. Although not an all-in-one solution, the categorization tool still offers a step in the right direction for those in the fraud investigation business. If you want to know more about our products, send us a message.

]]>
http://www.chuangshi32.top/blog/how-a-website-categorization-database-can-contribute-to-fraud-monitoring/feed/ 0
Why Tracking Your DNS History Is Important http://www.chuangshi32.top/blog/why-tracking-your-dns-history-is-important/ http://www.chuangshi32.top/blog/why-tracking-your-dns-history-is-important/#respond Fri, 11 Oct 2019 07:09:50 +0000 http://www.chuangshi32.top/blog/?p=2372 If you have ever published a blog post and then got so much flack for it you ended up taking it down – and you still think this would make the problem go away, think again. If your readers have … Continue reading ]]>

If you have ever published a blog post and then got so much flack for it you ended up taking it down – and you still think this would make the problem go away, think again. If your readers have your blog on their RSS feed and click on its link, they’ll still be very likely to be able to read a cached version of it.

 

The same is unfortunately true for domains. Every change a domain goes through is recorded on its historical WHOIS record, made possible by the introduction of passive Domain Name System (DNS) — a means to find out any modification made at some point in time to a specific domain.

 

As such, any bit of information related to a domain can still be seen via a passive DNS search. And this is the reason why making sure your domain has had no ties to any malicious activity throughout its entire life cycle is important.

 

A domain with a shady past can pose risks to any business as the following shows:

 
 

Past Search Engine Results Pages (SERP) Violations Can Haunt You

 

Although old domains are more likely to obtain better search engine optimization (SEO) rankings because they have operating for quite some time, that is only good if they did so for a good reason such as great content, popularity as evidenced by a huge number of visitors, and so on. It is not uncommon, however, for owners to abandon aged domains because these have been flagged for SERP violations such as sneaky redirects, using cloaked images, hacked sites, hidden text or keyword stuffing, spamming, and others.

 

Sites that have been cited for such instances are bound to maintain low SEO rankings no matter how good its current owner’s SEO strategy is. So if you are, for instance, looking to obtain a new domain for your business, first, take a very close look at its past to make sure you do not end up suffering the consequences of its previous owner’s wrongdoings.

 
 

You Don’t Want to Be Mistaken for a Cybercriminal or Cyber Attacker

 

In case you don’t know already, cybersecurity solutions work by blocking access to URLs that have been classified as “malicious” from their customers’ systems. So if your domain has been included in a security blacklist, potential readers or clients who wish to visit your website would always be alerted to its insecurity (based on historical data) through warnings, or they’ll never reach your site, which translates to lost opportunities for your company.

 

Even URLs that have been compromised and end up as unwary accomplices to cybercrime also get named in threat reports and news, not to mention be flagged for an SERP violation (i.e., hacked sites). This is another reason why you should use all available means to ensure your DNS history remains threat-free.

 
 

Using a Hijacked Domain Can Spell Disaster

 

The awkward truth: not all domains that are available for purchase have been lawfully obtained. Some may have been stolen from other individuals or organizations. And the only way these were made “available” is through hacking or compromise, which is unfortunately too easy to do with unsecured or insufficiently protected domains. Ending up with a hijacked domain, no matter how perfect it may be for your brand, may cause you to lose more than you gain.

 
 

Ties to Unscrupulous Content and Activities Not Only Result in SERP Violations but Also Blacklisting

 

The Internet, much like any other community, has its own “police” who are responsible for taking down sites that offer malicious content (e.g., porn, etc.), sell fake goods and services, or have ties to illicit activities online. There’s a reason why most of these sites end up on the Deep Web. Note that domains that have been associated with violations and misdeeds end up in cybersecurity blacklists so if you need to decide on buying a domain or not, it’s a good idea to carefully scrutinize its DNS history first.

 
 

No One Wants to Be Taken in by a Fake Domain Registrar

 

Just like buying a house or any property of great value, you don’t want to be responsible for someone else’s business and its brand, even over time.

 

That’s why it’s recommended that you do extensive background checks on people or companies you do business with.

 

The same care should be taken when purchasing domains because not all registrars are the real deal. If you’ve got your heart set on a domain and finally found a single registrar that offers it, find out all you can about the seller first. More often than not, the most coveted domain names are already taken. Hard-to-believe offers are just that because they almost always turn out to be fake and all you may have to show for your effort afterward is stolen personal information and your money let down the drain.

 

Staying safe from cyber threats shouldn’t only focus on the present and the future – it’s also critical to learn from the past. This is particularly true when it comes to choosing and purchasing a domain. Skeletons in a domain’s DNS history closet can still have unwanted consequences.

]]>
http://www.chuangshi32.top/blog/why-tracking-your-dns-history-is-important/feed/ 0
WHOIS Database Download: Empowering the Practice of Domain Flipping http://www.chuangshi32.top/blog/whois-database-download-empowering-the-practice-of-domain-flipping/ http://www.chuangshi32.top/blog/whois-database-download-empowering-the-practice-of-domain-flipping/#respond Mon, 07 Oct 2019 15:53:40 +0000 http://www.chuangshi32.top/blog/?p=2364 In today’s digital-centric world, domain names are hot commodities that many would want to get their hands on. The US$90-million sale of LasVegas.com is one of the best examples of this though there are many other domain names constantly bought … Continue reading ]]>

In today’s digital-centric world, domain names are hot commodities that many would want to get their hands on. The US$90-million sale of LasVegas.com is one of the best examples of this though there are many other domain names constantly bought and sold for huge sums on a daily basis. This has resulted in giving individuals a great opportunity to invest in domain names that are likely to sell for a hefty profit in the future. And this is where the concept of domain flipping comes in.

 

In this article, we’ll discuss how aspiring domainers can make money off selling domains and how a WHOIS database download service can help them.

 
 

What Is Domain Flipping?

 

Domain flipping is the practice of buying a domain name in the hope of selling it at a much higher price after some time. It is similar to house flipping wherein an individual buys a house, renovates it, and then sells more expensively.

 

Unlike in real estate, however, a domainer can’t do anything to increase the value of a domain name. As such, it is important for a domain flipper to instinctively predict which cheap domains are likely to be in high demand later so he can earn a lot from selling them. Domain flipping also differs from website flipping in that the domains put up for sale don’t need to be functional as opposed to sites being sold.

 

In sum, domain trading requires investing in properties that will hopefully pay off in the future. Those who have a gift of foresight can thus make a living out of flipping domains.

 
 

Setting Up a Solid Domain Portfolio

 

It can take a person months or even years to develop a high-quality domain portfolio. This usually requires patience while waiting for domains to mature and be worth a lot more than what they originally cost. Some domainers choose to purchase just a few high-profile domains that they then sit on until their values increase. Some examples of domain names an aspiring domainer can collect include:

 

  • Generic names: These are words that could describe a product or a service. The important thing to remember here is to avoid trademarked or copyrighted domains that could result in their forfeiture.
  • Business names: These are generic business names such as “chiropractor” or “dentist,” which can turn out to be great investments when combined with geographic locations.
  • Geographic names: These include names of countries or cities, which could be considered up-and-coming business hot spots. They may become good investments over time and can be sold to web developers who are building community portals or companies that focus on the related communities.
  • Timely names: Other suitable domain names for investment are timely names that can be combined with events that occur in a certain year. One example is 2022Olympics.com.

 
 

How Can a WHOIS Database Download Service Help?

 

With a WHOIS database download service, domain flippers can access historical domain name information that can be customized according to their needs. They can:

 

  • Get active WHOIS records for domains with gTLD extensions like .com, .net, .org, and more, as well as those with ccTLD extensions that include .uk, .fr, .cn, and the like.
  • Obtain information on millions of active domain names with WHOIS records that is constantly updated.
  • Download both raw and parsed WHOIS data as either a database dump or a .csv file.
  • Identify important information on domains that include its registrant’s name, organization, email address, expiration date, and more, which can be handy in domain flipping.
  • Get WHOIS records that have been normalized to maintain a consistent format that is easy to integrate into existing tools and processes.

 

Domainers will find a WHOIS database download service useful in identifying currently active domains and those that are about to expire. As such, they can find out when the domain names they are interested in are going to be available. This will give them the time and opportunity to secure the domain they want before anyone else does.

 

They can also get a domain owner’s contact details for various purposes. One example is by contacting the registrant to ask if they are willing to part with the domain of your interest.

 

Finally, domain flippers can avoid the legal consequences of going for names that are trademarked or copyrighted. The WHOIS database download service will help them see existing domains for comparison. This is especially important since there are strong policies and laws in place that protect trademark owners from such acts.

 


 

Just like any investment today, domain names also come with their own risks and rewards. The good news is that domain flippers can use a WHOIS database download service to help them maximize their earnings by gaining access to a comprehensive set of domain name records.

 

Would you like to learn more about this download service? Contact us now at support@whoisxmlapi.com.

]]>
http://www.chuangshi32.top/blog/whois-database-download-empowering-the-practice-of-domain-flipping/feed/ 0
How Brand and Domain Name Monitoring Can Counteract Cybersquatting http://www.chuangshi32.top/blog/how-brand-and-domain-name-monitoring-can-counteract-cybersquatting/ http://www.chuangshi32.top/blog/how-brand-and-domain-name-monitoring-can-counteract-cybersquatting/#respond Mon, 23 Sep 2019 12:17:39 +0000 http://www.chuangshi32.top/blog/?p=2275 The Web is a huge and unregulated space made up of countless online content locations. There are more than 300 million active websites today with an additional 25 million registered each year. It’s only inevitable then that there will be … Continue reading ]]>

The Web is a huge and unregulated space made up of countless online content locations. There are more than 300 million active websites today with an additional 25 million registered each year. It’s only inevitable then that there will be intense competition between registrants and, therefore, demand for domain names, especially for those that use the most recognizable words and identifiers.

 

In fact, conflicts between trademark holders and domain registrants looking to own the rights to specific domains are common. Numerous disputed domains nowadays are registered either by accident or with the intent to gain money from those who are interested in them. This tactic is known as “cybersquatting,” which can have severe consequences for your brand if you don’t pay attention to it.

 

In this article, we’ll discuss cybersquatting and how domain name monitoring can protect your business from it.

 

 

Why Should I Be Concerned with Cybersquatting?

 

In essence, cybersquatting refers to registering, selling, or using a domain name to benefit from someone else’s trademarked property. It is generally a shady practice of the culprit purchasing domain names that pertain to existing company brands in hope of making a profit.

 

A cybersquatter is, of course, free to register any domain name — even one that closely resembles a popular trademark — as long as it is available. He is, however, considered a malicious individual because he is infringing on someone else’s rights just to benefit from it. Cybersquatting can take many forms, which include:

 

  • Registering domains that use common English words or phrases for resale later on;
  • Registering misspelled variations of well-known website domains;
  • Buying domain names that have recently expired;
  • Posting disparaging remarks on cybersquatted sites against certain people or companies;
  • Publishing affiliated links to monetize content and drive visitors to click them.

 

These practices can cause the trademark holders significant financial losses and reputational damage. It is, therefore, your responsibility as a brand owner to protect your intellectual property not only when it comes to patents and designs, but also your domain names.

 

With so much at stake, it’s important to know all about cybersquatting and its many forms so you can avoid suffering the consequences.

 

 

Types of Cybersquatting

 

At present, there are four particularly dominant cybersquatting techniques that malicious actors commonly employ and these are:

 

Typosquatting

Also known as “URL hijacking”, typosquatting involves the creation of fake websites using domain name variations with misspellings or typos in hope that users will inadvertently visit them. Typos can come in the form of misspellings (e.g., gooogle.com), phrasing variations (e.g., googles.com), and TLD extension substitution (e.g., google.co).

 

More complex typosquatting tactics abuse audio-visual, and hardware similarities in trademarks. For instance, a homograph attack relies on visual likenesses in symbols, letters, or strings. An example would be replacing “w” and “vv” in a domain like “www.walmart.com” (e.g., www.vvalmart.com).

 

Identity Theft

Another cybersquatting technique requires purchasing a domain that the original owner has forgotten to renew. This uses special applications or algorithms that allow the perpetrator to easily monitor domain expiration dates. Once registered, the cybersquatter can then mimic the real company’s website and trick visitors into believing they are the same domain owner.

 

Namejacking

This refers to registering domain names associated with a popular individual such as a celebrity or some other public figure. Namejackers stand to benefit from the web traffic that their target individuals’ status typically generates.

 

Personal names, particularly in the U.S., can be trademarked but only if these have become distinctive enough through long-term use or advertising. Names that do not fulfill this condition cannot be trademarked since many individuals may share them. As such, namejackers that do not reside in the country are outside the scope of the U.S. Anticybersquatting Consumer Protection Act.

 

Reverse Cybersquatting

In the event of reverse cybersquatting, an attorney can argue that a trademark holder has made false claims of cybersquatting against a supposed “legitimate” domain owner. This practice involves a variety of intimidation tactics used in trademark litigation so the target or real domain owner is pressured to hand over his property to the threat actor.

 

It is important to note that reverse cybersquatting can be considered a means of exploiting the dispute resolution procedures for domain names. It could even lead to unfair business practices that stay within the confines of the law, as it can enable the “victims” (actually the perpetrators) to receive compensation for damages.

 

Monetization Practices Related to Cybersquatting

 

Professional cybersquatters utilize a range of techniques to profit from their illicit activities, including:

 

  • Ransomware: Some cybercriminals use cybersquatted domain names to spread ransomware. Victims are often blocked from accessing important files in their systems until they decide to pay the ransom.
  • Scams: In cybersquatting, this often translates to credit card fraud and identity theft. Owners of a cybersquatting site may, for instance, inform users that they can win various prizes if they sign up on their website. In truth, the site just collects their personal information so the criminals can steal their identities.
  • Hit stealing: This refers to the practice of referring visitors who arrive at a cybersquatted domain to a competitor’s website. As the name suggests, the main purpose of this activity is to disrupt or inconvenience the victim.
  • Affiliate marketing: This involves redirecting visitors to web pages that sell products or services in exchange for a commission.
  • Domain parking: This entails redirecting a domain name’s visitors to a website full of ads in order to generate traffic.

 

 

Is There a Legal Authority that Works Against Cybersquatting?

 

One of the ways by which domain name registrars contribute to the fight against cybersquatting is requiring all registrants who own trademarks or copyrights to present their certificates when reporting cases of infringement.

 

However, the primary entity that counteracts cybersquatting is the ICANN — the same organization responsible for maintaining the entire DNS. It allows cybersquatting victims to resolve disputes based on the Uniform Domain Name Resolution Policy (UDRP) — a process that is often faster and less costly compared with undergoing a legal proceeding.

 

Before you can submit a UDRP claim, however, you will need to meet the following criteria:

 

  • 1. The complainant needs to have an unregistered or registered trademark to hand. This evidence will be submitted to the arbitration panel, which will verify the said trademark’s existence.
  • 2. The complainant needs to explain why or how the trademark he owns is similar to the domain name he is disputing.
  • 3. The complainant must prove that the disputed domain name’s holder doesn’t have the legal right to it.
  • 4. Finally, the complainant needs to prove that the disputed domain name was obtained in bad faith.

 

Once all of these conditions are met and successfully proven, the disputed domain name will be taken down and the right to own it is transferred to the complainant. It is important to note that there are no financial remedies under this process.

 

Although the UDRP is effective, trademark owners who wish to maintain their good standing shouldn’t rely on post-factum solutions in order to remedy the consequences of cybersquatting. Instead, they should start taking measures to prevent it from happening and to minimize the risks as much as possible. One way of doing so is by registering domain names that are similar to your trademarks, which will stop cybersquatters from getting their hands on them.

 

 

How Can Domain Name Monitoring Help?

 

Brand Monitor and domain name monitoring tools in WhoisXML API’s Domain Research Suite can protect you from cybersquatting by letting you proactively monitor for intellectual property abuse. It does this by letting you track certain keywords associated with your brand and trademarks. The program will then keep an eye open for it and alert you to the existence of any recently expired or newly registered domain that matches your search terms.

 

With this capability, you can stay abreast of anything that closely resembles cybersquatting, allowing you to carry out further actions against trademark and domain name hijacking. This could be particularly useful against the various types of cybersquatting tactics cybercriminals are employing these days.

 

You also get alerted to domain name matches that use other extensions. Normally, users like to register their websites with the .com TLD but some use other TLDs such as .co, .biz, .net, and so on. Although securing these domains even if you don’t plan to use them can cost extra, this practice allows you to safeguard your brand from cybersquatters.

 

Besides keyword tracking, WhoisXML API’s brand and domain name monitoring tools also come with a “typos” feature that automatically generates misspelled versions of your domain that are added to your list. This not only helps you save time, but it also increases your chances of catching typosquatters even before they can do you any harm.

 

 

Concluding Thoughts

 

Cybersquatting has truly become a lucrative practice in the digital world, which can adversely affect the reputation of even the most well-established brands. It can even pose legal challenges to brand owners, which could be both time-consuming and costly.

 

And all this is because of the very fine line between the legality and illegality of cybersquatting. The practice borders on the unlawful but can turn the tables against the real victim, as in cases of reverse cybersquatting.

 

Although the UDRP can settle disputes related to cybersquatting and similar practices, preventive measures are still recommended to spare trademark owners the hassle and expense which becoming a victim entails. With a software suite that lets you perform advanced brand and domain name monitoring, you get to stay one step ahead of cybersquatters and make the Web a less chaotic space than it currently is.

]]>
http://www.chuangshi32.top/blog/how-brand-and-domain-name-monitoring-can-counteract-cybersquatting/feed/ 0
Brand Monitor and Brand Alert API: How to Combat Brand Misrepresentation in the Retail Fashion Industry http://www.chuangshi32.top/blog/brand-monitor-and-brand-alert-api-how-to-combat-brand-misrepresentation-in-the-retail-fashion-industry/ http://www.chuangshi32.top/blog/brand-monitor-and-brand-alert-api-how-to-combat-brand-misrepresentation-in-the-retail-fashion-industry/#respond Sun, 22 Sep 2019 19:15:36 +0000 http://www.chuangshi32.top/blog/?p=2070 Misrepresentations together with negative brand equity are probably the biggest nightmares of today’s most prominent companies — and more often than not, that’s connected to cybersecurity and data breaches.   For example, the latest stats show that one in every … Continue reading ]]>

Misrepresentations together with negative brand equity are probably the biggest nightmares of today’s most prominent companies — and more often than not, that’s connected to cybersecurity and data breaches.

 

For example, the latest stats show that one in every 99 emails you get each day has ties to a phishing attack, the majority of which come laced with malware specially crafted to harvest victims’ financial credentials or use popular brands as social engineering bait.

 

A great example would be an email offering a considerable discount that the victim may find very hard to resist. So she clicks the link to a site where she’s asked to fill in her personal data, including the credit card, for instance, that she plans to use to purchase goods. She doesn’t get the items she supposedly bought and so complained to the store via all possible means — email, phone, and social media.

 

What’s worse, others who fall for the same ruse join the frenzy, dragging the brand’s name through the muck. What can the victimized company do? Could it have prevented the phishing attack? These are just some of the things this article answers by analyzing Zara’s real-life case study.

 


 

Table of Contents

 

 


 
 

The Attack: A Curious Case of Zara

 

In the not-so-recent past, phishing was limited to emails that people usually read on their computers. That’s no longer the case though, since the birth of smartphones and the millions of apps that users can choose from as Zara’s case shows.

 

The Victim

 

Zara is a very popular Spanish fast-fashion retailer worldwide. Apart from having physical stores in some of the biggest shopping malls the world over, it also sells clothing and accessories via country or regional sites online. To date, it has a total of 202 physical and virtual shops.

 

The Attack Vector

 

WhatsApp is a messaging app that’s currently being used by hundreds of millions of users worldwide. It can be used on not only smartphones, but also personal computers, so just imagine the number of potential victims a cybercriminal could have.

 

The Bait

 

Sometime in February 2016, several WhatsApp users received an instant message from someone they know and trust prodding them to forward it to 10 contacts. They were then asked to click a shortened link to a site where they could get their free Zara gift cards.

 
 

The Real Deal: Behind the Scammers’ Curtains

 

Here’s how the victims’ credit card and other personally identifiable information (PII) landed on the phishers’ laps:

  • 1. Potential victims got the following WhatsApp instant message from a contact.
    Potential victims got the following WhatsApp instant message from a contact.
  • 2. They forwarded the message to 10 contacts as suggested (unknowingly getting more potential victims for the phishers).
  • 3. They then click the shortened link to the site to get their free gift card (typically US$500 worth).
  • 4. The site (specially crafted to look like a real Zara page) asks them to fill in a form to receive the gift card and so they do.
  • 5. They click “Submit”, which sends their details to the attackers. Their personal information could then end up for sale in the Deep Web or underground marketplaces, be used by the phishers themselves for fraud, or be held for ransom.

 

This case isn’t the first time Zara’s or other popular retailers’ brand was used for a phishing attack. A similar ruse taking advantage of Zara was seen on Facebook even earlier, specifically, in March 2014. The message appeared on potential victims’ timelines. Those fooled into clicking the link were led to a site that harvested their personal information, including their credit card details.

This case isn’t the first time Zara’s or other popular retailers’ brand was used for a phishing attack

Regardless of the platform and brand used, one thing always remains: it’s a sham! None of the victims ever get gift cards, of course, they just end up inviting more people to get phished and handing their personal information to eagerly waiting cybercriminals via their specially crafted data-stealing sites.

 

The prospect of getting something for free always seems to do the trick when baiting digital citizens to give up their PII. They aren’t the only ones who suffer from phishing attacks, however. The retailers’ brands and thus, their reputations, also become casualties. So now we come to the burning question: Could Zara have prevented the phishing attack from its end using Brand Monitor or Brand Alert API? Let’s find out.

 
 

The Evidence: Could Brand Monitor or Brand Alert API Have Helped Prevent the Attack?

 

Brand Monitor is a domain-monitoring tool that lets users keep track of their brands’ and other trademarks’ or intellectual properties’ exact matches and variations, including those with all possible typos, to protect their business online.

 

Let’s see how it could have helped in Zara’s case:

  • 1. Sign up by clicking “Open Dashboard” on the Brand Monitor site. You automatically get free Domain Research Suite (DRS) credits.
  • 2. Look for and click “Brand Monitor” on the left panel. You’ll automatically be taken to the “Basic” function. Type your brand name in the input box, then click “Add to monitoring”. In this step-by-step guide, we’ll use the brand “Zara”. Note that you’ll need to wait for 24 hours to see the results because the monitoring is completed daily.
    Look for and click “Brand Monitor” on the left panel.
  • 3. You can, however, already choose to use Brand Monitor’s Typos function. This feature helps if you’re looking to spot possible phishing sites spoofing your brand. To do that, click “Edit monitor”. You should see a prompt like this:
    You can, however, already choose to use Brand Monitor’s Typos function.
  • 4. Simply click the “Typos” toggle button to on (when the icon turns red), and you’re done. You’ll see how many misspelled versions of your brand name have been added to your tracker. In this case, 135 possible matches were included in our Zara monitoring. Click “Save”. To see a list of the typos the tool automatically added to your tracker, click the “Typos (number) >” button, you should see something like this:
    A list of the typos the tool automatically added to your tracker.

    All the possible variations of “Zara” that Brand Monitor automatically generated are made available on the drop-down list.

  • 5. A day’s monitoring would give you results similar to this:
    A day’s monitoring would give you results similar to this.

    Changes appear on the left panel, arranged by date.

  • 6. Check if any of them may be piggybacking on your brand or, worse, damaging your hard-earned reputation. Our Zara monitoring revealed that among the domain names we’re tracking, misspelled ones included, there were 6,557 new additions or modified domains while 1,827 were, for one reason or another, dropped by their owners. To see the entire lists, click “Show more”.
  • 7. Go through the list and build WHOIS reports on each if you have the resources to do so. To do that, you may use WHOIS API. Note that you can use your DRS credits for all of the tools included in Domain Research Suite
    • a. Access the product site at https://whoisapi.whoisxmlapi.com/.
    • b. Scroll down until you find the Give the API a Try section.
      Scroll down until you find the Give the API a Try section.
    • c. Let’s take a closer look at “zaragoza.link”, one of the domains under the Domains dropped list.
      Let’s take a closer look at “zaragoza.link”.
    • d. Type the domain name in the WHOIS API input field then click “Search”. You should see something like this:
      Type the domain name in the WHOIS API input field then click “Search”.
    • e. As the WHOIS API lookup shows, the domain is relatively new (about 2 years old). You can also see when it was last updated. Unfortunately, it is privately registered, so the owner’s name and contact information have been edited. It’s clear, however, that it is still active. In fact, its owner automatically renews its registration, which is a good indication that it’s connected to a legitimate business. Why? Cyber attackers don’t usually hold on to domains once these have been used in attacks and consequently blocked.
      As the WHOIS API lookup shows, the domain is relatively new (about 2 years old).

     

  • 8. Now, let’s dig into the most suspicious-looking ones and take a closer look at them. A quick tip: Focus on the list of active domains — the ones that have recently been put up or modified (those on the left-hand side). Let’s find out more about “azarashiazarashi.xyz”.
    Let’s dig into the most suspicious-looking ones and take a closer look at them.
  • 9. Search for the domain on WHOIS API. You should see a report like this:
    Search for the domain on WHOIS API.

    As the report shows, it is a newly registered site that contains your brand name. It contains incomplete data, which could be a sign for restricting access to it.

  • 10. Compare each site’s content with yours. Look for typical signs indicating that cybercriminals or people with malicious intentions are trailing their sights on your business, which include: 
    • a. Misspelled domain name, a variation of yours with typos;
    • b. A non-affiliated site, web page, email, newsletter, instant message, or social media post sporting your logo or its lookalike;
    • c. A non-affiliated site, web page, email, newsletter, instant message, or social media post tied to an email address, any URL (shortened links included), online account, or person that your company doesn’t own or employ;
    • d. A domain name that uses an uncommon gTLD such as “.xyz” that any company wouldn’t typically use or a ccTLD that corresponds to a country that you’re sure you don’t sell to or do business in;
    • e. A domain name that has random numbers or special characters that aren’t part of the brand or company’s name. (This defeats the purpose of making it easy for users to find a legitimate company’s site online after all.)

     

    Make sure though that none of the sites are yours or affiliated in some way with your company. You don’t want to make them inaccessible to users. You should find that a lot of the sites’ names may just have the same letters as your brand names or the companies that own them resell your products. Don’t be too hasty about suspecting them of foul play.

     

    To widen your search, you can also add other keywords to your monitor. Good examples for a brand like Zara would be “fashion”, “retail”, “clothing”, and “accessories”. To do that, click “Edit monitor”.

     

    Click “+” beside “Add term” then type each additional keyword into the input box that appears. When you’re done, click “Save”. Brand Monitor will now show you the results with the additional keywords in future reports. This step is a great way to keep track of your competitors. You can also add their brands to your tracker if you wish to stay abreast of their sales and marketing efforts.

    Brand Monitor will now show you the results with the additional keywords in future reports.
  • 11. After compiling a list of suspicious-looking sites, find out more about each of them. To do that, click “>” next to the domain name. You should see a pop-up window like this:
    After compiling a list of suspicious-looking sites, find out more about each of them.
  • 12. If you wish to take a deeper dive, you can build WHOIS reports. A basic WHOIS report will serve our purpose. Let’s say you want to see more about “sara.xyz”. Click “Build WHOIS report” from among the choices. You should get something that looks like this:
    If you wish to take a deeper dive, you can build WHOIS reports.

    Note that we’re not saying that “sara.xyz” is a malicious domain. We just used it as an example for building a WHOIS report. As it turns out, the domain is currently for sale.

  • 13. Should you find a domain that is malicious, however, contact its registrar. If it’s not taken down, issue warnings of potential fraud to your customers on your shopping site or blog if you have one. Email your newsletter or updates to your subscribers too. Tell them not to visit the potentially malicious site and that it isn’t in any way connected to your brand. Seek the aid of a law enforcement agency or the authorities. Alert them that the site may be used in a phishing attack. If you’re the type of person who is more comfortable sifting through records offline but want to get the same benefits that Brand Monitor provides, use Brand Alert API, its RESTful API counterpart. It gives the same results as Brand Monitor in XML and JSON formats. Choose what works best for you.
    Use Brand Alert API, Brand Monitor's RESTful API counterpart.

For better security and peace of mind, use these other domain-monitoring tools from the Domain Research Suite that will seamlessly work with both Brand Monitor and Brand Alert API:

  • Reverse WHOIS Search: You can use the WHOIS reports that Reverse WHOIS Search generates to obtain more information on a domain you’ve been keeping tabs on with Brand Monitor to verify its legitimacy when, say, you’re investigating it for copyright infringement or any fraudulent activity. Access this by clicking Reverse WHOIS Search on the menu on the left. You should see this window open:
    Access this by clicking Reverse WHOIS Search on the menu on the left.

    Monitoring, for instance, revealed a suspicious-looking company — one whose brand looks too similar to yours. Let’s see if we can find out more about “zarandon.com”, a domain that turned up on your list of modified domains on Brand Monitor. Note that apart from a domain name, you can use the registrant’s phone number, email address, company name, and other information as a search term for a WHOIS report lookup.

     

    Type it in the Reverse WHOIS Search input field, then click “Search”. You should get a report like this:

    Type it in the Reverse WHOIS Search input field, then click “Search”.

    The report shows that no other domain is affiliated with your search term. That is a good indicator that it is not malicious as cybercriminals are known to use several connected domains for a single malware campaign.

     

    If, however, a Reverse WHOIS Search turns up several connected domains, it would be wise to check each for ties to a cyber attack.

     

    If you used an email address like lazyhacker123@gmail.com — a known malicious sender — and found several domain names affiliated with it, it’s best to include them in your blacklist. That way, none of your company-owned assets will be in danger of compromise should the connected domains be part of a criminal enterprise.

  • WHOIS History Search: If you’re unsure of the reputation of a domain you wish to purchase and want to know its entire history, use WHOIS History Search with Brand Monitor. It gives you detailed insights on the domain’s entire life cycle, allowing you to make sure it never had ties to malicious online dealings that can harm your brand. Now, say, you’re interested in purchasing sara.xyz to make sure no malicious entity will be able to use it for site spoofing. However, first, you want to see if it isn’t hiding anything that can be harmful to your network. Run a WHOIS History Search on the domain name to dig deeper. You should see this when you click WHOIS History Search from the menu on the left.
    Run a WHOIS History Search on the domain name to dig deeper.

    To find out more about a domain, type it in the input field, then click “Search”. This step should return a result like this:

    To find out more about a domain, type it in the input field, then click “Search”.

    From the report, you will know that the domain’s WHOIS record has been updated 22 times, changed registrants twice, has undergone 776 modifications, changed owners three times, and has been in the database for almost five years.

     

    You can click the down arrow to see more details on each change the domain has undergone since it was first registered. The changes are arranged from most recent to oldest. A scan of its history reveals that it is owned by someone from Panama. It has, however, been privately registered by Namecheap.

    More details on each change the domain has undergone since it was first registered.

    Until 26 September 2018, its registrant was eNom, Inc. and the domain was registered in the U.S.:

    Until 26 September 2018, its registrant was eNom, Inc. and the domain was registered in the U.S.

    Nothing seems to be amiss though, and so it should be safe to purchase the domain should you wish to.

  • WHOIS Search: If you’re interested in purchasing a domain that fits your company’s needs to a tee, use WHOIS Search with Brand Monitor. It can alert you when the domain is up for grabs as when its owner has given up his rights to use it, or its registration has expired. Let’s say sara.xyz is currently in use, but you would like to know when its ownership will expire. You can run a WHOIS Search on it, just click this from the left-hand menu. You should see this window: 
    You can run a WHOIS Search on it, just click this from the left-hand menu.

    Type the domain name in the input field and click “Search”. You should get a report like this:

    Type the domain name in the input field and click “Search”.

    The report indicates that domain ownership won’t expire until 2 June 2020. However, it doesn’t reveal any ownership details. If you’re dead set on the domain, you can wait until the expiration date or contact the registrar.

  • Domain Availability Check: Looking for a domain for your new product? Use Domain Availability Check with Brand Monitor. It gives you a list of all the domains that may fit your needs. If the domain you’re eyeing is currently in use, the tool will alert you when it becomes available. If, say, you can’t wait for a domain’s ownership to expire but are willing to settle on your second or some such choice, you can use Domain Availability Check to see which are for sale today. Just choose Domain Availability from the menu on the left. You should see this window:
    Just choose Domain Availability from the menu on the left.

    Type your second domain choice in the input field, then click “Check”. Let’s say you want the domain name sara.com.

    Type your second domain choice in the input field, then click “Check”.

    The tool tells you if a domain is available or not with just one step. Run through your list of favored domains until you find one that is up for sale.

  • Domain Monitor: Use Domain Monitor with Brand Monitor to keep track of any changes to a domain that has piqued your interest. Let’s say you’re doing further investigation on a domain that you think is piggybacking on your brand. You can use Domain Monitor to automatically update you on any modifications made to it in just a few steps. First, go to Domain Monitor by choosing it from the menu on the left. You should see this window:
    Go to Domain Monitor by choosing it from the menu on the left.

    You can add domains individually or in bulk. For demonstration purposes, let’s add a single domain to our tracker — sara.xyz. Type it in the input field and click “Add to monitoring”. It should appear in your list.

    Type it in the input field and click “Add to monitoring”.

    Like with Brand Monitor, you need to wait 24 hours for reports of any modification on the domain to appear on your tracker. These are arranged from newest to oldest as well. Domain Monitor will automatically track all changes that domains of your interest undergo over time.

  • Registrant Monitor: Use Registrant Monitor with Brand Monitor to keep track of registrant-related changes tied to brands you’re eyeing. If you’re more interested in a particular domain’s registrant or owner, meanwhile, because you’d like to report him for brand abuse, for instance, you can add his name to Registrant Monitor. Let’s say the registrant’s name is Jane Smith. Click Registrant Monitor from the menu on the left. You should see this window:
    Click Registrant Monitor from the menu on the left.

    Just type “Jane Smith” in the input field, then click “Add to monitoring”. It should appear in your tracker, as shown below.

    Just type “Jane Smith” in the input field, then click “Add to monitoring”.

    Wait 24 hours before you see results, the same as with Brand Monitor and Domain Monitor. Now, you can stay updated on Jane Smith’s every domain-related move arranged from most recent to oldest.

 
 

The Verdict: Lessons from Zara’s Case

 

Zara and other fashion retailers have proven lucrative phishing baits because of the increase in people’s inclination to buy luxury apparel, which means they have good spending power. Targeting them directly can also provide perpetrators with intellectual property information that they can sell to the highest bidders (possibly, a competitor). If their shopping site databases get breached, the attackers will get their greedy hands on the personal and financial data of their customers as well. All of that can land them in tons of cyber trouble. Not only would their customers suffer, but their brand would be damaged too.

 

Brand protection guidelines these days shouldn’t just cover company logos and other trademarks’ usage policies. The ubiquity of the Internet use mandates that guidelines should cover domain security as well. It’s not enough to expect customers not to fall for age-old phishing tactics; retailers need to do their part as well. That’s where tools like Brand Monitor and Brand API Alert come in handy. They don’t just let you safeguard your virtual assets; they protect your customers and your good name too.

 

When used in tandem with domain monitoring tools, they ease fashion retailers’ cybersecurity-related investigations. When they are combined, meanwhile, with other tracking tools like Domain Monitor and Registrant Monitor, users get the added benefit of anticipating the moves of suspected wrongdoers.

]]>
http://www.chuangshi32.top/blog/brand-monitor-and-brand-alert-api-how-to-combat-brand-misrepresentation-in-the-retail-fashion-industry/feed/ 0
Malware Detection and Prevention Using Website Categorization API! http://www.chuangshi32.top/blog/malware-detection-and-prevention-using-website-categorization-api/ http://www.chuangshi32.top/blog/malware-detection-and-prevention-using-website-categorization-api/#respond Tue, 17 Sep 2019 10:00:56 +0000 http://www.chuangshi32.top/blog/?p=2264 Cybercrime has taken on the mantle of being the biggest security threat to global information systems of the 21st century. With an increasing number of utilities, services and businesses connecting themselves to online platforms, the number of systems that are … Continue reading ]]>

Cybercrime has taken on the mantle of being the biggest security threat to global information systems of the 21st century. With an increasing number of utilities, services and businesses connecting themselves to online platforms, the number of systems that are potentially under threat of becoming cybercrime targets is increasing by the day. Recent spates of cyber attacks such as the WannaCry and NotPetya have shown how easily important business processes and public utility systems can fall prey to such nefarious acts of digital felony. According to the latest estimates by thebestvpn.com, ransomware alone is slated to cost businesses to the tune of $11.5 billion in 2019. Furthermore, the costs of damage caused by cybercrime cannot be measured in terms of money alone. Cybercrime has far reaching consequences that go beyond mere monetary considerations. The loss of private data, breach of personal and privileged information as well as leak of sensitive records may snowball into global security risks. As a result, it becomes a matter of prime importance that such heinous attacks are nipped in the bud.

 

Malware Attacks: A Global Threat

One of the biggest causes of cyber security breaches stems from the presence of malware in the internal networks of an organization or business. Malware is a broad term that essentially covers any type of computer program that is designed to cause harm, inflict damage or compromise the security of a computer, or computer networks. The presence of malware in any computer system can lead to data leakages, system failures as well as denial of service. As every business of today conducts a major part of their operations and financial transactions online, the threat of malware attacks is fast becoming even more pronounced. Malware can often enter a system from simple acts such as visiting an insecure website, clicking unverified links or downloading shady software.

 

How Malware Threatens Businesses?

Malware includes any harmful software such as computer viruses, ransomware, worms or spyware that are designed to cause harm, steal information from or take control of your organization’s internal computer systems. Malware can harm your business in any of the following ways:

  • By taking control of your computer networks.
  • Altering, damaging or deleting digital data.
  • Steal proprietary information or customer data such as credit card information.
  • Use your company network to spread misinformation about your business.
  • Hold your business data hostage and demand monetary compensation for restoration of the same.

These are only some of the ways in which malware can harm your business. Due to the wide capability of malware to cause damage, it is still considered one of the biggest threats to the operation of digital networks in 2019. A large percentage of the malware that infects computers comes from malicious websites that inject these harmful programs into the systems of unsuspecting visitors. Therefore, the timely detection of websites that may contain malware such as viruses and spyware can help protect the internal systems of a company’s network. This is exactly where our Website Categorization API can help you.

 

Using Website Categorization API To Guard Against Malware

When dealing with any online entity, the website is the single point of contact. In such a scenario it pays to know the category of the website you are dealing with before conducting operations or business transactions related to the website. Our Website Categorization API uses a combination of machine learning based AI- authentication as well as human inputs to categorize over 152 million websites. This allows any business to quickly and efficiently identify malicious sites and take the necessary actions to protect their company networks and data from potential infections. Using the Website Categorization API allows businesses to investigate potential threats at the URL level. The API analyzes the content of the target website and applies natural language processing to categorize the site based on over 25 supported categories. The efficacy of the Website Categorization API is complemented by our other product, the Website Contacts & Categorization Database. This product gives businesses access to website category as well as contact details based on category and location in the form of a downloadable database. Website contact details and domain names segregated in terms of category and location enables businesses to expedite the process of identifying the offending website and start taking the required legal action against the owners of the malicious site. All the categorization data is made available in XML and JSON formats for easy integration and use by businesses. The Website Categorization API can also be used to automatically block access to website categories that violate the protocols of a business organization. For example, the API can be used to filter and prevent browsing of websites containing adult content, or the unauthorized use of social media in the workplace.

 

Conclusion

Malware continues to be a looming threat on the horizon for major businesses even today. The Website Categorization API provides a seamless way to categorize and detect malicious websites and acts as a shield against possible malware infection.

]]>
http://www.chuangshi32.top/blog/malware-detection-and-prevention-using-website-categorization-api/feed/ 0
The Best Ways to Get a User’s Location in JavaScript http://www.chuangshi32.top/blog/the-best-ways-to-get-a-users-location-in-javascript/ http://www.chuangshi32.top/blog/the-best-ways-to-get-a-users-location-in-javascript/#respond Wed, 11 Sep 2019 16:13:50 +0000 http://www.chuangshi32.top/blog/?p=2247 Geolocating your website’s users can be useful for a wide variety of purposes. For example, you may want to show a different version of your website to users in different localities. You may be trying to better understand where your … Continue reading ]]>

Geolocating your website’s users can be useful for a wide variety of purposes. For example, you may want to show a different version of your website to users in different localities. You may be trying to better understand where your users live so you can tailor your website to better suit their needs. Or, maybe your website can only function in certain areas.

 

Whatever your reasons, geolocating your users and knowing where they’re coming from can be useful.

 

There are a few different ways to geolocate users by using JavaScript. Each method has its own tradeoffs. I’m going to cover all the different ways in which you can geolocate users by using JavaScript below.

 

The methods below are ranked from best to worst (factoring in accuracy, convenience, and complexity). This will hopefully help you decide which approach to take according to your requirements.

 
 

The Most Accurate Way to Locate Your Users: Ask!

 

The most accurate way to figure out where your users are located is to… ask them! As I was doing my research for this article, I was surprised that I hadn’t seen anyone else mention this.

 
The Most Accurate Way to Locate Your Users: Ask!

As you’re going to learn in a few minutes, locating a user isn’t always straightforward, and no matter what method you choose, accuracy isn’t guaranteed. Having said that, there certainly isn’t a more accurate way to find the location of your users than to just ask them.

 

If your goal is to figure out precisely where someone lives, why not just throw together a simple web form that prompts the user for their physical address? Tons of sites do this and users are more than willing to give their address to you if necessary.

 

In particular, if you’re building any sort of shopping or e-commerce-type website, getting a user’s address is a standard part of the flow. If you’re building any sort of social media-type application, some amount of location data is typically requested (think Facebook, Twitter, etc.).

 

On the other hand, if you’re building the type of website that users wouldn’t expect you to need their address for, this approach obviously won’t work, and could potentially be detrimental (you’ll run the risk of giving your users the creeps).

 
 

Find Your User’s Location in JavaScript Using an API

 

If it doesn’t make sense for you to ask your users where they live, the next most accurate way to locate your website’s users is by using an API service (like geoipify). Services like geoipify are called “IP geolocation services” because they allow you to take a user’s IP address and map it back to an actual physical location.

 

The way IP geolocation services work is by aggregating IP address data from many different sources including:

 

  • Information from internet service providers who provide information like GPS coordinates and addresses of IP addresses they assign. For example, when you signed up for internet service at your house, your ISP gave you a public IP address at your home. Your ISP may then record that data and share it out with third parties.
  • Data mining. If you’ve ever voluntarily given your address to a website, that website may have shared that information with other third parties so that they can map your IP address back to your physical address.
  • Merging databases from various providers. There are several large IP geolocation providers. By merging these databases together, you can improve the coverage of IP geolocation data.
  • Latency-based geolocation techniques. Because talking to devices over the public internet requires routing between many different devices across the world, there are various techniques that can be used to geolocate an IP address by analyzing the time it takes to communicate with a device in a known location.

 

As you can probably tell from the above description, it isn’t easy to access IP address geolocation data on your own, so using a service to pragmatically query this information is your only real choice.

 

One of the benefits to using an IP geolocation service like geoipify is that it won’t detract from your user experience at all. You don’t need to ask the user for their address, prompt them for permissions, or anything like that. All you need to do is take the user’s public IP address (which you can easily retrieve by using your programming language of choice) and run it through an IP geolocation service to figure out where that user is located.

 

The downside to using an IP geolocation service is that users can manipulate their IP address by using tools like VPN services and IP address spoofing. If a user is able to manipulate their IP address so that your website thinks the user has a different IP address than they actually do, you’re obviously going to be getting incorrect location information when you later geocode the user’s IP address.

 

All that said, this method is still extremely accurate in most circumstances. And the odds are, if a user is purposefully manipulating their IP address, they are unlikely to want you to know their location regardless.

 

If you want to use geoipify to find the location of your website’s users, you can sign up and use the service for free here.

 

Here’s how you can easily find the location of a user through their IP address by using the simple-geoip JavaScript library. Here’s a full example application showing how it works:

 

const GeoIP = require("simple-geoip");

let geoIP = new GeoIP("your geoipify api key goes here");

geoIP.lookup("8.8.8.8", (err, data) => {
  if (err) throw err;
  console.log(data);
});

 

If you were to run the program above, you would get back the following location data for the user with IP address `8.8.8.8` (NOTE: `8.8.8.8` is a special address owned by Google).

 

{
  ip: '8.8.8.8',
  location: {
    country: 'US',
    region: 'California',
    city: 'Mountain View',
    lat: 37.40599,
    lng: -122.078514,
    postalCode: '94043',
    timezone: '-07:00',
    geonameId: 5375481
  },
  domains: [ '0--9.ru', '000180.top', '0002.by', '00027.hk', '00049ok.com' ],
  as: {
    asn: 15169,
    name: 'Google LLC',
    route: '8.8.8.0/24',
    domain: 'https://about.google/intl/en/',
    type: 'Content'
  },
  isp: 'Google'
}

 

Not bad, huh? With just a few lines of code, you can get a ton of useful location information about a user.

 
 

Use the Browser Geolocation API

 

The last (and my least favorite) method for finding out where a user is located is to use the built-in Geolocation API that most browsers now support.

 
Use the Browser Geolocation API

Essentially, this API allows you to prompt the user for their location information. If the user “allows” you to access their location data, then you can use the Geolocation API to get the GPS coordinates of the user (latitude and longitude).

 

Unfortunately, depending on the device the user possesses, getting accurate location data may take a while.

Here’s a small web application that displays your GPS coordinates by using the Geolocation API in your browser (courtesy of Mozilla).

 

### HTML Page

 

<button id = "find-me">Show my location</button><br/>
<p id = "status"></p>
<a id = "map-link" target="_blank"></a>

 

### JavaScript

 

function geoFindMe() {

  const status = document.querySelector('#status');
  const mapLink = document.querySelector('#map-link');

  mapLink.href = '';
  mapLink.textContent = '';

  function success(position) {
    const latitude  = position.coords.latitude;
    const longitude = position.coords.longitude;

    status.textContent = '';
    mapLink.href = `https://www.openstreetmap.org/#map=18/${latitude}/${longitude}`;
    mapLink.textContent = `Latitude: ${latitude} °, Longitude: ${longitude} °`;
  }

  function error() {
    status.textContent = 'Unable to retrieve your location';
  }

  if (!navigator.geolocation) {
    status.textContent = 'Geolocation is not supported by your browser';
  } else {
    status.textContent = 'Locating…';
    navigator.geolocation.getCurrentPosition(success, error);
  }

}

document.querySelector('#find-me').addEventListener('click', geoFindMe);

 

There are a few problems I see with the Geolocation API:

 

  • It requires the user to accept location permissions. This stands a chance of freaking your users out and driving them away from your website. Depending on the type of application you’re building, this could cause a substantial user experience issue.
  • Users can reject your location request. If a user chooses to reject your location request, you obviously won’t be getting any data. Using an IP geolocation service allows you to always retrieve location information, even without a user’s explicit consent.
  • You only get GPS coordinates. While getting GPS coordinates can be useful if you are later able to translate them to a physical address, this will require the help of an external API service (like Google’s geocoding API), which means you will still need to rely on a third party to help you make sense of the data you’re getting.

 

If your use case is simple, however, using the built-in browser Geolocation API might be something to look into.

 
 

Summary: The Best Ways to Get a User’s Location

 

If you need to get a user’s location information, you really only have a few choices:

 

 

While each method has its own drawbacks and benefits, my personal favorite method is to silently locate a user from their IP address by using a geolocation service. My reasoning is simple: it’s the only method that doesn’t require impacting the user experience of your website, and geolocation services allow you to get fairly accurate location data without much ado.

 

Hope you found this useful!

]]>
http://www.chuangshi32.top/blog/the-best-ways-to-get-a-users-location-in-javascript/feed/ 0
Enriching Domain Protection Through Historic and Reverse WHOIS Data Monitoring http://www.chuangshi32.top/blog/enriching-domain-protection-through-historic-and-reverse-whois-data-monitoring/ http://www.chuangshi32.top/blog/enriching-domain-protection-through-historic-and-reverse-whois-data-monitoring/#respond Wed, 11 Sep 2019 08:36:47 +0000 http://www.chuangshi32.top/blog/?p=2233 The foundation of a domain’s existence on the Web is its credibility. It must be secured at all costs because it’s constantly under threat from malicious elements that are out there staging. As such, domain protection is an indispensable component … Continue reading ]]>

The foundation of a domain’s existence on the Web is its credibility. It must be secured at all costs because it’s constantly under threat from malicious elements that are out there staging. As such, domain protection is an indispensable component of overall cybersecurity efforts because not just business viability but a domain’s very own survival is at stake.

 

A company can protect its domain in different ways. For one, it can initiate its own in-house solution which would require substantial expertise and investment to put in place. Another option is to delegate the responsibility to experienced specialists dedicated to providing brand and digital protection services.

 

As part of their services, such companies track and analyze potentially dangerous domains that use the keywords associated with their clients’ organizations or brands. However, such a monitoring function requires unimpeded access to the available data on both recent and historic domain registrations. It may sound easy for some, but not all companies providing domain protection services have that capability. Let’s take a closer look.

 
 

Access to Huge Amounts of Data Is a Must

 

As domain protection teams are constantly on the lookout for existing and potential threats to their clients’ domains, they mostly rely on access to open-source domain data to monitor dangers promptly. This could be quite a challenge considering that there are now hundreds of millions of active domain names and billions of historical records to sift through.

 

For a team to avoid potential attacks and investigate existing issues, it must tap into huge amounts of domain data on gTLDs, ngTLDs, ccTLDs, etc. in order to ensure precise results. That data must also be well parsed and available in easily readable formats in order to minimize, if not eliminate, any additional workload on the client’s behalf.

 
 

Proprietary Tools for Data Enrichment

 

WhoisXML API has been in the cybersecurity sphere for more than a decade with a verifiable track record. Building on this, we now offer our clients a data enrichment service with our comprehensive domain protection solutions — which include WHOIS History API and Reverse WHOIS API proprietary monitoring tools.

 

Our WHOIS History API allows you to dig deep into a domain name’s past to discover any history of malicious activity. Virtually nothing can be hidden from our historic databases which contain more than 300 million active domains, one billion historic domain names, and over 5 billion historical WHOIS records, which have been compiled and constantly updated since 2008.

 

Reverse WHOIS API, on the other hand, permits you to search for domain records using specific terms — parsing through hundreds of millions of domain events of today and the days before. A query can be created with search terms such as name, email, phone number, address, etc. In turn, the API will generate a report of any other domains registered now or in the past and share your specified data point. This enables you to discover all the domains that are associated with your current investigation to reveal dangerous connections, potentially identifying evidence of malicious networks.

 

Both APIs can be used separately or, better still, complement each other to find out everything about an entity of interest. Combining them can uncover more details relevant to the keyword being looked into or the organization conducting the query.

 

Let’s take a look at the steps involved in such an investigation:

 
 

Step 1 — Tracking connections through Reverse WHOIS API

Tracking connections through Reverse WHOIS API

Request body sample

 

Tracking connections through Reverse WHOIS API

Sample output in JSON format

 
 

Reverse WHOIS lookup requires the input of a specific search term in the WHOIS database. As noted earlier, a query can be made using specific attributes such as name, email address, phone number, registration date, or any information detail that is usually included in a WHOIS record.

 

The term could be an exact match or a ‘fuzzy’ match such as inputting a common name, like Peter, or searching for email addresses that contain a particular term like ‘abc’. You can also filter your results to search only for records that correspond to a specific month or year.

 

Whatever term is used, the query will result in all the domain records — both current and historic — that correspond to the specific term inputted, well parsed and easily integrated into existing systems.

 

The result produced can be used to check if the keyword appears in WHOIS or registrant details of other domains and, therefore, can help verify if all the domains in the list are familiar to you or your client — registrant details are often spoofed by cybercriminals for phishing or other malicious purposes.

 
 

Step 2 — Searching the past through Historic WHOIS API

 

During step 2 the domain results that were obtained from the first step are run through the WHOIS History API which, in turn, can produce results that are available in PDF format.

 

At this stage, it is important to pay attention to certain details to determine if the domains being investigated are legitimate or not. For example, registration details must match the infrastructure of the domain being analyzed. Otherwise, it could point to malicious activity.

 

Importantly, for companies obtaining data for domain protection activities, using WHOIS History API is preferred over WHOIS API because the former can turn up data that may have already been updated in the current database. For example, historic WHOIS can track down domain owners from the time the domain was first registered even if the current details have already been concealed or changed, thus providing deeper actionable intelligence.

 
 

Best of Both Worlds

 

The two-step investigation involving WHOIS History and Reverse WHOIS APIs underscores the advantage of having access to all the available tools to allow cross-checking and data enrichment. The approach strengthens the delivery of domain protection services by cybersecurity companies.

 

Reverse WHOIS API can immediately dive into specific search terms to set the focus of the investigation as well as can be used separately to combat brand infringement. The data obtained can then be verified or corroborated using WHOIS History API, reaching records that may not be currently accessible but can hold the key to the immediate implementation of domain protection solutions.

 


 

Safeguarding a domain from threats requires huge amounts of data plus the tools needed to efficiently access, monitor, and analyze them in order to identify potential risks. Partnering with an experienced cybersecurity provider such as WhoisXML API can help ensure better and richer domain protection.

]]>
http://www.chuangshi32.top/blog/enriching-domain-protection-through-historic-and-reverse-whois-data-monitoring/feed/ 0
日本怡红院