1. What exactly is a “Threat Webhook”?
A Webhook is an automated “push” notification sent from our server to yours. The moment our AI (Miniban) detects a phishing link, malware, or brand impersonation targeting your bank, we send a JSON payload with all the threat metadata directly to your security system.
2. How is this different from a standard Threat Feed?
Standard feeds are “pull-based” and often updated every few hours. Webhooks are “event-driven” and happen in milliseconds. This allows you to block a transaction while the user is still on the phishing page, rather than finding out about the attack after the money is gone.
3. Do we need to install any software on our side?
No. You only need to provide a secure HTTPS endpoint (URL) that can receive and process incoming JSON POST requests. Our documentation provides ready-to-use code examples for Java, C#, and Python.
4. Integration & Technical Accuracy
4.1. How do we map your threat data to our specific customers?
We provide the Victim IP, User-Agent, and Timestamp of the interaction. Your internal anti-fraud system (SIEM/SOAR) can correlate this data with your active session logs. If a high-value transaction is initiated from the same IP/Device that just interacted with a confirmed phishing link, you can automatically trigger enhanced authentication (MFA).
4.2. What is the False Positive rate of your alerts?
We only trigger Webhooks for incidents with a Miniban Risk Score of 8.5 or higher. This ensures that your SOC team is not overwhelmed by “noise.” Every critical alert is backed by visual evidence (screenshots) and behavioral data from our covariance matrix.
4.3. Can we customize the types of threats we are notified about?
Yes. You can subscribe to specific event types, such as “Brand Impersonation,” “3DS Relay Attacks,” “Mobile Malware (APKs),” or “Rogue Domain Registration.”
3. Security & Compliance
3.1. Is the data transmission secure?
Absolutely. All Webhooks are sent over HTTPS with TLS 1.2+ encryption. We also support Digital Signatures (HMAC), allowing your server to verify that the request originated from Antiphishing.biz and has not been tampered with.
3.2. Does transferring “Victim IP” violate GDPR/CCPA?
No. Processing this data falls under “Legitimate Interest” for the purpose of preventing financial crime and ensuring network security (GDPR Recital 49). We recommend including this in your privacy policy updates.
3.3. What happens if our server is temporarily down?
Our system features a Retry Logic. If your endpoint is unreachable, we will attempt to re-send the webhook at increasing intervals (1, 5, 15 minutes) to ensure no critical intelligence is lost.
Ask a Question.
Still have questions? Contact our Technical Lead at [email protected]