A public guide to evaluating scams and fraud on the open web
A practical framework for checking suspicious websites before you click, pay, report, publish or escalate a case. Desenmascara combines credited public sources, live domain analysis and permanent evidence reports so every verdict can be reviewed, shared and challenged.
18 credited sources · live domain analysis · permanent reports · API-ready evidence
- 1Normalize the URL, domain and redirects
- 2Check regulators, threat feeds and trust registries
- 3Inspect live content, screenshots and infrastructure
- 4Score risk and legitimacy signals with documented weights
- 5Publish a permanent report with visible evidence
- 6Record feedback, corrections and new source proposals
Verification principles
The methodology is designed as an operational checklist: what evidence is collected, how signals are weighted, what overrides a verdict, and how corrections flow back into the score.
Case-ready reports
Every completed analysis has a stable public URL with the domain, verdict and evidence snapshot. It can be shared in support tickets, investigations, platform reports, bank reviews or with law-enforcement teams; signed/hash exports are the natural next layer for formal handoff.
Evidence hierarchy
Signals are not treated equally. Official regulator hits, confirmed threat feeds and verified trust registries outrank softer live signals; AI is used to reason over evidence, not to replace it.
Reproducible checks
Each check follows a repeatable path: normalize redirects, inspect the live page, capture visible evidence, read infrastructure, compare public sources and calculate the risk score from documented signals.
Feedback-calibrated
Comments and up/down feedback are not cosmetic. They form a public correction loop: disagreement rates by verdict and score band should be visible and used to tune weights, thresholds and false-positive handling.
How a verdict is built
Two layers, in this order. The first layer is consensus with the public record; the second is our own analysis when the public record is silent.
Public-record consensus
We check the sources listed below. A confirmed match in an official regulator list, a high-confidence threat feed, or a verified trust-seal registry is enough on its own to produce a verdict. No AI is invoked when public, auditable evidence already settles the question.
Structured signals + AI
When the public record is silent — which is most of the time, since fraud is a moving target — our own pipeline takes over: it collects structured signals (infrastructure, content, identity, behaviour) and combines them into a transparent risk score and a written verdict. The full scoring methodology is published separately.
Whichever path produces the verdict, every analysis page links back to the underlying evidence so you can audit it yourself.
Read the scoring methodology →Commerce & merchant trust
Verified seals from third parties that have already done the hard work — identity, banking, business vetting (the KYC nobody else publishes). When present and validated, they're treated as conclusive evidence of a real merchant.
Trustpilot
Verdict overrideConsumer review platform with ~270M reviews and merchant verification.
A verified Trustpilot business profile with a confirmed link back to the analyzed domain is treated as conclusive evidence of a real merchant.
Trusted Shops
Verdict overrideEuropean ecommerce certification with buyer protection and merchant audit.
A valid Trusted Shops badge is treated as a strong endorsement: the merchant has been audited and offers buyer protection.
Confianza Online
Verdict overrideSpain's leading ecommerce trust seal. Members commit to a public ethical code and binding consumer arbitration.
Membership in the Confianza Online public directory — verified against their official registry — is treated as a strong endorsement of a legitimate Spanish merchant.
Authorize.Net
Verdict overrideVisa's payment gateway, used by ~430k merchants in the US. Onboarding requires verified business identity, tax ID and bank account.
An active, domain-matched Authorize.Net merchant seal is treated as conclusive evidence of a real merchant — Visa has already vetted the business.
Threat intelligence feeds
Public systems — maintained by the community and by companies — around malicious URLs, malware infrastructure and phishing kits. Some sources affect scoring; others are used only for contribution, benchmarking or coverage analysis.
PhishDestroy
Strong red flagCurated DestroyList feed of confirmed phishing URLs.
A match against the DestroyList is treated as conclusive evidence of phishing.
Cloudflare
Strong red flagWhen Cloudflare has already flagged a domain as phishing, it stops serving the site and returns a 'Suspected Phishing' warning interstitial instead.
We detect that warning page directly in the site's response and treat it as conclusive: the domain is already known phishing. The verdict is set to FRAUDULENT with no AI evaluation, and the domain is pushed to VirusTotal — handled the same way as a PhishDestroy match.
VirusTotal
Contextual data70+ antivirus engines aggregated plus a worldwide community of analysts.
VirusTotal is not used for Desenmascara risk scoring. We use it mainly to share back with the community every scam and fraud we detect with high confidence, and — where enabled — for limited infrastructure pivots outside the score.
Google Safe Browsing
Negative signalGoogle's malicious URL list, used by Chrome, Firefox and Safari to warn users.
A GSB hit is treated as an external browser-safety risk signal. Our experience is that GSB is not primarily focused on scam and fraud coverage, so we also use it as a benchmark: many websites Desenmascara detects as fraudulent are not flagged by GSB. Public gap metrics are coming soon.
Reputation & popularity
Independent reputation lists that establish which domains are mainstream and trafficked.
Registries & identity
Authoritative records of who registered a domain, when, and with which certificates.
crt.sh
Contextual dataPublic search interface over the global Certificate Transparency logs.
Public certificate logs help us cluster the wider infrastructure of a fraudulent actor — useful even after the original domain is taken down.
WHOIS / IANA
Contextual dataDomain registration records: creation date, expiry, registrar.
Authoritative registration data — domain age, registrar reputation, registration length — informs how established and serious an operator is.
Wikidata
Contextual dataOpen knowledge graph of entities including brands and their official domains.
Canonical brand data helps distinguish a real brand's domain from impersonations that piggyback on its name.
Financial & official regulators
Public warning lists from IOSCO I-SCAN and national financial regulators. A regulator hit forces FRAUDULENT.
IOSCO I-SCAN
Official regulatorGlobal investor-alert portal aggregating warnings from securities regulators.
Feeds the regulator-warning dataset used for authoritative fraud overrides across jurisdictions.
CNMV
Official regulatorSpanish securities regulator warning list.
Hit forces FRAUDULENT.
FCA
Official regulatorUK financial regulator unauthorised-firm warning list.
Hit forces FRAUDULENT.
AMF
Official regulatorFrench markets authority blacklist.
Hit forces FRAUDULENT.
CONSOB
Official regulatorItalian securities regulator warnings.
Hit forces FRAUDULENT.
FINMA
Official regulatorSwiss financial supervisor warning list.
Hit forces FRAUDULENT.
Why this can be audited
A fraud verdict is only useful when its reasoning is inspectable. These are the parts we publish so journalists, researchers, companies and users can verify the work.
Public sources
Every external source we consult is named on this page with the operator, what it proves, and a link back to them. No black-box partners, no anonymous feeds.
Public scoring
The risk-score formula — every weight, signal, override and threshold — is documented on our API page. Feedback deltas should be part of that calibration history.
Public corpus
Every analysis has a permanent, immutable public URL with the evidence used. Old verdicts are auditable forever.
Public feedback
Users can challenge any verdict through comments and one-click up/down feedback. Disagreement rates by score band are the mechanism that keeps the model self-regulating.
Public corrections
If we get it wrong, we say so. Our false-positive policy and corrections process are documented.
Public contributions
The form at the bottom of this page lets anyone propose a new source. Approved suggestions are added with full credit to the proposer.
Why we publish this
Trust is something you earn by being checkable. We publish our sources, weights and methodology so anyone can audit how a verdict was reached. If your business depends on accurate fraud signals, you should know exactly what powers them.
Know a source we should add?
Fraud intel is a public good. If you maintain or know a blocklist, registry, regulator feed or research database that we should integrate, tell us. We will review it and add it to this page with credit.
Credits & licensing
Each source is linked back to its operator above. We comply with their terms of use and rate limits. Trademarks belong to their respective owners. If you operate one of these services and want to update how you're described here, write to [email protected].