DnsTwist is the tool which can be used to discover potential malicious domains targeting your organization. This helps incident responder and soc analysts to spend less times on the incident investigation , response and reporting.
How it Works ?
DnsTwist does a permutation scans on large number of Phishing domains which is trying mimic or impersonate your brand. It detects Typosquatting domains & Doppelganger domains. Once scans are getting completed , List of other domains which is similar to your personal brand is show on the results window. Results contains the Newly registered domains , IP addresses ,Name servers and Email servers.
A Technique of registering a domain similar to original domain. I.E , g00gle.com
Missing dot “.” in the domain. I.E , mailg00gle.com
Try visiting the DNStwist online tool here
Do a Permutation scan on Dnstwist for the list of your customers brand and the vendors.
Export the suspicious domains as CSV or JSON formats. Exclude your customers and vendors legitimate domain from the downloaded Csv or Json files.
Create a Watch list in your SIEM to monitor this domains ,IP addresses ,Name servers and mail Servers. Take possible actions with the list of CSV’s as Block or Detect with Block with your security controls.
In addition use Dnstwister Reporter , this will help you get the Whois Lookup , Google safe browsing and Parked domains lookups for the suspicious domains.
Signup on DNSTwist Reporter for alerts on the registration of possible phishing domains which is similar to your brand.
Happy Hunting !