Domain Monitoring

NetSPI » Attack Surface Visibility » Domain Monitoring

NetSPI’s Domain Monitoring helps organizations identify look-alike domains that resemble their legitimate domains but are be used by attackers for brand impersonation, fraud, phishing, or malware campaigns. This innovation is included on our platform with your pentesting services.

Monitor Look-alike Domains

Domain Monitoring Services help organizations detect registered and unregistered look-alike domains, web addresses that resemble a company’s legitimate domain. These type of look-alike domains are often used in fraudulent activity such as brand impersonation, phishing, or malware campaigns. Attackers create these domains by making subtle modifications to real domain names that are difficult to spot at first glance.

Key Features:

  • Potential Threat Score
  • Confirmed Threat Score
  • Brand Abuse Score
  • Domain Association
  • Takedown Reports
  • Proactive Acquisition

“”

“The question facing security leaders isn’t whether attackers will attempt to impersonate their organization, it’s whether they can detect and neutralize these threats before customers are defrauded and brand reputation is damaged.”

  • Scott Sutherland
    VP Product & Research

Look-alike Domain Monitoring: NetSPI Platform

  • Continuous Discovery & Assessment:

    Continuous registered and unregistered look-alike domain discovery and assessment. Domain threats are prioritized through multiple risk scores: Confirmed Threat Score, Potential Threat Score, Brand Abuse Score, and Domain Association.

  • Comprehensive Threat Analysis:

    Deep contextual intelligence including risk profiles, WHOIS records, IP details, DNS records, and certificate data. This comprehensive threat analysis provides actionable insight to support legal takedown initiatives outside the platform.

  • Domain Takedown Reports:

    Take action by generating pre-filled takedown reports downloads with all relevant evidence and technical details included. Track the status of domain takedown requests to confirm threatening domain activity has been remediated appropriately.

  • Proactively Acquire Domains:

    Unregistered Look-alike Domains that are able to be purchased are listed on the domain monitoring dashboard. Proactively acquiring look-alike domains helps to reduce the risk of future fraudulent domain activity.

Domain Impersonation Techniques Example: company.com

  • Typosquatting:

    compnay.com (switching ‘a’ & ‘n’)

  • Homograph attacks:

    cοmpany.com (Greek omicron ‘ο’ instead of ‘o’)

  • Subdomain abuse:

    company.security-update.com

  • TLD variations:

    company.org, company.net, company.co

  • Character substitution:

    c0mpany.com (zero instead of ‘o’)

  • Hyphenation:

    comp-any.com or company-inc.com

Common Attacker Use Cases

  • Phishing Campaigns
  • Credential Harvesting
  • Malware Distribution
  • Brand Impersonation
  • Command & Control
  • Social Engineering

“”