Mindflow and dnstwister have partnered to enable users to automate their incident management and better protect their information systems.

Overview

Dnstwister is a domain name permutation engine that aims to detect typo squatting, phishing, and corporate espionage. 

To that end, dnstwister first generates a list of domain names that are similar to yours. Then, it checks to see if any of them in this list are registered with DNS A (or address-record, it determines which IP address belongs to a domain name) or MX records (Mail eXchange-record, it indicates to what specific IP address an email needs to be sent).

A search for ‘example.com’ will generate a list with domains like:

• cxample.com
• example.com (xn--xample-9ua.com)
• wwexample.com
• 4xample.com

As you see, each one of those domains is “similar” to ‘example.com’ because it only differs by a small aspect. For instance, ‘4xample.com’ is in the list because ‘4’ and ‘e’ are close on the keyboard and a mistyping of ‘example.com’ could result in ‘4xample.com’. A modified version of Marcin Ulikowski’s dnstwist DNS fuzzing library forms the backbone of this domain list generation algorithm.

dnstwister then attempts to resolve DNS A and MX records for each of these similar domains, the existence of either of these DNS records being an indication that the domain has been registered.

Also, you can set an email alert on dnstwister after your search query to let you know, within 24 hours, if a new domain has been registered, if an existing domain has changed IP address or has even been unregistered. 

By integrating with dnstwister, Mindflow allows its users to detect if there are attempts to use a similar domain name for malicious purposes.

Features and Benefits

• Rapid intelligence: Fast and free typosquatting domain name search with JSON and CSV exports
  
• DNS protection: 24/7 monitoring for new DNS A and MX record registrations
  
• Flexible Alerting: Email notifications with intelligent filtering or flexible APIs and RSS