Securing the Web

Abstract

In an era characterized by the ubiquity of the internet, the proliferation of online services, and the increasing frequency of cyber threats, the detection of look-alike domains has become a critical component of cybersecurity. The current paper presents an approach for the detection of look-alike domains, leveraging the power of open-source intelligence (OSINT) tools. It included gathering and analyzing a wide range of publicly available data sources, including permutations, WHOIS records, IP information, website content, Geo IP, similarity percentage, name server, and mail server records, and building a comprehensive profile of domains under investigation. Through the application of online search engines, patterns and features that distinguish legitimate domains from their deceptive counterparts were established. The analysis demonstrated that OSINT tools provided significant information about the sample domains and successfully detected 1598 registered look-alike domains among 10 sample domains using dnstwist, while OpenSquat identified 103 squatting domains, 960 active phishing websites, and 53 domains with suspicious certificates across five sample websites. The research contributes to the enhancement of cybersecurity practices by providing a cost-effective and scalable solution for identifying look-alike domains, which can serve as precursors to various online threats, including phishing attacks, malware distribution, and fraud.