Magic Wand Wish List of Features

General
1

Looking at Phish Report from a business perspective, I am thinking clients may want a ‘total’ package if you will. Now, as the title suggests, ‘if’ there was a magic wand…
Finding Malicious Brand Domains.

  • the ability to integrate the certstream watch and other NRD lists that are very recent and using a user-defined set of query keywords/wildcards.
  • the ability to have those unrefined lists in the program downloaded.
  • the lists would be run through httpstatus.io or similar to check which sites are active, then;
    -the ability to sort out the operating sites into another group, ‘to take down’ group, ‘not yet operational’ group, ‘watch/keep an eye on’ group
    -ability to add XYZ Brand into XYZ groups. (recheck non-200 sites until they become operational/200, then auto added to operational group)
    -ability to see if site uses same certificate with other registered sites, cert.sh and also add the additional sites (usually same brand)
    -some way to automate the email reporting.submissions. (somewhat time consuming)
    -Twitter integration that will allows report of domain details to be picked up by the twitter bots for blocklists/analysis/additional reporting. Would also tweet the brand handle that is being impersonated so brand can take action also.

Presently, I am manually scouring NRDs, which is fine, as I have found that only using generic keywords, lets say Pepsi, wont return PapsiColaa or PopsiDrink. Scammers are increasingly moving away from the brand keywords as they have been made aware that the brand names are just getting caught too easily.
When I find a trove of suspicious domains, then its all into notepad in sections of brands, then manually run each section through httpstatus to see if 200, manually cut/paste 200 domains to see if brand or parked. More moving around domains and sections in notepad. Then, manually check each 200 brand domain with urlscan, crt.sh to see if other domains using same certificate, etc. Only then will I use Phish Report to report and finally tweet out the malicious domain with screenshot, urlscan url, hashtags for the bots, etc.
Pretty time consuming. But, Phish Report shaves off a great deal of time presently.
Am unsure if any of the above is feasible, but those features sure would make a one-stop shop if you will. No real need to go outside the program as everything you need would be right there.
Presently, I have looked and I cannot find anything remotely close to the above magic wand features in any program, but they would be appealing to a company that just wants one product instead of many.
Cheers.

1 Like
2

I hopefully have some exciting early access features along these exact lines to share with you in the next few weeks :eyes:

But, this does raise the question of whether all of these features could be in the free version of Phish Report (doing all these keyword searches on the ~10 million domains a day in CT logs gets quite resource intensive).

Other security tools like Shodan offer a one-off upgrade for individuals to get extra features/quota. Do you think what you’ve described would make Phish Report worth a one-off upgrade (or low annual subscription) for an individual like yourself?

3

Bradley, was just throwing ideas around.
I didnt think of the resources needed, but I’d imagine a Pro version, some bigger companies might well pay that extra to catch domains before they do harm.
I guess if my fantasy wish list did get implemented, you would have a beast of a program on your hands, I’d imagine, after showing people and companies what it could do, you wouldnt have no trouble getting paid subscriptions.
Australia lost over 3 billion last year to cyber scams, as only 1/3 report getting scammed, the figure is more than likely 10 billion. This figure is only going to double in the next 2 yrs or so, and I’d imagine the US is suffering similar.
Companies are going to need something.
But, saying all that, yeah, I’d definitely do the one-off upgrade or low annual for something that saved time and having to use external sources. Though, I am a lowly Christian cyber security student who does threat hunting unpaid in my spare time because I cannot bear to think of people losing their homes/cars/life savings to scams. I would scrounge the money up however. Can’t wait to try the new features. Cheers.