High-Level Statistics Bar
Platform top banner consists of various metrics which are mentioned below also called High-level Statistics Bar.
- Monitored Domain Variants: Number of unregistered domains Bolster is monitoring
- Monitored TLDs: Number of Top-Level Domains (.com, .net., etc.) being monitored across the internet
- Monitored Registered Domains: All domains that Bolster is monitoring with respect to the identified brand(s). This includes typosquatting domains, suspicious domains, phishing sites, scam sites, and sites that have recently been taken down.
- Recommended Domains to Acquire: Number of unregistered domains Bolster is recommending be acquired to minimize a brand's internet attack surface. There is a maximum amount of 3,000 recommendations.
- Google/Bing searches: Results show sites we are monitoring in which bad actors are trying to impersonate your brand based on keyword searches that appear in Google or Bing searches.
Tracking the Lifecycle of a Fraudulent Site
The funnel-like lifecycle diagram depicts the lifecycle of a fraudulent site. The diagram itself is interactive, allowing a user to quickly drill into specific types of domains, based on the identified category or by the Bolster action being performed. There is also a way to filter the results quickly based on the existence of associated MX Records and/or logos.
The Bolster actions are below:
- Monitor for Acquisitions: All unregistered domains that Bolster is monitoring in case they should be acquired.
- Monitor Pre-Malicious: Registered domains that have returned as being suspicious and are related to the brand(s) being monitored.
- Takedown Malicious: Phishing and scam sites that have been identified and should be taken down. For customers that have agreed to automatic takedowns, Boslter will send takedown notifications without the need for additional review.
- Monitor Post Malicious: Sites that have recently been taken down and are being monitored for re-emergence.
The funnel itself is divided into broader intent categories. At the time of scanning each site, we categorize them based on the content and imagery found on the sites.
Phish and Scam Site Detection
Based on the first seen date of the URL or domain, this panel displays how many sites are detected, are still alive, and have been taken down. Trends can be spotted relatively easily when viewing this graph.
Top 10 Phish and Scam Site Hosting
This panel display which entity has hosted the most number of phish and scam sites. The horizontal bars are broken down by which sites are still alive and which ones have been taken down. When there are a large number of sites that are still alive on a particular host, it most likely means that the host may not be as responsive to the takedown requests that have been filed.
Domains by Age and Category
This panel displays the age ranges of suspicious and fraudulent based on registration date, as pulled from the domain's WHOIS information. The horizontal bars are broken down by category. This panel can help shed light on how often new sites are coming online.
Top 10 IP Addresses by Category
This panel display the Top 10 IP addresses, based on the number of suspicious and fraudulent sites associated with each IP. The horizontal bars are broken down by category.
Top Hosting Providers by Category
This panel displays the Top 10 Hosting Providers, based on the number of suspicious and fraudulent sites it has hosted. The horizontal bars are broken down by category.
Top TLDs by Category
This panel displays the Top 10 Top Level Domains (TLD's), based on the number of suspicious and fraudulent sites registered on each TLD. The horizontal bars are broken down by category.
Domain Breakdown by Region (for acquisition)
This panel displays the location of all available domains for purchase on a Generic Tom Level Domain (TLD), such as .work, .host, .school, .hospital, etc.
Domains Breakdown by Priority (for acquisition)
This panel displays the location of all available domains for purchase based on Bolster's prioritization algorithm. Bolster recommends proactively acquiring the sites filed under "Priority 1" in order to prevent bad actors from obtaining those sites themselves.