---
title: "Domain Impersonation"
slug: "domain-impersonation"
tags: ["Domain TXT Records", "TXT"]
updated: 2025-11-21T19:54:12Z
published: 2025-11-21T19:54:12Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.silentpush.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Search for Domains impersonating your Brand

Our Domain Impersonation query detects domains mimicking your brand (e.g., micorsoft[.]com vs. microsoft[.]com), helping prevent traffic misdirection and phishing.

## Search for Impersonation Domains

1. From the left navigation menu, select **Brand Impersonation > Domain Impersonation > Create **.**
2. Enter the domain to check for typosquats.
3. (Optional) Click **Auto-fill Data** to exclude your infrastructure (Network, nameservers, ASNs).
4. (Optional) Enter a **Regex** for custom patterns (e.g., `^g[^\.o]ogle[a-z]{1,}\.[a-z]{1,}$` to match google-like domains).
5. Use buttons to include/exclude up to 15 IPs, nameservers, ASNs, or AS names.
6. Adjust **First Seen**and **Last Seen** sliders for time-based filtering.
7. Specify a **Sorting Order**.
8. Click **Search**.

> **Best for**: Domains with 5+ characters (short domains or acronyms yield less reliable results). **Regex**: Enables granular searches for naming patterns. **Wildcards**: Omitted to reduce noise in typosquatting searches. **Infrastructure** **Exclusion**: Use Auto-fill Data to streamline filtering of trusted infrastructure.

## Security Case Uses

- Detect Typosquatting domains targeting your brand.
- Prevent phishing or supply chain attacks via impersonated domains.
- Monitor newly registered lookalike domains.

## Monitor Impersonation Data

1. Click the **Monitor** button (located in the top right corner).
2. Specify a Monitor **Name** and **Description**.
3. Click **Save**.
4. View Monitored Queries in **Monitors > Monitored Queries**.

Monitors run every 24 hours and send email alerts for new results. Refer to the [Silent Push documentation](https://help.silentpush.com/docs/monitoring) for sharing monitors.

The IP address or subnet used in typosquatting queries to identify domains mimicking legitimate ones, aiding in the detection of phishing or fraudulent infrastructure.

The date when a domain was first observed in DNS zone files, providing insight into its age and potential trustworthiness in threat intelligence analysis.

The most recent date a domain appeared in zone files, indicating its ongoing presence or activity in DNS records.

A tool or method to detect domains mimicking legitimate company or supply chain domains, used to identify phishing or fraudulent activity

A feature that automates periodic scans of DNS or WHOIS data, sending email alerts for new results to track changes in domains, IPs, or infrastructure without manual queries.

A collection of user-defined queries set to run automatically at regular intervals (e.g., every 24 hours) to track changes in DNS, WHOIS, or web data, providing real-time alerts for potential threats.