Domain Typosquatting Search

Updated
  • Updated on Oct 27, 2025
  • 5 minute(s) read
Prev Next 
GET /explore/padns/search/typosquat

Find typosquatted variations of the domain - optionally exclude selected infrastructure

The default setting is to examine new records with a first_seen timestamp within the last 7 days. However, this timeframe can be reduced to the last 24 hours, allowing for daily discovery searches.

Only records seen within the last 7 days will be considered in this search.

Query Parameters

  • autospoof = (string) (optional) –

    • domain name for which to find spoofed variations

      • automatically generates a regex used in search

      • is overridden by the regex parameter, if given

  • regex = (pattern) (optional) –

    • re2 regular expression

      • pattern must be a valid re2 regular expression

      • regex overrides any autospoof domain given

  • nsname = (string) (optional) –

    • nsname specifies name or pattern of name server where a domain is/is not hosted

    • up to 5 nsname parameters may be given - wildcards are supported

  • match = (string) (optional) –

    • finds domains not on (neq) or on (eq) name servers given as nsname parameters

      • eq - domains on name servers

      • neq (default) - domains not on name servers

  • net = (string) (optional) –

    • find records where ip not in (default) or in subnet defined by netmask and additional network parameters

      • in - find records in subnet

      • notin (default) - find records not in subnet

  • network = (string) (optional) –

    • additional network and net mask

    • give option as 1.1.1.1/24

    • up to 5 additional networks may be given

  • asnum = (int) (optional) –

    • AS number to search, may be repeated multiple time for additional AS numbers

    • parameter may be used with qtype=a or qtype=ptr4

    • use to find records in the same AS number

  • asn = (string) (optional) –

    • find ptr4 or a records where ipv4 in or not in ASN defined by asnum

      • in - find records in ASN

      • notin (default) - find records not in ASN

  • asname = (string) (optional) –

    • search all AS numbers where the AS Name begins with

  • asname_starts_with = (string) (optional) –

    • search all AS numbers where the AS Name begins with

  • asname_contains = (string) (optional) –

    • search all AS numbers where the AS Name contains

  • reduce = (string) (optional) –

    • aggregate timestamps for qname only (host) or for each qname=>qanswer observation (full)

      • full (default) - show timestamps for qname=>qanswer observations

      • host - show timestamps for distinct qname only

  • first_seen_after = (optional) –

    • first_seen timestamp must be on or after this time

      • default=-2592000 - look back 30 days

      • date: yyyy-mm-dd (2021-07-09) - fixed date

      • epoch: number (1625834953) - fixed time in epoch format

      • sec: negative number (-172800) - relative time seconds ago

      • time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time ago

        • h : hours

        • d : days

        • w : weeks

        • m : months

  • first_seen_before = (optional) –

    • first_seen timestamp must be on or before this time

      • date: yyyy-mm-dd (2021-07-09) - fixed date

      • epoch: number (1625834953) - fixed time in epoch format

      • sec: negative number (-172800) - relative time seconds ago

      • time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time ago

        • h : hours

        • d : days

        • w : weeks

        • m : months

  • last_seen_after = (optional) –

    • last_seen timestamp must be on or after this time

    • date: yyyy-mm-dd (2021-07-09) - fixed date

    • epoch: number (1625834953) - fixed time in epoch format

    • sec: negative number (-172800) - relative time seconds ago

    • time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time ago

      • h : hours

      • d : days

      • w : weeks

      • m : months

  • last_seen_before = (optional) –

    • last_seen timestamp must be on or before this time

      • date: yyyy-mm-dd (2021-07-09) - fixed date

      • epoch: number (1625834953) - fixed time in epoch format

      • sec: negative number (-172800) - relative time seconds ago

      • time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time ago

        • h : hours

        • d : days

        • w : weeks

        • m : months

  • as_of = (optional) –

    • only return records where the as_of timestamp equivalent is between the first_seen and the last_seen timestamp

      • date: yyyy-mm-dd (2021-07-09) - fixed date

      • epoch: number (1625834953) - fixed time in epoch format

      • sec: negative number (-172800) - relative time seconds ago

      • time period: negative number with time period (-36h / -5d / -3w / -6m) - relative time ago

        • h : hours

        • d : days

        • w : weeks

        • m : months

  • sort = (optional) –

    • order results in specified order - parameter may be repeated with different column names to produce a nested sorting effect

      • sort:

        • last_seen/last/time_last - synonyms for last_seen column

        • first_seen/first/time_first - synonyms for first_seen column

        • query/rrname - synonyms for query column

        • answer/rdata - synonyms for answer_seen column

      • order:

        • asc/+/up - synonyms for ascending order

        • desc/-/down - synonyms for descending order

  • output_format = (optional) –

    • padns (default) - Silent Push padns output format

    • cof - common output format

  • limit = (int) (optional) –

    • number of results to return

      • default = 100

  • skip = (int) (optional) –

    • number of results to skip

  • prefer = (string) (optional) –

    • result (default) - return results if available before max_wait timeout, otherwise return job_id

    • job_id - return job_id immediately

  • max_wait = (int) (optional) –

    • number of seconds to wait for results before returning job_id

      • default = 25

      • value in the range from 0 to 25

  • with_metadata =<0|1> (int) (optional) –

    • include metadata object in response : returned results, total results, job_id

      • 0 (default) = do not include

      • 1 = include metadata

Request headers:

  • X-API-KEY - api-key

Note

reduce=host gives aggregation on hostname without pairing with IP resolutions - this gives observation dates for the hostname regardless of IP history.

Note

Wildcards (*) are supported in nsname parameter.

Example request

https://api.silentpush.com/api/v1/merge-api/explore/padns/search/typosquat \
     ?autospoof=wellsfargo.com \
     &network=159.45.170.0/20 \
     &nsname=*.wf.com \
     &nsname=*.wellsfargo.com \
     &nsname=*.markmonitor.com \
     &asname_starts_with=wellsfargo \
     &asn=notin \
     &net=notin \
     &match=neq \
     &first_seen_after=-7d \
     &limit=2

Example response

{
    "status_code": 200,
    "error": null,
    "response": {
        "records": [
            {
                "answer": "162.255.119.116",
                "asn": 22612,
                "asname": "NAMECHEAP-NET, US",
                "count": 1,
                "domain": "pstel.net",
                "first_seen": "2023-01-05 22:47:27",
                "last_seen": "2023-01-05 22:47:27",
                "query": "a3cbb1aff0.wellsfargo.com.dhcp01.pstel.net",
                "type": "A"
            },
            {
                "answer": "108.139.47.10",
                "asn": 16509,
                "asname": "AMAZON-02, US",
                "count": 1,
                "domain": "aspengroveinc.com",
                "first_seen": "2023-01-05 22:46:47",
                "last_seen": "2023-01-05 22:46:47",
                "query": "iagent-wellsfargo.qa.aspengroveinc.com",
                "type": "A"
            }
        ]
    }
}