HTML Title Impersonation

Published on Jun 9, 2026

1 minute(s) read

Article summary

HTML Title Impersonation Query

The HTML Title Impersonation query detects domains mimicking a legitimate domain’s HTML title to increase credibility in phishing campaigns or search results.

Threat Actors use HTML titles to:

Support phishing campaigns.
Manipulate URLs. Reduce suspicion during redirection to illegitimate domains.
Evade detection mechanisms that monitor explicit branding or logo abuse.

Execute an HTML Title Impersonation Query

From the navigation menu, select Reconnaissance > HTML Title Impersonation.
Click Create New +.
In the Domain Name box, enter the domain to investigate.
Click Search.
(Optional) Click Save to save the results, or click Monitor to set up alerts.

Understand HTML Title Impersonation Results

Results are displayed in a table with the following columns:

HTML Title: HTML title of the result.
Scan Date: Date and time of the scan.
Origin URL: Originally scanned URL.
URL: Final destination URL of the query.
IP: IP address of the domain.
Hostname: Name of the domain.

Filter and Expand Results

Add or remove filters by selecting the icon next to Basic Raw Data and choosing preferences.
Select Expand on a result to view additional details.

Was this article helpful?