Search for Domains impersonating your Brand

Prev Next

Our Domain Impersonation query detects domains mimicking your brand (e.g., micorsoft[.]com vs. microsoft[.]com), helping prevent traffic misdirection and phishing.

Search for Impersonation Domains

  1. From the left navigation menu, select Brand Impersonation > Domain Impersonation > Create .

  2. Enter the domain to check for typosquats.

  3. (Optional) Click Auto-fill Data to exclude your infrastructure (Network, nameservers, ASNs).

  4. (Optional) Enter a Regex for custom patterns (e.g., ^g[^\.o]ogle[a-z]{1,}\.[a-z]{1,}$ to match google-like domains).

  5. Use buttons to include/exclude up to 15 IPs, nameservers, ASNs, or AS names.

  6. Adjust First Seen and Last Seen sliders for time-based filtering.

  7. Specify a Sorting Order.

  8. Click Search.

Best for: Domains with 5+ characters (short domains or acronyms yield less reliable results).
Regex: Enables granular searches for naming patterns.
Wildcards: Omitted to reduce noise in typosquatting searches.
Infrastructure Exclusion: Use Auto-fill Data to streamline filtering of trusted infrastructure.

Security case uses

  • Detect Typosquatting domains targeting your brand.

  • Prevent phishing or supply chain attacks via impersonated domains.

  • Monitor newly registered lookalike domains.

Monitor Impersonation data

  1. Click the Monitor button (located in the top right corner).

  2. Specify a Monitor Name and Description.

  3. Click Save.

  4. View Monitored Queries in Monitors > Monitored Queries.

Monitors run every 24 hours, sending email alerts for new results. Refer to the Silent Push documentation for sharing monitors.