Our Domain Impersonation query detects domains mimicking your brand (e.g., micorsoft[.]com vs. microsoft[.]com), helping prevent traffic misdirection and phishing.
Search for Impersonation Domains
From the left navigation menu, select Brand Impersonation > Domain Impersonation > Create .
Enter the domain to check for typosquats.
(Optional) Click Auto-fill Data to exclude your infrastructure (Network, nameservers, ASNs).
(Optional) Enter a Regex for custom patterns (e.g.,
^g[^\.o]ogle[a-z]{1,}\.[a-z]{1,}$to match google-like domains).Use buttons to include/exclude up to 15 IPs, nameservers, ASNs, or AS names.
Adjust First Seen and Last Seen sliders for time-based filtering.
Specify a Sorting Order.
Click Search.
Best for: Domains with 5+ characters (short domains or acronyms yield less reliable results).
Regex: Enables granular searches for naming patterns.
Wildcards: Omitted to reduce noise in typosquatting searches.
Infrastructure Exclusion: Use Auto-fill Data to streamline filtering of trusted infrastructure.
Security case uses
Detect Typosquatting domains targeting your brand.
Prevent phishing or supply chain attacks via impersonated domains.
Monitor newly registered lookalike domains.
Monitor Impersonation data
Click the Monitor button (located in the top right corner).
Specify a Monitor Name and Description.
Click Save.
View Monitored Queries in Monitors > Monitored Queries.
Monitors run every 24 hours, sending email alerts for new results. Refer to the Silent Push documentation for sharing monitors.