The Silent Push Domain Impersonation query detects domains mimicking your brand (e.g., micorsoft[.]com vs. microsoft[.]com), helping prevent traffic misdirection and phishing.
Search for Impersonation Domains
Navigate to Brand Impersonation > Domain Impersonation > Create .
Enter the domain to check for typosquats.
(Optional) Click Auto-fill Data to exclude your infrastructure (network, nameservers, ASNs).
(Optional) Enter a Regex for custom patterns (e.g.,
^g[^\.o]ogle[a-z]{1,}\.[a-z]{1,}$to match google-like domains).Use buttons to include/exclude up to 15 IPs, nameservers, ASNs, or AS names.
Adjust First Seen and Last Seen sliders for time-based filtering.
Specify a Sorting Order.
Click Search.
Best for: Domains with 5+ characters (short domains or acronyms yield less reliable results).
Regex: Enables granular searches for naming patterns.
Wildcards: Omitted to reduce noise in typosquatting searches.
Infrastructure Exclusion: Use Auto-fill Data to streamline filtering of trusted infrastructure.
Security Case Uses
Detect typosquatting domains targeting your brand.
Prevent phishing or supply chain attacks via impersonated domains.
Monitor newly registered lookalike domains.
Monitor Impersonation Data
On the Hawkins screen**, click the Monitor button (top right).
Specify a Monitor Name and Description.
Click Save.
View monitored queries in Monitors > Monitored Queries.
Monitors run every 24 hours, sending email alerts for new results. Refer to Silent Push documentation for sharing monitors.