- 23 May 2023
- 2 Minutes to read
Search for domains impersonating your own
- Updated on 23 May 2023
- 2 Minutes to read
The Silent Push Brand Impersonation query checks for domains that are spelt similarly to your own (e.g micorsoft[.]com] instead of microsoft[.]com), allowing you to target malicious domains that exist solely to capture traffic intended for your company or supply chain websites.
Brand Impersonation searches are more effective when run on domains containing 5 or more characters, or domains that aren't an acronym (e.g. LSEG[.]com). When scanning a domain name that contains up to 4 characters, a swapped character is of markedly less use as an indicator of malicious activity.
Searching for brand impersonation domains
Digital Threat Management > Brand Impersonation > +
Domainyou'd like to search for typosquats of
Auto-fill Datato populate the query with your own infrastructure, and exclude it from the results
(Optional) Enter a
Regex(see below explanation)
Use the buttons next to the
ASfields to include or exclude specific infrastructure. Add up to 15 IPs, nameservers, ASNs and AS names.
First Seenslider to adjust results depending on when the domain was first seen
Last Seenslider to adjust results depending on when the domain was first seen
Sortingorder, that dictates how results will be sorted
Monitoring brand impersonation data
You can monitor results populated on the
Explore screen for any changes, saving you time and resources by automating key queries across a range of internal workflows.
Monitors run once every 24 hours. You'll be alerted when Silent Push detects new results via email (filtering/sorting options are not applied)
Once you've received a set of results, click the
Monitorbutton on the top right
Your monitored query is now visible in
Monitors > Monitored Queries
Read this article for information on how to share a monitor
1. Excluding your own infrastructre
When you run a typosquatting query, it makes sense to exclude your own infrastructure - or any other trusted infrastructure - to obtain a more manageable set of results.
Auto-fill Data button automatically populates network address, nameserver and AS information for your chosen domain, saving you the trouble of running a separate query to gather the necessary data and exclude it from your typosquatting search.
2. Regex searches
A regular expression (regex) is a form of advanced searching that looks for specific naming patterns, instead of using whole domain or nameserver names.
Silent Push allows users to put together strings of text that produce granular results based on custom parameters entered as a regular expression, facilitating highly-focused domain searches.
The above query returns results for 'google', followed by any characters (before the top-level domain), and also any single characters that replace the first
3. Wildcard searches
Silent Push domain-only typosquatting searches feature a series of algorithms that scan the Internet's entire IPv4 range for logically relevant typosquats.
To improve the quality of search results and reduce noise, our typosquatting query omtis the option to include wildcards.
Wildcard searches are a valuable threat-hunting tool, but when used with typosquatting searches, they become problematic and often return highly erroneous results.