Impersonating

Impersonating

This section highlights domains that attempt to impersonate or closely resemble the legitimate domain (example.com in this case). Such impersonations are often used in phishing, fraud, or brand abuse, and monitoring them is critical for security teams.

1. Domain Impersonation

Displays suspicious domains that visually or structurally resemble the real domain. AttackMetricx detects several forms of impersonation:

• Typo-Squatting – Small spelling mistakes designed to mislead users.

  • exaample.com → extra “a” added.

  • exampl.com → missing “e”.

• Homograph Domains – Use of lookalike Unicode characters to mimic legitimate domains.

  • Example: replacing Latin “a” with a Cyrillic “а” (visually identical to users but technically a different character).

  • This allows attackers to register domains like exаmple.com that look legitimate but lead to malicious infrastructure.

By combining typo-squatting and homograph detection, AttackMetricx ensures that even highly deceptive impersonations are identified and flagged for review.

2. IP Address

Shows the resolved IP where the impersonating domain is hosted. Helps identify the hosting provider or malicious infrastructure.

• Example:

  • exammple.com → 82.102.230.69

3. MX Record

Displays mail server records linked to the impersonating domain. Indicates if the domain is configured to send/receive emails (often for phishing).

• Example:

  • exampe.com → mx1.netim.net

4. NS Record

Shows name server configuration of the suspicious domain. Helps identify the registrar or DNS provider.

• Example:

  • exammple.com → cdns1.pub.com

5. Screenshot

Provides a snapshot preview of the impersonating website (if accessible). If blank, it means no active webpage was detected.

• Example:

  • exammple.com shows a screenshot of its fake landing page.

6. Last Scan

Timestamp of the most recent check against that impersonating domain. Ensures up-to-date monitoring of active threats.

• Example:

  • exammple.com → Last scanned on 2025-03-20 10:18:31

7. Actions

• Comprehensive Rescan – Forces an updated scan across all impersonating domains.

• Export – Generates a report of impersonating domains for investigations or takedown requests.

• Search – Filters impersonating domains by name.