Description

Every day, threat actors register domains designed to impersonate your brand —
swapping a letter, adding a hyphen, or substituting a lookalike character that no
human eye would catch at a glance. These typosquatted domains are
used to harvest credentials, intercept email, distribute malware under your name,
and siphon customers who mistype your URL. By the time your security team finds
out, the damage is done.

SNARE — Surveillance of Newly-Registered And Rogue
Entities — is a professional-grade brand protection platform that monitors the
internet’s domain registration infrastructure around the clock, surfacing impostor
domains the moment they appear. Security operations teams use it to detect threats
early, investigate domain intent, and act before attackers can.

What SNARE Monitors

SNARE runs a multi-source detection engine across every domain permutation
that could be mistaken for yours:

• Certificate Transparency Logs — Every TLS certificate
  issued for a lookalike domain is captured in near real-time via crt.sh. No
  phishing site can go live over HTTPS without appearing here first.
• DNS Permutation Engine — Generates and resolves thousands
  of structural variants of your domain: character deletions, doublings,
  transpositions, QWERTY adjacency typos, vowel swaps, number substitutions
  (1337-speak), Unicode homoglyphs, Cyrillic IDN homograph characters, TLD
  variations, combosquatting, and custom keyword stubs you define.
• WHOIS & Newly-Registered Domain (NRD) Enrichment —
  Flags domains registered within a configurable window (default 30 days),
  capturing registrar, creation date, and abuse contact for immediate
  actioning.
• Passive DNS APIs — Optional enrichment via SecurityTrails
  and VirusTotal surfaces lookalike domains the permutation engine didn’t predict
  and certificates the operator never issued.

Risk Scoring That Prioritizes Your Attention

Every detected domain receives a 0–100 risk score derived from
structural similarity, DNS signals, registration age, MX record presence, active
web content, and combosquat pattern matching. Results are color-coded —
High / Medium / Low — so analysts and executives alike can focus
on the threats most likely to cause harm rather than wading through noise.

Investigation & Response — Built In

• Automated Screenshots — SNARE captures a full-page
  screenshot of every live domain it finds, giving your team visual confirmation
  of what the site is serving without exposing analysts to the risk of visiting
  it directly.
• Takedown Notice Generator — Pre-populates a formal abuse
  report to the domain’s registrar, pulling in registrar details, IP addresses,
  risk signals, and your organization’s sender profile. One click copies it to
  clipboard, saves it as a document, or opens your email client with the abuse
  address pre-filled.
• Defensive Registration — Unresolved high-risk permutations
  are flagged as available for registration. SNARE links directly to your
  preferred registrar (Namecheap, GoDaddy, Porkbun, and more) so you can take
  ownership of the domain before a threat actor does.
• Custom Pattern Rules — Define include and exclude filters
  using keywords, regular expressions, Levenshtein edit distance thresholds, or
  combosquat position matching. Surface exactly the results your program cares
  about and suppress the ones that don’t apply.

Continuous Monitoring & Alerting

A single scan tells you the state of the internet today. SNARE’s
scheduled monitoring tells you what changed since yesterday.
Configure automatic scans on any cadence — hourly to weekly — and receive
delta alerts for newly discovered domains only, with no repeat noise for
results already in your queue.

Alerts are delivered to the channels your team already works in:

• Email (via any SMTP server, including Microsoft 365 and Google Workspace)
• Slack (incoming webhook)
• Microsoft Teams (incoming webhook)

Set a minimum risk score threshold so high-urgency alerts are never buried
beneath low-confidence findings.

Scan History & Recall

Every scan is persisted locally — targets, results, scores, screenshots, and
timestamps. Reopen SNARE at any time and your last scan loads automatically.
Access the full scan archive to compare current exposure against any historical
baseline, track the rate of new registrations over time, and demonstrate
program value to leadership with concrete metrics.

Who SNARE Is For

• Security Analysts — A purpose-built workstation tool for
  domain threat hunting, with the technical depth to support investigation
  workflows from discovery through takedown.
• Brand Protection Teams — Continuous coverage of the domain
  namespace around every web property you operate, with evidence-ready reports
  at your fingertips.
• Security Operations Centers — Scheduled scans and
  threshold-based alerting integrate naturally into existing SOC workflows
  without requiring a new platform or API integration.
• CISOs & Risk Leaders — Quantified risk scores, scan
  trend history, and executive-ready summaries of domain threat exposure across
  your entire brand portfolio.