Skip to content

Impersonation Explorer

The Impersonation Explorer is a public, self-serve scan you can run against any domain, no nebty account required. It sits on nebty’s public site behind a quick Turnstile challenge, a background security check that keeps the scan from being abused by bots.

The public Impersonation Explorer with a domain input field

You enter the name of the brand you want to check and the domain that genuinely belongs to it. From there, the Impersonation Explorer runs a real, live scan of the Certificate Transparency logs, the public record of every SSL certificate issued on the internet, and returns the look-alike domains it finds registered against that name.

This is a live scan against real internet data every time you run it, not a preview built from sample data.

For each look-alike domain, you get:

  • Where it is hosted.
  • When it was registered.
  • A short write-up of the evidence behind the flag.
  • A risk level, Low, Med, or High, so you can tell at a glance which domains deserve the closest look first.

If nothing suspicious turns up for the domain you searched, the scan tells you so directly instead of listing anything.

Anyone can run a scan without signing in, but scans are rate-limited to keep the Certificate Transparency search available for everyone. Signed-in nebty users get a higher limit than anonymous visitors.

See the changelog for the latest on tiered Impersonation Explorer limits.

Try the Impersonation Explorer(opens the public demo and runs a live scan)