Changelog

Have I Been Squated– Instantly spot typosquatting, brand abuse, and domain threats with real-time alerts.

© 2026 Have I Been Squated, Inc. All rights reserved.

Domain dashboard & results revamp

We redesigned the domain dashboard and monitoring results pages for faster triage, with a richer expanded result view and a timeline that shows how a domain's analysis changed over time.

Improvements

  • Redesigned domain dashboard with at-a-glance risk and activity
  • Lookup timeline tracing how a domain evolved across analyses
  • Revamped expanded result view with richer per-domain detail
  • Cleaner results pages with shareable, link-friendly filters and query parameters

Rules library Pro

Browse a curated library of detection rules maintained by our security team and subscribe to the ones relevant to your brand — no query writing required.

New

  • Curated, ready-to-use global detection rules
  • Subscribe to or unsubscribe from library rules per organization
  • Library rules sit alongside your own custom rules in monitoring

Custom Certificate Transparency discovery terms Pro

Domain discovery now lets you define your own Certificate Transparency search terms per monitored domain, surfacing lookalike and brand-related certificates that default permutations might miss.

New

  • Per-domain domain discovery settings
  • Custom CT search terms to widen discovery
  • Newly discovered domains flow into monitoring results and alerts

Expanded Passive DNS coverage

Passive DNS now incorporates additional data from Spamhaus, improving historical resolution coverage and infrastructure pivoting for investigated domains.

Email Intelligence for Google Workspace Add-on

Connect Google Workspace to bring Gmail audit telemetry — including user-reported spam and phishing — into domain risk analysis. Builds on Email Intelligence for Microsoft 365.

New

  • Connect with a Google Workspace admin account using read-only Gmail audit access
  • Sender domains from user-reported spam and phishing surface as monitoring signals
  • No mail routing or MX record changes

Business plan

We introduced the Business plan for cross-functional security teams, bringing organization management, reporting, messaging integrations, SSO, and audit logging together in one tier. We also refreshed the pricing page to make plans easier to compare.

Email Intelligence for Microsoft 365 Add-on

Connect your Microsoft 365 tenant to close the loop from inbox to infrastructure — correlate sender domains with domain risk scoring and push quarantine rules back into Exchange Online. Deployable in minutes with no MX changes.

New

  • Email ingestion from Microsoft Defender Advanced Hunting (domain-only telemetry)
  • Watchdog: push quarantine rules for malicious senders through Exchange Online
  • Protected domains list that is never quarantined, as a safeguard
  • Admin-controlled, per-capability consent

Activity log Business

Track actions taken across your organization with a dedicated activity log for accountability and review.

New detection signal: PageRankPro

We added new enrichment signals you can use directly in rules.

New

  • Open PageRank popularity and CommonCrawl presence signals (page_rank.*)
  • Domain availability and registration status signals (domain_status.*)
  • Usable directly in the Rules Engine

Network (HAR) tab

Analysis results now capture and display the full network activity (HAR) and DOM for a crawled site, making it easier to inspect requests, redirects, and loaded resources.

Business intelligence extraction Pro

We now extract business details — company names, phone numbers, and addresses — from crawled pages to help you attribute and assess suspicious sites. These are available as rule signals (business_intel.*).

Refreshed interface

We shipped a redesigned look across the app and site, including a new home page, features page, and security page, along with a cleaner Explore layout.

Site crawling: sitemap, open ports & favicon fingerprinting Pro

Domain analysis now crawls monitored sites to map pages, capture broken and external links, scan exposed services, and fingerprint favicons — all available as rule signals.

New

  • Sitemap crawl with page titles, status codes, broken and external links (sitemap.*)
  • Open port and exposed service findings (ports.*)
  • Favicon SHA-256 and perceptual hash fingerprints (favicon.*)

New detection signal: Certificates, subdomains & expanded DNS records

We added a certificates view in the app, subdomain discovery, and support for additional DNS record types.

New

  • Certificates view for monitored domains
  • Subdomain discovery signal
  • Expanded DNS record coverage: SVCB, HTTPS, CAA, TLSA, SRV, NAPTR, and DNSSEC records

Reporting Business

Generate detailed reports on your domain monitoring activity to share with stakeholders.

Slack & webhook integrations Business

Deliver alerts, analysis updates, and domain discovery events to Slack channels or any HTTP endpoint, each with per-target event filters.

New

  • Slack integration with per-channel event filters
  • Webhooks with signed payloads and delivery filters

Public API Pro

We launched a streaming HTTP API with token-based authentication and scopes, covering domain lookups, analysis, and Certificate Transparency search.

New

  • API keys with scopes and optional expiry (Settings → API Keys)
  • Streaming NDJSON endpoints for lookup, analyze, and Certificate Transparency
  • Python SDK and OpenAPI 3.1 specification

Organizations, roles & team management

We added organizations so teams can collaborate in a shared workspace, with an org switcher and role-based access.

New

  • Organization workspaces with an org switcher
  • Role-based access control (admin and member)

Takedowns Enterprise

Request and manage domain takedowns directly from the console. Track takedown requests, filter by status and reason, and monitor progress for malicious domains targeting your brand.

New

  • Takedown request management with status tracking
  • Filter by status (submitted, in-progress, resolved) and reason (phishing, trademark, etc.)
  • Certificate Transparency integration — domains discovered via certgrep now appear in monitoring results
  • Link takedowns to specific lookup results and alerts

Launching certgrep Free

We launched certgrep, our free public certificate transparency (CT) search engine for security professionals. Read the announcement on the blog: /blog/announcing-certgrep.

New

  • Regex + substring-style searches for SANs at high concurrency
  • Fast workflow for querying and filtering results

Passive DNS/TLS Pro

Analyze historical DNS and TLS observations to map infrastructure changes and uncover relationships across suspicious domains.

New

  • Passive DNS timeline with A/AAAA, NS, MX, TXT, CNAME series
  • Events view with filtering by type, IP/host, and time
  • TLS subjects and certificate fingerprints (SHA256) overview
  • Rules support for passive signals (passive_dns.*, passive_tls.*)

Custom ML Classification Model Pro

We launched our in‑house ML model for domain classification to significantly improve accuracy and reduce false positives.

New

  • First‑party model powering classification.phishing, classification.legitimate, classification.parked
  • Better handling of parked/placeholder content and dynamic phishing kits
  • Improved confidence calibration for alerting and rules

twistrs: New Vowel Shuffle and improved Hyphenation permutations

New

  • Vowel shuffle permutation type generates all possible combinations by shuffling the vowels in a domain, e.g. (xiaomi.comxoaimi.com)

Improvements

  • Hyphenation permutation type now automatically adds hyphens to domains (e.g. bbc.co.ukbbc-co.uk)

twistrs: Keyword & TLD Updates

  • Added platform to keyword list
  • Updated TLD list for improved coverage

Introducing Analyzer

Analyzer is a one-shot domain detective that brings every essential insight into a single view: a live snapshot of the site, cache status and legitimacy, redirect chain, HTTP banner and tech-stack overview, DNS records, registration and registrar details, security flags with WHOIS/RDAP links, and a built-in certificate inspector.

Improvements

  • Added Analyzer deep-dive domain analysis tool, now available to all users (no login required)
  • Live site snapshot with cache status & "Legitimate" classification
  • Visual redirect-chain tracing to the origin URL
  • HTTP banner detection & full tech-stack overview
  • DNS record explorer (A, AAAA, NS, CNAME & TXT)
  • Registration metadata panel (registration, expiration & last-changed dates)
  • Registrar info with DNSSEC & privacy flags and status codes
  • Quick links to RDAP lookup & ICANN complaint page
  • Certificate inspector (validity period, SANs & CT-log verification)

Rules and alerts Preview

We're building a rules system to let you define alerts based on specific domain traits — think composable alerts tailored to your brand. Create custom rules that trigger when domains match your criteria, whether it's detecting lookalike domains, monitoring specific TLDs, or flagging suspicious registration patterns, allowing you to stay informed about potential threats while filtering out the noise.

Redirect chain analysis, certificate inspector

You can now view the complete redirect chain for any domain, with detailed visibility into every certificate encountered along the way. For each certificate, we display the subject, issuer, validity period, subject alternative names, certificate transparency status, and connection security details such as protocol, cipher, and key exchange.

This lets you quickly assess certificate legitimacy, expiration, and transparency for every hop in the redirect path, making it easier to spot suspicious or misconfigured certificates.

Monitoring export (CSV & JSONL)

You can now export data from both the Explore and Lookup views inside Domain Monitoring. Export your findings as CSV for spreadsheet analysis or JSONL for programmatic processing — perfect for custom reporting, data pipelines, or integration with your existing security tools.

Result tagging, bulk domain import

We've added result tagging capabilities to help you organize and categorize your domain monitoring results, along with bulk domain import functionality to streamline your workflow.

Improvements

  • Tag permutations as Owned, Ignored, False Positive, or Malicious
  • Improved Add Domain flow with bulk import support

Technology fingerprinting

We now identify the tech stack running on detected websites — useful for phishing detection and infrastructure profiling. This includes detecting web frameworks, content management systems, analytics tools, and other technologies that can reveal the true nature of suspicious domains and help assess their legitimacy.

Screenshots, extended DNS support in lookup

Lookup results now feature website screenshots, full DNS records, and expandable result rows for richer data at a glance.

Domain Monitoring Alpha

We've shipped a comprehensive overhaul of our monitoring platform featuring enhanced detection algorithms, deeper infrastructure inspection capabilities, and improved threat assessment workflows for more accurate domain monitoring.

Improvements

  • Website screenshot capture
  • Advanced DNS analysis (CNAME/A/MX)
  • Smarter, actionable website classification
  • Deeper scan scope across monitored domains

Pro Plan Launch

We've launched Pro, unlocking deeper visibility into domain threats.

New Pro Features

  • IP geolocation with external lookups
  • Website classification (beta)
  • NXDOMAIN permutation discovery
  • RDAP ownership history timeline

twistrs: New Mapped Permutations

Mapped values are now supported in the permutation engine — d can map to cl, ck to kk, and many more.

Table pagination for smoother lookups

We've added pagination to the results table — better performance for domains with >100 permutations, without breaking filters or exports.

NXDOMAIN lookups

We've shipped NXDOMAIN lookups. Now you can discover unregistered domain permutations that could be used for phishing or brand impersonation. NXDOMAIN responses indicate that a domain name doesn't exist in the DNS system, revealing potential typosquatting opportunities before attackers can register them.

IP Intelligence & Geolocation Tools

We now display IP location, ASN, and organization data alongside quick access to your favorite investigation tools.

Improvements

  • Show country flags, ASN & org info for resolved IPs
  • Direct links to AbuseIPDB, Shodan, Cloudflare Radar, Censys, VirusTotal

UI Overhaul, Levenshtein Sorting & Export Options

We gave the app a fresh look and added some powerful sorting and export features.

Improvements

  • Introduced Berkeley Mono as our new typeface
  • Added subtle interface animations (with prefers-reduced-motion support)
  • Revamped mobile navigation and spacing
  • Implemented Levenshtein distance to show domain similarity
  • Sorted results by Levenshtein distance by default
  • Added CSV and JSON export for lookup results

Fixes

  • Fixed layout bugs and broken CSV output