Feature
Visual Clone Detection
Detect credential-harvesting pages that visually clone your login pages. Screenshot comparison, DOM analysis, and brand asset matching identify fake sites before customers get hurt.
Screenshot capture
Full-page screenshots of suspected domains, timestamped and stored as evidence.
DOM analysis
Structural analysis of page HTML to detect login forms, brand keywords, and suspicious elements.
Brand asset matching
Detection of brand logos, color schemes, and visual patterns that indicate impersonation.
Form analysis
Identification of credential input fields and analysis of form submission destinations.
Risk indicators
Flagging of high-risk patterns: recent registration, privacy proxy, suspicious hosting.
How visual clone detection works
1. Domain discovery
Impersona.io continuously monitors for lookalike domains via Certificate Transparency logs, newly registered domain feeds, and permutation analysis. Every suspected domain is queued for crawling.
2. Safe crawling
Suspected domains are crawled in isolated containers. We capture screenshots, extract DOM content, record HTTP headers, and analyze page structure without exposing your infrastructure.
3. Content analysis
The captured content is analyzed for credential-harvesting indicators: login forms, brand keywords, visual similarity to known brand assets, and suspicious form destinations.
4. Risk scoring
Each finding receives a risk score based on multiple signals. The AI explains which indicators triggered the alert — no black-box scoring.
What we detect
Cloned login pages
Fake sign-in forms mimicking your authentication flow
Brand impersonation sites
Sites using your logos, colors, and brand language
Credential input forms
Password fields with suspicious submission targets
Redirect chains
Multi-step redirects designed to evade detection
Find cloned pages targeting your brand
Run a free brand check to surface lookalike domains. Verify your domain to access visual comparison and detailed evidence.