Skip to content
spoofchief.com Spoofchief.com Docs
Docs
Blog

Investigation Page Guide

Investigation Page Guide

The Investigation Page provides detailed analysis of domains you’ve investigated from the Spoof Dashboard, helping you understand the nature and severity of potential threats.

Investigation Overview

After you’ve initiated an investigation from the Spoof Dashboard, Spoofchief conducts a comprehensive analysis of the suspicious domain. The Investigation Page displays all this information in an easy-to-understand format.

Each investigated domain appears as a card with key information highlighted, making it easy to quickly assess the threat level.

Domain Analysis

The top section of each investigation card provides essential information about the domain:

  • Domain Name: The full domain name being investigated
  • Risk Level: The assessed threat level (Low, Moderate, High, or Critical)
  • Attack Classification: The type of attack (Phishing, Scamming, Typosquatting, or Suspicious)
  • Last Investigated: When the domain was last analyzed

Attack Classifications Explained

Spoofchief classifies domains into different attack types:

  • Phishing: Domains designed to steal user credentials or personal information
  • Scamming: Domains set up to deceive users into financial loss
  • Typosquatting: Domains with names similar to legitimate brands to capture mistyped URLs
  • Suspicious: Domains with some concerning elements but unclear intent

Visual Comparison

One of the most powerful features is the ability to visually compare the suspicious site with your legitimate site:

  • Screenshots: Side-by-side comparison of the suspicious site and your legitimate site
  • Visual Similarity: Spoofchief highlights elements that have been copied from your site
  • Capture Date: When each screenshot was taken

Why Visual Comparison Matters

Many phishing sites attempt to look identical to legitimate sites to trick users. The visual comparison makes it easy to identify these attempts and assess how convincing they might be to your customers.

Technical Details

The Investigation Page provides valuable technical information about the suspicious domain:

  • Domain Age: How long the domain has been registered
  • Registration Information: When and where the domain was registered
  • Network Details: Information about where the domain is hosted
  • IP Address: The server’s IP address
  • ASN Information: The network provider hosting the domain

Understanding Domain Age

Recently registered domains (less than 30 days old) are often more suspicious than established domains. Spoofchief clearly displays the domain’s age to help you assess this risk factor.

Understanding the Results

Spoofchief combines all this information to help you understand the overall threat:

  • A high-risk domain with phishing classification and recent registration is likely an active threat
  • A domain with low visual similarity might be less convincing to users
  • Domains hosted on suspicious networks may indicate malicious intent

Taking Action

Based on the investigation results, you might want to:

  1. Report Phishing Sites: Use the provided information to report malicious domains to registrars
  2. Notify Your Team: Share critical threats with your security team
  3. Monitor Changes: Re-investigate domains periodically to track changes
  4. Update Security Measures: Adjust your security based on the types of attacks you’re seeing