This week I’ve got a hosts query to help you locate potentially typosquatted domains. This one uses regex and looks for DNS names in host records that start with “cens” and then have exactly two characters following that before a variety of TLDs, notably not including .com:
dns.names: /cens.{2}\.(xyz|info|top|net|org|biz|name|io)/
This was formatted to return results that may be similar to Censys.
If your Censys account doesn’t have access to regex in queries, you can use wildcards or a tool like dnstwist to identify specific domain names that you want to investigate with a targeted search.
This is part of a regular series of posts in which we highlight useful, interesting, and otherwise cool queries for use with Censys Search and ASM. If you have any questions, similar queries, or custom versions of this week’s highlight, let us know!
