Documentation

Everything you need to know
about Mimiqly

Mimiqly monitors the internet for domains that impersonate your brand — alerting you before your customers become victims.

🔍

How Mimiqly detects impersonators

A four-step pipeline that runs every scan — from candidate generation to risk scoring.

700+
Candidates checked
3–8 min
Typical scan time
4
Risk levels
1
We generate every possible fake

Mimiqly takes your domain name and generates hundreds of variations that impersonators typically register. For a domain like mimiqly.com this includes:

mimqily.com typo
m1m1qly.com number swap
rnirniqly.com lookalike chars
mimi-qly.com hyphen
mimiqly.net TLD variation
mimiqly.io TLD variation
getmimiqly.com prefix
mimiqly-login.com suffix
mimiqly-secure.com suffix
mimiqly.com.au ccTLD
  • Typos — transposed, missing, or doubled letters
  • Character swaps — numbers that look like letters (0→o, 1→l, 3→e)
  • Lookalike characters — rn looks like m, vv looks like w
  • Hyphenated versions and common prefix/suffix combos
  • TLD variations — .net .co .io .org .com.au .co.uk and more
  • Over 700 candidates checked per domain
2
We check what's actually live

Every candidate domain is queried in parallel. Mimiqly checks:

  • A records — is there a live website pointing at this domain?
  • MX records — can this domain send or receive email?
  • Registration date — how old is this domain? (WHOIS lookup)
  • Registrar information — who registered it, and where?

Domains with no DNS records at all are still tracked — a dormant domain can be activated at any time.

3
We visit and analyse live sites

For domains with an active A record, Mimiqly visits the page and performs a deep analysis:

  • Reads page titles, headings, metadata and body text for your brand name
  • Detects login forms, password fields and phishing language patterns
  • Checks SSL certificate details and infrastructure provider
  • Compares nameservers and IP addresses against your original domain
  • Looks for outbound links pointing back to your legitimate site
💡 If a domain's infrastructure matches yours exactly — same nameservers, same IP block, same SSL certificate organisation — Mimiqly classifies it as Related rather than a threat.
4
We score and classify every domain

Each domain gets a risk classification based on everything discovered in steps 1–3:

⚠ Risky
Strong brand impersonation signals. Active website with your branding, login forms, or phishing language. Immediate review recommended.
👁 Suspicious
Something is off — may have MX records but no website, or was recently registered with some brand signals. Monitor closely.
🔗 Related
A legitimate related entity. Same organisation, different regional domain. Infrastructure matches your original.
🔵 Registered
Active domain, no brand signals detected. Worth monitoring in case content or infrastructure changes.
🚀

Getting started

From account creation to your first scan result.

Creating your account
  • You need an invite code to register — contact the Mimiqly team to get one.
  • Register with your work email address.
  • Your account is ready immediately — no email confirmation required.
Adding your first domain
  1. From the dashboard, click Monitor a domain to expand the add panel.
  2. Enter your domain name — for example mimiqly.com — just the domain, no http:// needed.
  3. Enter an alert email address. If left blank, alerts go to your account email by default.
  4. Choose your scan schedule — daily, weekly or monthly, at a time that suits you, in your timezone.
  5. Click Add & scan now — Mimiqly queues your first scan immediately.
ℹ️ The first scan typically takes 3–8 minutes depending on how many live domains are found. The page polls automatically and updates when the scan completes.
Configuring your scan schedule

Three schedule options are available for each domain:

  • Daily — Recommended for active brands. Scans at your chosen hour every day. Catches newly registered lookalike domains within 24 hours.
  • Weekly — Good for lower-risk domains or supplementary monitoring. Runs once a week on your chosen day and time.
  • Monthly — Baseline monitoring for domains where threats are less likely. Runs once a month on a chosen date.

You can change the schedule at any time from the domain detail page — the change takes effect on the next Beat cycle.

📊

Your dashboard explained

Everything shown on the main monitoring dashboard and what it means.

Threat level indicator
🚨 Critical (red)
One or more Risky domains detected. At least one lookalike domain has active brand impersonation signals. Review immediately.
⚠️ Elevated (amber)
Suspicious domains detected. Something is concerning but not conclusive. Manual review recommended.
✅ Clear (green)
No active threats detected across any monitored domain. We'll alert you if anything changes.

Below the threat banner, the numbers panel shows totals across all monitored domains:

  • Risky — domains with active impersonation signals from the latest scans
  • Suspicious — domains worth watching across all monitored brands
  • New this scan — domains not seen in any previous scan
  • Monitored — total number of domains being tracked
Monitored domains table

Each row represents one of your monitored domains. The columns are:

  • Threat score — a number combining risk level and detection count. Higher means more concern. Calculated as: (risky × 10) + (suspicious × 4) + (registered × 1).
  • Trend — whether new detections are rising ↑, falling ↓, or stable compared to the previous 3–7 scans.
  • Risky / Suspicious — counts from the latest completed scan.
  • New — domains detected for the first time, not seen in any previous scan. Shown in red — these need attention first.
  • Schedule — your configured scan frequency and time.
  • Next scan — how long until the next automatic scan fires.
📄

Understanding your domain report

A guide to every panel on the per-domain detail page.

Threat level card
The same traffic-light system as the dashboard but specific to this domain and its latest scan. Shows the domain's overall risk status and headline counts.
Alert settings
Configure email alerting for this specific domain:
  • Set which email address receives alerts (defaults to your account email)
  • Enable or disable alerts for this domain independently
  • Send a test email to verify SMTP delivery is working
  • Add additional recipients for this domain only
Scan schedule
Change when this domain is scanned:
  • Frequency — daily, weekly, or monthly
  • Time of day and timezone
  • Day of week (weekly scans) or day of month (monthly scans)
Latest detections table
Every active or registered domain found in the latest scan. Use the filter buttons to focus:
  • New — domains not in the previous scan (highest priority — check these first)
  • Risky — active impersonation signals present
  • Suspicious — worth investigating further
  • Related — legitimate related entities (usually ignored)
  • Registered — active domains with no brand signals detected
Each row shows: domain name (clickable if it has a website), risk badge, DNS records (A = website, MX = can send email), domain age (red under 30 days, amber under 90), and the reason for classification.
Threat history chart
Shows how threat levels have changed across all scans for this domain. A rising risky count over several scans warrants investigation — it may indicate coordinated activity.
Scan history
A log of every scan run for this domain — status, counts, and timestamp. Useful for auditing and spotting sudden changes between scans.
Alert history
Every email alert sent for this domain — when it was sent, to which address, how many new domains were reported, and whether delivery succeeded.
📧

Email alerts

How alerts are triggered, what they contain, and how to configure them.

When alerts are sent

An alert email is sent after a scan completes only when new domains are detected that weren't present in the previous scan. Scans that find no new domains send no email.

What the alert contains

Each alert email shows, for every newly detected domain:

  • The detected domain name and its risk level badge
  • Registrar and country of registration
  • DNS records — whether it has a live website (A) and mail server (MX)
  • Domain age — newly registered domains are highlighted prominently
  • The reason for its risk classification in plain English
  • A direct link to view the full domain report in your dashboard

Alert modes

Three delivery modes are available, configurable from the dashboard Alert Preferences panel:

  • Immediate — one email per scan that finds new detections, sent as soon as the scan completes. The default.
  • Daily digest — one consolidated email per day covering all your monitored domains, sent at your chosen hour and timezone.
  • Batched — scans within 30 minutes are grouped into a single email. Useful if you run frequent manual scans.

Configuring recipients

  • Each domain has its own primary alert email, defaulting to your account email.
  • Additional per-domain recipients can be added in the domain's Alert Settings section.
  • Global recipients (added from the dashboard) receive alerts for all domains.
  • Alerts can be enabled or disabled per domain without removing the recipient addresses.

Test emails

A test email can be sent at any time from the domain detail page. It contains a sample detection card so you can verify both delivery and email formatting.

⚠️ Alerts require SMTP credentials to be configured in the server environment (MAIL_USERNAME and MAIL_PASSWORD). If the SMTP warning banner appears in the dashboard, contact your administrator.
🎯

What do the risk levels mean?

A reference guide for each classification and the recommended action.

Level What it means What to do
⚠ Risky Strong brand impersonation signals.
The domain has an active website with your branding, logos, login forms, or phishing-style language. May also include matching visual design or fraudulent contact details. 		Investigate immediately. Visit the domain, take screenshots, and note the registrar and registration date. Consider filing an abuse report with the registrar, reporting to your national cybercrime authority, or pursuing a UDRP complaint for trademark cases.
👁 Suspicious Something is off — not conclusive.
Common signals: MX records with no website (email spoofing setup), recently registered domain, or weak brand signals without a fully developed site. 		Monitor closely. If it develops a website or shows stronger signals on the next scan, escalate to Risky. Consider setting up a manual check or increasing scan frequency.
🔗 Related Likely a legitimate related entity.
Mimiqly has determined this is the same organisation — a regional domain, official partner site, or subsidiary. SSL certificate, nameservers, and IP addresses match your original domain. 		No action needed. These are filtered from your threat view automatically. If you believe one is incorrectly classified, check the infrastructure details shown in the detection row.
🔵 Registered Active domain, no brand signals.
The domain exists and has a website, but nothing concerning was found during content analysis. No brand name, no login forms, no phishing language. 		Keep monitoring. A domain can change content at any time. Pay attention to newly registered domains in this category — a new domain with no content yet may be parked before a phishing campaign launches.
ℹ️ Domain age is a critical signal. A lookalike domain registered within the past 30 days is highlighted in red regardless of risk level — newly registered lookalikes are the strongest indicator of an imminent phishing campaign.
💬

Common questions

Answers to the most frequently asked questions about Mimiqly.

Typically 3–8 minutes. Mimiqly checks over 700 candidate domains in parallel, then visits any that are live to analyse their content. Scans with many live results take longer because each site visit requires fetching and parsing a full web page.
Domain age comes from WHOIS records, which are sometimes unavailable, rate-limited, redacted for privacy, or simply not published by the registrar. Mimiqly retries automatically where possible, but some registrars — particularly for newer TLDs — don't expose registration dates in their WHOIS responses.
Related domains are legitimate — typically regional versions of the same brand (e.g. yourbrand.com.au for an Australian entity) or official partner domains. Mimiqly identifies these by comparing SSL certificate organisation names, nameservers, IP address blocks, and outbound links. If all of these match your original domain, the lookalike is classified as Related and filtered from your threat view.
Yes — add as many domains as you need from the dashboard. Each gets its own independent scan schedule, alert configuration, and recipient list. The dashboard shows a consolidated threat view across all monitored domains.
Mimiqly compares each scan against the previous completed scan for that domain. Any domain that appears for the first time — regardless of its risk level — is flagged as New and highlighted in red in the results table and alert emails. This is the most important signal: a newly registered lookalike domain is a strong indicator of an imminent attack.
First, document everything — screenshot the site, note the registrar, hosting provider, registration date, and any contact details shown. Then:
  • File an abuse report with the domain's registrar (usually via their abuse@ email or abuse reporting form)
  • Report to your country's cybercrime authority
  • For trademark cases, consider a UDRP complaint through ICANN
  • Alert your customers if there is evidence of active fraud or phishing emails being sent from the domain
Yes — the results table on both the front page on-demand scanner and the domain detail page has an Export CSV button that downloads all current results as a spreadsheet.
Email alerts are sent automatically after each scan that finds new detections. You can choose from three alert modes in the dashboard:
  • Immediate — one email per scan, as soon as it completes
  • Daily digest — one email per day covering all your domains, at your chosen time and timezone
  • Batched — scans within 30 minutes are grouped into one email
You can also add multiple email recipients — per domain or globally for all domains.