Thanks for the reply @koshyk .
I am new to SPL and still trying to figure out the right approach, what I am trying to find out is if someone faked our login page and redirected a user when they login with their credentials to our page.
Let's say our login page is is login.mydomain.co and someone created a sub-domain with our login page name, login.mydomain.co.fakedomain.com and this looks similar to our login page. Once a user enters the username password they are redirected to mydomain.co. I wanted to see if any of our users clicked on that link and entered the credentials based on the redirect.
fakedomain.com is not constant and it can be any value.
... View more