This detection rule identifies web traffic to domains suspected of being typosquatting or phishing scams related to the CrowdStrike outage in July 2024. It employs a robust pattern-matching strategy to flag visits to numerous domains that mimic legitimate CrowdStrike properties, potentially tricking users into providing sensitive information or downloading malicious software. The rule utilizes data from web proxies to analyze traffic patterns and detect any engagement with these suspicious domains. By matching URLs against a predefined list of known typosquatting domains and evaluating requests made to them, this rule effectively serves as an early warning system against phishing attempts leveraging CrowdStrike's disrupted public perception. The match criteria include variations of legitimate CrowdStrike domain names manipulated through common typos or deceptive tactics. Users can implement this rule in a Splunk environment, with results presented in a table format that logs time, host information, user activity, and IP addresses involved in these interactions.