Typosquatting is the practice of registering domain names that are misspellings, keyboard slips, or visual lookalikes of legitimate brand domains - then using those domains for phishing, malware delivery, ad fraud, or brand impersonation. A typosquatting domain catches users who mistype a URL in the browser (typing youtub.com instead of youtube.com) or who click a malicious link styled to look like the real one (g00gle.com using zeros instead of letter o). Common typosquatting patterns include character omissions, keyboard-adjacent slips, vowel swaps, hyphenated variants, TLD swaps (.co instead of .com), ASCII homoglyphs (rn looking like m), and Internationalized Domain Name (IDN) Punycode homoglyphs using Cyrillic or Greek lookalike characters. The Anticybersquatting Consumer Protection Act in the United States makes typosquatting on registered trademarks actionable with statutory damages from $1,000 to $100,000 per domain.
Feature: Typosquatting Checker generates every common typo, homoglyph, and lookalike variant of your domain in one pass
Feature: Each variant is checked against WhoisFreaks' database of 906M+ registered domains across 1528+ TLDs
Feature: Every match returns full WHOIS records (registrant, registrar, registration date) and DNS records (A, MX, NS)
Feature: Free web tool covers individual scans; bulk scanning and scheduled monitoring available through the API
For continuous brand-keyword monitoring with twice-daily TLD scans, automated alerting on new typosquatting registrations, and UDRP-ready evidence exports, the Brand Monitoring service catches new registrations within hours of going live across 1,528+ TLDs and delivers WHOIS records on every match for direct routing into takedown workflows.
Typosquatting checks show up in four very different workflows: brand protection teams hunting cybersquatters before they're weaponized, SOC teams catching phishing infrastructure during the registration phase, M&A teams running pre-announcement defensive scans, and IT teams building defensive registration lists. The four use cases below are where the typosquatting checker matters most.
Brand protection teams run the typosquatting checker on every trademarked term, product name, and executive name. The full typo permutation set, scanned against 906M+ registered domains, surfaces lookalike registrations that feed directly into UDRP filings and registrar takedown requests. Pair with the WHOIS Lookup to pull registrant details for every match.
Phishing campaigns typically register lookalike domains days or weeks before launching attacks. SOC teams run the typosquatting checker on their organization's domain and top product names on a recurring schedule, so newly registered typo variants surface before any phishing email is sent. The WHOIS Database API integrates into SIEM and SOAR pipelines for scheduled bulk scans across all brand-keyword permutations. For SOC teams that want a productized monitoring layer without building the pipeline themselves, Brand Monitoring handles the scheduling and alerting natively.
Before announcing an acquisition or new product, corporate development teams run the typosquatting checker on the target brand, the post-deal name, and any internal codenames. Pre-announcement scans reveal whether speculators or threat actors have already registered defensive variants, and which TLDs need defensive registration before public disclosure.
Domain administrators use the typosquatting checker to build a defensive registration list. The full permutation set tells the team which typo variants are still available to register defensively (verify with the Domain Availability tool) and which are already taken, with WHOIS records on every taken domain so the team can choose between buyback, takedown, or monitoring.
WhoisFreaks scans every generated typo permutation against 906M+ registered domains across 1,528+ TLDs - the full registered set, not a small TLD subset. Where most free typosquatting tools return only "registered" or "available," WhoisFreaks returns full WHOIS records and DNS data on every match, so the next remediation step is obvious.
Phishing actors favor predictable patterns: brand plus a service word (yourbrand-login, yourbrandpay), hyphenated variants, and homoglyph swaps. Run the checker against your base domain, then against your top product names and executive names. Re-run weekly, since most typo domains are registered shortly before they are used in an attack. For each match found, run a WHOIS Lookup to surface the registrant and registration date - that's usually enough evidence for a UDRP filing or registrar takedown request.
