Run a typosquat audit

Protect your brand by identifying lookalike domains that could be used for phishing, fraud, or impersonation. Typosquat audits scan for domain variations that attackers might register to target your customers.

What is typosquatting?

Typosquatting is when attackers register domain names that are similar to yours to:

  • Phishing — Steal credentials by impersonating your login page
  • Brand abuse — Damage your reputation with fraudulent content
  • Traffic theft — Capture visitors who mistype your domain
  • Malware distribution — Infect users who visit the lookalike domain
  • Email fraud — Send phishing emails from lookalike addresses

How typosquat audits work

Httpeace generates domain variations based on common typos and tricks:

Typo variations

  • Character substitution: examp1e.com (l → 1), exarnple.com (m → rn)
  • Missing characters: examle.com, exmple.com
  • Extra characters: exammple.com, exaample.com
  • Swapped characters: exmaple.com, examlpe.com

Homograph attacks

  • Similar-looking characters: exαmple.com (Greek α), exаmple.com (Cyrillic а)
  • Different scripts: Internationalized domains that look identical

Other variations

  • TLD variations: example.org, example.co, example.net
  • Subdomain additions: secure-example.com, example-login.com
  • Hyphenation: ex-ample.com, exa-mple.com

Running a typosquat audit

  1. In the dashboard, go to Domains and select a domain
  2. Go to the Typosquat section
  3. Click Run scan

The audit runs for a few seconds and returns registered lookalike domains. For each of them, it is recommended that you:

  • Investigate: Visit the domain to see if it's malicious
  • Report: File abuse reports if it's clearly fraudulent
  • Acquire: Consider purchasing high-risk variations yourself
  • Monitor: Track the domain for changes

Understanding audit results

Risk levels

High risk:

  • Almost identical to your domain
  • Uses popular TLDs (.com, .net, .org)
  • Active website that could confuse users

Medium risk:

  • Similar but not identical
  • Less common TLD
  • Might cause some confusion

Low risk:

  • Somewhat similar
  • Unlikely to confuse users
  • Low traffic TLD

What to investigate

Red flags for malicious domains:

  • Login forms that look like yours
  • Content copied from your website
  • Collecting user information
  • Selling counterfeit products
  • Phishing for credentials

Potentially benign:

  • Parked domain with ads
  • Unrelated legitimate business
  • Domain registered but not in use

Taking action on lookalike domains

If a domain is actively malicious

  1. Document the abuse: Take screenshots and save evidence
  2. Report to registrar: Use WHOIS to find registrar, file abuse report
  3. Report to Google Safe Browsing: Submit phishing report
  4. Contact hosting provider: If hosting malicious content
  5. Alert your users: Warn customers about the fraudulent domain

If you want to protect variations

Consider purchasing:

  • Your brand name with common TLDs (.net, .org, .co)
  • Common typos with high traffic potential
  • Variations using popular hyphens or prefixes

Don't try to buy everything:

  • Focus on high-risk variations only
  • Most typo domains get zero traffic
  • Can be expensive to maintain many domains

Monitoring ongoing

Set up recurring audits:

  • Run typosquat audits quarterly
  • Check for newly registered variations
  • Monitor existing lookalikes for changes
  • Update your brand protection strategy

Best practices

1. Audit regularly

Run typosquat audits:

  • When launching a new brand
  • Quarterly for established brands
  • After major marketing campaigns
  • If you notice suspicious activity

2. Focus on high-risk domains

Don't try to address every variation:

  • Prioritize exact typos and common TLDs
  • Investigate domains with active websites
  • Ignore obscure TLDs with no traffic

3. Educate your users

Help customers avoid typosquat domains:

  • Share your official domain prominently
  • Educate about phishing risks
  • Encourage users to bookmark your site
  • Use email authentication (SPF, DKIM, DMARC)

4. Protect your brand legally

For serious impersonation:

  • Consult with legal counsel
  • File UDRP complaint for trademark violations
  • Consider trademark registration if not already done

Preventing typosquat attacks

Technical measures:

  • Implement SPF, DKIM, and DMARC for email
  • Use security headers on your website
  • Enable HTTPS and HSTS
  • Monitor for SSL certificates issued for lookalike domains

User education:

  • Train employees to recognize phishing
  • Warn customers about lookalike domains
  • Provide official contact methods

Brand protection:

  • Register common TLD variations
  • Monitor domain registrations
  • Build brand awareness

Next steps

Now that you've run a typosquat audit:

Resolve domain alerts

Fix common domain security issues.

Read the guide

Invite team members

Add teammates to your workspace so everyone stays informed about domain health.

Read the guide

Previous: Understand domain reportsNext: Resolve domain alerts