How many variants do you monitor?

We monitor thousands of variants per brand (typos, homophones, TLD swaps, and visual lookalikes). The exact set is tuned to your domains and risk tolerance.

Do you handle IDN and Unicode lookalikes?

Yes. We have a dedicated capability for IDN and glyph abuse (e.g. Cyrillic or Greek characters that look like Latin). See our IDN & Glyph Abuse Monitoring solution for more.

What if a variant is registered but not yet used for abuse?

We still flag it so you can decide: monitor it, pursue defensive registration, or prepare evidence for when it becomes abusive. Many teams want visibility early.

How do you reduce false positives?

We score similarity and intent. Human analysts then review and filter out generic or legitimate registrations so you only act on real threats.

Can we use this for defensive registration?

Yes. Our Defensive Registration & Portfolio Strategy solution helps you decide which variants to register defensively. Typosquatting detection feeds into that advice.

Typosquatting & Look-alike Detection

Attackers register domains that look or sound like yours. We find keyboard typos, homophones, and visual lookalikes so you can block or take them down.

The problem

Typosquatting uses common typing errors (e.g. gooogle.com). Lookalikes use similar shapes or homophones. Both send your traffic to malicious sites. Manual checks cannot cover the sheer number of possible variants.

Keyboard proximity typos (e.g. adjacent keys)
Homophones and sound-alike spellings
Visual similarity (e.g. rn vs m, 0 vs o)
TLD swapping (.com vs .co, .net) and compound variations

What we do

Keyboard proximity typosquatting detection
Homophone and sound-alike detection
Visual similarity analysis
TLD and variant monitoring
Automated similarity scoring with human review

How it works

1
Define your official domains
You provide your key domains and brands. We generate and monitor large sets of typosquat and lookalike variants.
2
Scan and score
We continuously check which variants are registered and score them for similarity and risk. New registrations are flagged quickly.
3
Validate and prioritize
Our team filters benign registrations and ranks real threats. You see a prioritized list with evidence.
4
Act and track
You can request evidence and use takedown workflows for abusive variants. We track status and new variants over time.

Example: anonymized case snapshot

Vertical: E-commerce

Threat: Typosquat and lookalike domains capturing customer traffic and credentials

Action: Broad variant monitoring with scoring and evidence for takedown

Outcome: Fewer users hitting malicious lookalikes; faster takedown of abusive variants

Frequently asked questions

How many variants do you monitor?
We monitor thousands of variants per brand (typos, homophones, TLD swaps, and visual lookalikes). The exact set is tuned to your domains and risk tolerance.
Do you handle IDN and Unicode lookalikes?
Yes. We have a dedicated capability for IDN and glyph abuse (e.g. Cyrillic or Greek characters that look like Latin). See our IDN & Glyph Abuse Monitoring solution for more.
What if a variant is registered but not yet used for abuse?
We still flag it so you can decide: monitor it, pursue defensive registration, or prepare evidence for when it becomes abusive. Many teams want visibility early.
How do you reduce false positives?
We score similarity and intent. Human analysts then review and filter out generic or legitimate registrations so you only act on real threats.
Can we use this for defensive registration?
Yes. Our Defensive Registration & Portfolio Strategy solution helps you decide which variants to register defensively. Typosquatting detection feeds into that advice.

Explore further

Related industries

Resources

See how DomainHQ can help

Get a free risk assessment or talk to our team about your domain protection needs.

Request free assessment Contact sales