Somewhere out there, a domain that looks almost exactly like yours may already be registered. Maybe it swaps one letter. Maybe it uses a Cyrillic character that is visually identical to a Latin one. Maybe it just adds the word "login" or "secure" to your brand. These lookalike domains are the raw material of phishing, and most companies have no idea how many exist for their brand until something goes wrong.
Today we are launching a free tool to change that: a phishing and typosquatting domain scanner that shows you, in seconds, exactly how many lookalike domains exist for your brand and which ones are the most dangerous.
What is typosquatting?
Typosquatting is the practice of registering domains that are deliberate misspellings or near-matches of a legitimate brand. The classic examples are a doubled letter or a swapped character, like gooogle.com or paypa1.com. The whole attack relies on the fact that a single character is all that separates the fake from the real thing — easy to register, easy to overlook, and dangerously effective when used to host a phishing page or send spoofed email.
Beyond typos: the full lookalike playbook
Typosquatting is only one category. Attackers use a whole toolbox of permutation techniques to build convincing lookalikes, and a good scanner has to cover all of them:
Typosquatting. Character swaps, omissions, insertions, and transpositions that mimic common typing mistakes.
Homoglyph and IDN attacks. Visually identical characters borrowed from other alphabets — a Cyrillic "a" or a Greek "o" — and punycode domains that render as your brand in the address bar.
TLD swaps. The exact same name registered on .net, .io, .co, .org, and dozens of other extensions while you only own the .com.
Combosquatting. Your brand combined with a keyword, like brand-login, brand-support, or secure-brand, which is the most common pattern in real-world credential phishing.
Introducing the free phishing and lookalike domain scanner
The new phishing and typosquatting domain scanner is completely free and requires no account. You enter your domain, and the scanner generates candidate lookalikes across every category above, then live-checks each one against real DNS and WHOIS. There is no email wall and no fabricated scare — if zero lookalikes are found, it tells you so honestly.
What the scanner checks for every variant
Detecting a registered lookalike is just the start. For each variant that resolves, the scanner gathers the signals that tell you whether it is a real threat:
Registration status. Whether the lookalike is actually registered, or still available.
A record. Whether it resolves to a live IP address, and where that server is hosted.
MX record. Whether it can send or receive email — the single strongest signal that a domain is being weaponized for phishing.
WHOIS detail. The registrar and registration date, so you can see how recently the lookalike appeared.
Why we show the scariest three
The free scan always shows the true, full count of detected lookalike domains, plus the three most dangerous ones in full detail. "Most dangerous" is not alphabetical — it is risk-ranked. A lookalike that is registered, resolves to a live host, can send email, and was registered recently is far more threatening than one parked on a placeholder page. Those are the ones you want to see first, and those are the ones the scanner puts front and center.
A snapshot is not enough
Here is the uncomfortable truth about any one-time scan: the list you see today is not the list you will have next week. New lookalike domains are registered constantly, often in waves timed to product launches, marketing campaigns, or major events. Catching them once is useful. Catching them as they appear is what actually protects your brand.
That is what DNS Spy's Phishing Sentinel does. It monitors your domain around the clock, enriches every newly discovered variant with hosting, ASN, geolocation, and SSL certificate detail, and alerts your team through Slack, email, webhooks, and more the moment a new impersonation domain is registered. The free scanner is the snapshot; Phishing Sentinel is the continuous watch.
Scan your domain now
See how many lookalike domains already exist for your brand. Run a free scan — no signup, results in seconds — with the phishing and typosquatting domain scanner, then start a free trial to see the complete list and turn on continuous monitoring.
