Typosquat Domain Checker

Enter your brand domain to instantly generate typosquat candidates with risk scores and DNS activity status. No signup required.

No signup required · we don't store what you type

Typosquats are lookalike domain names attackers register for phishing, fake login pages, and brand abuse. OpenBait's candidate generator uses character-level mutations, homoglyph swaps, TLD substitutions and brand-prefix combinations to enumerate the full surface in one pass, then enriches each candidate with live DNS lookups and Certificate Transparency log matches so you can tell which lookalikes are actually in use.

What is typosquatting?

Typosquatting is a form of brand abuse where attackers register variants that look like a legitimate domain — for example turning example.com into examp1e.com, еxample.com (Cyrillic `е`), or example.co — then use them for phishing, credential harvesting, or scam payment flows. Unlike a transient phishing page, typosquat domains tend to have long lifecycles: once registered they may sit idle for weeks or months with no DNS before the attacker switches them on.

Common typosquat variant patterns

Homoglyph

Substituting ASCII characters with visually similar Unicode or alternative characters — e.g. Cyrillic `а` in place of Latin `a`, or `1` in place of `l`. Very hard to spot in the address bar.

TLD swap

Keep the stem, swap .com for .co, .net, .shop, .top or any cheap / new gTLD. Cheapest route for attackers and most users never check the suffix.

Character insertion

Inserting an extra letter or hyphen into the brand name — e.g. `opeen-bait.com`, `open-bait.com`. Captures fat-finger typos and mobile T9 mistakes.

Character omission

Dropping one letter — e.g. `opnbait.com`. Short brand names are especially exposed.

Character transposition

Swapping two adjacent characters — e.g. `oepnbait.com`. Catches fast-typing sequencing errors.

How OpenBait detects lookalike domains

  1. 1

    Candidate generation — dnstwist-family character mutations combined with brand-prefix concatenation (sub-brand, brand-sub) and an IDN homoglyph dictionary, expanding hundreds to thousands of candidates per brand.

  2. 2

    Liveness probe — DNS A/AAAA/MX/NS lookups plus Certificate Transparency log search to identify candidates that already have issued TLS certs or active resolution.

  3. 3

    Risk scoring — 0–100 score combining TLD abuse rates (.shop / .top / .xyz run hot), registration age and DNS activity. High-score candidates go straight to the triage queue.

  4. 4

    Automated response — once a lookalike is confirmed, OpenBait generates a standardized abuse report and submits takedown requests to the registrar and browser blocklists on your behalf.

One-shot scan isn't enough. OpenBait monitors new registrations continuously.

This page generates candidates on demand. The OpenBait platform ingests Certificate Transparency logs, Newly Registered Domain (NRD) feeds and registrar bulk data continuously — so new typosquats surface the day they appear, and abuse reports fire automatically when you authorize them.

Start free monitoring

Frequently asked questions

Is this tool really free?
Yes — no signup required, no credit card. We run it because it's the fastest way to show what OpenBait's candidate generator actually produces. The paid product is continuous CT-log monitoring, NRD ingestion and abuse-report automation.
Do you store the domains I enter?
No persistent storage. Your input is used only to compute candidates for the current request. It doesn't hit our database and isn't shared with advertising or third-party analytics.
What does the LIVE tag mean on a result?
It means the candidate has at least one active DNS record (A/AAAA/MX/NS) resolving right now — so it's either already in production or being stood up. Candidates without the LIVE tag are parked: registered but not yet serving content.
Can I scan a subdomain — e.g. id.example.com?
Yes. The tool auto-detects the subdomain, generates variants of the brand stem (example) and also keeps combinations that preserve the subdomain. For most companies we recommend scanning the apex (example.com) as primary and subdomains as secondary checks.
Why do lookalike versions of my domain already exist?
This is extremely common. The high-value .com / .net variants of most brands are picked up by domain squatters within months of the primary registration. OpenBait's "defensive registration recommendations" feature ranks which variants you should register defensively and can walk you through UDRP filings when relevant.
Free Typosquat Domain Checker — Generate lookalike candidates in seconds