Homoglyph
Substituting ASCII characters with visually similar Unicode or alternative characters — e.g. Cyrillic `а` in place of Latin `a`, or `1` in place of `l`. Very hard to spot in the address bar.
Enter your brand domain to instantly generate typosquat candidates with risk scores and DNS activity status. No signup required.
Typosquats are lookalike domain names attackers register for phishing, fake login pages, and brand abuse. OpenBait's candidate generator uses character-level mutations, homoglyph swaps, TLD substitutions and brand-prefix combinations to enumerate the full surface in one pass, then enriches each candidate with live DNS lookups and Certificate Transparency log matches so you can tell which lookalikes are actually in use.
Typosquatting is a form of brand abuse where attackers register variants that look like a legitimate domain — for example turning example.com into examp1e.com, еxample.com (Cyrillic `е`), or example.co — then use them for phishing, credential harvesting, or scam payment flows. Unlike a transient phishing page, typosquat domains tend to have long lifecycles: once registered they may sit idle for weeks or months with no DNS before the attacker switches them on.
Substituting ASCII characters with visually similar Unicode or alternative characters — e.g. Cyrillic `а` in place of Latin `a`, or `1` in place of `l`. Very hard to spot in the address bar.
Keep the stem, swap .com for .co, .net, .shop, .top or any cheap / new gTLD. Cheapest route for attackers and most users never check the suffix.
Inserting an extra letter or hyphen into the brand name — e.g. `opeen-bait.com`, `open-bait.com`. Captures fat-finger typos and mobile T9 mistakes.
Dropping one letter — e.g. `opnbait.com`. Short brand names are especially exposed.
Swapping two adjacent characters — e.g. `oepnbait.com`. Catches fast-typing sequencing errors.
Candidate generation — dnstwist-family character mutations combined with brand-prefix concatenation (sub-brand, brand-sub) and an IDN homoglyph dictionary, expanding hundreds to thousands of candidates per brand.
Liveness probe — DNS A/AAAA/MX/NS lookups plus Certificate Transparency log search to identify candidates that already have issued TLS certs or active resolution.
Risk scoring — 0–100 score combining TLD abuse rates (.shop / .top / .xyz run hot), registration age and DNS activity. High-score candidates go straight to the triage queue.
Automated response — once a lookalike is confirmed, OpenBait generates a standardized abuse report and submits takedown requests to the registrar and browser blocklists on your behalf.
This page generates candidates on demand. The OpenBait platform ingests Certificate Transparency logs, Newly Registered Domain (NRD) feeds and registrar bulk data continuously — so new typosquats surface the day they appear, and abuse reports fire automatically when you authorize them.
Start free monitoring