Skip to main content
ShieldMarc
100% free, no sign-up needed

Typosquat & Lookalike Domain Scanner

Find domains that impersonate your brand. Select your region to check country-specific TLDs, see which lookalikes are already registered, and discover high-risk domains you should defensively register before an attacker does.

New to brand protection? Read our Lookalike Domain Protection guide for a full explanation.

Checks country-specific TLDs for your market

What Does This Scanner Check?

We generate over 100 permutations of your domain using techniques that real attackers use, then check each one via DNS to confirm whether it is registered. Every result is scored by risk level so you can focus on what matters most.

  • TLD variations: Your exact brand name on different extensions. If you own example.com, we check example.co.uk, example.net, example.io, and region-specific ccTLDs based on your market.
  • Typosquatting: Common misspellings including character omission, adjacent swaps, and vowel substitutions.
  • Homoglyphs:Visually similar characters like replacing "m" with "rn" or "o" with "0".
  • Keyword squatting:Your brand combined with phishing keywords like "login", "secure", or "verify".
  • Structural tricks: Dot insertion, hyphen manipulation, character repetition, and plural/singular variations.

Why Region Matters

A UK-based business should be watching .co.uk, .uk, and .org.uk variants of their brand. An Australian company needs to monitor .com.au and .co.nz. Attackers target the TLDs your customers trust most. Select your region above to ensure country-code TLDs relevant to your market are included in the scan.

Registered Threats vs Defensive Opportunities

Not every result is equal. We categorise findings into three risk levels:

  • Critical: Your exact brand on a different TLD, either registered by someone else (immediate threat) or available for you to claim.
  • High: Registered lookalikes using techniques like homoglyphs or character swaps, or high-risk unregistered domains you should defensively register.
  • Medium: Other permutations that are less likely to be confused with your brand but still worth monitoring.

What Should I Do With These Results?

  • Investigate registered threats: Check whether they host content, have MX records, or serve as phishing pages. Not all are malicious, but all warrant review.
  • Defensively register high-risk domains:The "Defend These" tab shows unregistered domains that pose the greatest impersonation risk. Registering them prevents attackers from doing so.
  • Report malicious domains: If a lookalike is being used for phishing, report it to the registrar and to services like Google Safe Browsing.
  • Enforce DMARC: Publish DMARC at p=reject so spoofed emails from your real domain are blocked. This does not stop emails from lookalike domains, but it protects your exact domain.

Frequently Asked Questions

How many permutations do you check?

We generate 100+ lookalike candidates per domain using ten techniques: character omission, adjacent swaps, homoglyph substitution, character repetition, dot insertion, hyphen manipulation, vowel swaps, plural/singular, keyword squatting, and region-aware TLD variations. Each is checked via DNS to confirm registration.

Why should I select my region?

Different regions have different country-code TLDs that your customers recognise and trust. Selecting your region ensures we check the extensions most relevant to your market. For example, a UK business should check .co.uk and .uk variants.

What are "Defend These" domains?

These are high-risk permutations of your brand that are not yet registered by anyone. We flag them because they are particularly convincing lookalikes (such as your exact brand on a popular TLD). Defensively registering them is an effective way to prevent future abuse.

Does a registered lookalike mean I am being attacked?

Not necessarily. Some lookalike domains are registered by other legitimate businesses or parked by domain investors. However, any registered lookalike is a potential risk and should be investigated.

How does this differ from the ShieldMarc dashboard?

This free tool gives you a point-in-time snapshot. The ShieldMarc dashboard provides continuous monitoring: it tracks MX record changes on typosquatted domains, monitors DMARC enforcement on similar domains, alerts you when new lookalikes are registered, and correlates signals across DNS, SSL, and web content in a single view.

Related Tools

Related Guides