Brand Protection

Catch lookalike domains before
your customers do.

Continuous monitoring across hundreds of typosquat, homoglyph, hyphen, and TLD-swap variants per domain. Multi-signal risk scoring on DNS, SSL, MX, and live HTTP content. Takedown workflows with RDAP-harvested abuse contacts.

From $0 free on 1 domain · paid from $49/mo

Tiers up to 100 domains. See the four-tier breakdown below.

Sold separately from Email Security
Start free → Try a free domain scan

Free on 1 domain. Paid tiers up to 100 domains. No base plan required. Sold separately from Email Security.

Choose your tier

Four tiers, sized to your domain footprint

Free for 1 domain, paid tiers for 5 / 20 / 100. Cancel anytime.

Free

$0 /mo
  • Monitor 1 domain
  • 5 visible alerts per domain
  • Daily scans (every 24 hours)
  • Email alerts
  • Basic abuse report tools
  • Access to guides
  • Google sign-in
Get Started Free

Starter

$49 /mo
  • Monitor up to 5 domains
  • Everything in Free, plus:
  • Unlimited alerts
  • Hourly scans
  • Email, Slack, and Webhook alerts
  • CT log monitoring
  • Threat intelligence feeds
  • Full abuse report and phishing tools
  • REST API access
  • Priority support
Get Started

Pro

Most Popular
$99 /mo
  • Monitor up to 20 domains
  • Everything in Starter, plus:
  • Site screenshots (headless Chromium)
  • Daily visual change detection
  • Tracked pages: 5 per domain (auto-baseline login/checkout/account)
  • Screenshot history (up to 30 per alert)
  • CDN detection
  • Domain availability and pricing checks
Get Started

Business

$499 /mo
  • Monitor up to 100 domains
  • Everything in Pro, plus:
  • Tracked pages: 20 per domain (4x Pro's quota)
  • Team access (up to 10 members)
  • Audit log export
  • Compliance-ready: supports NIS 2, DORA, HIPAA, PCI DSS 4.0
Get Started

Sold separatelyBrand Protection is sold separately from Email Security. Both products ship a Free tier on 1 domain so you can try either before paying.

Everything you need

From detection to takedown, in one workflow

Find lookalike domains the moment they appear, see what makes each one dangerous, and submit takedowns without leaving the app.

Every variation, automatically

PhishFence checks every way an attacker could twist your domain name: typos, homoglyphs, hyphen insertions, TLD swaps. Hundreds of variants per domain on every scan. The squat that other tools miss is usually the one that hits your customers.

Early Warning via CT logsStarter+

PhishFence taps Certificate Transparency feeds so you see new lookalike registrations within minutes of an attacker requesting a TLS certificate, often before the phishing campaign even goes live.

Signal-based risk scoring

Every lookalike is scored by active signals: DNS resolution, SSL certificates, live web content, MX records (mail capability), and matches against threat-intel feeds (URLhaus, Google Safe Browsing, PhishTank, VirusTotal). You see exactly what each domain is doing and which to triage first.

Visual proof of cloningPro

Screenshots of every lookalike are captured automatically and tracked over time so you can spot when a dormant domain turns into an active phishing site. PhishFence also auto-baselines your high-value pages (login, checkout, account) so a cloned /login scores against the real /login. Pro tracks 5 pages per domain, Business tracks 20.

Takedown reports in minutes

Stop hunting registrar abuse contacts by hand. PhishFence does the RDAP lookup, pre-fills the report, and links directly to the registrar's abuse form. What used to take days takes minutes.

Report to blocklists

One-click submission to Netcraft, plus deep links and pre-filled reports for Google Safe Browsing, Microsoft SmartScreen, PhishTank, and Cloudflare. Track which services you have reported to per alert so nothing gets double-filed or forgotten.

Use cases

Built for these specific threats

Typosquatting

Catch acmme.com, gooogle.com, the misspellings your customers actually fall for.

Brand impersonation

Spot cloned login pages and content scrapes before they convert your users.

Phishing takedown

RDAP abuse contacts, pre-filled emails, multi-channel blocklist reports.

Need DMARC, SPF, DKIM, MTA-STS, and TLS-RPT monitoring too? See Email Security →

Frequently asked

What is brand protection in the context of domain monitoring?
Brand protection here means continuously scanning the global DNS and Certificate Transparency log corpus for domains that impersonate your brand: typosquats (acmme.com), TLD swaps (acme.io), homoglyphs (Cyrillic-a in аcme.com), prefix/suffix spoofs (acme-login.com), and combosquats (acme-secure-pay.com). Each detection is risk-scored on DNS resolution, SSL cert issuance, MX records, live HTTP content, and threat-intel feeds so you triage real threats first.
How is PhishFence Brand Protection different from DNSTwist or other free tools?
DNSTwist and dnstwister.it are excellent one-shot scanners but ship no continuous monitoring, no alerting, no risk scoring beyond domain similarity, and no takedown workflow. PhishFence runs hourly scans on paid tiers, scores each variant on DNS + SSL + MX + HTTP signals plus threat-intel feeds, captures screenshots on Pro+, surfaces alerts in email + Slack + Discord + Teams + webhooks, and includes pre-filled abuse reports with the registrar's contact RDAP-harvested. Free on 1 domain so you can compare directly.
How many variants do you check per domain?
Typically 200-500 per scan depending on the brand-name length. The variant generator covers nine attack patterns: TLD swaps, prefix/suffix spoofs, keyboard typos, character omission, transposition, repetition, hyphen insertion, homoglyph substitution, and IDN. The highest-signal variants emit first so the scan's priority slice always covers the most dangerous patterns.
Does Brand Protection include Email Security?
No. Brand Protection (lookalike + typosquat monitoring) and Email Security (DMARC, SPF, DKIM, MTA-STS, TLS-RPT) are separate product lines, sold separately at every tier. Buy either on its own or both together. Email Security has its own free tier on 1 domain plus paid tiers at $20/$69/$399 per month. See /email-security for the full Email Security breakdown.
What can I do when PhishFence finds a real phishing site?
Each alert opens a takedown workflow: PhishFence does the RDAP lookup to find the registrar's abuse contact and pre-fills the abuse-report email body using a template that survives most registrar triage filters. One-click submission to Netcraft, plus pre-filled reports and deep links for Google Safe Browsing, Microsoft SmartScreen, PhishTank, and Cloudflare's abuse forms. The phishing-takedown use-case page walks through the full flow.

Catch the next phishing campaign before it goes live.

Most domain-monitoring tools flag registrations and stop there. PhishFence scores by active infrastructure, captures evidence, and takes you straight to takedown.

Start free → Try a free domain scan

Free on 1 domain. Paid tiers from $49/mo (5 domains) up to $499/mo (100 domains). Sold separately from Email Security. Cancel anytime.