Lookalike Domain Checker
Paste a domain to generate every typosquat, homoglyph, TLD-swap, and IDN lookalike an attacker could register, grouped by technique. The highest-priority variants get a live DNS check so you can see which are already registered.
Typosquat checker and lookalike domain generator
This typosquat checker generates the lookalike domains an attacker could register to impersonate yours, then checks which of the highest-priority ones already resolve in DNS. It covers the techniques real phishing uses: TLD swaps (your exact name on a different extension), prefix spoofs (mail-yourbrand, secure-yourbrand), keyboard typos and bitsquats, dropped, doubled, and swapped letters, ASCII homoglyphs, and IDN / Punycode homoglyphs that look identical to the eye.
Why it matters
An attacker does not need to spoof your real domain when they can register one that looks like it. Knowing the list of lookalikes lets you do two things: register the few highest-value ones defensively, and monitor the rest so you find out the moment one is registered against you. The variants at the top of the list (TLD swaps and close typos) are the ones attackers reach for first, so they are where defensive budget goes furthest.
How to read the result
Variants are grouped by technique and ordered by phishing priority. A registered badge means the domain resolves in DNS, so someone owns it (that could be a defensive registration, a parked domain, or a live threat, this tool does not say which). Not resolving means it does not resolve right now. Not checked means it is past the per-request DNS check cap and is shown for completeness only. To confirm whether a registered lookalike is actually weaponized, scan it in the full live tool.
Related
- How to find lookalike domains, the free how-to behind this tool (Certificate Transparency logs, WHOIS, alerts).
- What is typosquatting and typosquatting vs combosquatting, the background on the attack.
- Defensive registration, deciding which lookalikes are worth registering.
- Free domain scan to check these variants against live DNS plus your email authentication posture in one pass.
Frequently asked questions
What is a typosquat?
A typosquat is a domain registered to look like a real one, built from a predictable typing mistake: a swapped or doubled letter, a dropped character, an adjacent-key slip (the kind that turns net64 into net63), or your exact name on a different extension such as .net or .co. Attackers register them so a person who mistypes your address, or who skims a link in an email, lands on a domain they own instead of yours.
What is the difference between a typosquat and a homoglyph domain?
A typosquat relies on a typing error you could spot if you looked closely (paypa1.com with a digit one for the letter l). A homoglyph domain relies on a character that looks identical at a glance: a Latin letter swapped for a visually identical Cyrillic or Greek one, encoded as Punycode for DNS. Homoglyphs are harder for a human to catch because nothing looks misspelled, so they are a favourite for high-effort phishing. This tool generates both, plus IDN homoglyphs.
How many of these lookalike domains should I register?
Defensive registration is a budget decision, not an all-or-nothing one. The highest-value targets are the ones at the top of the generated list: your exact name on the common TLDs (.com, .net, .org, .co), and the one or two character-swap typos closest to your real name. Registering all of them is rarely worth it; the practical move is to register the handful an attacker is most likely to use, and to monitor the rest so you find out the moment one is registered against you.
Does this tool check if a lookalike domain is malicious?
No. This tool generates the lookalike candidates and checks whether each top-priority one resolves in DNS, which tells you whether it is registered. It does not fetch the site, inspect content, or check threat feeds, so a registered result is not proof of phishing (it may be a defensive registration, a parked domain, or unrelated). To run a full live scan that checks the variants against DNS, your email authentication posture, and reputation data, use the free domain scan at /check.
Want ongoing monitoring?
This tool is a one-shot check. PhishFence watches your domain with automated hourly monitoring (daily on Free) for DMARC changes, new lookalike registrations, and spoofing attempts.