Skip to content

Brand protection

How exposed is your brand?

Enter your brand name and we’ll generate every typo-squat, keyboard slip, character swap, and homoglyph look-alike variant — then check which ones are already registered.

Methodology

How the checker works

NameNotifier generates variant domains through eight deterministic transformations against your input brand. Each transformation targets a distinct attack surface.

  • Keyboard adjacency
    Each character is swapped for its QWERTY neighbors (e.g., 'a' → q/s/w/z). Matches the most common fat-finger path — users typing fast don't verify.
  • Character omission
    Drop one character at a time (e.g., 'stripe' → 'tripe', 'sripe', 'stipe'). Captures dropped-key misspellings.
  • Doubling
    Double any single character (e.g., 'figma' → 'ffigma', 'fiigma'). Catches sticky-key and muscle-memory typos.
  • Transposition
    Swap adjacent characters (e.g., 'notion' → 'ntoion'). One of the highest-rate typo patterns in human input.
  • Homoglyph substitution
    Replace Latin characters with visually identical characters from Cyrillic, Greek, and extended Latin. The 'pаypal.com' class of attack. Most rendering engines make these indistinguishable.
  • TLD swap
    Register the brand under lookalike TLDs (.co / .cm / .om / .net / .biz). The 'missed the period' and 'cousin-TLD' phishing surface.
  • Hyphenation
    Insert a hyphen at each position (e.g., 'vercel' → 'v-ercel', 've-rcel'). Bypasses naive brand filters and creates UX-plausible variants.
  • Vowel swap
    Replace vowels with phonetic neighbors (e.g., 'stripe' → 'stripe'/'stripee'). Catches accent-mark and language-variant typos.

FAQ

Frequently asked questions.

What counts as a typo-squat?

A typo-squat is a domain registered under a spelling variation of an established brand that users can reach by fat-fingering the URL bar — adjacent-key slips, character doubling, missing letters, transpositions. We also flag homoglyph attacks (Latin characters swapped for Cyrillic/Greek look-alikes that render identically on most fonts) and hyphenation splits.

Why check this if I haven't been attacked yet?

Most phishing campaigns use pre-registered typo-squat domains held in a dormant state for months before activation. By the time a campaign runs, the attacker already owns the variants. Monitoring lets you register, UDRP, or at least alert on the domains before they're weaponized against your users.

Do you check every TLD?

The live checker covers common lookup TLDs via RDAP with WHOIS fallback. Continuous monitoring (via NameNotifier alerts) extends to all 54 gTLDs in our zone-file ingest, including .org, .app, .dev, .tech, .store, .xyz, .cloud, .shop, and more.

What's a homoglyph?

A character from one script that looks identical (or near-identical) to a character in another script. The Cyrillic 'а' (U+0430) renders the same as Latin 'a' in most fonts but registers as a different domain. Attackers exploit this to create domains like 'pаypal.com' that visually read as 'paypal.com' but route to a phishing server.

Is the free checker all there is?

The free page covers the initial audit. For ongoing monitoring — daily alerts when any variant is registered, expired, or changes hands — upgrade to a Brand Protection plan. That pipes zone-file signals through NameNotifier's alert system the same way domain investors use it for drop-catching, but tuned for your registered portfolio.

How many variants does a typical 6-letter brand generate?

200-500, depending on the character composition. Longer brands and brands with vowel-heavy clusters produce more. Homoglyph expansion alone can multiply that by 3-10x when you include all script look-alikes. Most brands find 5-30% of variants are already registered, and a meaningful fraction of those resolve to active typo-squat infrastructure.

Continuous monitoring

Audit today, monitor forever.

One-off audits catch variants that exist today. Attackers register new variants weekly. NameNotifier’s Brand Protection plans pipe every matching zone-file event — new registrations, expirations, ownership changes — straight into your email, Slack, or webhook within the drop window.

See Brand Protection plans
Brand Protection Check - NameNotifier - NameNotifier