A typosquat checker (also called a lookalike domain scanner) scans the internet for domains that are slight misspellings or visual variations of your domain — for example, g00gle.com or gooogle.com targeting google.com. These typosquatting domains are registered by attackers to intercept email, impersonate your brand, or run phishing campaigns against your employees and customers.

Typosquatting is a cyber attack where an adversary registers domain names that closely resemble a target’s legitimate domain. Common techniques include letter transposition (e.g. acme vs amce), character insertion or deletion, homoglyph substitution (replacing letters with visually similar characters), and TLD variations (e.g. .net instead of .com). Typosquatted domains are frequently used for business email compromise (BEC), phishing, and brand impersonation.

Enter your work email address and SpoofChecker extracts your domain, generates hundreds of typo permutations — character swaps, insertions, deletions, homoglyphs, and TLD variations — then checks DNS records in real time to find which ones are actively registered. Results appear in seconds and are emailed to you for free.

The free scan checks DNS-registered lookalike domains in real time. The full scan also detects WHOIS-only registrations (domains registered but not yet live in DNS), identifies mail servers on lookalike domains indicating active phishing infrastructure, provides registrar and threat intelligence data, and monitors for new typosquatting registrations 24/7 with automated alerts.