Brand-protection scanner — typosquats, look-alikes, and CT-log monitoring

The brand-protection module watches for domains that try to impersonate yours and certificates issued for variants of your name.

What we generate

For each monitored domain, we generate 400–1,200 plausible variants:

• Single-character substitutions (m → rn, 0 → O, 1 → l, 5 → S, 8 → B).
• Cyrillic homoglyphs (а for a, е for e, о for o).
• Hyphen insertions and removals.
• TLD swaps across .co, .net, .org, .help, .support, country codes.
• Word additions (-careers, -support, -hq).

What we check

For each variant:

1. Registration status via WHOIS — registered or available.
2. DNS resolution — does it resolve?
3. HTTP fingerprint — if it resolves, we render the page in a headless browser and compare DOM fingerprint to your real site.
4. Certificate Transparency — has any certificate been issued for the variant in the last 30 days?

What you see

Three classes of finding:

• Available — register or affiliate-link — domain is unregistered. We provide a Namecheap affiliate URL so you can register it yourself.
• Registered — passive — taken but not actively used. Worth monitoring.
• Active impersonation — registered AND resolves AND looks like your site. Includes screenshot, host abuse-desk contact, and a takedown template.

Frequency

Weekly for the full sweep; CT logs are checked daily for fresh certificates.