Typosquatting Detection

pro

GET/v1/domain/typosquats

Generates domain name variations using 12 permutation algorithms and checks which ones resolve to active servers. Identifies potential typosquatting threats including homoglyph attacks, character swaps, TLD variations, and more.

What It Does

Applies 12 typosquatting algorithms (character omission, swap, doubling, insertion, adjacent key substitution, homoglyph substitution, TLD swap, hyphenation, bitsquatting, vowel swap, subdomain insertion, plural/singular) to generate domain variations, then batch-resolves them via DNS to find active threats.

Why It's Useful

Typosquatting is a leading vector for phishing, credential theft, and brand abuse. Proactively identifying registered lookalike domains enables takedown requests and employee awareness training.

Use Cases

Brand Protection Manager

Brand Protection Sweep

Run weekly scans against company domains to identify newly registered typosquat domains that could be used for phishing.

Enable proactive takedown via ICANN UDRP dispute resolution or registrar abuse reports before lookalike domains impact customers.

SOC Analyst

Phishing Campaign Analysis

When a phishing email is reported, quickly check all common variations of the spoofed domain to find the full scope of the campaign.

Identify all domains in a phishing campaign, not just the one reported, for comprehensive blocking.

IT Manager

Domain Registration Defense

Before launching a new brand, check which typosquat variations are already registered and defensively register critical ones.

Prevent brand abuse by registering high-risk typosquat domains before attackers do.

Parameters

Name	Type	Required	Description
`domain`	string	Required	The domain to check for typosquatting variationsExample: `example.com`
`check_dns`	string	Optional	Whether to resolve variations via DNS to check registration and activity (default: true). Set to false for fast variation-only results.Example: `true`

Response Fields

Field	Type	Description
`domain`	string	The original domain checked
`total_variations`	number	Total variations generated across all algorithms
`registered_count`	number	Variations that are registered in DNS (may not resolve to an IP)
`resolving_count`	number	Variations resolving to active servers with A records
`variations`	array	Each variation with domain, type, registered, resolves, ip, has_mx, and risk level (high/medium/low/none)

Code Examples

cURL

curl "https://api.edgedns.dev/v1/domain/typosquats" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d "domain=example.com"

JavaScript

const response = await fetch(
  'https://api.edgedns.dev/v1/domain/typosquats?domain=example.com',
  {
    headers: {
      'Authorization': 'Bearer YOUR_API_KEY'
    }
  }
);

const data = await response.json();
console.log(data);

Python

import requests

response = requests.get(
    'https://api.edgedns.dev/v1/domain/typosquats',
    headers={'Authorization': 'Bearer YOUR_API_KEY'},
    params={
    'domain': 'example.com'
    }
)

data = response.json()
print(data)

Read the full Typosquatting Detection guide

Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.

Read the guide →

Related Endpoints

Domain Threat Check

Check domain against malware and phishing databases

DNS Lookup

Query any of 22 DNS record types or ALL at once with DNSSEC validation

External References

Learn more about the standards and protocols behind this endpoint.

IANA Special-Purpose Registries RFC 9224 - RDAP

Try This Endpoint

Test the Typosquatting Detection endpoint live in the playground.

Open in Playground Get API Key