Brand Protection & Threat Monitoring
Detect typosquatting, phishing domains, and malicious impersonation targeting your brand
Attackers register lookalike domains to phish your customers, steal credentials, and damage your brand. EdgeDNS detects typosquatting variations, checks domains against threat databases, and provides the evidence you need for takedown requests — all through automated API calls.
The Challenge
Typosquatting and brand impersonation attacks are increasing. Attackers register domains that look like yours using character substitution, homoglyphs, and TLD swaps. By the time you discover them, phishing campaigns have already reached customers. Manual monitoring across domain registries is impractical at scale.
The Solution
Use EdgeDNS threat intelligence APIs to automatically generate typosquat variations using 12 algorithms, check domains against malware and phishing databases (URLhaus, OpenPhish, Google Web Risk), identify bogon IP ranges for firewall rules, and build documented evidence for UDRP takedown requests.
Endpoints Used
Combine these EdgeDNS endpoints to build this solution.
/v1/domain/threatTry in PlaygroundDomain Threat Check: Check domains against malware, phishing, and threat databases
/v1/domain/typosquatsTry in PlaygroundTyposquatting Detection: Generate and resolve domain variations using 12 permutation algorithms
/v1/ip/bogon/rangesTry in PlaygroundBogon Ranges: Get all bogon IP ranges with RFC references for firewall ACLs
/v1/score/trustTry in PlaygroundTrust Score: Evaluate domain trustworthiness from 7 weighted signals
/v1/domain/whoisTry in PlaygroundWHOIS Lookup: Check registration dates and ownership details for takedown evidence
Results You Can Achieve
Detect brand impersonation before customer impact
Automated typosquat scanning with 12 permutation algorithms finds lookalike domains before they launch phishing campaigns
Multi-source threat intelligence in one call
Check against URLhaus, OpenPhish, Google Web Risk, and curated threat feeds — reducing false negatives compared to single-source checks
Documented evidence for takedown requests
WHOIS registration data, threat detection results, and trust scores provide documentation for UDRP disputes and registrar abuse reports
Code Example
Scan for brand impersonation threats
const brandDomain = 'mycompany.com';
const headers = { 'Authorization': 'Bearer YOUR_API_KEY' };
// Generate typosquat variations and find active ones
const typosquats = await fetch(
`https://api.edgedns.dev/v1/domain/typosquats?domain=${brandDomain}`,
{ headers }
).then(r => r.json());
const activeThreats = typosquats.data.variations
.filter(v => v.resolves && v.risk !== 'none');
// Check each active lookalike against threat databases
for (const threat of activeThreats) {
const [threatCheck, trust] = await Promise.all([
fetch(`https://api.edgedns.dev/v1/domain/threat?domain=${threat.domain}`, { headers }),
fetch(`https://api.edgedns.dev/v1/score/trust?domain=${threat.domain}`, { headers }),
].map(p => p.then(r => r.json())));
if (threatCheck.data.is_malicious || trust.data.score < 30) {
console.warn('HIGH RISK:', threat.domain, '- Trust:', trust.data.score);
}
}Learn More
Explore industry standards and best practices related to this use case.
ICANN DNS Abuse Mitigation
ICANN's resources and policies for reporting and mitigating DNS abuse including typosquatting and phishing
Anti-Phishing Working Group (APWG)
Global industry coalition focused on phishing research, threat data sharing, and countermeasure development
Palo Alto Unit 42: Newly Registered Domains
Research on how newly registered domains are weaponized for phishing and malware distribution campaigns
Ready to build Brand Protection & Threat Monitoring?
Get started with 200 free API requests per month. No credit card required.