Skip to main content
Enterprise|Brand Protection / Legal

Domain Portfolio Protection

Monitor for typosquatting and brand impersonation

Attackers register domains similar to your brand for phishing and fraud. EdgeDNS helps you discover and monitor potentially infringing domains.

The Challenge

Brand impersonation through lookalike domains is a growing threat. Attackers use typosquatting, homograph attacks, and similar-sounding domains to trick customers and steal credentials.

The Solution

Monitor domain registration patterns using WHOIS data, SSL certificate issuance via CT logs, and assess domain trustworthiness to identify potential brand abuse. For domains you own, subscribe them for continuous monitoring to detect unauthorized DNS changes, certificate swaps, and WHOIS transfers that could indicate domain theft.

Endpoints Used

Combine these EdgeDNS endpoints to build this solution.

GET
/v1/domain/whoisTry in Playground

WHOIS Lookup: Check domain registration dates and ownership

GET
/v1/domain/sslTry in Playground

SSL Certificates: Monitor certificate issuance from CT logs

GET
/v1/score/trustTry in Playground

Trust Score: Evaluate domain legitimacy and risk

GET
/v1/dns/lookupTry in Playground

DNS Lookup: Check if suspicious domains are active

GET
/v1/subscriptionsTry in Playground

Domain Subscription: Subscribe owned domains for private WHOIS, DNS, and cert change monitoring

GET
/v1/subscriptions/:id/alertsTry in Playground

Subscription Alerts: Get alerted to WHOIS changes, DNS modifications, and cert renewals

Results You Can Achieve

Detect impersonation domains within hours of registration

Continuous typosquat and homoglyph scanning surfaces lookalike domains as they appear in registries — typically before they become operational phishing infrastructure.

12-algorithm permutation coverage on every scan

Typo, homoglyph, TLD-flip, semantic, and IDN-based variants — twelve permutation strategies run on every brand-monitoring scan.

WHOIS + CT-log evidence per match

Each detected lookalike returns registration date, registrar, contact, and certificate-issuance timeline — sufficient for a UDRP filing or registrar abuse report.

Private monitoring isolated to your organization

Subscribed monitoring runs against your domain set without exposing it through public passive-DNS feeds. Adversaries using DNSDB or similar tooling cannot see what you are watching.

Code Example

Check suspicious domains for brand abuse

javascript
const suspiciousDomain = 'examp1e-secure.com';
const headers = { 'Authorization': 'Bearer YOUR_API_KEY' };

const [whois, trust, active] = await Promise.all([
  fetch(`https://api.edgedns.dev/v1/domain/whois?domain=${suspiciousDomain}`, { headers }),
  fetch(`https://api.edgedns.dev/v1/score/trust?domain=${suspiciousDomain}`, { headers }),
  fetch(`https://api.edgedns.dev/v1/dns/lookup?domain=${suspiciousDomain}&type=A`, { headers }),
]);

const data = await Promise.all([whois.json(), trust.json(), active.json()]);

if (data[1].data.score < 30 && data[2].data.records.length > 0) {
  console.log('High-risk active domain detected:', suspiciousDomain);
}

Learn More

Explore industry standards and best practices related to this use case.

ICANN DNS Abuse Mitigation Program

ICANN's centralized program for addressing DNS abuse including typosquatting and phishing

Anti-Phishing Working Group (APWG)

International coalition of 2,000+ institutions focused on countering phishing and domain abuse

ICANN Uniform Domain-Name Dispute-Resolution Policy

Dispute resolution policy for addressing bad-faith domain registrations and cybersquatting

Ready to build Domain Portfolio Protection?

Get started with 200 free API requests per month. No credit card required.

Get Started FreeTry the Playground

Other Use Cases

Email Marketing / DevOps

Email Deliverability Monitoring

Improve inbox placement with proactive email authentication monitoring

Security Engineer / Compliance Officer

Security Compliance Auditing

Automate security posture assessments for SOC 2 and ISO 27001