Typosquatting (Domain scan)

What “typosquatting” means here

Typosquats are domains that look like yours but are slightly different: extra letters, missing letters, hyphens, visually similar characters, or your brand name on free hosting subdomains (pages.dev, netlify.app, etc.). Attackers use them for phishing, fraud, or brand abuse.

PhishEye does not buy domains for you; it discovers and scores candidates so your team can review and act.

What happens when PhishEye runs a scan (how it works)

Think of a scan as an automated research pass on your primary domain:

1. Candidates — The system generates many possible look-alike domains (permutations) from your brand domain.
2. DNS — It checks which candidates actually exist in public DNS (registered / resolving names).
3. Extra discovery (if turned on) — For example:
   • Names from certificate transparency logs.
   • Free-host names where your brand (or typos of it) might sit on a free provider.
4. Risk signals (if turned on) — Such as a page preview or page or icon similarity to your real site.
5. Results — Saved to the workspace and shown on Typosquatting. A new run replaces the last snapshot so you always see current candidates.

Scans can take several minutes. If a run seems stuck, wait; the product may also offer a way to refresh a run.

Using the Typosquatting page

• Open Typosquatting in the sidebar.
• The table lists candidate domains and signals (DNS, scores, free-host tags, optional HTTP or similarity columns—exact columns can vary).
• Use filters and sorting for high risk or not yet reviewed.
• Mark items reviewed when your process says so.
• Screenshots (if present) help spot impersonation; failed previews can be normal for some hosts.

If something looks wrong for everyone on your team (for example a column never appears), use your organization’s usual support path. A missing column is usually not caused by your own device.