Typosquatting Data Feed | WhoisXML API
Products APIs Data Feeds Web Tools Domain Research & Monitoring Enterprise Packages
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Predictive Threat Intelligence Feeds
Predictive Threat Intelligence Feeds

Predictive threat intelligence is your best first line of defense. Subscribe to the feeds to strengthen your cybersecurity posture. Contact us today for more information.

WhoisXML API Internet Infrastructure
Internet Infrastructure

Unlock integrated intelligence on Internet properties and their ownership, infrastructure, and other attributes.

Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Discover what you really pay for when buying commercial Internet intelligence data.

Download now
×
Contact Us
Specifications Pricing Blog

Detect typosquatting and phishing domains as part of suspicious bulk registrations

Typosquatting Data Feed enables users to keep tabs on all suspiciously similar domain names possibly used in typosquatting/phishing campaigns and registered on a given day, week, or month. The Enriched database version also lets you access the groups of detected domains with their corresponding WHOIS data.

Request a Quote Download samples
Easily detect all typosquatting domain names as soon as they are registered each day
10,000+ Domains added daily
250,000+Newly registered domains monitored daily
60%+Cyber 150 in key categories trust us
52,000+Satisfied customers

Benefits

  • Comprehensive in nature

    Stay on top of all domains with telltale signs of typosquatting, phishing, and other forms of suspicious bulk registrations. Our feed gives a thorough daily, weekly, or monthly overview of all suspicious domain variants among all newly registered domains in our database.

  • Investigate without an initial clue

    No user input or initial clue is required to return groups of new domain name registrations that may be involved in typosquatting attacks and other brand misrepresentations.

  • Meaningful analysis

    With Typosquatting Data Feed, users can focus their attention directly on the most likely instances of domain typosquatting without having to spend time or effort screening all WHOIS registration data.

  • Early detection near-real time

    Groups of possible typosquatted domains are identified on the very day they become technically operational in the Domain Name System.

  • Convenient and easy

    Typosquatting Data Feed’s files are available in .csv format and categorized in sequential groups of similar-looking domain names with data fields that are easy to navigate and interpret.

  • Backed by incredible expertise

    Typosquatting Data Feed builds on 10+ years of expertise and WHOIS registration intel covering various gTLDs, ccTLDs, and some of the important ngTLDs.

  • Advanced processing and categorization

    Typosquatting Data Feed’s groups of similar domain names are detected and categorized using advanced mathematical techniques.

The Typosquatting Data Feed comes in various forms

The Typosquatting Data Feed comes in various forms

  • Basic

    The Basic Data Feed is a structured list of domain names containing typos. One domain per line.

    Download Basic sample

  • Enriched

    The Enriched database is an add-on to the Basic database and contains WHOIS records for each row.

    Download Enriched sample

  • Community

    Access the free community version for security, law enforcement, and data science professionals.

    Download Community sample

  • Snowflake Community Access

    Access typosquatting domain intelligence with the Snowflake platform.

    Visit Snowflake Profile

Practical usage

Cybersecurity

Cybersecurity

  • Cybersecurity specialists can use the feed to monitor bulk domain name registrations indicative of typosquatting as part of URL phishing, spoofing, domain hijacking, and malware-supported attacks.
  • Get instant access to daily feeds of likely indicators of compromise (IOCs) in the domain space.
  • Inform customers, employees, and other relevant stakeholders about domain names that may be used to execute homograph, URL phishing, and malware-related attacks.
  • Use Typosquatting Data Feed along with different security solutions, including security information and event management (SIEM), security orchestration, automation and response (SOAR), and threat intelligence platforms (TIPs).
  • Correlate feeds with known malware and phishing blacklists and databases to further assess the likelihood and severity of malicious events and amplify detection efficiency.

Law enforcement

  • Identify the early symptoms of domain and company misrepresentations that may affect the public.
  • Investigate ongoing typosquatting and domain-related attacks on different sectors and types of organizations.
Law enforcement
Registrars & Domainers

Registrars & Domainers

  • Spot dangerous domain parking activities interfering with legitimate registrations.
  • Stay away from suspicious domain name groups while building your domain name portfolio.

Brand protection

  • Identify groups of domain names used for brandjacking and that may negatively impact your brand reputation and confuse customers and other audiences.
  • Take action against cybersquatters and fraudsters who aim to benefit from new product and service launches, settlement initiatives, and other high-profile activities.
  • Speed up dispute resolutions regarding your trademarks and intellectual property.
Brand protection
Media & research

Media & research

  • Researchers and media professionals can benefit from the feed to uncover emerging domain registration trends and newsworthy events.
  • Study bulk domain name registration patterns to uncover trends for future research.
  • Cover newsworthy domain activity every day.

Are you an active member of the security community and looking for new suspicious domains? Sign up for the Typosquatting Community Feed available exclusively to security professionals.

Typosquatting Data Feed | WhoisXML API

Are you ready to give the Typosquatting Data Feed a try?

Get access to thousands of typo domains detected daily right when they are registered.

Get started