Typosquatting Data Feed | WhoisXML API
Products APIs Data feeds Web tools Domain Research & Monitoring Enterprise packages Cyber Threat Intelligence Services
WHOIS / WHOIS History
WHOIS / WHOIS History

Provide current and historical ownership information on domains / IPs. Identify all connections between domains, registrants, registrars, and DNS servers.

DNS / DNS History
DNS / DNS History

Look into all current and historical DNS / IP connections between domains and A, MX, NS, and other records. Monitor suspicious changes to DNS records.

IP Geolocation / IP Netblocks
IP Geolocation / IP Netblocks

Get detailed context on an IP address, including its user’s geolocation, time zone, connected domains, connection type, IP range, ASN, and other network ownership details.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Access our web-based solution to dig into and monitor all domain events of interest.

Domain Research Suite (DRS)
Domain Research Suite (DRS)

Get access to a web-based enterprise-grade solution to search and monitor domain registrations and ownership details for branded terms, fuzzy matches, registrants of interest, and more.

Research
Monitoring
White-Label
Enterprise API Packages
Enterprise API Packages

Our complete set of domain, IP, and DNS intelligence available via API calls as an annual subscription with predictable pricing.

Security Intelligence (SI) Suite
Security Intelligence (SI) Suite

Offers complete access to WHOIS, IP, DNS, and subdomain data for product enrichment, threat hunting and more.

Premium API Services
Premium API Services

Enjoy priority data access with our premium API services topped with extra perks including dedicated team support, enterprise-grade infrastructure, and SLAs for full scalability and high performance.

Threat Intelligence Analysis
Threat Intelligence Analysis

Carry a complete threat intelligence analysis for a given domain or IP address and get access to a report covering 120+ parameters including IP resolutions, website analysis, SSL vulnerabilities, malware detection, domain ownership, mail servers, name servers, and more.

Threat Intelligence APIs
Threat Intelligence APIs

Gather threat intelligence via API calls covering Domain’s Infrastructure analysis, SSL Certificates Chain, SSL Configuration Analysis, Domain Malware Check, Connected Domains, and Domain Reputation Scoring.

Threat Intelligence Data Feeds
Threat Intelligence Data Feeds

Bolster enterprise security with our feeds covering Typosquatting domains, Disposable domains, Phishing URLs, Domain & IP reputation, Malicious URLs, Botnet C&C, and DDoS URLs.

Custom development

We offer comprehensive services for the integration of our data – from consultations to the precise definition of the basic needs of the business to increase the work efficiency.

Support services

Regardless of whether you are a startup, a small business or a global one, our team is always ready to help you. Enterprises operating on a scale can also choose special premium support management with high priority 24/7 email and telephone responses and other professional services.

×
Contact Us
Specifications Pricing Blog

Detect typosquatting and phishing domains as part of suspicious bulk registrations

Typosquatting Data Feed enables users to keep tabs on all suspiciously similar domain names possibly used in typosquating/phishing campaigns and registered on a given day, week, or month. The Enriched database version also lets you access the groups of detected domains with their corresponding WHOIS data.

Order database Download CSV sample
Easily detect all typosquatting domain names as soon as they are registered each day

Benefits

  • Comprehensive in nature

    Stay on top of all domains with telltale signs of typosquatting, phishing, and other forms of suspicious bulk registrations. Our feed gives a thorough daily, weekly, or monthly overview of all suspicious domain variants among all newly registered domains in our database.

  • Investigate without an initial clue

    No user input or initial clue is required to return groups of new domain name registrations that may be involved in typosquatting attacks and other brand misrepresentations.

  • Meaningful analysis

    With Typosquatting Data Feed, users can focus their attention directly on the most likely instances of domain typosquatting without having to spend time or effort screening all WHOIS registration data.

  • Early detection near-real time

    Groups of possible typosquatted domains are identified on the very day they become technically operational in the Domain Name System.

  • Convenient and easy

    Typosquatting Data Feed’s files are available in .csv format and categorized in sequential groups of similar-looking domain names with data fields that are easy to navigate and interpret.

  • Backed by incredible expertise

    Typosquatting Data Feed builds on 10+ years of expertise and WHOIS registration intel covering various gTLDs, ccTLDs, and some of the important ngTLDs.

  • Advanced processing and categorization

    Typosquatting Data Feed’s groups of similar domain names are detected and categorized using advanced mathematical techniques.

The Typosquatting Data Feed comes in two forms

The Typosquatting Data Feed comes in two forms

  • Basic

    The Basic Data Feed is a structured list of domain names containing typos. One domain per line.

    Download Basic sample

  • Enriched

    The Enriched database is an add-on to the Basic database and contains WHOIS records for each row.

    Download Enriched sample

Practical usage

Cybersecurity

Cybersecurity

  • Cybersecurity specialists can use the feed to monitor bulk domain name registrations indicative of typosquatting as part of URL phishing, spoofing, domain hijacking, and malware-supported attacks.
  • Get instant access to daily feeds of likely indicators of compromise (IOCs) in the domain space.
  • Inform customers, employees, and other relevant stakeholders about domain names that may be used to execute homograph, URL phishing, and malware-related attacks.
  • Use Typosquatting Data Feed along with different security solutions, including security information and event management (SIEM), security orchestration, automation and response (SOAR), and threat intelligence platforms (TIPs).
  • Correlate feeds with known malware and phishing blacklists and databases to further assess the likelihood and severity of malicious events and amplify detection efficiency.

Law enforcement

  • Identify the early symptoms of domain and company misrepresentations that may affect the public.
  • Investigate ongoing typosquatting and domain-related attacks on different sectors and types of organizations.
Law enforcement
Registrars & Domainers

Registrars & Domainers

  • Spot dangerous domain parking activities interfering with legitimate registrations.
  • Stay away from suspicious domain name groups while building your domain name portfolio.

Brand protection

  • Identify groups of domain names used for brandjacking and that may negatively impact your brand reputation and confuse customers and other audiences.
  • Take action against cybersquatters and fraudsters who aim to benefit from new product and service launches, settlement initiatives, and other high-profile activities.
  • Speed up dispute resolutions regarding your trademarks and intellectual property.
Brand protection
Media & research

Media & research

  • Researchers and media professionals can benefit from the feed to uncover emerging domain registration trends and newsworthy events.
  • Study bulk domain name registration patterns to uncover trends for future research.
  • Cover newsworthy domain activity every day.

Are you an active member of the security community and looking for new suspicious domains? Sign up for the Typosquatting Community Feed available exclusively to security professionals.

Typosquatting Data Feed | WhoisXML API

Are you ready to give the Typosquatting Data Feed a try?

Get access to thousands of typo domains detected daily right when they are registered.

Get started