Lookalike Domain Monitoring
and Typosquat Detection
Catch lookalike domains before your customers do.
Continuous monitoring across hundreds of typosquat, homoglyph, hyphen, and TLD-swap variants per domain. Multi-signal risk scoring on DNS, SSL, MX, and live HTTP content. Takedown workflows with RDAP-harvested abuse contacts.
Tiers up to 100 domains. See the four-tier breakdown below.
Free on 1 domain. Paid tiers up to 100 domains. No base plan required. Sold separately from Email Security.
Four tiers, sized to your domain footprint
Free for 1 domain, paid tiers for 5 / 20 / 100. Cancel anytime.
Free
Try it on one domain. No credit card.
1 domain
- Monitoring & detection
- Monitor 1 domain
- Lookalike, typosquat & homoglyph detection
- Risk scoring across registrar, DNS, content & visual signals
- Daily scans (every 24 hours)
- Alerts
- 5 visible alerts per domain
- Email alerts
- Response & takedown
- Basic abuse-report tools
- Access
- Access to guides
- Google sign-in
Starter
Hourly scans, more domains, REST API.
5 domains
- Monitoring & detection
- Monitor up to 5 domains
- Lookalike, typosquat & homoglyph detection
- Hourly scans
- Certificate Transparency (CT) log monitoring
- Threat-intelligence feeds
- Risk scoring across registrar, DNS, content & visual signals
- Alerts
- Unlimited alerts
- Email, Slack & webhook alerts
- Response & takedown
- Full abuse-report & phishing takedown tools
- Access
- REST API access
Pro
RecommendedSite screenshots, visual change detection.
20 domains
- Monitoring & detection
- Monitor up to 20 domains
- Lookalike, typosquat & homoglyph detection
- Hourly scans
- CT log monitoring
- Threat-intelligence feeds
- CDN detection
- Domain availability & pricing checks
- Visual evidence
- Site screenshots (headless Chromium)
- Screenshot history (up to 30 per alert)
- Daily visual change detection
- Tracked pages: 5 per domain (login/checkout/account)
- Alerts
- Unlimited alerts
- Email, Slack & webhook alerts
- Response & takedown
- Full abuse-report & phishing takedown tools
- Access & support
- REST API access
- Priority support
Business
Team access, audit log, compliance-ready.
100 domains
- Monitoring & detection
- Monitor up to 100 domains
- Lookalike, typosquat & homoglyph detection
- Hourly scans
- CT log monitoring
- Threat-intelligence feeds
- CDN detection
- Domain availability & pricing checks
- Visual evidence
- Site screenshots (headless Chromium)
- Screenshot history (up to 30 per alert)
- Daily visual change detection
- Tracked pages: 20 per domain
- Alerts
- Unlimited alerts
- Email, Slack & webhook alerts
- Response & takedown
- Full abuse-report & phishing takedown tools
- Access, team & compliance
- REST API access
- Team access (up to 10 members)
- Audit log export
- Compliance-ready: NIS 2, DORA, HIPAA, PCI DSS 4.0
- Priority support
Sold separatelyBrand Protection is sold separately from Email Security. Both products ship a Free tier on 1 domain so you can try either before paying.
From detection to takedown, in one workflow
Find lookalike domains the moment they appear, see what makes each one dangerous, and submit takedowns without leaving the app.
Every variation, automatically
PhishFence checks every way an attacker could twist your domain name: typos, homoglyphs, hyphen insertions, TLD swaps. Hundreds of variants per domain on every scan. The squat that other tools miss is usually the one that hits your customers.
Early Warning via CT logsStarter+
PhishFence taps Certificate Transparency feeds so you see new lookalike registrations within minutes of an attacker requesting a TLS certificate, often before the phishing campaign even goes live.
Signal-based risk scoring
Every lookalike is scored by active signals: DNS resolution, SSL certificates, live web content, MX records (mail capability), and matches against threat-intel feeds (URLhaus, Google Safe Browsing, PhishTank, VirusTotal). You see exactly what each domain is doing and which to triage first.
Visual proof of cloningPro
Screenshots of every lookalike are captured automatically and tracked over time so you can spot when a dormant domain turns into an active phishing site. PhishFence also auto-baselines your high-value pages (login, checkout, account) so a cloned /login scores against the real /login. Pro tracks 5 pages per domain, Business tracks 20.
Takedown reports in minutes
Stop hunting registrar abuse contacts by hand. PhishFence does the RDAP lookup, pre-fills the report, and links directly to the registrar's abuse form. What used to take days takes minutes.
Report to blocklists
One-click submission to Netcraft, plus deep links and pre-filled reports for Google Safe Browsing, Microsoft SmartScreen, PhishTank, and Cloudflare. Track which services you have reported to per alert so nothing gets double-filed or forgotten.
Built for these specific threats
Need DMARC, SPF, DKIM, MTA-STS, and TLS-RPT monitoring too? See Email Security →
Frequently asked
What is brand protection in the context of domain monitoring?
How is PhishFence Brand Protection different from DNSTwist or other free tools?
How many variants do you check per domain?
Does Brand Protection include Email Security?
What can I do when PhishFence finds a real phishing site?
Catch the next phishing campaign before it goes live.
Most domain-monitoring tools flag registrations and stop there. PhishFence scores by active infrastructure, captures evidence, and takes you straight to takedown.
Free on 1 domain. Paid tiers from $49/mo (5 domains) up to $499/mo (100 domains). Sold separately from Email Security. Cancel anytime.