NEW AI & agent attack-surface fingerprinting is live

Lookalike domain & typosquat checker

Enter your domain. We generate the look-alike spellings an attacker would register for domain spoofing or phishing, check which are live, and flag the ones actually impersonating you, separated from the coincidental and parked ones.

No signup. A check can take a few minutes (up to around four): we generate and test hundreds of lookalike permutations against DNS, certificate transparency, and live page content. It keeps working in the background, so it is normal for it to take a while.

Three tiers, sorted by how much they should worry you

Active impersonation

The candidate serves your exact favicon or clones your page content. These are the ones to act on first: file a takedown, warn your team, and capture the page before it disappears.

Suspicious

A fresh TLS certificate, a recent registration plus mail capability, or a partial page match. Capability or prep signals, not confirmed impersonation. Worth a manual look.

Registered, no threat signals

Live lookalikes with nothing tying them to you. Most are unrelated businesses, parked domains, or your own defensive registrations. We show them so the count is honest, not because each one is a threat.

Lookalike domains, typosquatting & domain spoofing

The terms get used interchangeably. Here is what each one means, and what this free checker actually does.

What is a lookalike domain?

A lookalike domain (also spelled look-alike domain) is one registered to closely resemble a brand's real domain so it reads as legitimate at a glance. Common tricks include a dropped or doubled letter, adjacent-key swaps, homoglyphs (rn for m, 0 for o), and alternate TLDs (.co for .com). They are the raw material for phishing and domain spoofing.

What's the difference between typosquatting and a lookalike domain?

They overlap. Typosquatting is the subset that relies on a typing mistake: a dropped, doubled, or transposed letter (exmaple.com, gooogle.com). Lookalike domains are the broader category and also include homoglyphs, added hyphens or words (secure-yourbank.com), and alternate TLDs. This checker generates and tests both.

What is domain spoofing?

Domain spoofing is passing off a domain you do not control as a brand's legitimate one. It splits two ways: lookalike-domain spoofing, where an attacker registers a confusingly similar domain to host a cloned login or phishing page (what this checker finds), and email spoofing, where mail is forged to appear to come from your real domain (an SPF, DKIM, and DMARC problem). This tool covers the first; the Resensor platform checks both.

Why does the checker show domains that aren't really attacking me?

Many lookalike spellings belong to unrelated, legitimate businesses or are parked. A registered lookalike is not automatically a threat. Resensor separates the ones showing real impersonation signals (a cloned favicon or page content, a freshly issued certificate) from the coincidental or parked registrations.

Is the lookalike domain checker free?

Yes. The lookalike and typosquat checker is free and requires no account. Continuous monitoring, alerting on newly registered lookalikes, and takedown packets are part of the Resensor platform.