What Is Typosquatting?

Common Typosquatting Patterns

• Insertion / deletion — goggle.com, gogle.com.
• Substitution — paypa1.com (1 for l), gooogle.com.
• Adjacent-key swaps — gokgle.com.
• Homoglyph / IDN — Cyrillic а for Latin a, mixing scripts in internationalized domain names.
• Brand + word — google-secure-login.com, microsoft-update.support.
• TLD variation — registering brand.co or brand.app to shadow brand.com.

Why Typosquatting Persists

Domains are cheap. A few hundred dollars buys a portfolio of variations on any major brand. Even a small fraction of click-through traffic is monetisable through ads, affiliate links, or — more often — credential phishing kits that mirror the legitimate site.

How to Detect Typosquats Against Your Brand

• Generation + check — algorithmically produce typo variants and look up each in DNS.
• Passive DNS sweeps — find any registered domain similar to your brand and check whether it has ever resolved.
• Certificate transparency monitoring — newly issued TLS certificates for typo variants are an early warning.
• DNS twin detection tools — dnstwist, urlcrazy, and similar produce candidate lists in seconds.

Defenses

• Defensive registration of high-risk variants.
• Active takedown via UDRP / URS / hosting-provider abuse desks.
• Browser, email, and DNS-layer blocking on flagged variants.
• Brand-protection partnerships that monitor at scale.

Typosquatting in Whisper

Whisper ingests new domain registrations across all major TLDs in near-real-time. Brand-protection teams can register a watchlist for "domains within edit distance N of brand.com" and surface every typosquat as it appears, with full WHOIS, DNS, and hosting context attached.