Domain Typosquatting & Phishing Detector (dnstwist)
Pricing
$30.00 / 1,000 registered domain founds
Domain Typosquatting & Phishing Detector (dnstwist)
Find registered look-alike domains (typosquatting, homoglyphs, TLD swaps) impersonating your brand — powered by the open-source dnstwist engine. Public DNS data only. For brand protection and authorized security research.
Pricing
$30.00 / 1,000 registered domain founds
Rating
0.0
(0)
Developer
daehwan kim
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
1
Monthly active users
5 days ago
Last modified
Categories
Share
Find registered look-alike domains that impersonate your brand — typosquatting, homoglyph (IDN) spoofs, TLD swaps, bitsquatting, and more — powered by dnstwist (Apache-2.0), the industry-standard domain permutation engine. The Actor generates thousands of permutations of your domain and resolves which ones are actually registered, so you see the real phishing and brand-impersonation threats instead of a noisy wordlist.
Built for brand-protection teams, security analysts, fraud investigators, and SOC/CTI teams who need to monitor domain abuse with zero setup. Public DNS data only — this Actor never logs into or scrapes the content of any target domain.
Legal Disclaimer: This Actor is an unofficial integration of dnstwist (elceef/dnstwist) and is not affiliated with or endorsed by the original project. It uses publicly available DNS data for defensive brand-protection and authorized security research. Comply with all applicable laws in your jurisdiction.
What does this Actor do?
Give it a domain (e.g. yourbrand.com) and it will:
- Generate thousands of permutations — typos, character swaps, missing/added letters, homoglyphs (e.g.
yourbrаnd.comwith a Cyrillic "а"), hyphenation, TLD substitutions (.com→.net,.co, ...), and bitsquatting. - Resolve each permutation's live DNS records (A, AAAA, MX, NS).
- Return the ones that are actually registered — the genuine impersonation risk — including whether they have a mail server (MX), which signals possible phishing-email capability.
Running on Apify gives you scheduling, a REST API, dataset exports (JSON/CSV/Excel), and monitoring — so you can watch for newly registered look-alikes on a recurring schedule.
Why use this Actor?
- Brand protection — discover domains squatting on your brand before customers get phished.
- Anti-phishing —
hasMailServerflags look-alikes configured to send email (the dangerous ones). - M&A / due diligence — map the domain footprint and impersonation exposure of any company.
- Continuous monitoring — schedule weekly scans to catch newly registered copycats.
How to use it
- Enter your domain (just the domain, e.g.
example.com— nohttp://, no path). - Leave Registered domains only on to see just the real threats (recommended).
- Run it. Each registered look-alike becomes one row in the dataset.
- Export to CSV/JSON/Excel or pull via the API. Schedule it for ongoing monitoring.
Input
| Field | Type | Description |
|---|---|---|
domain | string | The domain to protect, e.g. example.com. Required. |
registeredOnly | boolean | Only return permutations that actually resolve (default true). |
maxResults | integer | Cap on look-alikes returned/charged (default 200, max 500). |
timeout | integer | Max scan time in seconds (default 300). |
Output
Each registered look-alike domain is one dataset record. You can download the dataset in JSON, HTML, CSV, or Excel.
{"inputDomain": "example.com","variantDomain": "example.com","fuzzer": "omission","registered": true,"hasMailServer": true,"dnsA": ["203.0.113.10"],"dnsMX": ["mail.example.com"],"dnsNS": ["ns1.somehost.com"],"scannedAt": "2026-06-29T00:00:00+00:00"}
Data fields
| Field | Description |
|---|---|
variantDomain | The look-alike domain found |
fuzzer | Permutation technique (omission, homoglyph, tld-swap, addition, ...) |
registered | Whether the domain resolves (has DNS records) |
hasMailServer | Whether it has an MX record (can send/receive email → phishing risk) |
dnsA / dnsAAAA | IPv4 / IPv6 addresses |
dnsMX / dnsNS | Mail servers / nameservers |
Pricing / Cost estimation
This Actor is pay-per-result: you are charged $0.03 per registered look-alike domain discovered. A typical brand has a handful to a few dozen registered look-alikes, so most scans cost a few cents to under a dollar. Invalid input and "no look-alikes found" runs are free. New Apify users get free monthly credits to start.
Tips & advanced options
- Keep
registeredOnly: truefor signal over noise — unregistered permutations are not an active threat. - Watch the
hasMailServerflag: a look-alike with MX records is set up to send email and is a high-priority phishing risk. - Schedule a weekly run and diff the results to catch newly registered copycats early.
FAQ, disclaimers & support
Is this legal? Yes — it only generates name permutations and queries public DNS, the same data any DNS resolver returns. It does not access private data or the target domains' content. Use it for defensive brand protection and authorized research.
Known limitations: DNS results depend on resolver propagation; very large brands may exceed the result cap (raise maxResults). Homoglyph detection follows dnstwist's database.
- Found a bug or need a custom OSINT/brand-protection solution? Open an issue in the Issues tab.
🔗 Related Actors by ntriqpro
Build your full OSINT & brand-protection stack:
- maigret-actor — Username OSINT across 3000+ sites
- email-osint-search — Find which 120+ sites an email is registered on
- theharvester-osint — Subdomains, hosts & emails for a domain
- whois-domain-lookup — WHOIS registration intelligence
⭐ Love it? Leave a Review
Your rating helps other defenders discover this Actor. Rate it here.