Typosquat
Catches domains with common typing mistakes like 'gooogle.com' or 'googel.com'
google.com → gogle.com
Keyboard adjacency, character omission, repetition, transposition, insertion
🌐
DomainShield
Domain monitoring & typosquatting detection for EU compliance
Detect lookalike domains, typosquats, and phishing infrastructure before they're used against your brand. Continuous WHOIS, certificate transparency, and DNS monitoring — with audit-ready compliance reports mapped to ISO 27001, NIS2, and DORA.
Start free trial30-day free trial · No charge until you're ready
ISO 27001 A.5.7NIS2 Art.21DORA Art.9
How we detect threats
Six detection algorithms working together to catch impersonation attempts
IDN Homoglyph
Finds domains using lookalike characters from other alphabets that appear identical in your browser
paypal.com → pаypal.com (Cyrillic 'а')
Unicode confusable detection (Cyrillic, Greek, Armenian), multi-char substitution, punycode generation
Combosquat
Detects domains combining your brand with words like 'login', 'secure', or 'verify'
company.com → company-login.com
Brand + 30 phishing keywords (prepend/append permutations)
Bitsquat
Catches domains that differ by a single bit — caused by hardware errors or intentional registration
example.com → dxample.com
Single bit-flip in ASCII character encoding (7-bit permutation)
TLD Variant
Monitors if someone registered your domain name with a different extension
company.com → company.xyz
61 TLDs including ccTLDs, free-registration TLDs (.tk, .ml), and new gTLDs (.shop, .app, .email)
CT Log Monitor
Watches for new SSL certificates issued for domains containing your brand name
acmecorp → detects cert for acmecorp-login.com
crt.sh substring query every 4 hours, checkpoint-based incremental processing
All features included
Daily automated brand & domain scans (up to every 4 hours)
Typosquat detection (keyboard errors, character swaps, additions)
IDN homoglyph detection (Cyrillic, Greek, Armenian lookalikes + punycode)
Combosquat / keyword injection (login, secure, support, verify...)
Bitsquat detection (single bit-flip variations)
TLD variant monitoring (61 top-level domains)
Certificate Transparency log monitoring (new SSL cert alerts)
Threat risk scoring (DNS, SSL, WHOIS, MX enrichment)
Email alerts & daily digest on new threats
Compliance reports & auditor certificate
Takedown request templates
Simple pricing
€15/domain/month
minimum €49/month
e.g. 5 domains = €75/month · 10 domains = €150/month
Start free trialFrequently asked questions
How does domain & brand monitoring help with compliance?
Domain monitoring addresses ISO 27001 control A.5.7 (Threat intelligence) and NIS2 Article 21 (Cybersecurity risk management). By continuously scanning for lookalike domains, you demonstrate proactive threat intelligence gathering — a key audit evidence point.
What types of threats does DomainShield detect?
DomainShield detects typosquats (keyboard errors), homoglyphs (visual lookalikes using Cyrillic/Greek characters), combosquats (keyword injection like login-yourcompany.com), bitsquats (bit-flip variations), TLD variants (same name, different extension), and new SSL certificates via Certificate Transparency logs.
How often does DomainShield scan?
DomainShield runs daily automated scans. With an active paid subscription, scan frequency increases to up to every 4 hours for faster threat detection. You also receive real-time email alerts when new threats are discovered.
What's included in the DomainShield free trial?
The 30-day trial includes full access to domain monitoring, threat detection, and email alerts. Compliance reports, auditor certificates, and takedown templates are available with a paid subscription.
Complete your compliance stack
🔐AccessShield
Entra ID access reviews & P2 alternative