Detect lookalike domains before they damage your brand.
AIDE scans for typosquat and lookalike domains impersonating your business — tracking registration, web presence, phishing feed hits and mail readiness in one continuous Brand Health Score.
Why it matters
Brand impersonation happens fast and scales silently.
Lookalike domains go from registration to active phishing campaigns in hours. Without continuous monitoring, you find out when customers report it.
Credential theft via lookalike domains
Phishing campaigns using typosquat domains steal customer credentials before you know the domain exists.
Mail spoofing from abuse-ready infrastructure
Registered lookalikes with active MX servers can send spoofed emails that look identical to your domain.
No visibility without continuous scanning
New lookalike registrations appear and escalate to active campaigns within hours — undetected without hourly checks.
How it works
From candidate generation to scored findings.
AIDE runs the full lookalike detection pipeline continuously: generate → register check → web and mail scan → classify intent → score.
01
Candidate generation
AIDE generates hundreds of typosquat and homograph variants of your domain name automatically for each monitoring run.
02
Registration status check
NS/SOA queries gate all downstream checks. Unregistered variants are tracked but not scored against your Brand Health Score.
03
Web and mail presence scan
HTTP fetch (up to 5 redirects, 30 KB HTML capture) and MX/DMARC analysis reveal which registered candidates are active and how dangerous.
04
Intent classification and risk scoring
HTML intent is classified into 4 profiles (≥60% confidence, ≥2 signals), phishing feed cross-reference fires hourly, and certificate age feeds the final score.
Check dimensions
Six layers of brand threat detection.
Every registered lookalike candidate goes through a full detection pipeline covering web presence, intent, phishing feeds and mail readiness.
Active web presence detection
HTTP/HTTPS fetch follows up to 5 redirects and captures 30 KB of HTML. Active domains score medium; active with MX score up to −50 pts.
HTML intent classification
Four profiles: credential-harvest form, login clone, payment page, parked/for-sale. Fires at ≥60% confidence with ≥2 signals. Severity: high to critical.
Phishing intelligence feed
OpenPhish, URLhaus and PhishTank are checked hourly via Redis cache. A feed hit generates a critical finding with a +20 pt penalty.
Mail server readiness analysis
MX, SPF and DMARC records are checked together. An active MX without DMARC means the domain is abuse-ready. Severity: high.
Brand health score
Every threat tier carries a proportional penalty.
Your Brand Health Score starts at 100 and subtracts penalties for each active finding based on severity. Resolved findings restore the score.
Parked domain
−3 pts / finding
max −15 pts
Active web presence
−10 pts / finding
max −30 pts
Active + MX server
−25 pts / finding
max −50 pts
Phishing feed hit
−40 pts / finding
max −80 pts
Who uses brand monitoring
Protection at every scale.
From agency retainers to enterprise brand portfolios, AIDE adapts the monitoring depth to match the risk exposure.
Web agencies
Include lookalike monitoring in client retainers. Alert clients when a phishing campaign targets their brand — before customers report it.
Managed service providers
Protect multiple brands across a managed portfolio. Centralised findings, per-client Brand Health Scores, and alert routing to the right owner.
Enterprise brand teams
Continuous brand protection across every domain namespace for companies with high phishing exposure and trademark portfolios.
Protect your brand before the first phishing email lands.
Start monitoring lookalike and typosquat domains with AIDE. No setup fees, no minimum contract.