Catch lookalike domains before they run phishing campaigns against your customers.
AIDE scans for typosquat and lookalike domains continuously — checking registration, web presence, phishing feed hits and mail readiness to build a Brand Health Score that reflects real risk.
What this solution delivers
Typosquat and homograph variant detection
Phishing feed cross-reference every hour
Brand Health Score with per-finding penalties
Where brand protection breaks down
Lookalike domains go from registration to active phishing in hours. Without continuous monitoring, you find out when customers report it.
Phishing campaigns launch fast
Attackers register your brand's lookalike, stand up a credential-harvest page, and start sending before your team notices.
Mail spoofing from abuse-ready domains
Registered lookalikes with active MX servers can send spoofed emails that look identical to your domain.
No visibility without continuous scanning
New lookalike registrations appear and escalate to active campaigns within hours — undetected without hourly checks.
How AIDE detects brand threats
The full lookalike detection pipeline runs continuously: generate candidates, check registration, scan web and mail, classify intent, score.
01
Generate lookalike candidates
AIDE generates hundreds of typosquat and homograph variants of your domain name automatically for each monitoring run.
02
Check registration and presence
NS/SOA queries gate downstream checks. HTTP fetch and MX/DMARC analysis reveal which registered candidates are active.
03
Classify intent and score risk
HTML intent is classified into 4 profiles, phishing feed cross-reference fires hourly, and the Brand Health Score updates accordingly.
What brand monitoring includes
Six detection layers cover every threat path from parked domain to active phishing campaign.
Active web presence detection
HTTP/HTTPS fetch follows up to 5 redirects and captures 30 KB of HTML. Active domains score medium; active with MX score up to −50 pts.
HTML intent classification
Four profiles — credential-harvest, login clone, payment page, parked/for-sale — fire at ≥60% confidence with ≥2 signals.
Phishing intelligence feed
OpenPhish, URLhaus and PhishTank are checked hourly via Redis cache. A feed hit generates a critical finding with a +20 pt penalty.
Mail server readiness analysis
MX, SPF and DMARC records are checked together. An active MX without DMARC means the domain is abuse-ready.
Why this solution works
Brand protection improves when lookalike detection, phishing intelligence and mail readiness are monitored together in one continuous score.
Protect your brand before the first phishing email lands.
Start monitoring lookalike and typosquat domains with AIDE. No setup fees, no minimum contract.