Typosquatting Domain Generator

Generate look-alike and typo domains for phishing/brand protection.

Typosquatting is when an attacker pre-registers a domain that differs from a well-known one by a single character, hijacking visitors who mistype the address. These look-alikes are used for phishing pages, fake login forms, malware delivery and ad redirects. This typo domain generator takes the SLD of your domain (the example in example.com) and instantly expands the typos people commonly make plus the visually confusing variants attackers exploit.

It produces character omission, adjacent transposition, QWERTY-adjacent replacement, character insertion, repeated characters, homoglyphs (o↔0, l↔1, rn→m) and hyphenation, along with TLD swaps such as .com → .net/.org/.co/.io/.cm. Brand-protection owners, security teams and domain administrators can quickly enumerate which look-alikes to monitor or defensively register. Everything runs in your browser and nothing is sent anywhere.

Domaine.g. example.com — enter the host part (without subdomain).

335 candidates (original excluded, deduplicated)

Character omission7

eample.comexamle.comexampe.comexampl.comexaple.comexmple.comxample.com

Adjacent transposition6

eaxmple.comexamlpe.comexampel.comexapmle.comexmaple.comxeample.com

QWERTY adjacent replacement24

dxample.comecample.comedample.comesample.comexajple.comexakple.comexamlle.comexamole.comexampke.comexampld.comexamplr.comexampls.comexamplw.comexampoe.comexamppe.comexanple.comexqmple.comexsmple.comexwmple.comexzmple.comezample.comrxample.comsxample.comwxample.com

Character insertion281

0example.com1example.com2example.com3example.com4example.com5example.com6example.com7example.com8example.com9example.comaexample.combexample.comcexample.comdexample.come0xample.come1xample.come2xample.come3xample.come4xample.come5xample.come6xample.come7xample.come8xample.come9xample.comeaxample.comebxample.comecxample.comedxample.comeexample.comefxample.comegxample.comehxample.comeixample.comejxample.comekxample.comelxample.comemxample.comenxample.comeoxample.comepxample.comeqxample.comerxample.comesxample.cometxample.comeuxample.comevxample.comewxample.comex0ample.comex1ample.comex2ample.comex3ample.comex4ample.comex5ample.comex6ample.comex7ample.comex8ample.comex9ample.comexa0mple.comexa1mple.comexa2mple.comexa3mple.comexa4mple.comexa5mple.comexa6mple.comexa7mple.comexa8mple.comexa9mple.comexaample.comexabmple.comexacmple.comexadmple.comexaemple.comexafmple.comexagmple.comexahmple.comexaimple.comexajmple.comexakmple.comexalmple.comexam0ple.comexam1ple.comexam2ple.comexam3ple.comexam4ple.comexam5ple.comexam6ple.comexam7ple.comexam8ple.comexam9ple.comexamaple.comexambple.comexamcple.comexamdple.comexameple.comexamfple.comexamgple.comexamhple.comexamiple.comexamjple.comexamkple.comexamlple.comexammple.comexamnple.comexamople.comexamp0le.comexamp1le.comexamp2le.comexamp3le.comexamp4le.comexamp5le.comexamp6le.comexamp7le.comexamp8le.comexamp9le.comexampale.comexampble.comexampcle.comexampdle.comexampele.comexampfle.comexampgle.comexamphle.comexampile.comexampjle.comexampkle.comexampl0e.comexampl1e.comexampl2e.comexampl3e.comexampl4e.comexampl5e.comexampl6e.comexampl7e.comexampl8e.comexampl9e.comexamplae.comexamplbe.comexamplce.comexamplde.comexample0.comexample1.comexample2.comexample3.comexample4.comexample5.comexample6.comexample7.comexample8.comexample9.comexamplea.comexampleb.comexamplec.comexampled.comexamplee.comexamplef.comexampleg.comexampleh.comexamplei.comexamplej.comexamplek.comexamplel.comexamplem.comexamplen.comexampleo.comexamplep.comexampleq.comexampler.comexamples.comexamplet.comexampleu.comexamplev.comexamplew.comexamplex.comexampley.comexamplez.comexamplfe.comexamplge.comexamplhe.comexamplie.comexamplje.comexamplke.comexamplle.comexamplme.comexamplne.comexamploe.comexamplpe.comexamplqe.comexamplre.comexamplse.comexamplte.comexamplue.comexamplve.comexamplwe.comexamplxe.comexamplye.comexamplze.comexampmle.comexampnle.comexampole.comexampple.comexampqle.comexamprle.comexampsle.comexamptle.comexampule.comexampvle.comexampwle.comexampxle.comexampyle.comexampzle.comexamqple.comexamrple.comexamsple.comexamtple.comexamuple.comexamvple.comexamwple.comexamxple.comexamyple.comexamzple.comexanmple.comexaomple.comexapmple.comexaqmple.comexarmple.comexasmple.comexatmple.comexaumple.comexavmple.comexawmple.comexaxmple.comexaymple.comexazmple.comexbample.comexcample.comexdample.comexeample.comexfample.comexgample.comexhample.comexiample.comexjample.comexkample.comexlample.comexmample.comexnample.comexoample.comexpample.comexqample.comexrample.comexsample.comextample.comexuample.comexvample.comexwample.comexxample.comexyample.comexzample.comeyxample.comezxample.comfexample.comgexample.comhexample.comiexample.comjexample.comkexample.comlexample.commexample.comnexample.comoexample.compexample.comqexample.comrexample.comsexample.comtexample.comuexample.comvexample.comwexample.comxexample.comyexample.comzexample.com

Homoglyph (look-alike)6

3xample.comex4mple.comexamp1e.comexampie.comexampl3.comexarnple.com

Hyphenation6

e-xample.comex-ample.comexa-mple.comexam-ple.comexamp-le.comexampl-e.com

TLD swap5

example.cmexample.coexample.ioexample.netexample.org

This tool only generates strings — confirm whether each is actually registered or live via WHOIS/DNS lookups separately.

Variant types generated

Each candidate models a real human input error or a visual illusion. The groups are:

Character omission: a dropped letter (exmple.com).
Adjacent transposition: two neighboring letters swapped (examlpe.com).
QWERTY-adjacent replacement: hitting the neighboring key (wxample.com).
Character insertion: an extra letter added (exaample.com).
Repeated character: the same letter typed twice (exxample.com).
Homoglyph: a look-alike substitution (example.com → examp1e.com).
Hyphenation: a hyphen inserted mid-word (exam-ple.com).
TLD swap: the same name on a different top-level domain (example.net, example.io).

Using it for brand protection and phishing monitoring

The list is a starting point for monitoring, defensive registration and takedowns. A typical workflow:

Enter your core brand domain to extract every candidate.
Prioritize high-probability variants (homoglyphs, transpositions, TLD swaps) for defensive registration or monitoring.
Check the rest via WHOIS / Domain Lookup for actual registration and DNS Record Lookup for hosting IP and MX records (mail-phishing risk).
When abuse is found, respond via registrar abuse reports, a UDRP dispute, or Safe Browsing reports.

Limits and caveats

This tool only generates candidate strings. It does not tell you which are actually registered, live, or who owns them. A long SLD can also produce hundreds of candidates, not all of which are real threats — confirm registration, traffic and content to set priorities. Internationalized domain (IDN / punycode) homoglyph attacks span a far wider Unicode range, so high-risk brands should also consider a dedicated IDN monitoring service.

Frequently asked questions

Is the domain I enter sent anywhere?

No. All variant generation happens entirely in your browser; the input is never sent to a server or any third party. It is safe to enter internal domains.

Can it tell me whether a candidate is actually registered?

No. It only produces possible typo strings. You must confirm real registration and whether a site is live through WHOIS lookups and DNS A/MX checks separately.

Which homoglyph variants are included?

Common ASCII-range visual confusions (o↔0, l↔1, i↔1, rn↔m, and similar). Unicode IDN homoglyph attacks (Cyrillic/Greek look-alikes) are far broader and require dedicated IDN monitoring.

Why are there so many candidates?

As the SLD gets longer, insertion and replacement combinations grow rapidly. Not all are threats, so review high-risk groups like homoglyphs and TLD swaps first.

Can I include a subdomain or path?

Use the host part only. A leading https:// and any path (/...) are stripped automatically; the text before the first dot is treated as the SLD and the rest as the TLD.

Related tools

DNS / Domain →

Domain Status Code Decoder

Explain EPP domain status codes like clientTransferProhibited.

DNS Change Impact Checklist

Check risks before changing NS, MX or TXT records.

DNS Record Lookup

Look up A, AAAA, MX, TXT, NS, CNAME and SOA records for a domain.

DNS Propagation Check

Compare a record across multiple public resolvers to check propagation.

Reverse DNS (PTR) Lookup

Look up the hostname (PTR record) for an IP address.

WHOIS / Domain Lookup

Look up a domain's registrar, dates and status via RDAP.