About This Tool
What is squatting.website?
squatting.website is a free, open tool that helps you discover domain names that could be used to impersonate your brand, website, or organization. It generates hundreds of domain variations using 15 different cybersquatting techniques and checks whether each one is already registered.
Whether you're a brand manager protecting your company's reputation, a security professional monitoring phishing infrastructure, or a domain investor doing due diligence, this tool gives you instant visibility into the squatting landscape around any domain.
How It Works
Enter Domain
Type any domain name and choose a specific technique or run all 15 at once.
Generate Variations
The engine creates hundreds of lookalike domains using typos, homoglyphs, bit flips, and more.
Check Availability
Each variation is checked against DNS records to see if it's registered. Results update in real time.
15 Detection Techniques
We implement the same techniques used by tools like dnstwist and URLCrazy, plus additional methods:
| Technique | Description |
|---|---|
| Character Omission | Removes one character at a time from the domain name, simulating common typing mistakes where users accidentally skip a ... |
| Character Repetition | Doubles each character in the domain name. Attackers register these to catch users who accidentally press a key twice.... |
| Character Transposition | Swaps adjacent characters, mimicking a very common typo where users reverse the order of two nearby keys.... |
| QWERTY Replacement | Replaces characters with their neighbors on a QWERTY keyboard layout, simulating fat-finger typos.... |
| QWERTZ Replacement | Replaces characters with their neighbors on a QWERTZ keyboard (used in Germany, Austria, Switzerland). Keys like Y and Z... |
| AZERTY Replacement | Replaces characters with their neighbors on an AZERTY keyboard (used in France, Belgium). Many keys are in different pos... |
| Character Addition | Inserts an extra character at every position in the domain. Catches users who accidentally hit an adjacent key.... |
| Hyphenation | Inserts hyphens between characters. Users might add hyphens when guessing a domain they cannot remember exactly.... |
| Bitsquatting | Flips single bits in the ASCII representation of characters. Hardware memory errors can cause browsers to request these ... |
| Homoglyph Substitution | Replaces characters with visually similar ones (e.g., "l" with "1", "o" with "0", or Cyrillic lookalikes). Very hard to ... |
| Subdomain Insertion | Inserts dots to create fake subdomains. Makes it look like the user is on a subdomain of a legitimate site.... |
| TLD Swap | Replaces the top-level domain with common alternatives. Attackers register the same name under different TLDs to interce... |
| Vowel Swap | Replaces each vowel with other vowels. These domains look plausible and can fool users who misremember the exact spellin... |
| Pluralization | Adds or removes trailing "s" to create plural/singular variants. Users often guess wrong on whether a domain is plural.... |
| Combosquatting | Prepends or appends common words like "login", "secure", or "my". Often used in phishing campaigns to create convincing ... |
How DNS Checking Works
DNS checks run entirely in your browser using DNS-over-HTTPS (DoH) via Google's public DNS resolver.
For each generated domain, your browser queries dns.google/resolve directly — no data is sent to our server.
If the DNS response indicates the domain exists (NOERROR), it's marked as Taken.
If it doesn't exist (NXDOMAIN), it's marked as Available.
Risk Scoring
During a full scan, domains are scored based on how many techniques produce them:
- Medium Risk — Found by 2 techniques (e.g., both omission and vowel swap)
- High Risk — Found by 3+ techniques, meaning the domain is very close to the original
High-risk domains that are already registered are the ones most likely to be used for phishing or brand abuse.