For a typical 8-character .com domain, there are roughly 300 to 500 possible typosquat variants. For major brands the variant tree can exceed 1,000 when you account for keyboard-adjacent typos, missing letters, swapped letters, homoglyph substitutions, mixed-script Unicode lookalikes, hyphenated forms, alternate TLDs, and phonetic permutations.
Rules-based generators handle the obvious cases. The exotic ones are where attackers operate, and they are where rules-based tools fall short. We generate the full variant tree with an LLM that catches what a regex misses, then we verify which variants exist in the daily CZDS zone file. Each hit gets a threat score and an evidence packet ready for enforcement.
What runs in this product
- LLM variant generation per brand with full type coverage
- Daily zone-file verification of which variants are now registered
- AI threat scoring on each registered variant
- Evidence packet assembly including screenshots, WHOIS history, DNS records, and CT log hits
- Routing into enforcement workflows for high-risk variants
The variant tree updates as your brand portfolio updates. Product launches, executive hires, and category expansions trigger new variant generation runs automatically.
Buyer pain we address
- Rules-based generators miss exotic Unicode homoglyphs and creative permutations
- Variant sets are too long for analyst teams to review manually
- Each detected variant lacks the evidence package needed for fast enforcement