Is someone squatting your domain?
Attackers register lookalike domains — typos, homoglyphs, bitsquats, TLD-swaps and combosquats — to phish your customers, intercept your email, and impersonate your brand. Scan yours free and see which impersonation domains are already live.
Five ways attackers fake your domain
Every scan generates and checks the variations a real adversary would register — then confirms which are live in DNS and which can send email.
Typosquatting
Fat-finger and slip-of-the-keyboard misspellings a customer types by accident.
Homoglyph / IDN
Look-alike Unicode characters — a Cyrillic letter that’s pixel-identical to yours.
Bitsquatting
A single flipped memory bit resolves a near-identical name — no human typo required.
TLD swaps
Your exact name on a different extension — .net, .co, .io, .biz, .support.
Combosquatting
Your brand glued to a trust word — login, secure, billing, support.
Mail-capable flag
We check every live lookalike for MX records — the ones that can actually send phishing email as you get flagged first.
A lookalike domain is an attack waiting to launch
Customer phishing
A near-identical domain makes a fake login or invoice page look completely legitimate — and your customers pay the price.
Business email compromise
A mail-capable lookalike lets an attacker send invoices and wire requests that pass a glance — the costliest fraud category there is.
Brand & trust erosion
Every impersonation that reaches a customer chips away at the trust you spent years building — and you find out last.
Three steps, a few seconds
You enter your domain
One field, no account. A quick human check keeps the bots out.
We generate & verify variants
Argos builds the lookalikes across five algorithms, then checks each against live DNS and mail (MX) records.
You get a graded report
An A–F exposure grade and the exact impersonation domains that are live right now — mail-capable ones first.

A one-time scan is a snapshot. New lookalikes appear daily.
This free tool shows you today. Argos Red — the threat-intelligence platform behind it — watches for the next one, automatically.
- Certificate-transparency monitoring — every new TLS cert for a lookalike, the moment it’s issued.
- Newly-registered-domain feeds — impersonation domains caught the day they’re registered.
- AI triage — Argos scores intent and prioritizes the mail-capable, near-identical threats.
- Human-approved takedown — drafted registrar & host abuse reports, sent on your say-so, fully audited.
Domain squatting is one slice of your attack surface.
This scanner is one free tool from Argos OS — the secure operating system for MSPs and the businesses they protect, built & operated by Intelligent Automation.