How often is the lookalike domain check run?

Brand monitoring runs continuously on a configurable schedule — daily by default, hourly for brands you mark as high-risk. New domain registrations matching your patterns are flagged within 24 hours of registration. Existing matches are re-checked for new infrastructure changes (live website appearing, MX records configured, SSL issued) on every cycle.

Brand Monitoring

Catch the phishing domain before your customers do

Continuous monitoring of lookalike domains, typosquats, and homograph attacks targeting your brand. See active phishing infrastructure as it stands up, with the evidence package registrars need to take it down.

What it monitors

Three layers of brand-impersonation visibility

Lookalike domain discovery, infrastructure enrichment, and takedown-ready evidence — covered in one continuous scan.

Lookalike Discovery

Typosquats, homograph attacks, TLD swaps, prefix/suffix variations. Generated against every brand domain you register, checked across 1,500+ TLDs.

Domain candidates

Live

fortvvatch.ai

fortwatch-login.com

fоrtwatch.ai (Cyrillic о)

Infrastructure Enrichment

For each candidate: live website check, screenshots, MX records, SSL certificate details, ASN, hosting provider. Active phishing infrastructure surfaces first.

Active threats

2 live

Live phishing infra detected

SSL issued, MX configured

Parked domain — monitor

Allowlisted partner — ok

Takedown Evidence

WHOIS, IP & ASN, screenshots, SSL details, DNS history, similarity scoring — packaged for the registrar abuse contact or your takedown service.

Evidence package

Ready

WHOIS + ASN

Registrar: Namecheap

Screenshots × 4

SSL + DNS history

Issued 3 days ago

How it works

Three steps to brand-impersonation visibility

Step 1

Register

Add your brand domains and product names. FortWatch generates the typosquat and homograph permutation set automatically across all delegated TLDs.

Step 2

Watch

New domain registrations and existing DNS are monitored for matches. Each candidate is enriched with screenshots, WHOIS, MX, SSL, and ASN.

Step 3

Take down

Live phishing infrastructure surfaces with a complete evidence package — forward it straight to the registrar abuse contact or your takedown service.

FAQ

Common questions about brand monitoring

FortWatch monitors for typosquats (one-character variations of your domain), homograph attacks (Cyrillic / Greek lookalikes that render identically in some fonts), TLD permutations (.com vs .co vs .io), and prefix/suffix permutations (login-yourbrand.com, yourbrand-secure.com). Each candidate is checked for live web content, MX records, and SSL certificates so you see active infrastructure first.

Brand monitoring runs continuously on a configurable schedule — daily by default, hourly for brands you mark as high-risk. New domain registrations matching your patterns are flagged within 24 hours. Existing matches are re-checked for new infrastructure changes (live website, MX records, SSL issued) on every cycle.

FortWatch produces a takedown-ready evidence package for each phishing finding: WHOIS data, IP and ASN, screenshots, SSL certificate details, DNS history, and similarity scoring. You forward this to your registrar abuse contact, hosting provider, or a takedown service. We don't file takedowns directly — but the evidence package is what registrars need.

We cover all currently delegated TLDs (over 1,500 including the recent ICANN expansion) and full IDN / Punycode normalization for international domains. Cyrillic, Greek, and Latin Extended homograph candidates are checked against your registered brand domains automatically.

Findings are scored by similarity, infrastructure activity, and intent signals (login forms, brand assets on the page, DNS history of phishing). Low-confidence candidates are bucketed separately so the 'critical' queue stays small. You can also allowlist legitimate partner domains (resellers, distributors, regional sites) once and they stop showing up.

1,500+ TLDs

Every delegated TLD covered, including the ICANN gTLD expansion.

Live capture

Active phishing infrastructure detected as it stands up — not days later.

Takedown ready

Evidence package complete on first detection — forward, don't investigate.

Ready to secure your stack?

Secure your entire stack today

Start scanning in under 5 minutes. No credit card required. 14-day free trial included.

Start free trial