I generated a report for my website and it showed up the domain itself (the true correct one I own and verified) 3 times as a medium risk. It should not be reporting the domain itself as typosquatting and it should be avoiding duplicates.
The onboarding itself could be smoother if I had less options when I sign up. I just want to check the tool by adding a domain (it could default to my email domain) and generating a report (a report should autogenerate when I add a domain, or at least have a button to quickly do that instead of needing to change tab).
When adding a domain, I shouldn't need to verify it if I signed up with an email @thatdomain already.
It was not obvious to me whether the page would refresh automatically or I would receive an email (I did) when the scan would finish. It would be great if the page told me that and also how long will the scan take on average.
This is all honest feedback that I hope helps you. Good luck!
It’s not your domain—it’s a "Homograph" Take a very close look at the characters in those "Medium" risk rows. While they look identical to your domain, they are actually using Internationalized Domain Names (IDN).
The tool isn't reporting your own domain; it's reporting spoofed versions that use Greek or Cyrillic characters (like a "c" that is actually a Greek "с").
alℭazarseℭ[.]com alcazarseℭ[.]com alℭazarsec[.]com
Why it matters: Phishers use these because they are visually indistinguishable from your real site in a browser address bar. The fact that you thought they were your own site proves exactly why you need to monitor them!
Improving the Onboarding You’re 100% right on the friction points. We’re taking your notes to heart:
Auto-Generation: We agree. Adding a domain should trigger an immediate scan without navigating away.
Smart Defaults: Defaulting to the email domain for the first scan is a great "quick start" idea.
Trust-based Verification: If you’ve verified your email @company.com, we should absolutely fast-track the verification for company.com.
Status Transparency: We’ll add a "Time to Completion" estimate and a clearer "We will email you" notification so you aren't left staring at a static page.
Thank you for the honest feedback—it’s exactly what we need to make this more than just a security tool, but a great user experience.
robinbaertschi•2h ago
I’m the creator of TypoGuard. I built this specialized engine to help protect brands against typosquatting and phishing domains before they are used in active attacks.
The Core Logic: Unlike basic permutation tools, TypoGuard uses a multi-factor risk scoring system (High Risk >= 8 points). The scoring is based on:
Domain Metadata: Real-time WHOIS age (domains ≤ 30 days are flagged), MX record presence, and SSL status.
Advanced Permutations: Beyond character swaps, the engine handles Phonetic & Vowel swaps, Dictionary Affixing, and TLD variants.
Homoglyph Detection: Identifying Unicode lookalikes (IDN).
Wildcard DNS Shield: To avoid noise, I implemented logic to detect and filter out parking pages that resolve every random subdomain.
Infrastructure & Automation: The system is designed for passive monitoring rather than just manual lookups:
Backend: Built with FastAPI and PostgreSQL.
Asynchronous Processing: I use Celery with Redis to handle the heavy lifting of scanning thousands of domain permutations.
Automated Reporting: A Celery Beat scheduler manages periodic scans and generates automated email reports. You don't need to manually check the dashboard; the system alerts you only when a high-risk threat is detected.
Deployment: The entire stack is containerized with Docker Compose, running behind an Nginx reverse proxy.
Why not open-source? The project is currently a closed SaaS as I’m focusing on the Phase 3 roadmap, which includes a Public REST API and enterprise SIEM integrations (Splunk/Sentinel). However, I’m very open to discussing the underlying algorithms, the risk scoring weights, or the infrastructure challenges.
I'd love to get your feedback on the scanning logic or the reporting workflow!
Thanks!