What is domain squatting?

Domain squatting is when someone registers a domain using your brand name on a different extension. If you own yourcompany.com, someone else can register yourcompany.store, yourcompany.shop, or yourcompany.co.in and put up a website that looks like yours.

How do I check if someone has registered my brand name?

You need to scan your brand name across all available TLD extensions. There are over 1,700 extensions where someone can register your name. A manual check is not practical. We run automated scans that check all extensions and identify which ones are registered, who owns them, and what they are being used for.

What can I do if someone has registered my domain?

You can file an abuse report with the domain registrar, pursue a UDRP (Uniform Domain-Name Dispute-Resolution Policy) dispute through ICANN, or in India, approach the .IN Domain Dispute Resolution Policy (INDRP) for .in domains. The process depends on whether the domain is being used in bad faith.

How Attackers Register Fake Versions of Your Domain

You own yourcompany.com. Maybe yourcompany.in too. You assume that covers your brand online.

It does not.

There are over 1,700 domain extensions available today. Anyone can register yourcompany.store, yourcompany.shop, yourcompany.xyz, yourcompany.co.in, or any other combination. No verification required. No notification sent to you. Most registrations cost under $5 and take 30 seconds.

We scan brand names across all these extensions as part of our cyber threat intelligence work. Here is what we have found.

What Attackers Do With Squatted Domains

Domain squatting is not just about sitting on a domain and hoping you will buy it back. That happens, but the real risk is active misuse.

Phishing Pages

The most common attack. Someone registers yourbrand.store or yourbrand.shop and puts up a page that looks like your checkout flow, login page, or support portal. They send links to your customers via email or ads. Credentials and payment details go straight to the attacker.

Brand Impersonation

A business in another country registers your exact brand name on their local extension and operates under your name. They are not necessarily malicious. They might be a legitimate business that picked the same name. But your customers cannot tell the difference, and you have no control over what they do or say under your brand.

SEO Hijacking

Squatted domains that host content with your brand name can rank in search results alongside your actual site. If someone searches for your company and finds a .xyz or .co domain with different information, pricing, or offers, you have a trust problem.

Email Spoofing From Lookalike Domains

If someone owns yourbrand.store, they can set up email on that domain and send messages as support@yourbrand.store. Combined with missing DMARC on your primary domain, this becomes extremely effective for phishing your customers and partners.

What We Found in Real Scans

We scan brand names across 1,700+ TLD extensions using our brand protection scanning tool. Here are findings from recent scans (all anonymized).

172 phishing subdomains on a single .store domain. One brand had their name registered on a .store extension. The registrant had set up 172 subdomains, each hosting a different phishing page targeting different regions and languages. SSL certificates were issued within 48 hours of domain registration, making the pages look legitimate in browsers.

Exact brand name operating as a different business. A SaaS company discovered their brand name was registered on a country-code extension by a completely unrelated business in Southeast Asia. That business had been operating under the same name for two years, building backlinks and customer reviews. Sorting out ownership required legal action across jurisdictions.

Typosquatting variants with active mail servers. For one company, we found four domains with common misspellings of their brand name. All four had MX records configured, meaning someone was receiving (or sending) email on those domains. This is a classic setup for intercepting mistyped emails from customers.

SSL certificates issued the same week as registration. Across multiple scans, we see a pattern. A domain gets registered, and within days it has a valid SSL certificate from Let’s Encrypt. The padlock icon in the browser makes users trust the site. Free SSL certificates are a net positive for the internet, but they also mean attackers get trusted-looking phishing pages at zero cost.

How to Check Your Brand Exposure

Manually checking 1,700+ extensions is not practical. You need automated scanning that checks every available TLD for your exact brand name and common typos.

Here is what a scan should cover:

Exact match registration. Is yourbrand registered on .store, .shop, .xyz, .co, .io, .in, .co.in, .net, .org, and hundreds more?
Typosquatting variants. Common misspellings, missing letters, doubled letters, keyboard-adjacent swaps.
Active vs parked. Is the domain actively hosting content or just parked/for sale?
DNS configuration. Does it have MX records (email), A records (website), or CNAME records (pointing somewhere)?
SSL status. Does it have a certificate, and when was it issued?

We run these scans as part of our threat intelligence service. If you want a quick check, our OpenEASD tool gives you a starting point for external attack surface discovery.

What to Do When You Find a Squatted Domain

1. Document Everything

Screenshot the domain, its content, WHOIS records, and any evidence of brand misuse. Do this before the registrant can change anything.

2. File a Registrar Abuse Report

Every domain registrar has an abuse contact. Report the domain with your documentation. Registrars are required to act on trademark-infringing domains. Response time varies, but most act within 5 to 15 business days.

3. File a UDRP Dispute

For generic TLDs (.com, .store, .xyz, .shop), you can file a UDRP dispute through ICANN. You need to prove the domain is identical or confusingly similar to your trademark, the registrant has no legitimate interest, and the domain was registered in bad faith.

For .in domains specifically, India has the INDRP (IN Domain Dispute Resolution Policy) through NIXI. The process is similar but handled domestically.

4. Consider Defensive Registration

For high-risk extensions (.in, .co.in, .co, .io, .store), it may be cheaper to register them yourself than to fight disputes later. A few hundred rupees per year per domain is cheap insurance.

Why Ongoing Monitoring Matters

Finding squatted domains once is not enough. New domains get registered every day. Someone can register your brand name on a new extension tomorrow, and you will not be notified. The only way to catch this is continuous monitoring.

This is the same principle behind dark web monitoring. You cannot protect against threats you do not know about. Regular scans, at least monthly, catch new registrations before they become active phishing campaigns.

The Email Connection

Domain squatting and email spoofing are two sides of the same problem. An attacker with a lookalike domain can send emails that look almost identical to yours. If your primary domain also lacks DMARC protection, attackers do not even need a lookalike domain. They can send email directly as your domain.

Both protections need to be in place. Check your DMARC status and scan your brand across TLD extensions. These are the two fastest wins for protecting your brand online.

Start With a Scan

If you have never checked what exists under your brand name across domain extensions, start there. You might find nothing. You might find something that needs immediate action. Either way, you will know.

We run brand protection scans as part of our Security on Demand engagement. Four hours, founder-led. We will scan your brand, review the findings with you, and give you a prioritized action plan.