Why Automate TLD Monitoring
Monitoring domain registration across 1,500+ TLDs manually is impossible. Automation enables you to:
- Detect cybersquatting attempts instantly
- Protect brand from typosquatting
- Monitor competitor activity
- Track market trends
Automated monitoring catches threats before they cause damage.
Setting Up Automated Monitoring
Option 1: Domain Monitoring Services
Services like:
- DNSlytics
- Domaintools WhoisGuard
- Brand.com
- DomainGuardian
These services:
- Monitor all TLDs automatically
- Alert on suspicious registrations
- Provide Whois data and analysis
- Track registration patterns
Option 2: API-Based Monitoring
Using WHOIS APIs:
#!/bin/bash
# Monitor variations of brand across TLDs
BRAND="mybrand"
TLDS=("com" "net" "org" "io" "app" "cloud" "dev")
for TLD in "${TLDS[@]}"; do
DOMAIN="$BRAND.$TLD"
# Check registration status via API
curl "https://api.whoisapi.com/check?domain=$DOMAIN" \
-H "Authorization: Bearer YOUR_API_KEY" \
| grep -q '"available":false' && \
echo "$DOMAIN is registered" || \
echo "$DOMAIN is available"
done
Option 3: WHOIS Monitoring
#!/bin/bash
# Monitor for registrant changes (potential sale or hijacking)
DOMAIN="mybrand.com"
PREVIOUS_WHOIS_FILE="previous_whois.txt"
# Get current WHOIS
whois $DOMAIN > current_whois.txt
# Compare with previous
if ! diff -q $PREVIOUS_WHOIS_FILE current_whois.txt > /dev/null; then
echo "Domain registrant/information changed!" | mail -s "Domain Change Alert" [email protected]
cp current_whois.txt $PREVIOUS_WHOIS_FILE
fi
Detection Rules and Alerts
Rule 1: Typosquatting Detection
Monitor common typos of your brand:
- Missing characters: mybrand → mybrand (remove one letter at a time)
- Swapped characters: mybrand → mybrand (swap adjacent letters)
- Similar characters: mybraud (i/u confusion), mybrajd (n/d confusion)
#!/bin/bash
# Generate typosquats
BRAND="mybrand"
# One character substitutions
for i in {0..${#BRAND}-1}; do
for char in {a..z}; do
TYPO="${BRAND:0:$i}${char}${BRAND:$((i+1))}"
[ "$TYPO" != "$BRAND" ] && echo "$TYPO"
done
done
Rule 2: Lookalike TLDs
Monitor similar-looking TLDs:
- .cm (Cameroon) vs .com
- .rn (Reunion) vs .m
- .co (Colombia) vs .com
BRAND="mycompany"
LOOKALIKES=("com" "co" "cm" "con" "con" "edu" "org" "net")
for TLD in "${LOOKALIKES[@]}"; do
echo "Checking $BRAND.$TLD"
whois "$BRAND.$TLD" | grep -q "No matching query" || \
echo "ALERT: $BRAND.$TLD is registered!"
done
Rule 3: New TLD Registration Alert
Alert on registration of your brand in new TLDs:
#!/bin/bash
# Alert if brand registered in new TLDs
BRAND="apple"
NEW_TLDS=(
"app" # Popular for software
"cloud" # Cloud services
"store" # E-commerce
"tech" # Technology
)
for TLD in "${NEW_TLDS[@]}"; do
if whois "$BRAND.$TLD" | grep -q "Registrant Organization:"; then
echo "Alert: $BRAND.$TLD is registered" | \
mail -s "Brand Registration Alert" [email protected]
fi
done
Using Domain Monitoring APIs
WHOIS API Example:
import requests
import json
from datetime import datetime
API_KEY = "your_api_key"
BRAND = "mycompany"
TLDS = ["com", "net", "org", "io", "app"]
results = []
for tld in TLDS:
domain = f"{BRAND}.{tld}"
response = requests.get(
f"https://api.whoisapi.com/v1/status/{domain}",
headers={"Authorization": f"Bearer {API_KEY}"}
)
data = response.json()
results.append({
"domain": domain,
"registered": data.get("available") == False,
"checked_at": datetime.now().isoformat()
})
# Save results
with open("domain_status.json", "w") as f:
json.dump(results, f, indent=2)
# Alert on registrations
registrations = [r for r in results if r["registered"]]
if registrations:
for reg in registrations:
print(f"ALERT: {reg['domain']} is registered!")
Scheduling Automated Checks
Using Cron (Linux/Mac):
# Run monitoring script daily at 9 AM
0 9 * * * /usr/local/bin/monitor-domains.sh >> /var/log/domain-monitor.log 2>&1
# Run WHOIS comparison weekly
0 2 * * 0 /usr/local/bin/check-whois-changes.sh
Using Windows Task Scheduler:
# Create scheduled task for PowerShell script
$action = New-ScheduledTaskAction -Execute "powershell.exe" `
-Argument "-File C:\scripts\Monitor-Domains.ps1"
$trigger = New-ScheduledTaskTrigger -Daily -At 9am
Register-ScheduledTask -Action $action -Trigger $trigger `
-TaskName "DomainMonitoring" -Description "Monitor brand domains"
Integration with Notification Systems
Email Alerts:
#!/bin/bash
# Send alert on suspicious registration
DOMAIN="suspicious-domain.com"
TO="[email protected]"
if whois $DOMAIN | grep -q "Registrant"; then
cat << EOF | mail -s "Brand Alert: $DOMAIN Registered" $TO
Alert: Suspicious domain registered
Domain: $DOMAIN
Registered: $(date)
Registrant: $(whois $DOMAIN | grep "Registrant Organization:")
Action Required:
1. Review registration details
2. Check WHOIS registrant information
3. Consider UDRP action if cybersquatting
EOF
fi
Slack Notifications:
import requests
import json
def notify_slack(message):
webhook_url = "https://hooks.slack.com/services/YOUR/WEBHOOK/URL"
payload = {
"text": message,
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": message
}
}
]
}
requests.post(webhook_url, json=payload)
# Usage
notify_slack("Alert: mycompany.app was registered by unknown registrant")
Advanced Monitoring: Competitor Tracking
Monitor Competitor Registrations:
#!/bin/bash
# Track competitor domain activities
COMPETITORS=("competitor1" "competitor2" "competitor3")
TLDS=("com" "net" "org" "io" "app")
for competitor in "${COMPETITORS[@]}"; do
for tld in "${TLDS[@]}"; do
domain="$competitor.$tld"
# Get WHOIS and extract key data
whois "$domain" > "/tmp/whois_$domain.txt"
# Check for recent registration (within 7 days)
registration_date=$(whois "$domain" | grep "Creation Date" | cut -d' ' -f3)
current_date=$(date +%s)
reg_date_unix=$(date -d "$registration_date" +%s)
days_old=$(( ($current_date - $reg_date_unix) / 86400 ))
[ $days_old -lt 7 ] && \
echo "COMPETITOR_ACTIVITY: $competitor registered $domain $days_old days ago"
done
done
Database-Based Monitoring
Store Results for Analysis:
CREATE TABLE domain_monitoring (
id INT PRIMARY KEY AUTO_INCREMENT,
domain VARCHAR(255),
tld VARCHAR(10),
is_registered BOOLEAN,
registrant VARCHAR(255),
last_checked TIMESTAMP,
alert_sent BOOLEAN DEFAULT FALSE,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Query for recently registered suspicious domains
SELECT * FROM domain_monitoring
WHERE is_registered = TRUE
AND alert_sent = FALSE
AND last_checked >= DATE_SUB(NOW(), INTERVAL 24 HOUR);
TLD Enumerator for Bulk Checking
The TLD Enumerator tool can help:
- Generate variations of your brand (typosquats, common typos)
- Check availability across multiple TLDs
- Export results for further analysis
- Identify high-risk registrations
Use the tool to:
- Get baseline of your brand across TLDs
- Identify unclaimed important TLDs
- Spot unusual registrations
Best Practices
- Monitor your brand and variations - Include typos, abbreviations
- Check all major TLDs - Prioritize .com, then new/trendy TLDs
- Set appropriate frequency - Daily for critical brands, weekly for others
- Respond quickly - Act on suspicious registrations within days
- Document everything - Keep records for potential UDRP action
- Review reports regularly - Don't let alerts pile up unchecked
- Update monitoring rules - As new threats emerge
Conclusion: Proactive Brand Protection Through Automation
Automating TLD monitoring across 1,500+ domains is essential for brand protection. By combining APIs, scheduled scripts, and notification systems, you can detect cybersquatting, typosquatting, and competitive activity instantly. The TLD Enumerator tool provides the foundation for bulk checking, while automated systems maintain continuous surveillance. Investing in automation turns brand protection from reactive (discovering problems after damage) to proactive (catching threats immediately).
