Free TLD enumerator tool. Check domain availability across 1,500+ TLDs for brand protection, typosquatting detection, and domain reconnaissance.
TLD (Top-Level Domain) enumeration discovers all domain registrations associated with a base name across different top-level domains — checking whether example.com, example.net, example.org, example.io, example.co, and hundreds of other TLDs are registered and by whom. This technique is essential for brand protection, security assessment, and domain portfolio management.
With over 1,500 TLDs available (including gTLDs like .com, .org, .io and ccTLDs like .uk, .de, .jp), organizations cannot realistically register their brand across all of them. TLD enumeration identifies which variations are already registered, potentially by competitors, domain squatters, or threat actors preparing phishing campaigns.
| Type | Examples | Count | Registration |
|---|---|---|---|
| Generic (gTLD) | .com, .net, .org, .info | ~1,200+ | Open to anyone |
| Country Code (ccTLD) | .uk, .de, .jp, .au, .ca | ~300+ | Some restricted to residents |
| Sponsored (sTLD) | .edu, .gov, .mil, .museum | ~15 | Restricted eligibility |
| New gTLD | .tech, .cloud, .security, .app | ~1,000+ | Open (most) |
| Infrastructure | .arpa | 1 | Technical use only |
TLD enumeration checks domain availability across multiple top-level domains (TLDs). Example: checking example.com, example.net, example.org, example.io, etc. Used for: brand protection (register variants before squatters), typosquatting detection (find malicious lookalikes), reconnaissance (discover company assets), domain availability research. 1,500+ TLDs exist: generic (.com, .net), country-code (.uk, .de), new gTLDs (.app, .dev). Automates manual WHOIS checks.
Protects brand from: typosquatting (malicious lookalikes), cybersquatting (trademark domains), phishing (fake login pages), reputation damage. Attackers register similar domains with different TLDs to trick users. Example: paypal.com (real) vs paypal-secure.net (phishing). Defensive registration: buy important TLD variants before attackers. Cost-effective: prevent customer confusion, legal disputes, incident response. Monitor registered variants for suspicious activity (email spoofing, malware hosting).
Priority TLDs for brand protection: .com (commercial, most trusted), .net (network/tech), .org (organization), country-codes (.co.uk, .de, .ca where you operate), .io (tech startups), .app/.dev (applications), .ai (AI companies). New gTLDs: .tech, .online, .store, .cloud. Typosquatting risks: .cm (typo of .com), .om, .co. Register: primary TLD + major variants + country TLDs. Monitor rest for infringement.
Typosquatting detection techniques: 1) Homograph attacks (unicode lookalikes: apple.com vs аpple.com). 2) Character substitution (paypal → paypai, google → gooogle). 3) TLD variations (example.com → example.net). 4) Transposition (faceboook). 5) Omission (gogle). Tools: dnstwist, URLCrazy. Monitor: newly registered domains, SSL certificate transparency logs. Response: UDRP complaint, legal action, takedown requests. Prevention: defensive registration, trademark monitoring, DMARC for email.
Domain availability checking queries domain registration status. Methods: 1) WHOIS lookup (shows registrant, dates, nameservers). 2) DNS query (registered domains have nameservers). 3) HTTP request (active websites respond). Rate limits: WHOIS servers limit queries (1-10/second). Bulk checking: use RDAP (Registry Data Access Protocol), commercial APIs (DomainTools, WhoisXML). Available = unregistered, can purchase. Registered = check expiration date, monitor for release.
As of 2025: 1,500+ TLDs. Categories: Generic (gTLDs) - .com, .net, .org (~1,200 new gTLDs after ICANN expansion 2013). Country-code (ccTLDs) - .uk, .de, .jp (~250). Sponsored (sTLDs) - .edu, .gov, .mil. Infrastructure - .arpa. New gTLDs: .app, .dev, .cloud, .tech, .shop. Most popular: .com (40% of domains), .tk (free Tokelau ccTLD), .cn (China), .de (Germany). Source: IANA Root Zone Database.
UDRP is ICANN policy for resolving domain disputes without litigation. Applies to: .com, .net, .org, many new gTLDs (not all ccTLDs). File complaint if domain: 1) Identical/confusingly similar to your trademark. 2) Registrant has no legitimate rights. 3) Registered/used in bad faith (resale, disruption, phishing). Process: online complaint, respondent reply, panelist decision (45-60 days). Remedies: transfer domain, cancel registration. Cost: $1,500-3,000. Alternative: legal action (more expensive/slower).
Monitoring automation: 1) Certificate Transparency logs (crt.sh API) - new SSL certificates issued. 2) WHOIS history APIs (DomainTools, SecurityTrails) - registration changes. 3) DNS monitoring (passive DNS feeds) - newly active domains. 4) Brand monitoring services (Bolster, MarkMonitor). Alerts for: new registrations matching brand, expired domain availability, DNS changes, SSL certificates. Integrate with: SIEM, ticketing systems, threat intel platforms. Check daily for high-value brands, weekly for general monitoring.