AIDEVELOPER TOOLS

Brand Protection & Trademark Monitor

Protect your brand from typosquatting, social media impersonation, and online fraud. This actor generates hundreds of domain variations using keyboard-adjacent substitutions, homoglyphs, character transpositions, TLD swaps, and prefix/suffix mutations, then checks each one via DNS resolution and HTTP probing to find which lookalike domains are actually live. It also scans eight major social media platforms for username availability and searches the web for suspicious mentions like scam reports o

Try on Apify Store

$0.50per event

Users (30d)

Runs (30d)

Actively maintained

Maintenance Pulse

$0.50

Per event

Maintenance Pulse

90/100

Last Build

Today

Last Version

1d ago

Builds (30d)

Issue Response

N/A

Cost Estimate

How many results do you need?

brand-scanneds

Estimated cost:$50.00

Pricing

Pay Per Event model. You only pay for what you use.

Event	Description	Price
brand-scanned	Charged per brand protection scan. Checks 200+ domain variations for typosquatting, DNS and HTTP analysis, social media monitoring, and risk scoring.	$0.50

Example: 100 events = $50.00 · 1,000 events = $500.00

Documentation

Why Use Brand Protection Monitor?

Enterprise brand protection services charge $500–$5,000/month. This actor delivers the same core capabilities — typosquatting detection, social media monitoring, and web mention scanning — at pennies per scan. You get structured JSON output you can pipe into any alerting system, schedule on any cadence, and combine with other Apify actors for deeper investigation.

Features

Typosquatting detection — generates domain variations using seven mutation techniques: character transposition, missing characters, extra characters, keyboard-adjacent substitutions (QWERTY layout), homoglyph replacements (o→0, l→1, e→3, etc.), TLD variations (.net, .io, .co, .shop, and 11 more), hyphenation, and prefix/suffix additions (my-, get-, -shop, -official, etc.)
DNS resolution checks — resolves each generated domain via DNS to determine if it is registered, and reports the IP address it points to
Live web content detection — performs HTTPS and HTTP HEAD requests on resolved domains to determine if they are actively serving web content, distinguishing parked domains from active threats
Risk scoring — assigns each domain a risk level (HIGH, MEDIUM, LOW) based on resolution status and web activity, plus calculates an overall brand risk score (CRITICAL, HIGH, MEDIUM, LOW)
Social media username scanning — checks username availability across Twitter/X, Instagram, Facebook, TikTok, YouTube, GitHub, LinkedIn, and Pinterest
Suspicious web mention search — searches Google via Serper.dev API for mentions combining your brand name with terms like "scam," "fake," "counterfeit," and "knockoff"
Similarity scoring — calculates Levenshtein-based similarity scores for every domain variant so you can prioritize the most deceptive lookalikes
Batch processing — checks domains in parallel batches of 20 for fast scanning of up to 1,000 variations

How to Use

Enter your brand name — provide the brand name exactly as it appears in your domain (e.g., "nike", "apify", "shopify"). The actor uses this to generate domain variations and check social media usernames.
Set your brand domain — optionally specify your official domain (e.g., "nike.com"). If omitted, the actor defaults to brandName + ".com".
Choose scan modules — enable or disable typosquatting detection, social media scanning, and web mention search. Web mentions require a free Serper.dev API key.
Run and review — the actor outputs a comprehensive report with an overall risk score, individual domain risk levels, social media status, and web mentions. Export results as JSON, CSV, or Excel for reporting.

Input Parameters

Parameter	Type	Required	Default	Description
`brandName`	String	Yes	—	The brand name to monitor (e.g., "apify"). Used for domain variation generation and social media checks.
`brandDomain`	String	No	brandName + ".com"	Official brand domain (e.g., "apify.com"). Variations are generated from this domain.
`checkTyposquatting`	Boolean	No	`true`	Generate and check typosquat domain variations via DNS resolution and HTTP probing.
`checkSocialMedia`	Boolean	No	`true`	Check brand username availability on 8 social media platforms.
`checkWebMentions`	Boolean	No	`false`	Search Google for suspicious brand mentions (requires Serper API key).
`serperApiKey`	String	No	—	Serper.dev API key for web mention search. Free tier: 2,500 searches/month at serper.dev.
`maxResults`	Integer	No	`200`	Maximum number of domain variations to generate (10–1,000).

Input Examples

Quick brand scan — default settings:

{
    "brandName": "acme"
}

Full scan — all modules enabled with web mentions:

{
    "brandName": "shopify",
    "brandDomain": "shopify.com",
    "checkTyposquatting": true,
    "checkSocialMedia": true,
    "checkWebMentions": true,
    "serperApiKey": "YOUR_SERPER_API_KEY",
    "maxResults": 500
}

Typosquatting only — maximum coverage:

{
    "brandName": "stripe",
    "brandDomain": "stripe.com",
    "checkTyposquatting": true,
    "checkSocialMedia": false,
    "checkWebMentions": false,
    "maxResults": 1000
}

Input Tips

Use just the brand name (e.g., "nike"), not the full domain — the actor appends ".com" automatically if brandDomain is not provided.
Start with 200 variations to get a fast overview, then increase to 500–1,000 for high-value brands.
Enable checkWebMentions only when you have a Serper API key — the feature is skipped silently if the key is missing.

Output

The actor produces a single comprehensive report per run:

{
    "brandName": "acme",
    "brandDomain": "acme.com",
    "scanDate": "2025-01-15T14:32:08.221Z",
    "summary": {
        "totalFindings": 17,
        "typosquatDomainsFound": 12,
        "typosquatDomainsActive": 4,
        "socialMediaProfilesTaken": 5,
        "suspiciousWebMentions": 0,
        "riskScore": "HIGH"
    },
    "typosquatDomains": [
        {
            "domain": "acme.net",
            "type": "tld-variation",
            "resolved": true,
            "ipAddress": "104.21.45.12",
            "servesWebContent": true,
            "riskLevel": "HIGH",
            "similarity": 1.0
        },
        {
            "domain": "acm3.com",
            "type": "homoglyph",
            "resolved": true,
            "ipAddress": "198.51.100.23",
            "servesWebContent": true,
            "riskLevel": "HIGH",
            "similarity": 0.75
        },
        {
            "domain": "amce.com",
            "type": "transposition",
            "resolved": true,
            "ipAddress": "203.0.113.44",
            "servesWebContent": false,
            "riskLevel": "MEDIUM",
            "similarity": 0.75
        }
    ],
    "socialMediaProfiles": [
        {
            "platform": "Twitter/X",
            "url": "https://x.com/acme",
            "status": "taken",
            "isBrandOwned": null
        },
        {
            "platform": "TikTok",
            "url": "https://www.tiktok.com/@acme",
            "status": "available",
            "isBrandOwned": null
        }
    ],
    "webMentions": []
}

Output Fields

Field	Type	Description
`brandName`	String	The brand name that was monitored
`brandDomain`	String	The official domain used as the baseline
`scanDate`	String	ISO 8601 timestamp of the scan
`summary.totalFindings`	Integer	Total count of resolved domains + taken profiles + web mentions
`summary.typosquatDomainsFound`	Integer	Number of domain variations that resolved via DNS
`summary.typosquatDomainsActive`	Integer	Number of resolved domains actively serving web content
`summary.socialMediaProfilesTaken`	Integer	Number of social media platforms where the username is taken
`summary.suspiciousWebMentions`	Integer	Number of web mentions found for brand + scam/fake queries
`summary.riskScore`	String	Overall risk: `CRITICAL`, `HIGH`, `MEDIUM`, or `LOW`

Typosquat domain fields:

Field	Type	Description
`domain`	String	The generated lookalike domain
`type`	String	Mutation type: `transposition`, `missing-char`, `extra-char`, `keyboard-adjacent`, `homoglyph`, `tld-variation`, `hyphenation`, or `prefix-suffix`
`resolved`	Boolean	Whether the domain resolves via DNS
`ipAddress`	String / null	IP address the domain resolves to
`servesWebContent`	Boolean	Whether the domain serves HTTP/HTTPS content
`riskLevel`	String	`HIGH` (resolved + active), `MEDIUM` (resolved only), or `LOW` (not resolved)
`similarity`	Number	Levenshtein-based similarity score (0–1) compared to original domain

Social media profile fields:

Field	Type	Description
`platform`	String	Platform name (Twitter/X, Instagram, Facebook, TikTok, YouTube, GitHub, LinkedIn, Pinterest)
`url`	String	Direct URL to the profile page
`status`	String	`taken` (HTTP 200), `available` (HTTP 404), or `unknown` (other/error)
`isBrandOwned`	null	Reserved for future use — always `null` currently

Use Cases

Brand managers protecting a company's trademark by regularly scanning for new typosquatting domains and unauthorized social media accounts
Cybersecurity teams conducting brand threat intelligence to identify phishing infrastructure and social engineering attack surfaces
Legal & compliance departments gathering evidence of domain squatting and trademark infringement for UDRP proceedings or cease-and-desist letters
Digital marketing agencies offering brand monitoring as a value-added service to clients
E-commerce businesses identifying counterfeit storefronts and knockoff domains that could steal customers
Domain portfolio managers proactively identifying high-risk typosquatting variants to register defensively

How to Use the API

You can call Brand Protection Monitor programmatically from any language. Here are complete examples:

Python

import requests
import time

# Start the actor run
run = requests.post(
    "https://api.apify.com/v2/acts/ryanclinton~brand-protection-monitor/runs",
    params={"token": "YOUR_APIFY_TOKEN"},
    json={
        "brandName": "acme",
        "brandDomain": "acme.com",
        "checkTyposquatting": True,
        "checkSocialMedia": True,
        "checkWebMentions": False,
        "maxResults": 200
    },
    timeout=30,
).json()

# Wait for completion
run_id = run["data"]["id"]
while True:
    status = requests.get(
        f"https://api.apify.com/v2/actor-runs/{run_id}",
        params={"token": "YOUR_APIFY_TOKEN"},
        timeout=10,
    ).json()
    if status["data"]["status"] in ("SUCCEEDED", "FAILED", "ABORTED"):
        break
    time.sleep(5)

# Get results
dataset_id = status["data"]["defaultDatasetId"]
items = requests.get(
    f"https://api.apify.com/v2/datasets/{dataset_id}/items",
    params={"token": "YOUR_APIFY_TOKEN"},
    timeout=30,
).json()

report = items[0]
print(f"Risk score: {report['summary']['riskScore']}")
print(f"Active typosquats: {report['summary']['typosquatDomainsActive']}")
for d in report["typosquatDomains"]:
    if d["riskLevel"] == "HIGH":
        print(f"  HIGH RISK: {d['domain']} ({d['type']}, IP: {d['ipAddress']})")

JavaScript

const response = await fetch(
    "https://api.apify.com/v2/acts/ryanclinton~brand-protection-monitor/run-sync-get-dataset-items?token=YOUR_APIFY_TOKEN",
    {
        method: "POST",
        headers: { "Content-Type": "application/json" },
        body: JSON.stringify({
            brandName: "acme",
            checkTyposquatting: true,
            checkSocialMedia: true,
            maxResults: 200,
        }),
    }
);

const [report] = await response.json();
console.log(`Risk: ${report.summary.riskScore}`);
report.typosquatDomains
    .filter((d) => d.riskLevel === "HIGH")
    .forEach((d) => console.log(`  ${d.domain} (${d.type}) → ${d.ipAddress}`));

cURL

curl -X POST "https://api.apify.com/v2/acts/ryanclinton~brand-protection-monitor/run-sync-get-dataset-items?token=YOUR_APIFY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "brandName": "acme",
    "checkTyposquatting": true,
    "checkSocialMedia": true,
    "maxResults": 200
  }'

How It Works

Input (brandName, brandDomain, scan options)
  │
  ▼
┌─────────────────────────────────────────────────────────┐
│  Module 1: Typosquatting Detection                      │
│                                                         │
│  1. Generate domain variations (7 techniques)           │
│     • Character transposition  (gogle.com)              │
│     • Missing character        (gogle.com)              │
│     • Extra character           (gooogle.com)            │
│     • Keyboard-adjacent swap   (googke.com)             │
│     • Homoglyph replacement    (g00gle.com)             │
│     • TLD variation            (google.net, .io, etc.)  │
│     • Hyphenation              (goo-gle.com)            │
│     • Prefix/suffix            (mygogle.com, -shop)     │
│                                                         │
│  2. DNS resolution (batches of 20 in parallel)          │
│     dns.promises.resolve4(domain) → IP address          │
│                                                         │
│  3. HTTP/HTTPS HEAD probe (resolved domains only)       │
│     HTTPS first → HTTP fallback → 5s timeout            │
│     Status < 500 = serving content                      │
│                                                         │
│  4. Risk classification                                 │
│     Resolved + web content → HIGH                       │
│     Resolved only          → MEDIUM                     │
│     Not resolved           → LOW                        │
│                                                         │
│  5. Similarity scoring                                  │
│     Levenshtein distance on base domain name            │
│     similarity = 1 - (distance / max_length)            │
└─────────────────────────────────────────────────────────┘
  │
  ▼
┌─────────────────────────────────────────────────────────┐
│  Module 2: Social Media Scanning                        │
│                                                         │
│  Check 8 platforms for username availability:           │
│  Twitter/X • Instagram • Facebook • TikTok              │
│  YouTube   • GitHub    • LinkedIn • Pinterest           │
│                                                         │
│  HTTP GET with browser User-Agent → status check:       │
│  200 = taken • 404 = available • other = unknown        │
└─────────────────────────────────────────────────────────┘
  │
  ▼
┌─────────────────────────────────────────────────────────┐
│  Module 3: Web Mention Search (optional, needs API key) │
│                                                         │
│  4 Serper.dev API queries:                              │
│  "brand scam" • "brand fake"                            │
│  "brand counterfeit" • "brand knockoff"                 │
│  Returns top 10 organic results per query               │
└─────────────────────────────────────────────────────────┘
  │
  ▼
┌─────────────────────────────────────────────────────────┐
│  Risk Score Calculation                                 │
│                                                         │
│  Active typosquats (resolved + web)  × 10 points        │
│  Resolved-only typosquats            × 3 points         │
│  Taken social media profiles         × 2 points         │
│  Web mentions (scam/fake results)    × 1 point          │
│                                                         │
│  Score ≥ 30 → CRITICAL                                  │
│  Score ≥ 15 → HIGH                                      │
│  Score ≥ 5  → MEDIUM                                    │
│  Score < 5  → LOW                                       │
└─────────────────────────────────────────────────────────┘
  │
  ▼
Dataset (single report with all findings)

Homoglyph Substitution Map

The actor replaces characters with visually similar alternatives:

Original	Replacements	Example
`o`	`0`	g0ogle
`l`	`1`, `i`	goog1e
`i`	`1`, `l`	aplfy
`e`	`3`	googl3
`a`	`4`, `@`	4pple
`s`	`5`, `$`	5tripe
`t`	`7`	s7ripe
`b`	`8`	face8ook
`g`	`9`, `q`	9oogle

TLD Variations Checked

.net .org .io .co .info .biz .xyz .app .dev .us .uk .shop .store .online .site

Prefix/Suffix Mutations

Prefixes	Suffixes
`my-` / `my`	`-shop` / `shop`
`the-` / `the`	`-store` / `store`
`get-` / `get`	`-official` / `official`
`go-` / `go`	`-app` / `app`
`try-` / `try`	`-online` / `online`
	`-hq` / `hq`
	`-inc` / `inc`

Each prefix/suffix is tested both with and without a hyphen separator.

How Much Does It Cost?

This actor runs on the Apify platform. Costs depend on your subscription plan and usage.

Scenario	Compute Units	Free Plan (~$5/month)	Personal Plan (~$49/month)
Single brand scan (200 domains, social media)	~0.05 CU	~100 scans/month	~1,000 scans/month
Large scan (500 domains, social + web mentions)	~0.10 CU	~50 scans/month	~500 scans/month
Maximum scan (1,000 domains, all checks enabled)	~0.20 CU	~25 scans/month	~250 scans/month

The actor uses minimal memory (256 MB) and typically completes in 1–5 minutes depending on how many domain variations are checked. DNS resolution and HTTP probing are the main time consumers. Web mention search uses Serper.dev credits (2,500 free queries/month on their free tier).

Tips

Start with 200 domain variations — the default is well-balanced for most brands. Increase to 500–1,000 only for high-value brands where comprehensive coverage matters.
Schedule regular scans — set up a daily or weekly Apify schedule to catch new typosquatting domains as soon as they appear. Threat actors register new domains constantly.
Focus on HIGH-risk results first — domains that both resolve AND serve web content are the most dangerous (potential phishing sites). Prioritize takedown requests for these.
Use the Serper.dev free tier for web mentions — you get 2,500 free queries per month at serper.dev, which is enough for dozens of brand scans.
Export results for legal action — download the dataset as JSON or CSV to include in UDRP filings or send to your legal team. The scan date and domain evidence create a clear record.
Chain with WHOIS lookups — pipe HIGH-risk domains into the WHOIS Domain Lookup actor to identify registrants and gather evidence for takedown requests.

Limitations

No subdomain enumeration — the actor generates variations of the base domain name only, not subdomains of your brand's domain.
Social media detection is heuristic — the actor checks HTTP status codes (200 = taken, 404 = available). Some platforms may return unexpected status codes, resulting in "unknown" status.
Cannot determine brand ownership — the isBrandOwned field is always null. The actor can tell you a username is taken but not whether you or an impersonator owns it.
Homoglyphs are ASCII-only — the actor checks common ASCII lookalikes (o→0, l→1) but does not generate Unicode/IDN homoglyphs (Cyrillic а, Greek ο, etc.).
Web mention search uses 4 API calls — each web mention check consumes 4 Serper.dev searches (one per query: scam, fake, counterfeit, knockoff).
HTTP HEAD detection has limits — some domains may serve content only on specific paths, or use JavaScript rendering that HEAD requests cannot detect.
No WHOIS integration — the actor checks DNS and HTTP but does not retrieve WHOIS registration data. Use the WHOIS Domain Lookup actor for that.
Single brand per run — each run monitors one brand. Schedule separate runs for multiple brands.

Responsible Use

Passive reconnaissance only — this actor performs DNS lookups, HTTP HEAD requests, and social media URL checks. It does not perform intrusive scanning, penetration testing, or unauthorized access.
Use for legitimate brand protection — this tool is intended for trademark holders, their legal representatives, and authorized security teams.
Comply with platform terms of service — social media checks use standard HTTP requests. Excessive scanning of social platforms may trigger rate limits.
Do not use for harassment or stalking — this tool monitors brand names, not individuals.
Report genuine threats — if you discover active phishing sites, report them to the hosting provider and relevant authorities (e.g., Anti-Phishing Working Group).

FAQ

Is this actor legal to use? Yes. The actor performs only passive reconnaissance: DNS lookups (public records), HTTP HEAD requests (equivalent to visiting a website), social media profile URL checks (public pages), and Google searches. No intrusive scanning or unauthorized access.

What types of typosquatting does it detect? Seven types: character transposition (amce.com), missing characters (acm.com), extra characters (acmee.com), keyboard-adjacent substitutions (acke.com), homoglyph replacements (acm3.com), TLD variations (acme.net), hyphenation (ac-me.com), and prefix/suffix additions (myacme.com, acme-shop.com).

Do I need a Serper API key? Only if you enable the web mention search feature. Typosquatting detection and social media scanning work without any API key. Serper.dev offers a free tier with 2,500 queries per month.

How is the risk score calculated? Active typosquat domains (serving web content) contribute 10 points each. Resolved but inactive domains contribute 3 points. Taken social media profiles contribute 2 points. Web mentions contribute 1 point. Scores of 30+ are CRITICAL, 15+ are HIGH, 5+ are MEDIUM, and below 5 are LOW.

Can I monitor multiple brands at once? Each run monitors one brand. To monitor multiple brands, schedule separate runs for each brand or use the Apify API to trigger runs programmatically in a loop.

How often should I run a brand scan? Weekly scans are recommended for most brands. High-profile brands or those that have experienced impersonation should consider daily monitoring.

What social media platforms are checked? Twitter/X, Instagram, Facebook, TikTok, YouTube, GitHub, LinkedIn, and Pinterest.

What does the similarity score mean? It's a Levenshtein-based metric (0–1) comparing the base domain name (without TLD) to the original. A score of 1.0 means identical (e.g., a TLD variation), while 0.75 means a single-character difference. Higher similarity = more deceptive.

Integrations

This actor works seamlessly with the broader Apify ecosystem and third-party automation tools.

Apify API — trigger brand scans programmatically and retrieve results as JSON for custom dashboards or security workflows.
Zapier — receive alerts when a scan detects HIGH-risk domains. Route notifications to Slack, email, or your ticketing system.
Make (Integromat) — build automated brand monitoring workflows that trigger scans on a schedule and push results to Google Sheets, Airtable, or your CRM.
Google Sheets — export scan results directly for collaborative review and historical tracking.
Webhooks — configure Apify webhooks to fire when a run completes, sending the results payload to any endpoint for real-time processing.

Related Actors

If you find Brand Protection Monitor useful, check out these complementary actors from the same publisher:

Actor	What it does	Use with Brand Protection Monitor
WHOIS Domain Lookup	Domain registration details	Look up registrant info for suspicious domains
DNS Record Lookup	Detailed DNS queries (A, MX, TXT, NS)	Deep DNS analysis on flagged domains
SSL Certificate Search	Certificate Transparency log search	Find SSL certs issued for your brand name
Website Contact Scraper	Extract contact details from websites	Identify operators behind typosquatting sites
Website Change Monitor	Track changes on websites over time	Monitor known phishing sites for content changes
IP Geolocation Lookup	Geolocate IP addresses	Find where typosquatting infrastructure is hosted
SERP Rank Tracker	Track keyword rankings in Google	Check if imposters are ranking for your brand keywords

How it works

Configure

Set your parameters in the Apify Console or pass them via API.

Run

Click Start, trigger via API, webhook, or set up a schedule.

Get results

Download as JSON, CSV, or Excel. Integrate with 1,000+ apps.

Use cases

Sales Teams

Build targeted lead lists with verified contact data.

Marketing

Research competitors and identify outreach opportunities.

Data Teams

Automate data collection pipelines with scheduled runs.

Developers

Integrate via REST API or use as an MCP tool in AI workflows.

Related actors

Bulk Email Verifier

Verify email deliverability at scale. MX record validation, SMTP mailbox checks, disposable and role-based detection, catch-all flagging, and confidence scoring. No external API costs.

100% success$0.005/event

GitHub Repository Search

Search GitHub repositories by keyword, language, topic, stars, forks. Sort by stars, forks, or recently updated. Returns metadata, topics, license, owner info, URLs. Free API, optional token for higher limits.

99% success

Website Content to Markdown

Convert any website to clean Markdown for RAG pipelines, LLM training, and AI apps. Crawls pages, strips boilerplate, preserves headings, tables, and code blocks. GFM support.

100% success$0.02/event

Website Tech Stack Detector

Detect 100+ web technologies on any website. Identifies CMS, frameworks, analytics, marketing tools, chat widgets, CDNs, payment systems, hosting, and more. Batch-analyze multiple sites with version detection and confidence scoring.

100% success$0.10/event

Not sure which actor to pick?

Try the actor recommender

Ready to try Brand Protection & Trademark Monitor?

Start for free on Apify. No credit card required.

Open on Apify Store