Have I Been Squatted now integrates with Tines

Have I Been Squatted now integrates with Tines, bringing typosquatting intelligence directly into security automation workflows. For alert enrichment, threat hunting, or tasks that previously required manual API calls or steps in the Have I Been Squatted web app, the integration adds context at decision time.

What is Tines?#

Tines is a no-code security automation platform built for security teams. Rather than writing and maintaining glue code, analysts build "stories" (visual workflows that connect APIs, enrich alerts, apply logic, and route findings to the right people or tools). It works with stacks that are already in place: security information and event management (SIEM) platforms, ticketing systems, chat, case management, and more.

What this integration does#

Four Have I Been Squatted templates are available to drop into Tines stories, each exposing a different part of the Have I Been Squatted API.

Typosquatting lookups — The squat lookup template streams permutations for any domain (transpositions, homoglyphs, character insertions, and more) back into the story in real time. Rather than checking domains manually in the Have I Been Squatted web app, a lookup can run the moment a suspicious domain surfaces and feed results directly into an enrichment or triage pipeline.

Unregistered domain discovery — The NXDOMAIN lookup template (no such domain exists) surfaces permutations of a monitored domain that are not yet registered. Periodic checks show which plausible lookalikes remain available, so teams can decide defensively whether to register them before someone else does.

One-shot domain enrichment — The Analyze template returns infrastructure and threat signal context for a specific domain in a single call. When a domain surfaces in an alert, the template supplies enough signal to route to an analyst, close as low-risk, or feed into a broader investigation.

What this looks like in practice#

Security teams can use this integration in a number of ways.

A domain appears in a phishing report or SIEM alert. A Tines story calls the Analyze template, evaluates the signals, and either escalates to a response queue or auto-closes with context attached, without a manual lookup.

A story runs the NXDOMAIN lookup periodically against priority brand terms. Scheduled review produces a clear picture of which lookalike domains remain unregistered and a structured process for deciding whether to act on them.

A domain from an external threat feed or partner report needs quick context. The Analyze template enriches it inline, so the analyst working the case has infrastructure and signal data before opening a separate browser tab.

Getting started#

To configure the integration in Tines:

1. Create an API key from the Have I Been Squatted console
2. Sign in to Tines
3. Add the four Have I Been Squatted story templates:
   • Look up typosquatted permutations for a domain
   • Look up unregistered permutations for a domain
   • Analyze a domain for infrastructure and threat signals
   • Retrieve usage totals and hourly breakdown

Domain threat detection has historically meant a mix of manual lookups, ad hoc scripts, and context that arrives too late to be useful. The integration closes that gap by placing Have I Been Squatted intelligence inside automated workflows, so detection and response stay in the same loop.