Have I Been Squated – Instantly spot typosquatting, brand abuse, and domain threats with real-time alerts.
© 2025 Have I Been Squated, Inc. All rights reserved.
Analyze historical DNS and TLS observations to map infrastructure changes and uncover relationships across suspicious domains.
passive_dns.*, passive_tls.*)
We launched our in‑house ML model for domain classification to significantly improve accuracy and reduce false positives.
classification.phishing, classification.legitimate, classification.parkedtwistrs: New Vowel Shuffle and improved Hyphenation permutationsxiaomi.com → xoaimi.com)bbc.co.uk → bbc-co.uk)
Analyzer is a one-shot domain detective that brings every essential insight into a single view: a live snapshot of the site, cache status and legitimacy, redirect chain, HTTP banner and tech-stack overview, DNS records, registration and registrar details, security flags with WHOIS/RDAP links, and a built-in certificate inspector.
We're building a rules system to let you define alerts based on specific domain traits — think composable alerts tailored to your brand. Create custom rules that trigger when domains match your criteria, whether it's detecting lookalike domains, monitoring specific TLDs, or flagging suspicious registration patterns, allowing you to stay informed about potential threats while filtering out the noise.
You can now view the complete redirect chain for any domain, with detailed visibility into every certificate encountered along the way. For each certificate, we display the subject, issuer, validity period, subject alternative names, certificate transparency status, and connection security details such as protocol, cipher, and key exchange.
This lets you quickly assess certificate legitimacy, expiration, and transparency for every hop in the redirect path, making it easier to spot suspicious or misconfigured certificates.
You can now export data from both the Explore and Lookup views inside Domain Monitoring. Export your findings as CSV for spreadsheet analysis or JSONL for programmatic processing — perfect for custom reporting, data pipelines, or integration with your existing security tools.
We've added result tagging capabilities to help you organize and categorize your domain monitoring results, along with bulk domain import functionality to streamline your workflow.
We now identify the tech stack running on detected websites — useful for phishing detection and infrastructure profiling. This includes detecting web frameworks, content management systems, analytics tools, and other technologies that can reveal the true nature of suspicious domains and help assess their legitimacy.
We've shipped a comprehensive overhaul of our monitoring platform featuring enhanced detection algorithms, deeper infrastructure inspection capabilities, and improved threat assessment workflows for more accurate domain monitoring.
We've shipped NXDOMAIN lookups. Now you can discover unregistered domain permutations that could be used for phishing or brand impersonation. NXDOMAIN responses indicate that a domain name doesn't exist in the DNS system, revealing potential typosquatting opportunities before attackers can register them.
We gave the app a fresh look and added some powerful sorting and export features.
prefers-reduced-motion support)