Changelog

Have I Been Squated – Instantly spot typosquatting, brand abuse, and domain threats with real-time alerts.

Documentation

© 2025 Have I Been Squated, Inc. All rights reserved.

twistrs: Keyword & TLD Updates

  • Added platform to keyword list
  • Updated TLD list for improved coverage
  • Introduced a new Filter trait for advanced permutation filtering

Introducing Analyzer

Analyzer is a one-shot domain detective that brings every essential insight into a single view: a live snapshot of the site, cache status and legitimacy, redirect chain, HTTP banner and tech-stack overview, DNS records, registration and registrar details, security flags with WHOIS/RDAP links, and a built-in certificate inspector.

Improvements

  • Added Analyzer deep-dive domain analysis tool, now available to all users (no login required)
  • Live site snapshot with cache status & "Legitimate" classification
  • Visual redirect-chain tracing to the origin URL
  • HTTP banner detection & full tech-stack overview
  • DNS record explorer (A, AAAA, NS, CNAME & TXT)
  • Registration metadata panel (registration, expiration & last-changed dates)
  • Registrar info with DNSSEC & privacy flags and status codes
  • Quick links to RDAP lookup & ICANN complaint page
  • Certificate inspector (validity period, SANs & CT-log verification)

Rules and alerts
Preview

We're building a rules system to let you define alerts based on specific domain traits — think composable alerts tailored to your brand. Create custom rules that trigger when domains match your criteria, whether it's detecting lookalike domains, monitoring specific TLDs, or flagging suspicious registration patterns, allowing you to stay informed about potential threats while filtering out the noise.

Redirect chain analysis, certificate inspector

You can now view the complete redirect chain for any domain, with detailed visibility into every certificate encountered along the way. For each certificate, we display the subject, issuer, validity period, subject alternative names, certificate transparency status, and connection security details such as protocol, cipher, and key exchange.

This lets you quickly assess certificate legitimacy, expiration, and transparency for every hop in the redirect path, making it easier to spot suspicious or misconfigured certificates.

Monitoring export (CSV & JSONL)

You can now export data from both the Explore and Lookup views inside Domain Monitoring. Export your findings as CSV for spreadsheet analysis or JSONL for programmatic processing — perfect for custom reporting, data pipelines, or integration with your existing security tools.

Result tagging, bulk domain import

We've added result tagging capabilities to help you organize and categorize your domain monitoring results, along with bulk domain import functionality to streamline your workflow.

Improvements

  • Tag permutations as Owned, Ignored, False Positive, or Malicious
  • Improved Add Domain flow with bulk import support

Technology fingerprinting

We now identify the tech stack running on detected websites — useful for phishing detection and infrastructure profiling. This includes detecting web frameworks, content management systems, analytics tools, and other technologies that can reveal the true nature of suspicious domains and help assess their legitimacy.

Screenshots, extended DNS support in lookup

Lookup results now feature website screenshots, full DNS records, and expandable result rows for richer data at a glance.

Domain Monitoring
Alpha

We've shipped a comprehensive overhaul of our monitoring platform featuring enhanced detection algorithms, deeper infrastructure inspection capabilities, and improved threat assessment workflows for more accurate domain monitoring.

Improvements

  • Website screenshot capture
  • Advanced DNS analysis (CNAME/A/MX)
  • Smarter, actionable website classification
  • Deeper scan scope across monitored domains

Pro Plan Launch

We've launched Pro, unlocking deeper visibility into domain threats.

New Pro Features

  • IP geolocation with external lookups
  • Website classification (beta)
  • NXDOMAIN permutation discovery
  • RDAP ownership history timeline

twistrs: New Mapped Permutations

Mapped values are now supported in the permutation engine — d can map to cl, ck to kk, and many more.

Table pagination for smoother lookups

We've added pagination to the results table — better performance for domains with >100 permutations, without breaking filters or exports.

NXDOMAIN lookups

We've shipped NXDOMAIN lookups. Now you can discover unregistered domain permutations that could be used for phishing or brand impersonation. NXDOMAIN responses indicate that a domain name doesn't exist in the DNS system, revealing potential typosquatting opportunities before attackers can register them.

IP Intelligence & Geolocation Tools

We now display IP location, ASN, and organization data alongside quick access to your favorite investigation tools.

Improvements

  • Show country flags, ASN & org info for resolved IPs
  • Direct links to AbuseIPDB, Shodan, Cloudflare Radar, Censys, VirusTotal

UI Overhaul, Levenshtein Sorting & Export Options

We gave the app a fresh look and added some powerful sorting and export features.

Improvements

  • Introduced Berkeley Mono as our new typeface
  • Added subtle interface animations (with prefers-reduced-motion support)
  • Revamped mobile navigation and spacing
  • Implemented Levenshtein distance to show domain similarity
  • Sorted results by Levenshtein distance by default
  • Added CSV and JSON export for lookup results

Fixes

  • Fixed layout bugs and broken CSV output