Why check multiple TLDs?

Protects brand from: typosquatting (malicious lookalikes), cybersquatting (trademark domains), phishing (fake login pages), reputation damage. Attackers register similar domains with different TLDs to trick users. Example: paypal.com (real) vs paypal-secure.net (phishing). Defensive registration: buy important TLD variants before attackers. Cost-effective: prevent customer confusion, legal disputes, incident response. Monitor registered variants for suspicious activity (email spoofing, malware hosting).

What are the most important TLDs?

Priority TLDs for brand protection: .com (commercial, most trusted), .net (network/tech), .org (organization), country-codes (.co.uk, .de, .ca where you operate), .io (tech startups), .app/.dev (applications), .ai (AI companies). New gTLDs: .tech, .online, .store, .cloud. Typosquatting risks: .cm (typo of .com), .om, .co. Register: primary TLD + major variants + country TLDs. Monitor rest for infringement.

How to detect typosquatting domains?

Typosquatting detection techniques: 1) Homograph attacks (unicode lookalikes: apple.com vs аpple.com). 2) Character substitution (paypal → paypai, google → gooogle). 3) TLD variations (example.com → example.net). 4) Transposition (faceboook). 5) Omission (gogle). Tools: dnstwist, URLCrazy. Monitor: newly registered domains, SSL certificate transparency logs. Response: UDRP complaint, legal action, takedown requests. Prevention: defensive registration, trademark monitoring, DMARC for email.

What is domain availability checking?

Domain availability checking queries domain registration status. Methods: 1) WHOIS lookup (shows registrant, dates, nameservers). 2) DNS query (registered domains have nameservers). 3) HTTP request (active websites respond). Rate limits: WHOIS servers limit queries (1-10/second). Bulk checking: use RDAP (Registry Data Access Protocol), commercial APIs (DomainTools, WhoisXML). Available = unregistered, can purchase. Registered = check expiration date, monitor for release.

As of 2025: 1,500+ TLDs. Categories: Generic (gTLDs) - .com, .net, .org (~1,200 new gTLDs after ICANN expansion 2013). Country-code (ccTLDs) - .uk, .de, .jp (~250). Sponsored (sTLDs) - .edu, .gov, .mil. Infrastructure - .arpa. New gTLDs: .app, .dev, .cloud, .tech, .shop. Most popular: .com (40% of domains), .tk (free Tokelau ccTLD), .cn (China), .de (Germany). Source: IANA Root Zone Database.

What is the Uniform Domain-Name Dispute-Resolution Policy?

UDRP is ICANN policy for resolving domain disputes without litigation. Applies to: .com, .net, .org, many new gTLDs (not all ccTLDs). File complaint if domain: 1) Identical/confusingly similar to your trademark. 2) Registrant has no legitimate rights. 3) Registered/used in bad faith (resale, disruption, phishing). Process: online complaint, respondent reply, panelist decision (45-60 days). Remedies: transfer domain, cancel registration. Cost: $1,500-3,000. Alternative: legal action (more expensive/slower).

How to automate TLD monitoring?

Monitoring automation: 1) Certificate Transparency logs (crt.sh API) - new SSL certificates issued. 2) WHOIS history APIs (DomainTools, SecurityTrails) - registration changes. 3) DNS monitoring (passive DNS feeds) - newly active domains. 4) Brand monitoring services (Bolster, MarkMonitor). Alerts for: new registrations matching brand, expired domain availability, DNS changes, SSL certificates. Integrate with: SIEM, ticketing systems, threat intel platforms. Check daily for high-value brands, weekly for general monitoring.

Home/Tools/Security/TLD Enumerator

TLD Enumerator

Enumerate and check domain availability across all top-level domains (TLDs) for brand protection and reconnaissance

100% Private - Runs Entirely in Your Browser

No data is sent to any server. All processing happens locally on your device.

Loading TLD Enumerator...

Domain

Loading interactive tool...

JavaScript Required

This interactive tool requires JavaScript to function. Please enable JavaScript in your browser to use the full features.

The tool description and documentation above provide information about this tool's capabilities. For the best experience, please enable JavaScript and refresh the page.

Need Professional Security Testing?

Our penetration testers find vulnerabilities before attackers do. Get a comprehensive security assessment.

Learn About Penetration Testing Explore Risk Assessment

What Is TLD Enumeration

TLD (Top-Level Domain) enumeration discovers all domain registrations associated with a base name across different top-level domains — checking whether example.com, example.net, example.org, example.io, example.co, and hundreds of other TLDs are registered and by whom. This technique is essential for brand protection, security assessment, and domain portfolio management.

With over 1,500 TLDs available (including gTLDs like .com, .org, .io and ccTLDs like .uk, .de, .jp), organizations cannot realistically register their brand across all of them. TLD enumeration identifies which variations are already registered, potentially by competitors, domain squatters, or threat actors preparing phishing campaigns.

TLD Categories

Type	Examples	Count	Registration
Generic (gTLD)	.com, .net, .org, .info	~1,200+	Open to anyone
Country Code (ccTLD)	.uk, .de, .jp, .au, .ca	~300+	Some restricted to residents
Sponsored (sTLD)	.edu, .gov, .mil, .museum	~15	Restricted eligibility
New gTLD	.tech, .cloud, .security, .app	~1,000+	Open (most)
Infrastructure	.arpa	1	Technical use only

Common Use Cases

Brand protection: Discover unauthorized registrations of your brand name across TLDs before they are used for phishing, counterfeiting, or brand abuse
Phishing detection: Identify domains registered with your brand name that could be used in phishing campaigns targeting your employees or customers
Domain portfolio management: Audit which TLDs you own and identify gaps that should be defensively registered
Competitive intelligence: Discover which TLDs competitors have registered and identify new product launches or geographic expansions signaled by domain registrations
Merger/acquisition due diligence: Inventory all domain registrations associated with an acquisition target

Best Practices

Prioritize high-risk TLDs — Not all TLDs are equal risk. Focus defensive registration on .com, .net, .org, your country's ccTLD, and industry-relevant TLDs (.io, .tech, .security).
Monitor for new registrations — Set up domain monitoring alerts for your brand name across popular TLDs. Services like DomainTools and DNS Twist provide automated monitoring.
Check look-alike variations — Beyond TLD enumeration, check for typosquatting (gogle.com), homograph attacks (using similar Unicode characters), and combosquatting (brand-security.com).
Register defensively — Proactively register your brand on high-traffic TLDs and redirect them to your primary domain. This is cheaper than fighting domain squatters after the fact.
Document and track — Maintain a centralized inventory of all domain registrations with renewal dates, registrars, and DNS configurations. Expired defensive domains are quickly snapped up by squatters.

References & Citations

Internet Assigned Numbers Authority (IANA). (2024). Root Zone Database. Retrieved from https://www.iana.org/domains/root/db (accessed January 2025)
ICANN. (2024). Uniform Domain-Name Dispute-Resolution Policy. Retrieved from https://www.icann.org/resources/pages/help/dndr/udrp-en (accessed January 2025)
Wikipedia. (2024). Typosquatting. Retrieved from https://en.wikipedia.org/wiki/Typosquatting (accessed January 2025)

Note: These citations are provided for informational and educational purposes. Always verify information with the original sources and consult with qualified professionals for specific advice related to your situation.

Key Security Terms

Understand the essential concepts behind this tool

Typosquatting

Registering domain names similar to popular sites by exploiting common typing errors to deceive users.

Learn more →

View all terms in our glossary →

Frequently Asked Questions

Common questions about the TLD Enumerator

TLD enumeration checks domain availability across multiple top-level domains (TLDs). Example: checking example.com, example.net, example.org, example.io, etc. Used for: brand protection (register variants before squatters), typosquatting detection (find malicious lookalikes), reconnaissance (discover company assets), domain availability research. 1,500+ TLDs exist: generic (.com, .net), country-code (.uk, .de), new gTLDs (.app, .dev). Automates manual WHOIS checks.

ℹ️ Disclaimer

This tool is provided for informational and educational purposes only. All processing happens entirely in your browser - no data is sent to or stored on our servers. While we strive for accuracy, we make no warranties about the completeness or reliability of results. Use at your own discretion.