Why blocklist-first beats takedown-only
A takedown can take days. A user can lose funds in minutes. That’s why we block first and take down second.
Detect fakes the moment they’re registered
Our detection sources monitor Certificate Transparency logs, DNS records, and search indexes around the clock. A new domain that looks, sounds, or resolves like yours gets flagged before it ever reaches a user’s feed.
Block at the point of access
The moment a domain is confirmed malicious, it goes on our blocklist. That blocklist reaches wallets, browsers, and security partners within minutes, so users get warned before they connect a wallet or enter a seed phrase.
Take it down at the source
While the blocklist is protecting users, we file the takedown with the hosting provider or registrar. The site comes offline, and we keep monitoring in case it reappears under a new domain.
Wherever scammers register domains, we’re already watching
Typosquatters don’t wait for a launch to register lookalike domains. Neither do we.
Typosquatting
Lookalike domains built from homoglyphs and common misspellings, like chainpatr0l.com or chianpatrol.com, caught the moment they're registered.
Fake airdrop and mint pages
Cloned landing pages promising free tokens in exchange for a wallet connection, timed to launches and mints.
Wallet drainer sites
Domains running malicious smart contracts designed to drain a connected wallet the moment a user signs.
Cloned brand sites
Full copies of your official site, sometimes down to the last pixel, built to harvest credentials or seed phrases.
Parked and dormant domains
Lookalike domains registered early and held until a scam campaign is ready to go live.
These are a few of the patterns we cover, not the full list. Detection runs across 28+ sources, including Certificate Transparency monitoring, typosquatting analysis, and third-party threat intel.
Why the best brands don’t handle domain takedowns alone
Most brands either wait for users to report fake domains or use a tool that flags them and hands the problem back. We flag them, block them, and take them down, without your team touching it.
Trusted by 100+ brands to protect their users from fake domains
The most targeted names in crypto rely on us to keep phishing domains away from their communities.
“Keeping the Arbitrum community safe is an iterative and ongoing process that ChainPatrol has helped to simplify.”
Eli_DeFi
Community Lead, Arbitrum Foundation
“ChainPatrol stood out with their impressive reporting capabilities and an active, involved team.”
Luker
Director of Security, ConsenSys
Frequently asked questions
General
What counts as a fake domain?
+
How is this different from protecting my social accounts?
+
Detection
How do you find fake domains before they're used in a scam?
+
What's the difference between typosquatting and a fake airdrop page?
+
How do you tell a fake domain from a legitimate one?
+
Blocking & Takedowns
How fast do you block a fake domain?
+
Where does the blocklist reach once a domain is added?
+
How fast do you get it taken offline?
+
Do I have to approve every block or takedown?
+
Coverage
What happens if a domain reappears after takedown?
+
What happens if a hosting provider or registrar doesn't act?
+
See the fake domains targeting your brand right now
We’ll scan the web and show you exactly which domains are impersonating you. Results in 48 hours. No credit card required.


