This work addresses the limited capability of existing approaches in detecting domain name squatting—particularly for long-tail brands and previously unseen attack patterns. To this end, we propose DomainLynx, a large language model (LLM)-based system. Methodologically, it introduces the first LLM-driven, context-aware threat assessment framework that fuses heterogeneous data sources—including Certificate Transparency logs, passive DNS records, and zone files. We fine-tune the Llama-3-70B model with hallucination-mitigation mechanisms, intelligent domain-pairing strategies, and domain-specific prompt engineering. Unlike conventional rule-based or statistical methods, DomainLynx does not rely on prior knowledge of attack patterns, thereby achieving superior generalization. Evaluated on 1,649 manually labeled samples, it achieves 94.7% accuracy; in production deployment, it detects an average of 34,359 squatted domains per month—2.5× higher than baseline systems.

Domain squatting poses a significant threat to Internet security, with attackers employing increasingly sophisticated techniques. This study introduces DomainLynx, an innovative compound AI system leveraging Large Language Models (LLMs) for enhanced domain squatting detection. Unlike existing methods focusing on predefined patterns for top-ranked domains, DomainLynx excels in identifying novel squatting techniques and protecting less prominent brands. The system's architecture integrates advanced data processing, intelligent domain pairing, and LLM-powered threat assessment. Crucially, DomainLynx incorporates specialized components that mitigate LLM hallucinations, ensuring reliable and context-aware detection. This approach enables efficient analysis of vast security data from diverse sources, including Certificate Transparency logs, Passive DNS records, and zone files. Evaluated on a curated dataset of 1,649 squatting domains, DomainLynx achieved 94.7% accuracy using Llama-3-70B. In a month-long real-world test, it detected 34,359 squatting domains from 2.09 million new domains, outperforming baseline methods by 2.5 times. This research advances Internet security by providing a versatile, accurate, and adaptable tool for combating evolving domain squatting threats. DomainLynx's approach paves the way for more robust, AI-driven cybersecurity solutions, enhancing protection for a broader range of online entities and contributing to a safer digital ecosystem.