SOCIAL MEDIA
Detect typosquatted brand domains and block them at Cloudflare with a Slack approval
Generates and checks likely typosquat variations of your domain, flags newly registered or live lookalikes hosting fake login or social pages.
How it runs
The automated pipeline, trigger to output.
- TriggerDaily schedule
- ActionGenerate and resolve typosquat domain variantsShell
- ActionLoad live lookalikes and capture contentBrowserbase
- ActionJudge brand/login impersonation and severityOpenAI
- LogicRoute high-severity hits, drop parked pages
- ActionPost Slack approval card with evidenceSlack
- OutputBlock approved domain in Cloudflare GatewayCloudflare
What it does
It hunts for lookalike domains that imitate your brand to phish your customers, confirms which ones are actually live, and turns each confirmed threat into a one-click Cloudflare block gated by human approval.
When to use it
Use this when scammers register near-miss domains (swapped letters, added hyphens, alternate TLDs) to host fake login or social-redirect pages. It suits security and brand teams who want fast blocking without auto-acting on false positives.
How it works
- 1A daily schedule starts the run.
- 2A shell step generates typosquat permutations and resolves which are registered and responding.
- 3Browserbase loads each live candidate and grabs its content and a screenshot.
- 4OpenAI judges whether the page impersonates your brand or login flow and assigns severity.
- 5A logic branch routes high-severity hits onward and drops benign parked pages.
- 6Slack posts an approval card with the evidence; on approval, Cloudflare Gateway adds the domain to a block policy.
Set it up
What you configure once, before turning it on.
- 1Connect ShellRun sandboxed commands inside the workspace.
- 2Connect BrowserbaseHeadless browsers, sessions, replays.
- 3Connect OpenAIModels, embeddings, files.
- 4Connect SlackChannels, DMs, threads, mentions.
- 5Connect CloudflareWorkers, Pages, R2, KV — the edge stack.
- 6Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 7Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 8Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More Social Media workflows
A/B carousel cover variants from one brief
Takes a single approved brief and uses an LLM to write three distinct cover-slide headlines, renders a carousel cover for each, and logs the variants to Airtable for an A/B test.
Localized carousel variants per target market
From one approved master brief, translates the copy into each target locale, renders a localized carousel per market, and publishes each to its region's platform account.
Multi-Platform Comment Escalation Router
Ingests inbound comments and replies from your connected social platforms, classifies each for legal or PR risk.
Post-event Discord attendance recap and host digest
After a synced calendar event ends, reconciles who RSVP'd against who actually showed, posts a thank-you recap in Discord, and emails the host a digest of attendance and no-shows.
Agent-Driven Comment Policy Review Queue
An agent reviews ambiguous comments against your brand's response policy, decides whether to auto-clear, draft a reply for approval, or escalate, and routes its decision…
Carousel render with brand-safety pre-check
Before rendering, an LLM checks the brief copy against brand and policy rules; clean briefs render and archive to S3, flagged briefs route to a review queue instead.
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.