Introduction
A number of recent posts on social media have commented on the case of the guthib[.]com domain, a typo variant of the website of popular code-sharing platform Github, which resolves to a page informing visitors that they have mis-typed the presumably-intended address (Figure 1).
Figure 1: The minimalist webpage at guthib[.]com
Typo variants of popular domain names can commonly attract high volumes of traffic from mis-typed browser requests. In this case, the owner[1] of guthib[.]com fortunately appears not to have had malicious intent, but typo domains are prone to misuse by infringers, presenting a ready opportunity to launch a brand impersonation attack, or misdirect visitors to competitor or unsavoury content. Indeed, in many cases, it may be advisable for brand owners to secure common variants within their official portfolio as part of a domain registration strategy, to prevent acquisition and misuse by third parties.
In this article, we explore the patterns of use in a set of typo variants of the most popular global websites.
Analysis
Our study considers the top twenty most popular global website domain names (as of Nov-2024), according to analytics provider Similarweb[2]. In the analysis we consider all typo variants in which any pair of adjacent characters in the second-level domain (SLD) name (i.e. the part to the left of the dot) is transposed (i.e. swapped), a common form of mis-type[3].
This analysis thereby yields a dataset of 109 typo domains. 42 of these (39%) are registered to the owner of the corresponding official domain in question, as would be the case for a comprehensive defensive domain registration policy. The remainder are registered to third parties (59 domains, or 54%) or are unregistered (8 domains, or 7%) (Table 1).
Table 1: Ownership statistics for the 109 typo variant domain names
The 59 typo variant domains under third-party ownership present significant potential for misuse and thereby pose a concern for the brand owners in question. 32 of these domains (54%) are configured with active mail exchange (MX) records, indicating that they have been configured to be able to send and receive e-mails, and could potentially therefore be under active use for phishing (Table 2).
Table 2: MX record statistics for the 59 typo variant domain names under third-party ownership
The statistics thereby provide insights into the overall level of potential risks posed by typo domains and the approaches taken to defensive registrations for the sites in question - yandex[.]ru, for example, is particularly at risk, with all five of the transposition-based typo domains under third-party ownership and with active MX records.
As a deeper dive, it is also informative to consider the content of any websites associated with the 59 third-party domains in question. 16 (27%) currently pose little threat (resolving to blank pages, placeholder pages, error pages or no active site - though one of the blank pages generates a browser warning of dangerous content which was formerly present), but warrant ongoing monitoring. 30 of the remainder show evidence of efforts to monetise their web traffic through the placement of pay-per-click (PPC) links (28 cases) and/or offers of sale of the domain name (2 cases). The remaining 13 are the highest-threat cases, showing active use in the misdirection of visitors to third-party content[4], which may be of particular concern if it relates to fraudulent use, competitor products or services, or undesirable material (Figure 2).
Figure 2: Examples of typo variant domain names misdirecting visitors to third-party content: (top to bottom) 1. chatgtp[.]com; 2. mcirosoftonline[.]com; 3. ilnkedin[.]com; 4. ayndex[.]ru, ynadex[.]ru, yadnex[.]ru and yandxe[.]ru; 5. bnig[.]com; 6. oprnhub[.]com; 7. itktok[.]com; 8. tkitok[.]com
Discussion
Typo variant domain names can pose a significant threat for brand owners and warrant careful consideration as part of an overall brand protection strategy. At the very least, it would generally be appropriate to implement a brand monitoring capability which is able to detect such variants and (depending on the nature of any associated brand abuse and the extent of IP protection of the brand owner) to enforce against identified infringements.
However, it is also advisable to consider the inclusion of such variants within an official defensive domain portfolio. Of course, it is never possible to secure all possible variants which could feasibly be utilised by a third-party infringer, but it may certainly be worthwhile to factor in common misspellings (such as the simple character transpositions considered in this study). Such considerations are central to the construction of a domain registration and management strategy, which aims to balance cost against risk in the process of building an official portfolio[5,6,7]. Other factors and good practices - such as ensuring that unused domains are configured to re-direct to the official site, to maximise traffic and minimise customer confusion - can also be incorporated into this type of initiative.
References
[1] The domain is registered using a whois privacy service, with an original domain creation date of 04-Mar-2010. The only non-redacted historical records are from a period of time between Mar-2014 and May-2018, during which time it was registered to an Alex Sexton of NZ (apparently alexsexton[at]gmail.com).
[2] https://www.similarweb.com/top-websites/
[3] Note that the analysis therefore excludes consideration of x[.]com, where (as a single-character SLD) no transpositions are possible.
[4] Given the distinctiveness of the strings in question, it is highly likely that at least the vast majority of these cases are attempting to benefit from the renown of the websites in question, rather than legitimately using a similar string independently.
[5] 'Patterns in Brand Monitoring' (D.N. Barnett, Business Expert Press, 2025), Section 9.5: 'Domain-name management policy construction'
This article was first published on 23 January 2025 at:
https://www.iamstobbs.com/opinion/you-spelled-it-wrong-exploring-typo-domains
No comments:
Post a Comment