Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Domain Squatting Categories

Ingrid

The Domain Squatting risk vector is categorized into Typographical Errors, Spear Phishing, and Bitsquatting Errors (Bit-flip). These can be used as filters in the “Results by All Domains” view.

Typographical Errors

Users may mis-type the domain name. These domains are reached by simple typing mistakes and may also be used in spear phishing attacks.

Type Description Examples (saperix.com)
Insertion Adding an extra letter to the domain name that's near an existing letter on the keyboard.
  • asaperix.com
  • sapericx.com
Omission Dropping a character.
  • sperix.com (saperix.com)
  • saperx.com (saperix.com)
Repetition Adding an extra letter that already exists.
  • sapperix.com
  • saperrix.com
Replacement Replacing a character with another one that's located near its placement on the keyboard.
  • saperic.com
  • sapwrix.com
Subdomain Misplacement of 1 of the periods in the domain.
  • s.aperix.com
  • sa.perix.com
Transposition Flipping two characters.
  • spaerix.com
  • sapreix.com
Vowel-swap Replacing a vowel with a different one.
  • soperix.com
  • sapirix.com
Various Miscellaneous mistakes, including dropping the period from the fully qualified domain name.
  • wwwsaperix.com (www.saperix.com)
  • www-saperix.com

Spear Phishing

The attacker’s domain masquerades as being part of a legitimate organization, either directly or as a partner. These domain variations are registered by adversaries looking to commit spear phishing (email phishing) attacks on employees or customers of the targeted company.

Spear phishing attacks are targeted, proactive email campaigns against the user base (employees and customers) of an organization. They aim to fool users into opening an email attachment that are loaded with malware, get responses that contain sensitive information (e.g., login credentials, payment information, HR and tax documents), or redirect the user to a website that appears to be legitimate.

Type Description Examples (saperix.com)
Addition Adding an arbitrary character to the end of the domain.
  • saperixj.com
  • saperixb.com
Hyphenation Inserting a hyphen between two characters.
  • sa-perix.com
  • sap-erix.com
Homoglyph Replacing characters that look like other characters, as in those frequently registered for spear-phishing attacks.
  • saper1x.com
  • saperlx.com
TLD Variant Using variants of the top-level domain (TLD).
  • example.country
  • example.stream
  • example.download

Bitsquatting Errors (Bit-flip)

“Computers suffer from errors that manifest as memory corruption of one or more bits. The causes of these errors range from manufacturing defects to environmental factors such as cosmic rays and overheating. […] Bit-errors can be detected and exploited in new ways on an Internet-wide scale. One of these means is by bitsquatting, or registering domain names one bit different than frequently resolved domains.”[1]
Type Description Examples (saperix.com)
Bitsquatting A bit is flipped for one of the characters.
  • saqerix.com
  • sbperix.com

Resources

Dinaburg.org, “Bitsquatting: DNS Hijacking without exploitation”

  • October 7, 2020: Added TLD Variant as a type of spear phishing.

Related articles

Feedback

0 comments

Please sign in to leave a comment.