We understand that creating a typosquat domain is often the first step for bad actors in their plans to ensnare your unsuspecting prospects and customers and wreaking havoc on your business. We try to find the different variants used by these bad actors and display it under a fairly new attribute, titled, "URL Construction".

For sites available for acquisition, we use this URL Construction field to help rank one domain over others and factors into our prioritization.

For pre-malicious sites, you'll often see that the URL Construction field is populated with the value of "Scan", which simply means that a site was dispositioned as being suspicious through our AI,  natural language processing, text analytics, image recognition, or other means. When it's populated with any other values, it means that we used an algorithm to identify the typosquat variant.

The various options for this URL Construction field are listed below. Let's use the domain, apple.com, as an example asset being monitored by the Bolster platform.

Variant Description Example
Exact Match The domain is spelled exactly the same, but exists on a different TLD apple.tech
Addition Adding a letter before or after the domain name applez.com
Homoglyph Swapping out letters of those in another character set xn--appe-xhc.com --> Cyrillic “L” instead of Latin “L”
SubDomain Asset is a subdomain apple.buy.com
Insertion An additional letter is added in the middle of the domain name appele.com
Dictionary Domain is a merged word applestock.com
Letter Replacement Letter(s) in the domain is substituted for another based on keyboard layout appl3.com
Hyphenation Hyphen(s) contained in the domain app-le.com
Omission A letter is missing from the domain name aple.com
Repetition A letter is repeated in the domain name appple.com
Transposition Letters in the domain swap places appel.com
Vowel Swap A vowel in the domain is swapped with another vowel opple.com
Bit Squatting One bit in the domain name is flipped aqple.com