1. Home
  2. Knowledge Base
  3. Platform Features
  4. Feature Deep Dives
  5. URL Construction Field and Typosquat Variants

URL Construction Field and Typosquat Variants

Bolster uses AI, natural language processing, text analytics, and other technology to determine whether a site needs further investigation. The URL Construction field displays important information resulting from these analyses:

  • If it contains “Scan,” then the site is considered suspicious and pre-malicious.
  • If it contains any other value, then we have used our algorithm to identify a typosquat variant.

A typosquat variant is a domain variant used by bad actors to lure prospects and customers to an alternate site. The following table lists the variant types that can be displayed in the URL Construction field. The examples assume that apple.com is an asset monitored by the Bolster platform.

VariantDescriptionExample
Exact MatchDomain is spelled exactly the same, but exists on a different TLD.apple.tech
AdditionLetter added before or after the domain name.applez.com
HomoglyphCharacters swapped with those from another character set. xn--appe-xhc.com –> Cyrillic “L” instead of Latin “L”
SubDomainMonitored asset is a subdomain.apple.buy.com
InsertionAdditional letter added in the middle of the domain name.appele.com
DictionaryDomain is a merged word.applestock.com
Letter ReplacementOne or more letters substituted based on keyboard layout.appl3.com
HyphenationOne or more hyphens added to the domain.app-le.com
OmissionLetter missing from the domain name.aple.com
RepetitionLetter repeated in the domain name.appple.com
TranspositionLetters swapped places in the domain name.appel.com
Vowel SwapVowel in the domain swapped with another vowel.opple.com
Bit SquattingFlipped bit in the domain name.aqple.com
Updated on May 3, 2023

Was this article helpful?

Related Articles