We understand that creating a typosquat domain is often the first step for bad actors in their plans to ensnare your unsuspecting prospects and customers and wreaking havoc on your business. We try to find the different variants used by these bad actors and display it under a fairly new attribute, titled, "URL Construction".
For sites available for acquisition, we use this URL Construction field to help rank one domain over others and factors into our prioritization.
For pre-malicious sites, you'll often see that the URL Construction field is populated with the value of "Scan", which simply means that a site was dispositioned as being suspicious through our AI, natural language processing, text analytics, image recognition, or other means. When it's populated with any other values, it means that we used an algorithm to identify the typosquat variant.
The various options for this URL Construction field are listed below. Let's use the domain, apple.com, as an example asset being monitored by the Bolster platform.
|Exact Match||The domain is spelled exactly the same, but exists on a different TLD||apple.tech|
|Addition||Adding a letter before or after the domain name||applez.com|
|Homoglyph||Swapping out letters of those in another character set||xn--appe-xhc.com --> Cyrillic “L” instead of Latin “L”|
|SubDomain||Asset is a subdomain||apple.buy.com|
|Insertion||An additional letter is added in the middle of the domain name||appele.com|
|Dictionary||Domain is a merged word||applestock.com|
|Letter Replacement||Letter(s) in the domain is substituted for another based on keyboard layout||appl3.com|
|Hyphenation||Hyphen(s) contained in the domain||app-le.com|
|Omission||A letter is missing from the domain name||aple.com|
|Repetition||A letter is repeated in the domain name||appple.com|
|Transposition||Letters in the domain swap places||appel.com|
|Vowel Swap||A vowel in the domain is swapped with another vowel||opple.com|
|Bit Squatting||One bit in the domain name is flipped||aqple.com|