[1] - https://mirror.newsdump.org/domain_parking_standard.txt
Across a broad sample of typo domains of major sites, most registered domains aren’t actually reachable, implying they are registered for defensive, legitimate, or unrelated purposes. Interestingly, the typo space on major sites is actually very sparsely registered (2% at edit distance 1), meaning that typosquatting may actually be underexploited.
Domain/trademark monitoring also directly compete with defensive registrations. Often it is a question if you want to pay the lawyers/monitoring service, a large number of registration/renewal fees, or both.
It seems to me that "edit distance 1" still describes some very implausible typos.
Anecdotally, the autosuggestions and improved browsing history recommendations may mean this is way less lucrative than it used to be.
Also, anyone doing search like behaviour in their address bar is far more likely to see a knowledge panel style reply for prominent websites vs the 10 blue link format of historical search engine results, which may have included the nefarious domains.
I'd leap to say that because of this, users find their intended domain by using natural language far more than they used to.
Also, homograph attacks are likely much less of a thing for the above reasons.
Just curious because while the edit-1 space can be fairly big, I’d assume all edits have very different probabilities. So the squatted domains probably skew to a higher probability edit. By that I mean mostly keyboard edit typos, eg on a phone: the “cwt” typo is more likely than “cpt” for “cat” because of an and w keyboard proximity. Wonder what the squatting rate is when you filter for edit within one key stroke for example (only really change the add and replace types of edits, not delete or swap)
Missing from the paper is an examination of web user behaviour
Over time, so-called "direct navigation" where the domain name, e.g., example.com, was typed into the browser address bar, has declined. By the time Google terminated "Adsense for domains" in 2012 IMO it had managed to systematically subsume most of the traffic and associated revenue from the typosquatting/domain parking racket
https://web.archive.org/web/20250320184725if_/https://domain...
With the introduction of the so-called "omnibar" or "omnibox" in Firefox^1 and Chrome, typographical errors in domain names are submitted as "searches" to a company that sells ad services. For example, Safari, Firefox, Chrome all sending search traffic to Google, LLC. From the DoJ antitrust litigation we know that Google has been paying ridiculously large sums of money to various companies for this traffic
1. Firefox originally called this the "awesome bar"
https://web.archive.org/web/20250927011424if_/https://www.cn...
Not to mention increasingly common user practice of direct navigation to a search engine webpage, e.g., google.com, then searching for the desired website, e.g., example.com
As everyone knows, one company, in some cases through acquisitions and/or anticompetitive conduct, came to control 1. search, 2. "the web browser", 3. online advertising services on the open web, 4. operating systems (mobile, "chromebook"), ...
If parked domains only get traffic from "direct navigation",^2 then it stands to reason that such traffic has declined as it has been increasingly captured by advertising-sponsored "default browsers" and, ultimately, Google. IMO, it makes sense that domain parking as a means of delivering ads and generating revenue would give way to these domains becoming unregistered or registered to malware distributers or the like
What are the registration histories for the unregistered edit distance 1 typosquatting domains. Consider the number that are "currently unregistered" versus "never before registered"
2. Perhaps the registrants are using other ways to send traffic to these domains
About a month before expiration it somehow got renewed for 10 years, which is weird because it was not available ... and is now hosting a "get-rich-quick" scam that pretends to be a genuine Petro Canada campaign.
I've seen some domain registrars auctioning off domains during the last 2-4 weeks before they expire. If nobody buys it, then it actually expires and is then released.
I know better. They read this site. They know that all it takes is some company to issue some trademark litigation and they fold. No basis, no question, just here you go.
This was happening for months with blender in 2022/2023, previously collected links about it here: https://news.ycombinator.com/item?id=34917701
Putting a redirect onto such domain would be a major bad faith act by the registrar and a reason to avoid that registrar at all costs. The customer is the owner of that name, has their name attached as the registrant, and generally hold some legal risk while doing so. It also goes directly against the primary reason why the customers bought the domains in the first place.
The ones that hold advertisement two specific cases. One is "expired" domains which are not actually expired but where the registrar holds on to it in the hope that the old or new customer will buy it for an extra cost. The other is names which a customer or the registrar itself bought as an investment in hope to auction out. That kind of behavior was historically frowned at but is fairly common practice for a smaller number of domains. Usually you don't put redirects on those since you want to expose the fact that the domain is for sale.
So I am very confused where they got their 90% number from, but then I would not call typosquatting as parked domains if its registered by a malicious actor and used for a scam on their own servers (or hacked servers as it may be).
It’s unclear what the definition used in this study is.
For a refresher: https://i.kym-cdn.com/entries/icons/original/000/033/037/gir...
I've never seen that image before. :/
[1] It appears Facebook now utilizes their own internal registry.
[2] https://www.markmonitor.com/domain-dispute-recovery-solution...
Hey, same thing happens with my Google search results, what a coincidence!
This is one of numerous trustworthiness attacks on general public-switched telephone network (PSTN) use which I suspect will lead to an increased abandonment of that system. If we can neither trust either incoming or outgoing calls to connect to a trustworthy counterparty, people will tend to prefer systems which do so.
(This is on top of privacy and security issues with PSTN, including data exfiltration by operators, and potential for wiretapping and intercepting voice, texts, and data.)
I really wish the domain registrar's would prohibit speculation, but there's money to be made, so...
Of course, this is fantasy though because it’s not worth forcing people to tie their identity documents to registrations.
excalibur•1mo ago
imglorp•1mo ago
MrDOS•1mo ago
johndoeee•1mo ago
As far as I've been able to research, these typesquatting domain traps started at the same time as Spamhaus CSS blacklist which was actually a company called Deteque.
If the MX has a large number of Hetzner IPs as mailservers, then it's probably Spamhaus.
MrDOS•1mo ago
phsau•1mo ago