Domain abuse & monitoring
From typos to homoglyphs, these terms explain the tricks attackers use to register domains that pass for yours, and the monitoring that catches them at registration.
15 terms
Bitsquatting
Bitsquatting is registering domains one bit different from a target domain, exploiting rare memory errors that flip a single bit so a device resolves the wrong, attacker-owned name.
Combosquatting
Combosquatting combines a brand name with an extra word, such as "paypal-security.com" or "apple-support.net", to create a domain that looks legitimate and trustworthy.
Cybersquatting
Cybersquatting is registering, trafficking in, or using a domain name that is identical or confusingly similar to someone else’s brand or trademark, in bad faith.
DNS
DNS, the Domain Name System, is the internet directory that translates human-readable domain names into the IP addresses machines use to connect, and a frequent target and tool in domain abuse.
Domain hijacking
Domain hijacking is the theft of control over a domain, by compromising the owner registrar account, transferring it without authorization, or altering its DNS, so the attacker can redirect or impersonate the real site.
Domain monitoring
Domain monitoring is the continuous tracking of newly registered and changed domains that resemble your brand, so you can spot lookalikes and abuse early, before they are used against you.
Domain reputation
Domain reputation is a score that mail providers, browsers, and security tools assign to a domain based on its history, deciding whether to trust, flag, or block its mail and links.
Domain spoofing
Domain spoofing is faking a trusted domain, in a website URL or an email sender address, to make fraudulent content appear to come from a legitimate brand.
Homoglyph domain (IDN homograph)
A homoglyph domain swaps letters for visually identical characters, often from other alphabets, like a Cyrillic "а" for a Latin "a", to spoof a brand domain almost invisibly.
Lookalike domain
A lookalike domain is any domain crafted to resemble a legitimate one closely enough to deceive. It is the umbrella term that covers typo-, combo-, and homoglyph squatting and more.
New gTLD abuse
New gTLD abuse is the exploitation of the many newer top-level domains, such as .shop, .app, .xyz, and .top, to register cheap lookalike and scam domains at scale.
Punycode
Punycode is the encoding that represents non-ASCII characters in domain names using only ASCII, turning an internationalized domain into a string that starts with "xn--". Attackers exploit it to hide homoglyph domains.
Subdomain takeover
A subdomain takeover is when an attacker claims a subdomain you no longer use but still point to a third-party service, letting them host content on your real domain.
Typosquatting
Typosquatting is the registration of domains that exploit common typing mistakes of a well-known domain, such as "gogle.com" or "amazn.com", to capture mistyped traffic.
WHOIS
WHOIS is the public directory of domain registration data, showing details like the registrar, creation date, and, where not redacted, the registrant, used to investigate and report abusive domains.
See who is impersonating your brand
The free nebty report scans the web for lookalike domains and fake profiles targeting your brand, with no obligation.
Get your free report