Domain abuse & monitoring

From typos to homoglyphs, these terms explain the tricks attackers use to register domains that pass for yours, and the monitoring that catches them at registration.

15 terms

Bitsquatting

Bitsquatting is registering domains one bit different from a target domain, exploiting rare memory errors that flip a single bit so a device resolves the wrong, attacker-owned name.

Combosquatting

Combosquatting combines a brand name with an extra word, such as "paypal-security.com" or "apple-support.net", to create a domain that looks legitimate and trustworthy.

Cybersquatting

Cybersquatting is registering, trafficking in, or using a domain name that is identical or confusingly similar to someone else’s brand or trademark, in bad faith.

DNS

DNS, the Domain Name System, is the internet directory that translates human-readable domain names into the IP addresses machines use to connect, and a frequent target and tool in domain abuse.

Domain hijacking

Domain hijacking is the theft of control over a domain, by compromising the owner registrar account, transferring it without authorization, or altering its DNS, so the attacker can redirect or impersonate the real site.

Domain monitoring

Domain monitoring is the continuous tracking of newly registered and changed domains that resemble your brand, so you can spot lookalikes and abuse early, before they are used against you.

Domain reputation

Domain reputation is a score that mail providers, browsers, and security tools assign to a domain based on its history, deciding whether to trust, flag, or block its mail and links.

Domain spoofing

Domain spoofing is faking a trusted domain, in a website URL or an email sender address, to make fraudulent content appear to come from a legitimate brand.

Homoglyph domain (IDN homograph)

A homoglyph domain swaps letters for visually identical characters, often from other alphabets, like a Cyrillic "а" for a Latin "a", to spoof a brand domain almost invisibly.

Lookalike domain

A lookalike domain is any domain crafted to resemble a legitimate one closely enough to deceive. It is the umbrella term that covers typo-, combo-, and homoglyph squatting and more.

New gTLD abuse

New gTLD abuse is the exploitation of the many newer top-level domains, such as .shop, .app, .xyz, and .top, to register cheap lookalike and scam domains at scale.

Punycode

Punycode is the encoding that represents non-ASCII characters in domain names using only ASCII, turning an internationalized domain into a string that starts with "xn--". Attackers exploit it to hide homoglyph domains.

Subdomain takeover

A subdomain takeover is when an attacker claims a subdomain you no longer use but still point to a third-party service, letting them host content on your real domain.

Typosquatting

Typosquatting is the registration of domains that exploit common typing mistakes of a well-known domain, such as "gogle.com" or "amazn.com", to capture mistyped traffic.

WHOIS

WHOIS is the public directory of domain registration data, showing details like the registrar, creation date, and, where not redacted, the registrant, used to investigate and report abusive domains.

See who is impersonating your brand

The free nebty report scans the web for lookalike domains and fake profiles targeting your brand, with no obligation.

Get your free report