Abstract
Typo-squatting refers to the practice of registering
domain names that are typo variations of popular websites. We propose a new
approach, called Strider Typo-Patrol, to discover large-scale, systematic
typo-squatters. We show that a large number of typo-squatting domains are
active and a large percentage of them are parked with a handful of major domain
parking services, which serve syndicated advertisements on these domains. We
also describe the Strider URL Tracer, a tool that we have released to allow
website owners to systematically monitor typo-squatting domains of their sites.
1. Introduction
Typo-squatting refers to the practice of registering domain names
that are typos of their target domains, which usually host
websites with significant traffic. The individuals or organizations who
register typo-squatting domains (or typo domains) are referred to as typo-squatters.
Some major typo-squatters are known to have registered thousands or more of typo
domains [1,2,3].
Web traffic generated through
typo-squatting is unwanted for many reasons. From the users’ perspective, such typo
traffic often startles them with unexpected results, followed by an
annoying barrage of pop-up and pop-under advertisements (ads). There is a
documented incident where a typo domain of a popular website was serving
vulnerability-exploiting scripts to install malware [4,5]. Some typo domains of
children’s
websites have been observed to redirect to or link to adult websites,
endangering Internet safety by potentially exposing minors to harmful material
[6,7].
From the business perspective, many of
the typo-squatting cases involve “bad-faith” domain registrations or trademark
violations [8,9,10]. Worse yet, it is not uncommon to see a typo domain
displaying ads from competitors of the target-domain owner or even negative ads
against the owner (e.g., investment-loss law firm’s ads on typos of brokerage
firms). In other cases, some advertisers are unwillingly paying for their ads being
served on typo domains of their own websites, because such traffic is intended
to go directly to their sites in the first place [11].
In this paper, we describe the Strider
Typo-Patrol System for discovering and analyzing typo domains. Our patrol
results reveal that a large percentage of typo domains are “parked” with a handful
of major domain parking services. Domain parking is a special case of advertisement
syndication: while the latter attempts to serve relevant contextual ads based
on the publishers’ web content, the former serves ads based on merely the
domain name because parked domains typically have no content. We show that many
typo-squatters are taking advantage of the domain-parking infrastructures to
perform large-scale, systematic typo-squatting. However, by doing so, they also
expose their typo domains to systematic discovery enabled by monitoring and
analyzing ads-fetching traffic sent to the parking services.
The paper is organized as follows.
Section 2 describes how domain parking works and discusses statistics related
to the amount of unwanted traffic potentially generated through typo-squatting.
Section 3 presents the Strider Typo-Patrol System. Section 4 analyzes
typo-patrol data and quantifies the prevalence of typo-squatting through domain
parking. Section 5 describes the Strider URL Tracer designed to provide visibility
and control over typo traffic. Section 6 surveys related work, Section 7
discusses remaining issues, and Section 8 concludes the paper.
2. Understanding Domain Parking
Advertisement
syndication refers to the business practice of serving ads by instructing the client-side
browser software to fetch ads from an ads server and compose them with the
content of the website that the user intends to visit. Syndication is typically
implemented using the browser’s third-party URL mechanism: when a user visits a
primary
URL (hosted by the first party) either by typing the URL into the
browser address bar or by clicking a link on a web page, the browser may be
instructed by the content returned by the primary-URL page to automatically
visit one or more secondary URLs hosted on third-party servers, without explicit
knowledge or permission from the user. We refer to these secondary URLs as third-party
URLs in this paper. These third-party URLs usually contain information
about the primary URL so that the syndicators can serve the most relevant contextual
ads based on the primary-URL page content and potentially the
historical information about the visiting machine or user.
Domain parking
is a
special case of advertisement syndication: the primary URL is a parked
domain that does not contain any real content and syndicated
domain-parking ads, usually in the form of ads listings, become the main
content of the page displayed to the user. In order to attract sufficient
traffic for serving ads, parked domains are usually domains with well-known generic
names [12] or typo domains of popular websites. See [13] for screenshots of
sample domains parked with various parking services.
Next, we use two actual examples to
illustrate how typo-squatting through domain parking is typically implemented
using third-party URLs. When a browser visits http://disneychannell.com,
it receives a response page containing a frame that loads http://www.sedoparking.com/disneychannell.com. This URL is responsible for serving the main
domain-parking ads listing. The basic idea of Strider Typo-Patrol is to scan a large number of typo domains, monitor
all third-party URL traffic, and group the domains by the behind-the-scenes domain
parking servers in order to facilitate investigation and prioritize actions.
Some domain parking services provide
additional information in their third-party URLs that enables further analysis.
For example, when a browser visits http://disneyg.com, the response page contains a frame that loads
http://apps5.oingo.com/apps/domainpark/domainpark.cgi?s=disneyg.com&dp_lp=24&hl=en&dp_lp=7&cid=DTRG4295&dp_p4pid=oingo_inclusion_xml_06&dp_format=1.3
where the “cid” field appears to contain a Client ID
that uniquely identifies a typo-squatter. In Section 4, we show how this information
enables us to quickly discover thousands of typo domains that are registered to
a well-known, serial typo-squatter [2,14].
Domain parking services provide
convenient and effective contextual-ads infrastructures that make even marginal
typo domains profitable [15]. With the annual domain registration fee as low as
$7.00 [16], a rule-of-thumb figure for pay-per-click programs is that a parked
typo domain only needs to attract between one
unique visitor every two days and two
visitors per day (depending on the pay-out levels) to generate sufficient
income to cover the fee. (As a reference, http://slsahdot.org records statistics of tens of hits per day.) According
to alexa.com on March 12, 2006, the servers owned
by the top two domain parking services identified in our study were reaching
between 3,300 and 5,200 per million users daily and their servers had a traffic
rank between #221 and #438. These numbers are comparable to those for popular
websites such as travelocity.com (#248),
orbitz.com (#315), usatoday.com (#347), and slashdot.org
(#375). Although many parked domains may be generic-name domains, the fact that
we were able to discover thousands of parked typo domains within a short time
through simple automated searching does provide evidence that unwanted traffic
due to parked typo domains could be significant.
3.
Strider
Typo-Patrol System
The Strider Typo-Patrol System provides
automatic scanning and systematic analysis of typo domains. It consists of
three main components: a typo-neighborhood
generator, a typo-neighborhood
scanner, and a domain-parking
analyzer.
3.1.
Typo-Neighborhood Generation
Given a target
domain, we define its typo-neighborhood
as the set of URLs generated from the following five typo-generation models,
which are commonly used in the wild:
(1) Missing-dot typos: The “.” following “www” is removed, e.g.,
wwwSouthwest.com.
(2) Character-omission
typos: Characters are
omitted one at a time, e.g., Diney.com
and MarthStewart.com.
(3) Character-permutation
typos: Consecutive
characters are swapped one pair at a time, unless they are the same characters,
e.g., NYTiems.com.
(4) Character-replacement
typos: characters are
replaced one at a time and the replacement is selected from the set of
characters adjacent to the given character on the standard keyboard, e.g., DidneyWorld.com
and USATodsy.com.
(5) Character-insertion typos: characters are inserted one at a
time and the inserted character is chosen from the set of characters adjacent
to either of the given pair on the standard keyboard (and including the given
pair), e.g., WashingtonPoost.com
and Googlle.com.
3.2.
Typo-Neighborhood Scanning
The Typo-Patrol scanner
is an extension of our previous Strider HoneyMonkey scanner [5]. Given a
typo-neighborhood list, it launches a browser to visit each domain and records all secondary URLs visited and their
ordering, the content of all HTTP requests and responses, and optionally a
screenshot.
3.3.
Domain-Parking Analysis
We currently perform three types of
analysis on the typo-neighborhood scan data:
(1) Given a target category and the lists of typos of
target domains in the category, we analyze how heavily the category is being
typo-squatted and which domain parking services are the major players.
Specifically, we group the scanned typo domains by the parking services they
generated third-party traffic to, and highlight those services that are behind
a large number of typo domains.
(2) Given the typo-patrol results of a trademarked target
domain, we perform a similar analysis to identify those major parking services
with which the trademark owner may want to file complaints. In some cases, it
is more effective to go after the typo-squatters who actually purchased the
typo domains than to complain to parking services which are only responsible
for profiting from serving ads on those domains. We use two additional pieces
of information to further divide and rank typo domains parked with a single service
in order to help trademark owners prioritize their actions against
typo-squatters.
The first piece of information is the
Client ID field mentioned in Section 2. The second piece of information is the anchor
domain that is used to aggregate traffic from multiple typo domains to
simplify operations and to enable scalable typo-squatting. For example, tens of
typo domains of NationalGeographic.com were “funneling” traffic through the same anchor playbov.com; typo domains LaSalleBanl.com and SovererignBank.com are sharing the same anchor baankaccount.com. We found that, in most cases, typo domains sharing the
same anchor are registered to the same WhoIs registrant [17]. By grouping those
typo domains that first redirect to the same anchor domain before generating
traffic to the parking service, we eliminate the need to investigate each
individual domains.
(3) For analyses that require searching for specific
keywords (e.g., sexually-explicit keywords used in the analysis in Section
4.4), we analyze the HTTP response pages and extract all typo domains with a
match.
4. Typo-Patrol Data Analysis
We first present two kinds of analysis to
assess the prevalence of typo-squatting and to identify major domain parking
services that are involved: vertical analysis uses a single type
of typos for a large number of target domains; horizontal analysis uses
multiple types of typos for a smaller set of target domains. Then, we present a
case study in which we identified thousands of typo domains owned by a
well-known typo-squatter. Finally, we investigate typo domains of children’s
websites that serve questionable ads.
4.1.
Missing-dot Typos of Top 10,000 Sites
For the
vertical analysis, we scanned the missing-dot typos of the 10,000 most popular
domains. Our
result showed that 5,094 (51%) of the 10,000 typo domains were
active at the time of the scan. Figure 1 ranks the top six domain parking services by the
number of typo domains that serve ads from them. We make the following
observations: (1) the top two parking services clearly stand out, each covering
approximately 20% of active typo domains; (in addition, note that sedoparking.com uses the same ads-serving
infrastructure as oingo.com according to
http://www.sedoparking.com);
(2) the top six parking services together
account for more than half (59%) of the active domains and 30%
of all the artificially generated missing-dot typo domains.
4.2.
Typo-Neighborhoods of Popular Sites and High-Risk
Phishing Targets
For the horizontal analysis, we selected
two sets of target domains: the first set consists of 30 of the most popular
sites according to alexa.com; the second
set consists of 30 high-risk targets by phishing attacks, selected from [18].
For each target domain, we scanned its typo-neighborhood composed of typo
domains generated from all five typo-generation models. The two sets of results
are shown in Figure
2 and Figure
3, respectively.
|
|
Parking service
|
# typos parked
|
% of active
(5,094)
|
% of all (10,000)
|
|
#1
|
Information.com/
Domainsponsor.com
|
1,082
|
21%
|
11%
|
|
#2
|
Oingo.com
|
992
|
20%
|
9.9%
|
|
#3
|
Sedoparking.com
|
439
|
8.6%
|
4.4%
|
|
#4
|
Qsrch.com
|
227
|
4.5%
|
2.3%
|
|
#5
|
Netster.com
|
146
|
2.9%
|
1.5%
|
|
#6
|
Hitfarm.com
|
109
|
2.1%
|
1.1%
|
|
|
Total
|
2,995
|
59%
|
30 %
|
Figure
1. Top six domain parking services in the
missing-dot typo-neighborhoods of top 10,000 websites
|
|
Parking service
|
# typos parked
|
% of active
(2,233)
|
% of all
(3,136)
|
|
#1
|
Oingo.com
|
420
|
19%
|
13%
|
|
#2
|
Information.com/
Domainsponsor.com
|
306
|
14%
|
9.8%
|
|
#3
|
Sedoparking.com
|
74
|
3.3%
|
2.4%
|
|
#4
|
Qsrch.com
|
74
|
3.3%
|
2.4%
|
|
#5
|
Hitfarm.com
|
69
|
3.1%
|
2.2%
|
|
#6
|
Netster.com
|
50
|
2.2%
|
1.6%
|
|
|
Total
|
993
|
44%
|
32%
|
Figure
2. Top six domain parking services in the
typo-neighborhoods of 30 most popular websites
|
|
Parking service
|
# typos
parked
|
% of active (1,596)
|
% of all
(3,780)
|
|
#1
|
Oingo.com
|
695
|
44%
|
18%
|
|
#2
|
Information.com/
Domainsponsor.com
|
292
|
12%
|
7.7%
|
|
#3
|
Netster.com
|
66
|
4.1%
|
1.7%
|
|
#4
|
Sedoparking.com
|
60
|
3.8%
|
1.6%
|
|
#5
|
Hitfarm.com
|
37
|
2.3%
|
1.0%
|
|
#6
|
Qsrch.com
|
28
|
1.8%
|
0.7%
|
|
|
Total
|
1,178
|
67%
|
31%
|
Figure
3. Top six domain parking services in the
typo-neighborhoods of 30 high-risk phishing targets
We make the following observations: (1)
in the two sets of scans, 71% (2,233/3,136) and 42% (1,596/3,780)
of the generated typo domains were active, respectively; (2) the top six
parking services remain the same across all three sets of data except for minor
re-ordering of rankings; (3) again, the top two parking services stand out,
even more so than in Figure
1; (4) the overall numbers for the top six services
remain fairly consistent: they together account for 40% to 70% of active typo
domains and around 30% of all generated typos.
4.3.
Case Study: A Large-Scale Typo-Squatter
A major
typo-squatter has been observed to perform systematic typo-squatting on many
target domains [2,14]. But there has been no estimate of how big its
typo-squatting business is. Since it has been changing its registrant name in
the WhoIs records, we will refer to the company as DomainSquatter in this paper. During our investigation, it became
clear that DomainSquatter was parking a lot of domains with oingo.com and it was using anchor domains
heavily. By analyzing traffic aggregation through tens of anchor domains in the
horizontal analysis, we were able to identify the two Client IDs used by DomainSquatter,
one for the typo domains and the other for the anchors. We then extracted all
scanned domains parked with oingo.com
that were using those two Client IDs and used WhoIs lookups to verify that
almost all of them were registered to DomainSquatter.
Figure
4 shows that, among the total of 5,094+2,233+1,596=8,923
active typo domains from the three sets of data, 2,107 (24%) were parked
with oingo.com and 1,607 (18%) were
registered to DomainSquatter.
That is, when a user made a typo and reached an active typo domain, one in
every four such domains would serve ads from oingo.com and one in every six would profit DomainSquatter if the user
clicks the ads. It is also significant to
note that DomainSquatter
accounted for 76% of the 2,107 typo
domains parked with oingo.com. It did
not appear to be targeting any specific industry, as speculated in [2]: it was
squatting 29 of the 30 target domains in both sets used in the horizontal
analysis.
|
|
# owned by Domain
Squatter
|
# typos parked
with oingo.com
|
% typos parked with
oingo.com
|
% of active
|
|
Figure
1
|
732
|
992
|
74%
|
14%
|
|
Figure
2
|
310
|
420
|
74%
|
14%
|
|
Figure
3
|
565
|
695
|
81%
|
35%
|
|
Total
|
1,607
|
2,107
|
76%
|
18%
|
Figure 4. Large-scale, systematic typo-squatting by
a major typo-squatter
Since we started reporting discovered typo domains at http://research.microsoft.com/Typo-Patrol
in December 2005, DomainSquatter has been de-registering most of the reported
domains almost on a daily basis. First, most of the anchor domains were
abandoned (see the consistent traffic drops around mid-December across multiple
anchors [19]). Then, the registrant names in most of the WhoIs records were
changed [14]. In total, we reported 2,182 typo domains owned by DomainSquatter (including the 1,607
domains from the three data sets). Around mid-March 2006, we rescanned those
2,182 domains and found that 1,668 (76%) of them were no longer active. Among the remaining 514
active typo domains, 355 are still parked with oingo.com
and 159 are parked with others.
4.4.
Typo-Neighborhoods of Children’s Websites
In our final set of scans, we performed typo-patrol
analysis on 50 popular children’s sites. The 50 neighborhoods contained 7,094
typo domains, among which 2,685 (38%) domains were active. By parsing the HTTP
responses for sexually-explicit keywords and by manually screening the recorded
screenshots to locate other suspects, we found a total of 110 (4.1% of 2,685) domains
that contained questionable content: four domains redirected to adult sites
directly, 36 domains contained at least one conspicuous link to an adult site,
and the remaining domains displayed at least one conspicuous adult-category
link to a page of adult ads listings.
By analyzing the third-party URL traffic,
we found that the top two domain parking services together were responsible for
serving ads on 80% of those 110 typo domains: 53 (46.5%) domains parked with oingo.com and 37 (33.6%) domains parked with information.com/domainsponsor.com.
Among the 53 domains, 46 were registered to DomainSquatter and
an analysis of those 46 domains revealed three safety issues with domain
parking.
First, typo-squatters can park an anchor
domain with a sexually-explicit name such as http://freexxxlinks.us
to “trick” domain parking services into serving questionable ads and then
redirect typo domains of children’s websites to that anchor so that the ads are
displayed to children
who made a typo. For example, 20 typo domains of the children’s
website http://flashplayer.com were
redirected to http://freexxxlinks.us [6].
Second, sometimes domain parking services
were serving adult ads even on anchor domains that do not have a sexually-explicit
name, e.g., http://disnryland.com,
which was an anchor for typos of http://kimpossible.com
[6]. We speculate that the typo-squatter might have explicitly specified
sexually-explicit keywords in order to trick the parking service’s
contextual-ads algorithm into serving questionable ads.
The third issue is inherent to the fact
that domain parking is a special case of advertisement syndication: given
merely a domain name like gropvygirls.com
[6], the algorithm may not have sufficient knowledge to determine that it is a
typo domain of the children’s website groovygirls.com, and may make a mistake in deriving the keywords and
result in inappropriate advertisements being displayed to children.
Soon after the troubling practice was
exposed in mid-December 2005 [3], the two anchor domains http://disnryland.com and http://freexxxlinks.us that together were
responsible for 26 of the 110 typo domains were removed. After the practice
attracted public attention again due to our tool release in April 2006 [20],
another round of ads cleaning was done to remove questionable ads.
5. Strider URL Tracer with Typo-Patrol
Motivated by the prevalence of
typo-squatting, we developed a tool, named Strider URL Tracer [21], to provide
users with visibility and control over third-party traffic, which has mostly
remained under the cover for the past decade.
The tracer provides four main
functionalities. It supports a “URL Scan History” view that records
the timestamp of each primary URL visited and its associated secondary URLs,
grouped by domains. It supports an alternative “Top Domain” view that,
for each secondary-URL domain, displays all the visited primary URLs that
generated traffic to it. Domains associated with more primary URLs are
displayed closer to the top. For every URL displayed in either of the views,
the tool provides a right-click menu with two options: the “Go” option that allows
the URL to be revisited (so that the user can figure out which ad came from
which URL) and the “Block” option that allows blocking of all future traffic to
and from that domain.
We envision the URL tracer to be used
primarily in three scenarios. The first scenario is an on-demand investigation
tool. When a browser user encounters any questionable content from an unknown
source, she can use the “browser history patrol” feature to rescan recently
visited URLs, use “Go” to determine which URL was responsible for serving the
content, and use “Block” to prevent the browser from visiting that domain in
the future.
The second scenario is a typo-patrol tool
used by trademark owners who want to monitor typo domains. It is often too
expensive for target-domain owners to investigate and take actions against a
large number of individual typo domains. We have incorporated into the tool a
feature that takes a target domain name and automatically generates and scans
its typo-neighborhood. The trademark owner can then use the “Top Domain” view
to identify those parking services that are heavily involved. This domain
parking-based analysis provides an efficient and low-cost solution for the
owners to file multi-domain complaints with major parking services (e.g., [22])
to request banning of typo domains from their parking programs. Together with
IP address-based grouping, such analysis also facilitates grouping of multiple
typo domains that are owned by the same registrant and/or hosted by the same ISP.
This makes it easier for trademark owners to file multi-domain disputes against
typo-domain registrants and to send multi-domain takedown notices to the
hosting ISPs.
In the third scenario, the scanning and
data analysis portion of Strider Typo-Patrol can be applied to non-typo
questionable domains as well, which may be obtained from reverse IP lookups,
DNS zone files, services that monitor new domain registrations, etc. For
example, we scanned a list of 3,990 domains, all of which contain “microsoft” (without
any typo) in their domain names. Our scan determined that 2,938 of them were
active and the six domain parking services identified in this paper together
parked 949 domains, or 32%. Again, the top two stood out: oingo.com parked 509 (17%)
domains (of which 351 were linked to DomainSquatter’s
Client IDs); Information.com/Domainsponsor.com parked 321 (11%)
domains. This preliminary investigation reveals that certain domain parking
services may be profiting directly from well-known brand names, in addition to
their typos.
6. Related Work
Domain-name typo-squatting has received
increasing attention over the past few years [1,4]. However, the community’s
understanding of the typo-squatting practice has been mostly based on
individual cases through manual and ad-hoc investigations. Our Typo-Patrol work
proposes the first automatic and systematic approach to discovering and
analyzing typo domains and typo-squatters.
The Fiddler HTTP Debugging Proxy [23]
intercepts all browser traffic. It provides more powerful traffic monitoring
and control capabilities than the Strider URL Tracer. But it does not provide
primary-secondary associations, which are essential for typo patrol.
The domain blocking functionality already
exists in a few different forms, but it has not been integrated with the
browsing history as an online, on-demand feature. For example, Firefox users
can use the userContent.css file to block selected domains [24] and Internet
Explorer users typically use the Windows hosts files to block
unwanted ads [25]. In contrast with these two mechanisms which are usually used
to perform wholesale blocking of all ads, our tool allows the users to see
which ad came from which domain and gives them the power to use on-demand domain
blocking to discourage advertising companies from serving questionable ads
without blocking legitimate ads.
Third-party URLs have been used by malicious
websites to execute and install malcode on client machines [5] and by
advertising and web analytics companies to implement web beacons (or web
bugs) to track users’ browsing behaviors [26]. The Strider URL Tracer
can be used to expose those behind-the-scenes exploiters that pretend to be advertisement
syndicators, but serve vulnerability-exploiting scripts instead of ads [5]. The
“Top Domain” view is particularly useful for exposing web beacons.
The homograph attack is another way to
create misleading domain names of popular websites by replacing some of the
characters with other visually similar ones, possibly from a different language
[27]. A recent study by Holgers et al. [28] showed that currently homograph
attacks are rare and not severe; like typo-squatting domains, most
“homographed” domains serve advertisements.
7. Discussions
It is important to note that the
typo-squatting domains scanned by Strider Typo-Patrol are generated
automatically based on a set of typo-generation algorithms. Final determination
of whether they are registered in bad faith or in violation of trademark rules
is up to the trademark owners, the parking services, and the domain dispute
process. It is possible that an algorithmically generated typo domain happens
to be another legitimate domain.
Second, we believe that most domain
parking services are legitimate advertising companies. Many of them have stated
trademark policies and rules [22,29] but, until now, it has not been an easy
task for them to distinguish legitimate domains from typo-squatting domains. We
encourage parking services to use our tool to identify systematic
typo-squatting domains in their parking programs and to identify large-scale
typo-squatters among their customers.
8. Summary
We have described Strider Typo-Patrol for
automatic discovery and systematic analysis of typo-squatting domains. By
scanning three sets of typo domains and analyzing their third-party URL traffic,
we have identified two domain parking services that are particularly active in
serving ads on at least thousands of typo domains, and found that the top six
parking services are responsible for parking around 30% of all algorithmically
generated typo domains and 40%~70% of the active ones. We have discovered
thousands of typo domains registered to a well-known, large-scale typo-squatter,
who according to our study was responsible for as many as 76% of all typo domains
parked with a major parking service oingo.com
[30], or 18% of all active typo domains from our scans. This
typo-squatter was also responsible for a significant percentage of typo domains
of children’s
websites that were serving questionable ads. We have developed the Strider URL
Tracer with Typo-Patrol to help provide visibility into the typo-squatting
business practice and to allow owners of popular websites to monitor potential
violations of their trademarks.
References
[1] Benjamin Edelman, “Large-Scale Registration of
Domains with Typographical Errors,” Sept. 2003, http://cyber.law.harvard.edu/people/edelman/typo-domains/.
[2] Will Sturgeon, “Serial typo-squatters target
security firms,” ZDNet, Sep. 19, 2005, http://news.zdnet.com/2100-1009_22-5873001.html.
[3] Strider Typo-Patrol, http://research.microsoft.com/Typo-Patrol.
[4] “Googkle.com installed malware by exploiting
browser vulnerabilities,” http://www.f-secure.com/v-descs/googkle.shtml.
[5] Yi-Min Wang,
et al., “Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That
Exploit Browser Vulnerabilities”, in Proc.
NDSS, February 2006.
[6] Screenshots of questionable advertisements, http://research.microsoft.com/Typo-Patrol/screenshots.htm.
[7] “Truth in Domain Names Act of 2003,” http://www.cybertelecom.org/dns/truth.htm.
[8] Anticybersquatting Consumer Protection Act (ACPA), http://www.patents.com/acpa.htm, November
29, 1999.
[9] Uniform Domain-Name Dispute-Resolution Policy
(UDRP), http://www.icann.org/udrp/udrp.htm.
[10] “Cybersquatter Fined $100,000 Per Domain Name,” http://www.gigalaw.com/articles/2000-all/isenberg-2000-11a-all.html,
November 2000.
[11]
“Typogoogling,” http://www.f-secure.com/weblog/
archives/archive-122005.html#00000743.
[12] Domain potential, https://partner.dotzup.com/flush.html.
[13] Screenshots of sample parked domains, http://research.microsoft.com/URLTracer/Parked_Domains.htm.
[14] Numerous domain name dispute cases against Unasi,
Inc., http://research.microsoft.com/Typo-Patrol/default.htm#Unasi.
[15] Ryan Naraine, “MS Research: Typo-Squatters Are
Gaming Google,” eWeek.com, December 19, 2005, http://www.eweek.com/article2/0,1895,1903695,00.asp.
[16] Bulk registration
pricing, https://www.godaddy.com/
gdshop/registrar/bulkprices.asp?se=%2B&ci=176.
[17] WhoIs lookup, http://domaintools.com or http://whois.ws.
[18] Millersmiles Phishing Scams by Targeted Company, http://www.millersmiles.co.uk/scams.php.
[19] Abandoned anchor domains for oingo-parked typo
domains, http://research.microsoft.com/Typo-Patrol/Major_Anchors.htm.
[20] “Microsoft 'URL Tracer' Hunts Typosquatters,”
Slashdot, http://it.slashdot.org/article.pl?sid=06/04/07/1818228&threshold=-1,
April 7, 2006.
[21] Strider URL Tracer with Typo-Patrol, http://research.microsoft.com/URLTracer/.
[22] Google AdSense for Domains Trademark Complaint
Procedure, http://www.google.com/tm_complaint_afd.html.
[23] Fiddler HTTP Debugging Proxy https://fiddlertool.com/fiddler/.
[24] Blocking advertisement
with the Firefox userContent.css file, http://www.mozilla.org/support/firefox/adblock.html.
[25] Blocking Unwanted
Parasites with a Hosts File, http://www.mvps.org/winhelp2002/hosts.htm.
[26] Stefanie Olsen, “Ad firms set rules for Web
tracking bugs,” CNET News.com, November 26, 2002, http://news.com.com/Ad+firms+set+rules+for+Web+tracking+bugs/2100-1023_3-975385.html?tag=st.ref.goo.
[27] Evgeniy Gabrilovich and Alex Gontmakher, “The Homograph
Attack”, Communications of the ACM,
45(2):128, February 2002.
[28] Tobias Holgers, David E. Watson, and Steven D.
Gribble, “Cutting through the Confusion: A Measurement Study of Homograph
Attacks,” in Proc. USENIX Annual
Technical Conference, June 2006.
[29] DomainSponsor Terms of Use, http://www.domainsponsor.com/terms.html.
[30] Google AdSense for domains, http://www.google.com/domainpark/.
