tips tools reconnaissance

SecurityTrails Blog · Jul 23 · SecurityTrails team

Domain Security & Solutions – Part 01: Cybersquatting & Copyright Infringement

Reading time: 9 minutes

When we think about cyber attacks and general network threats, we usually imagine massive flood attacks, SQL injections and web application vulnerabilities.

However, a lot of attacks do not require getting access to the code, app or web-servers. In this case, we’re talking about cybersquatting and copyright infringement activities.

This type of crime demonstrates, vividly, that a DDoS attack may not be the worst nightmare you can suffer. Remember that company brand names are one of the things that help people remember and associate a business with a service or product. Now imagine your customers getting tricked into visiting a fake webpage bearing your brand name, or losing millions of dollars due to your copyrighted materials being shared illegally over third party pages.

In this article we’ll cover what cybersquatting is, different types of cybersquatting, copyright infringement issues, and most importantly, the tools you can use to monitor your brand name and detect these malicious activities.

What is cybersquatting?

Cybersquatting, also known as domain squatting or typosquatting, is a specific type of cybercrime activity covered by the Anticybersquatting Consumer Protection Act (ACPA)¹. The act’s definition of the term states that cybersquatting “…has come to mean the bad faith, abusive registration and use of the distinctive trademarks of others as Internet domain names…” Later, the same definition specifies the intentions behind such activity, recognizing them as “…with the intent to profit from the goodwill associated with those trademarks.”.

In plain English, cybersquatting is the act of registering, using or trying to sell a domain name with intentions of generating revenue from an established company or business-registered trademark.

Types of cybersquatting

Today, when a company begins its online activities, it usually registers the most popular domain TLDs, with .com, .net, .org, .info and .biz extensions. However, even if you choose to register others, such as the new TLDs .club, .site, .car, etc., you’ll always be missing other generic domain TLDs, as well as the hundreds of ccTLDs for every country and region in the world.

Therefore, domain squatting is something you must always keep in mind when thinking about protecting your brand names, because there are always a few variations. These can affect your business in different ways.

Let’s analyze the most popular types of cybersquatting.

Typosquatting

Also known as URL hijacking, typosquatting is the act of registering domain names that resemble legitimate domain names from recognized companies or brand names.

Top-level domain squatting

Here’s another type of domain squatting. Let’s suppose you own company.com, .net and .org domain names. Using that as a jumping-off point, basic TLD domain squatting consists of registering additional top-level generic domains such as .info .tv .biz, etc.

Motivations behind these cybersquatting scenarios can include, but are not limited to:

  • Redirecting traffic to third party external websites
  • Installing and spreading virus/malware over computer networks
  • Setting up phishing campaigns to steal customer sensitive data
  • Forcing the affected company to buy the domain name
  • Spreading social and political messages to visitors

How can I avoid domain typosquatting?

Tips for visitors

Try to avoid typing URLs directly in your browser. Instead, search on Google or Bing for the name of the company you want to visit, as they usually offer direct access to the site you need in the first top positions.

Another alternative is to bookmark the site once you have visited it for the first time. This is a great way to keep yourself from falling prey to malicious campaigns that may be waiting to steal sensitive personal or financial information from unsuspecting victims.

Tips for company owners

Register multiple domain names that contain your brand name. This will help thwart potential cybersquatting attacks against your brand name.

For example, if your domain name is johndoehotel.com, you should also register popular variations such as johndoehotels.com, hoteljohndoe.com, hotelsjohndoe.com, johndohotel.com, etc.

Registering these alternative, different, modified versions of your original domain name can save money, time and your reputation among customers. An excellent example is the registration of multiple Trump-family based domain names we exposed more than 1 year ago.

Use different TLDs. Don’t rely on registering only .com based domain names, be sure to also register .co,.us, .net, .org, .tv, .info…all the popular TLDs you can.

Register your trademark with the Trademark Clearinghouse (TMCH) service (ICANN’s database of protected trademarks). This will allow you to file a URS complaint (Uniform Rapid Suspension) with the World Intellectual Property Organisation when necessary, so they can investigate and take the offending site down for you.

Copyright infringement, popularly known as “piracy”, is the act of using, modifying and distributing work protected by copyright laws without any permission from its authors—usually the copyright holders.

Content pirates have been running websites spreading copyrighted materials for decades. While public and private agencies have teams fighting these types of activities, they sometimes find it difficult to prevent and mitigate such events quickly. Furthermore, tracking down the real authors behind copyright infringement can become an endless hunt if you’re not using the right tools.

Modern ISPs have fought pirates successfully (one example is ATT terminating accounts² from users involved in piracy). Other projects, like DMCA with their takedown notices³, now serve as resources legal teams use to fight this activity.

While setting up text alerts for terms related to your company’s work, and using watermarks on images and videos can help, there are still only a few tools that can effectively help you find the real domain name behind a copyright infringement issue.

And due to the huge popularity of proxy services like Cloudflare, tracking down the real owner of a domain name behind infringing materials can be tricky. Sometimes the pirated materials aren’t located within a single domain, but in multiples owned by the same person, using a number of IP addresses and network blocks. This makes the hunt even more difficult.

As you can see, analyzing and discovering the online footprints of a domain name is essential in the fight against copyright infringement.

Setup a brand monitoring system

Aside from the quick tips we shared on how to avoid cybersquatting and copyright issues with your intellectual property, there is one other thing you can do to head these issues off at the pass. That is to set up a brand monitoring system.

Brand monitoring is one of the best ways to fight domain squatting and copyright infringement.

Here at SecurityTrails, we offer one of the largest domain name and passive DNS databases in the world. With over 909 million hostnames and more than 323 million domain names tracked, our service is the perfect ally for company owners and legal teams who need to track down typosquatters and all forms of cybersquatting, as well as piracy-based websites.

For this purpose we offer these three services to help you chase down the bad guys:


SecurityTrails API

The SecurityTrails API is one of the easiest ways your company can access current and historical DNS records, as well as domain, IP, subnet and PTR records. Get the top intel information about any target in real-time.

We offer full support for Python 2.x, Python 3.x, Ruby, R, Javascript, NodeJS, PHP, Go, and almost any programming language that can perform an HTTP-based request.

As our API is http-based, you can even launch queries using the old-fashioned curl command, as shown here:

curl --request GET --url '[https://api.securitytrails.com/v1/domain/oracle.com?apikey=your_api_key][15]'

Live examples can be found in our API reference.

Domain Security & Solutions - Part 01: Cybersquatting & Copyright infringement

Several companies and developers are already using our powerful API to access top infosec information, and you can do the same. Learn more in this helpful article: Where You’ll Find Us: An Overview of SecurityTrails Integrations


Domain Feeds

When it comes to fighting domain squatting campaigns, we offer another resource that can help online companies and legal teams effectively locate malicious domain names in mere seconds when you’re offline.

That’s right — you don’t actually need access to the Internet, or have to query our passive DNS database in order to scan domain names. That’s where Domain Feeds steps in perfectly to help.

Domain Security & Solutions - Part 01: Cybersquatting & Copyright infringement

From this interface, you can download new domains added in the last 24 hours, as well as full domain files for gTLD and ccTLDs, or both combined in our ‘All Domains’ feed.

Once downloaded, you can parse this list to fully detect domain names using your brand name, potentially leading users to malicious 3rd party websites.


SurfaceBrowser

This is our enterprise-level solution for all who need an easy-to-use web-based interface. SurfaceBrowser includes even more features than our API, and gives you the ability to fully explore the attack surface area and digital footprints of any company or domain name in the world.

Once you sign in, you’ll be able to get a full intel summary about the domain name you’re investigating. You’ll also find useful shortcuts to access detailed information about domain, current DNS, DNS history, subdomains, reverse DNS, WHOIS history, IP addresses and blocks, SSL certificates and associated domains.

Brand monitoring can be performed manually using SurfaceBrowser.In most cases, it’s used to take a deep look into any domain name details once you’ve found who’s behind your trademark issues.

Domain Security & Solutions - Part 01: Cybersquatting & Copyright infringement

The Associated Domains feature is especially useful when investigating large networks of websites dedicated to spreading illegal software, books, music and other copyrighted materials.

Final thoughts

Domain typosquatting is one of the most common forms of domain security issues seen on the Internet. Luckily, it’s also one of the easiest to detect and shut down if you have a brand monitoring system integrated with our giant domain database.

In the same way, company owners and legal teams can take advantage of our passive and active domain and DNS database to detect websites and subdomains promoting illegal copyrighted materials or prevent trademark illegal usage from 3rd party websites.

Are you ready for the second part? ➡️ Domain Security & Solutions, Part 2: Phishing & Trademark Infringement Attacks


Are you working on a legal team and need to prevent domain typosquatting, protect your copyrighted material or avoid trademark issues? Get a free API account today and start integrating our intelligence security data with your own applications, or try SurfaceBrowser, our all-in-one enterprise security solution!


¹ https://www.govinfo.gov/content/pkg/CRPT-106srpt140/html/CRPT-106srpt140.htm
² https://torrentfreak.com/att-to-terminate-first-customers-over-piracy-accusations-181106
³ www.dmca.com/faq/What-is-a-DMCA-Takedown