impostor.domains

Find potential impostors, Doppelgänger, and typosquatting targets



FAQ

What are impostor domains?

Impostors, Doppelgänger, and lookalikes all refer to domain names that can be used for impersonation. These domains are employed for typosquatting, a form of cybersquatting. An attacker or profiteer in control of impostor domains can trick users into visiting the wrong website or emailing the wrong person. They can present a danger to your real domain.

What do people do with these domains?

Impostor domains are often used in domain parking schemes to display advertisements and make money, but they can be used for more nefarious purposes. An attacker who controls a lookalike domain can read email sent by mistake, redirect web visitors to another site, inject malicious code (malware), or even invisibly proxy traffic and eavesdrop.

How can we defend against these types of attacks?

The best way is prevention — defend your legitimate domain by denying potential attackers the best real estate to impersonate it. That's why this website exists; to help you identify names that could be used against you. It is possible to fight someone who registers a domain meant to look like yours, but that will generally mean arbitration or a lawsuit. Buying potential impostor domains yourself, ideally before anyone else registers them, is the best option, and thinking about this risk before obtaining a new domain can help you pick a name that avoids existing impostors.

Why was this website created?

My name is Anthony Kava, and I've worked in county government for almost two decades. I created this website as part of a research project. In the Spring of 2021, I looked into the feasibility of cybersquatting attacks against local governments. Many cities and counties are moving to .gov domains, but both citizens and employees still type .com or .org out of habit. How often does this happen? Observations based on forty-two domain names revealed that it was a daily occurence. The domains received, on average, over 1300 web visits and at least twenty-three emails each day.

Users who emailed the research domains received immediate bounce messages to clearly indicate something was wrong, and web visitors were redirected to the correct site. Research ended in April 2021. Any emails received were purged, and the domains used are now inactive but have been retained for safekeeping to deny them to potential attackers.

If you use the search feature above and find a name with Safekeeping Domain in the notes please follow the link below to request transfer of the domain(s) in question — I want you to have them! No consideration is requested nor will any be accepted. You will just need to pay your domain registrar their normal transfer fees.

Do you really suggest I register hundreds of domains?

No, of course not. It would be impossible to cover every potential permutation of your mistyped domain names. I suggest that you focus on at least two of them — the most common and most obvious impostors. If you're registering somecountystate.gov you should also try to get somecountystate.com and somecountystate.org. That would address 90% of the user errors that are bound to happen, and your security could be improved for less than $30 a year.

Should we move to a .gov domain?

My personal recommendation is YES, YES, and YES. The point of all this is that anyone in the world can register a .com, .org, or similar domain for any reason. It's legal to do so (as long as they don't use the domain to break laws). In contrast, .gov domains can only be registered by government entities. A .gov domain clearly identifies you as an official government site, and registering one is now free.

Does a .gov domain make me a target?

Probably not any more than you already are. As a government entity, you're always a target. If an attacker is looking for you they will find you either way. Don't be afraid of using a .gov domain, but do remember to consider what similar domains can be used to impersonate you. This website can help you find dangerous domain names whether or not you're using a .gov.

How can a local government improve security?

Take advantage of the free or low-cost offerings available from these public sector resources:

For Iowa county-specific resources (my home state) consider taking part in these organizations:

Would you like to know more?

Feel free to reach-out via my links at https://forensic.coffee.


Definitions

Domain Name

A domain name is the name you pick for your Internet presence, e.g., eff.org or bbc.com. It's the text that identifies you to world wide web users and people who want to email you. Your domain name might end in .com, .net, .org, .us., .uk, .gov, .coffee, or hundreds of other Top Level Domains (TLDs). Domains are purchased through a domain registrar, and yearly fees are required to keep them active.

Domain Name System (DNS)

DNS, just like the film Back to the Future, has been with us since 1985. It's the Internet's way to translating a name, like google.com, to a numeric Internet Protocol (IP) address, like 142.250.138.99. DNS makes the net easier to use (no need to remember numbers), and domains are part of its hierarchy. When you're assigned a domain, you get the right to publish DNS records under that name to point users to services, such as web servers or mail servers. DNS records come in various types such as NS (Name Server), MX (Mail eXchanger), and A (IP Addresses).

Parked Domain

A parked domain is a domain purchased to reserve a name. This can be done for good reasons to ensure it's available for some future use or to prevent cybersquatting. Often though, it's done to make money when visitors reach the domain by accident. Parking companies show ads or attempt to resell domain names at premium prices. They also like to pounce on expired domains as soon as they become available (so don't forget your renewals!).

Can receive email

Domains with MX, or mail exchanger, DNS records are configured to receive Internet email. MX records tell email servers where to send mail for a domain. If an impostor domain has MX records it could mean that whoever controls that domain is reading any email sent to it. This can affect both security and privacy.

Appears inactive

When a domain listed on this site is marked as 'Appears inactive' it may be registered, but it does not seem to be publishing DNS records. So the name itself is taken, but, for the moment at least, emails sent to it should bounce, and web visitors to the impostor domain should see an error that the site is not available.

Seems available

If a domain has the note 'Seems available' it means our checks did not indicate it is registered which means you, or literally anyone else in the world, should be able to register that domain. The only real restrictions are on special, restricted Top Level Domains (TLDs) like .gov. If the available domain name is prime real estate for an attacker you should consider buying it before someone else does.

Easy mistake (.com)

An 'Easy mistake (.com)' domain is very similar to the real domain you used in your search. Users will often enter .com by accident, instead of their intended Top Level Domain (TLD) like .gov or .us. Since the 1990s, Internet users have built-up muscle memory that leads them to type .com as a reflex.

Easy mistake (.org)

An 'Easy mistake (.org)' domain is very similar to the real domain you used in your search. Users often incorrectly associate .org domains with public entities and guess a .org ending even if the real domain name ends with .gov or .us. Lots of local governments use .org domains for their official sites which makes the situation even more confusing.

Easy mistake (.)

An 'Easy mistake (.)' domain is a Doppelgänger domain; that is to say it's like your real domain except that its missing a dot (.). It's an easy typographical error, and it means that a domain name like somecountyst.us can steal traffic intended for co.somecounty.st.us.

Easy mistake (-)

An 'Easy mistake (-)' domain is a domain name just like your real one except without a dash. Many local government domains have a dash in their name, such as ones that follow the form, somecounty-st.gov. Users will commonly forget the dash, assuming they even know it should be there in the first place, and reach an impostor domain by mistake.

Easy mistake (www)

Long-time users of the World Wide Web have grown accustomed to prefixing web addresses with 'www' even though it's not necessary for a lot of sites in the 2020s. Accordingly, a domain like yours but starting with 'www', will catch some visitors who both follow their habit and forget to type a dot.

Easy mistake (ddubs)

Domain names with double letters can be easily misspelled either by error or by misunderstanding. This is especially true if the doublet comes amid two words.



DISCLAIMER & ACKNOWLEDGEMENTS

Opinions expressed are personal views. No information on this site is to be construed as legal advice.

No warranty is made as to the accuracy of information provided by this service.

Consult your IT professional to find-out if domain names are right for you.


Icons from the Feather Collection (MIT) — DNS thanks to the phpdns library from purplepixie (GPL v3.0)

Tragedy and comedy favicon by Booyabazooka, edited by The Anome (CC Attribution-Share Alike 3.0)

Screen shot error GIF from giphy.com, text added via imgflip.com (Non-commercial Use)