URL Construction Field and Typosquat Variants
Bolster uses AI, natural language processing, text analytics, and other technology to determine whether a site needs further investigation. The URL Construction field displays important information resulting from these analyses:
- If it contains “Scan,” then the site is considered suspicious and pre-malicious.
- If it contains any other value, then we have used our algorithm to identify a typosquat variant.
A typosquat variant is a domain variant used by bad actors to lure prospects and customers to an alternate site. The following table lists the variant types that can be displayed in the URL Construction field. The examples assume that apple.com is an asset monitored by the Bolster platform.
| Variant | Description | Example |
|---|---|---|
| Exact Match | Domain is spelled exactly the same, but exists on a different TLD. | apple.tech |
| Addition | Letter added before or after the domain name. | applez.com |
| Homoglyph | Characters swapped with those from another character set. | xn--appe-xhc.com –> Cyrillic “L” instead of Latin “L” |
| SubDomain | Monitored asset is a subdomain. | apple.buy.com |
| Insertion | Additional letter added in the middle of the domain name. | appele.com |
| Dictionary | Domain is a merged word. | applestock.com |
| Letter Replacement | One or more letters substituted based on keyboard layout. | appl3.com |
| Hyphenation | One or more hyphens added to the domain. | app-le.com |
| Omission | Letter missing from the domain name. | aple.com |
| Repetition | Letter repeated in the domain name. | appple.com |
| Transposition | Letters swapped places in the domain name. | appel.com |
| Vowel Swap | Vowel in the domain swapped with another vowel. | opple.com |
| Bit Squatting | Flipped bit in the domain name. | aqple.com |
