Strider Typo-Patrol: Discovery and Analysis of Large-Scale, Systematic Typo-Squatters

First Posted: 12/16/2005

Last Updated: 03/07/2006

Project Summary:

·        In the Strider Typo-Patrol project, we develop an automated scanning system for discovering and analyzing typo-squatting domains. We show that a large number of such domains are parked with domain parking services to take advantage of their effective contextual-ads infrastructures. We also show that, by analyzing the ads-fetching traffic sent from typo domains to parking services, we are able to identify major typo-squatters and domain parking services that are heavily involved in large-scale, systematic typo-squatting, as well as those that are serving adult ads on typos of children’s web sites.

·        It is very important to note that not all parked domains are typo-squatting domains; many of them are legitimate, generic domain names. In fact, some domain parking services actively ban all trademarks and typos of trademarks from their system and are rigid about those rules.

News Article

·        “MS Research: Typo-Squatters Are Gaming Google,” http://www.eweek.com/article2/0,1895,1903695,00.asp

·         UPDATE (12/28/2005): Since the release of the Strider Typo-Patrol data on 12/16/2005 and the eWEEK news article on 12/19/2005, some of the questionable advertisements served on typo-squatting domains of children’s web sites (see Screenshots G1-G7) have been removed, while other questionable ads remain active (see Screenshots O1-O7). Also, most of the anchor domains parked with oingo.com have been removed. (See the December traffic drops at http://research.microsoft.com/Typo-Patrol/Major_Anchors.htm.)

Terminology

·         Example of “Domain Parking Services Powered by Others”: http://sedoparking.com (sample domains: http://disneychannell.com & http://disneycannel.com) 

·         Examples of “Domain Parking Services with Contextual-ads Infrastructure”: http://www.google.com/domainpark (sample domains: http://dissneychannel.com & http://disneychqnnel.com); http://www.oversee.net/domainsponsor.html (sample domains: http://disneycahnnel.com & http://disneychannrl.com)

·         Typo-squatters and domain parking services share the profits from serving advertisements on typo-squatting domain pages. Advertisers pay for these ads that are shown to web users after they experience typo traffic hijacking. Target web sites potentially have their brand names or trademarks utilized in this scheme.

·         Some domain parking services are target web sites as well.

·         Some target web sites are advertisers as well, effectively paying for the ads shown on the domains that typo-squat them.

·         Sometimes the typo-squatter and the parking service are the same company.

Overview and Preliminaries

·        One billion web users are collectively making a huge number of URL typos everyday. Imagine that a typo-squatter hijacks 15% of all typo traffic. That’s equivalent to owning a very popular (virtual) web site in terms of the amount of traffic that can be used to drive advertising revenue. For users who dislike typo-squatting, they may not know the identities of the typo-squatters and the domain parking services that are actually behind the squatting; all they know is which advertisers appear on the typo pages. Those advertisers are paying money for this experience.

·        The Strider Typo-Patrol System is an extension of the Strider HoneyMonkey Exploit Detection System. It is part of our ongoing effort in providing automatic and systematic web scans to discover and investigate questionable web sites in order to protect Internet users. The primary goal of Strider Typo-Patrol is to understand the practice of typo-squatting and to protect the Internet from typo-squatting-based exploits (see the eWeek.com news article on malware infection through googkle.com typo-squatting).

·        So far, we have not found any exploit sites hosted on typo-squatting domains. But we have developed a method to automatically discover major typo-squatters that are performing large-scale, systematic typo-squatting. On this page, we describe one example for which our method is most effective to illustrate the basic ideas.  

·        Almost all of the potential typo-squatting domains reported in the tables on this page are registered to the same company (see background information below) and parked with the same domain-parking server oingo.com. Analyses of other large-scale typo-squatters and parking services are more difficult due to the lack of similar systematically-discoverable structures (see others). It is important to note that, due to the multi-layer redirection structure, parking service providers may not be aware of the potential typo-squatting activities performed by the owners of parked domains. The Strider Typo-Patrol System can therefore help domain-parking service providers monitor the domains parked with them for questionable behaviors that may be violating their policies or subject to trademark complaints.

·         Background information: multiple domain name disputes involving the same company

o        UPDATE (01/21/2006): Most of the WhoIs records that had “Registrant: Unasi” seemed to have been changed to “Registrant: Domaincar”.

o        “Typosquatters Target Anti-Virus Vendors,” http://www.eweek.com/article2/0,1895,1860661,00.asp

o        “Serial typo-squatters target security firms,” http://news.zdnet.com/2100-1009_22-5873001.html

o         National Arbitration Forum Decisions

1.        State Farm Mutual Automobile Insurance Company v. Unasi Management, Inc., http://www.arb-forum.com/domains/decisions/472028.htm

2.        Morgan Stanley v. Unasi Inc., http://www.arb-forum.com/domains/decisions/529514.htm

3.        Amazon.com, Inc. V. Unasi Inc., http://www.arb-forum.com/domains/decisions/542437.htm

4.        Hyatt Corporation and Hyatt International Corporation v. Unasi Inc., http://www.arb-forum.com/domains/decisions/545021.htm

5.       Jaclyn Smith and Jaclyn Smith International, Inc. v. Unasi, Inc., http://www.arb-forum.com/domains/decisions/522853.htm

o         WIPO Arbitration and Mediation Center, Administrative Panel Decisions

1.        Deutsche Telekom AG v. Unasi Management Inc., http://arbiter.wipo.int/domains/decisions/html/2005/d2005-0423.html

2.        Gianfranco Ferre’ S.p.A. V. Unasi Inc., http://arbiter.wipo.int/domains/decisions/html/2005/d2005-0622.html

3.        Red Bull GmbH v. Unasi Management Inc., http://arbiter.wipo.int/domains/decisions/html/2005/d2005-0304.html

4.       Jafra Cosmetics, S.A. de C.V. v. Unasi Inc., http://arbiter.wipo.int/domains/decisions/word/2005/d2005-0926.doc

·         All “potential typo-squatting domains” studied in this project are based on the five programmatic typo-generation models described below. Whether they are “actual typo-squatting domains” may be a subjective matter in some cases.

·        Some potential typo-squatting domains move around between domain parking services or between anchor domains over time (see an example in Table 1). Also, some parking services have been cleaning up their ads since this page was made public. So we have marked the data-collection dates for the presented data and, for typo-squatting pages that serve questionable content (e.g. [1], [2]), we have also recorded all request/response traffic and screenshots.  

Strider Typo-Patrol Methodology

·        Step #1: Generating Potential Typo-Neighborhood: given a target domain name, a potential typo-neighborhood consists of potential typo-squatting domain names generated based on the following five programmatic typo-generation models

http://apps5.oingo.com/apps/domainpark/domainpark.cgi?s=washingtonposr.com&dp_lp=24&dp_lp=7&cid=DTRG7965&dp_p4pid=oingo_inclusion_xml_06&dp_format=1.3  

http://apps5.oingo.com/apps/domainpark/domainpark.cgi?s=gkoogle.com&dp_lp=24&dp_lp=7&cid=DTRG7965&dp_p4pid=oingo_inclusion_xml_06&dp_format=1.3 

·        Step #2: Automatic Scanning: recording Cross-domain Auto-visit (XDAV) URLs that enable typo-squatting through domain parking

·        For example, http://kimpssible.com redirected to this XDAV URL: http://apps5.oingo.com/apps/domainpark/domainpark.cgi?s=disnryland.com&dp_lp=24&dp_lp=7&cid=DTRG7F6V&dp_p4pid=oingo_inclusion_xml_06&dp_format=1.3

·         UPDATE: After the above links were mentioned in the eWEEK news article, two things changed: http://kimpssible.com no longer has disnryland.com in the XDAV URL; and Client ID cid=DTRG7F6V was changed to cid=DTRG7965.

·        You can use the Fiddler HTTP Debugging Proxy (http://www.fiddlertool.com/fiddler/) to manually monitor and investigate the XDAV URLs; alternatively, you can use browser View Source to see the oingo.com URL.

·        Step #3: Identifying Anchors: parked domains that aggregate traffic to enable scalable and systematic typo-squatting

·        For example, (1) http://kmpossible.com [WhoIs], (2) http://kimmpossible.com [WhoIs], (3) http://kimossible.com [WhoIs], (4) http://kimposssible.com [WhoIs], and (5) http://kimpssible.com [WhoIs] all redirected to the parked anchor domain http://disnryland.com [WhoIs], which in turn redirects to this XDAV URL: http://apps5.oingo.com/apps/domainpark/domainpark.cgi?s=disnryland.com&dp_lp=24&dp_lp=7&cid=DTRG4295&dp_p4pid=oingo_inclusion_xml_06&dp_format=1.3

·         UPDATE: After the above links were mentioned in the eWEEK news article, three things changed: the five typo domains no longer redirect to disnryland.com; the questionable ads on http://disnryland.com were removed; and Client ID cid=DTRG4295 was changed to cid=DTRG7965. 

·        In some cases, typo-squatters were apparently using anchors to provide an additional level of indirection/isolation to “trick” parking services into serving questionable ads. For example,

·        http://flasphlayer.com redirected to the anchor http://freexxxlinks.us (see screenshot); http://NationalGeographicc.com redirected to http://playbov.com.

·         UPDATE: After the above information was posted, both redirections were removed around Dec. 21, 2005.

References

·         “Serial typo-squatters target security firms,” http://news.zdnet.com/2100-1009_22-5873001.html

·         “Beware cybersquatters,” http://www.networkworld.com/net.worker/columnists/2005/1107gaskin.html

·         “Beware How You Google,” April 27, 2005,  http://www.eweek.com/article2/0,1895,1790348,00.asp

·         “Typosquatters Target Anti-Virus Vendors,” http://www.eweek.com/article2/0,1895,1860661,00.asp

·         Wikipedia: “Domain Parking”, http://en.wikipedia.org/wiki/Domain_parking

·         Applied Semantics, http://Oingo.com

·         Google AdSense for domains, http://www.google.com/domainpark/

·         AdSense for Domains Trademark Complaint Procedure, http://www.google.com/tm_complaint_afd.html 

·         “Google wins typosquatting ruling,” http://www.theregister.co.uk/2005/07/11/google_ruling/; “Arbitrators Back Google in Fight Against ‘Typo Squatter’,” http://www.technewsworld.com/story/44535.html; Google Inc. v. Sergey Gridasov, http://www.arb-forum.com/domains/decisions/474816.htm. 

·         “Truth in Domain Names Act of 2003,” http://www.cybertelecom.org/dns/truth.htm

·         “Typo-squatter sued by FTC,” http://www.demys.net/news/2002/05/02_May_27_zuccarini.htm

·         “Cyberscam Targeted by FTC,” http://www.ftc.gov/opa/2001/10/cupcake.htm

·         “Large-Scale Registration of Domains with Typographical Errors,” http://cyber.law.harvard.edu/people/edelman/typo-domains/

·         “Cybersquatter Fined $100,000 Per Domain Name,” http://www.gigalaw.com/articles/2000-all/isenberg-2000-11a-all.html.

·         “Google AdSense For Domains Program Overdue For Reform,” http://blog.searchenginewatch.com/blog/051220-153537

·         “Typogoogling,” http://www.f-secure.com/weblog/archives/archive-122005.html#00000743

·         “… typosquatting domain “f-sekure.com” is showing Google Ad Sense ads that we pay for, pointing to our Client Security promotion site.”

·         “Google might clamp down on typo-squatting,” http://domainnamewire.com/2005/12/20/google-might-clamp-down-on-typo-squatting/

·         “… MySpac.com recently sold for $31,600, MypSace.com sold for $35,100…”

Typo-Patrol Results

·        Table 1: Potential Typo-squatting of 30 Popular Sites (early December 2005 results)

·        Selected from http://www.alexa.com/site/ds/top_sites?ts_mode=lang&lang=en

·        Anchors used to aggregate traffic across multiple target domains are highlighted.  

·        Table 2: Potential Typo-squatting of 30 Financial Sites (early December 2005 results)

·        Selected from http://www.antiphishing.org/phishing_archive.html, http://www.millersmiles.co.uk/scams.php, and http://www.ftc.gov/bcp/conline/pubs/credit/freereports.htm

 * Registrant not confirmed

·        Table 3: Potential Typo-squatting of News and Magazine Web Sites (mid-December 2005 results)

·        Table 4: Potential Typo-squatting of Kids Web Sites (mid-December 2005 results)

·        Table 5: Potential Typo-squatting of Other Web Sites (mid-December 2005 results)

·        Table 6: Using Anchors and cid’s to Identify Companies with Close Business Relationship or at the Same Physical Address (mid-December 2005 results)

Other Information

UPDATE (01/17/2006): Many of the typo-squatting domains reported on this page have since become invalid domains; search for “(Removed)” to see examples. Their status will be updated if and when they become valid domains again and park with the service. (Notably, Altavusta.com [WhoIs], Microsokft.com [WhoIs], BamnkOfAmerica.com [WhoIs], VeruzonWireless.com [WhoIs], DisnneyWorld.com [WhoIs], and DidneyWorld.com [WhoIs] are still typo-squatting. UPDATE: all but Altavusta.com were removed around Jan. 23, 2006.)

UPDATE (01/25/2006): These were reported on 01/23/2006 and removed on 01/25/2006 (temporarily or permanently?)

·         Mivrosoft.com, Mkicrosoft.com, Mijcrosoft.com, Micdrosoft.com, Mivcrosoft.com, Micrdosoft.com, Microisoft.com, Microksoft.com, Microdsoft.com, Microsoift.com, Microspoft.com, Microskoft.com, Microsofct.com, Microsocft.com [WhoIs], Microsoftf.com [WhoIs]

·         18 typo-squatting domains of NYTimes.com parked with oingo.com [WhoIs] and under active investigation: NYTiumes.com, NYToimes.com, NYTiomes.com, NYTikmes.com, NYTjimes.com, NYTijmes.com, NYTimnes.com, NYTimkes.com, NYTimwes.com, NYTimres.com, NYTimers.com, NYTimeds.com, NYTimesw.com, NYTimeas.com, NYTimesa.com, NYTomes.com, NYTikes.com, NYTimex.com – all owned by [WhoIs]

·         12 typo-squatting domains of WashingtonPost.com parked with oingo.com [WhoIs] and under active investigation: WashingtonPostr.com, WasgingtonPost.com, WashibgtonPost.com, WashinhtonPost.com, WashingronPost.com, WashingtonPodt.com, WashingtonPoat.com, WashingtonPosy.com, WasahingtonPost.com, WashinhgtonPost.com, WashintgtonPost.com, WashingtponPost.com – all owned by [WhoIs]

·         41 typo-squatting domains of Disneyland.com parked with oingo.com [WhoIs] and under active investigation: disneylanmd.com, disneylande.com, disneylanfd.com, disneylansd.com, cisneyland.com, sisneyland.com, dusneyland.com, dosneyland.com, dianeyland.com, disheyland.com, disnwyland.com, disneuland.com, disneylsnd.com, disneylanf.com, disneylans.com, disnelyand.com, disneylnad.com, disneyladn.com, deisneyland.com, fdisneyland.com, dfisneyland.com, dsneyland.com, sdisneyland.com, diisneyland.com, duisneyland.com, diusneyland.com, diosneyland.com, dissneyland.com, disaneyland.com, disnneyland.com, disbneyland.com, disneeyland.com, disnewyland.com, disnseyland.com, disneyyland.com, disneytland.com, disneyhland.com, disneylaand.com, disneylsand.com, disneylasnd.com, disneylannd.com – all owned by [WhoIs]

·         http://kiudsdomain.com [WhoIs] parked with oingo.com [WhoIs] and displaying questionable ads  (target: http://kidsdomain.com). (Update: moved away from oingo.com in early Feb. 2006)

UPDATE (01/26/2006): These were reported on 01/25/2006 and removed on 01/26/2006 (temporarily or permanently?)

·         Microsoftl.com [WhoIs]

·         Altavistz.com, Akltavista.com, Alktavista.com, Alrtavista.com, Altyavista.com, Altzavista.com, Altazvista.com, Altavfista.com, Altagvista.com, Altaviusta.com, Altavoista.com, Altaviwsta.com, Altaviswta.com, Altavidsta.com, Altavisdta.com, Altavisgta.com, Altavistza.com, Altavistaz.com

·         9 typo-squatting domains of FoxNews.com parked with oingo.com [WhoIs] and under active investigation: FioxNews.com, FoixNews.com, FopxNews.com, FoxNwews.com, FoxNrews.com, FpxNews.com, FocNews.com, FoxNrws.com

·         PaqyPal.com, PatyPal.com, PauyPal.com, PayuPal.com, PayhPal.com, PayPsal.com, PayPaol.com, PayPalo.com, PayPakl.com, PzyPal.com, PayPzl.com

UPDATE (01/27/2006): These were reported on 01/25/2006 and removed on 01/27/2006 (temporarily or permanently?)

·         2 typo-squatting domains of Altavista.com parked with oingo.com [WhoIs] and under active investigation: Altavusta.com, Alotavista.com

UPDATE (01/28/2006): removed

·         Target PayPal.com; Typo: aPyPal.com

UPDATE (01/30/2006): These were reported on 01/27/2006 and removed on 01/30/2006

·         Many removed anchors are coming back: free-software.com, wwwaeropostale.com, globlecomputer.com, bankofomerica.com, newyorktimesonline.com, sportslane.com, etc.

·         Target: Google.com; Typos: Gokogle.com, Gookgle.com, Googple.com

·         Target: Blogger.com; Typos: Bloggre.com, Bloogger.com, Blolgger.com, Bloggeer.com, Bloggerr.com, Bloggr.com

·         Target: Alibaba.com; Typo: Alibana.com

·         Target: Expedia.com; Typos: Expexdia.com, Expedsia.com

·         Target: Match.com; Typos: Matcuh.com, Matcjh.com

·         Target: MyWebSearch.com; Typos: wwwMyWebSearch.com, MyWebSeaech.com, MyWebSerarch.com, MyWebSearcch.com

·         Target: Overstock.com; Typos: Ovgerstock.com, Ovefrstock.com, Overstgock.com, Overstokck.com

·         Target: PornAccess.com; Typos: PorAnccess.com, PonAccess.com, Pornccess.com, PorhAccess.com

·         Target: Walmart.com; Typos: Walmaryt.com, Walmazrt.com, Walmarft.com

·         Target: Weather.com; Typos: Wwather.com

·         Target: Webshots.com; Typos: Websuots.com, Webhshots.com, Webashots.com, Webshjots.com

·         Target: Xanga.com; Typos: Xanbga.com, Xamnga.com, Xangq.com

·        Target: TheFaceBook.com; Typos: TheFcaeBook.com, ThyeFaceBook.com, TgheFaceBook.com, TheFacweBook.com, TheFaceBoolk.com, TheFaceBooko.com, TheFaceBookj.com, TheFacerBook.com, TjheFaceBook.com

UPDATE (01/31/2006): These were reported on 01/30/2006 and removed on 01/31/2006

·         TARGET AdultFriendFinder.com: AdultFriemndFinder.com, AdultFriendFinfder.com, AdultFriendFinsder.com, AdultFriendFindser.com, AdultFriendFindesr.com, AdultFriencFinder.com, AdultFriendFinxer.com, AdjultFriendFinder.com, AdujltFriendFinder.com, AdulrtFriendFinder.com, AdultFriewndFinder.com (11)

UPDATE (01/29/2006):

·         Jan. 28, 2006: “... Tiffany & Company sued eBay for facilitating the trade of counterfeit Tiffany items on the site...”, “The frustrating part is that eBay just stands back and lets these people make thousands and thousands of dollars while taking a fee for each transaction...” http://nytimes.com/2006/01/29/technology/29ebay.html?hp&ex=1138510800&en=ddaf3038d2c2ed82&ei=5094&partner=homepage.

·         Are domain parking services facilitating trademark violations by typo-squatters? By looking up the traffic numbers at http://www.alexa.com/, http://inventory.overture.com/, etc. and multiplying those numbers by the typical CPM numbers, one can estimate how much money each domain parking service has been making through trademark violations and may eventually be forced to return to the trademark owners, either through individual or class-action complaints. The data can be provided to the Federal Trade Commission and State Attorney Generals for consideration.

·         See the first legal action based on our Strider research results: “Microsoft, Washington AG sue antispyware company”.

·         Our research results demonstrate that, while major domain parking services provide effective contextual-ads infrastructures that facilitate large-scale typo-squatting, some of them also facilitate the investigation of large-scale trademark violations by exposing them through a systematic structure that can be automatically scanned, analyzed, and reported.

UPDATE (02/02/2006): These were removed on 02/02/2006

·         Still active: bahkofamerica.com, bankotamerica.com, bankofanerica.com, bankofamwrica.com, bankofaemrica.com, bankoframerica.com, usbnk.com, careeebuilder.com, careerebuilder.com, careerbuiilder.com, careerbuillder.com

UPDATE (02/01/2006): These were removed on or before 02/02/2006

·        Typo-squatting domains of major banks, parked with oingo.com [WhoIs] and under active investigation:

·         TARGET Citibank.com: Citibajk.com [WhoIs], Ciutibank.com, Coitibank.com, Ciktibank.com, Cirtibank.com, Citribank.com, Cigtibank.com, Citgibank.com, Cituibank.com, Citiubank.com, Citoibank.com, Citijbank.com, Citivbank.com, Citibvank.com, Citibnank.com, Citibqank.com, Citibaqnk.com, Citibsank.com, Citibasnk.com, Citibzank.com, Citibabnk.com, Citibanhk.com, Citibanjk.com, Citibamnk.com, Citibanlk.com, Citubank.com, Citivank.com, Citibqnk.com, Citibznk.com (29)

·         TARGET BankOfAmerica.com: BankOfAmerivca.com [WhoIs], BankOfAmericva.com, BankOfAmericza.com, BankOfAmericaz.com, BqnkOfAmerica.com, BznkOfAmerica.com, BahkOfAmerica.com, BaniOfAmerica.com, BanjOfAmerica.com, BankOtAmerica.com, BankOfAnerica.com, BankOfAmwrica.com, BankOfAmericz.com, BankOfAemrica.com, BaznkOfAmerica.com, BabnkOfAmerica.com, BanhkOfAmerica.com, BajnkOfAmerica.com, BanmkOfAmerica.com, BankOfrAmerica.com, BankOgfAmerica.com, BankOfgAmerica.com, BankOfAjmerica.com, BankOfAmjerica.com, BankOfAkmerica.com, BankOfAmkerica.com, BankOfAmderica.com, BankOfAmedrica.com, BankOfAmserica.com, BankOfAmerfica.com, BankOfAmeriuca.com, BankOfAmerkica.com, BankOfAmerikca.com, BankOfAmericxa.com (34)

·         TARGET WellsFargo.com: WellsFarto.com [WhoIs], WedllsFargo.com, WesllsFargo.com, WelolsFargo.com, WekllsFargo.com, WelklsFargo.com, WellwsFargo.com, WelldsFargo.com, WellsFqargo.com, WellsFazrgo.com, WellsFargto.com, WellsFargio.com, WellsFargko.com, WwllsFargo.com, WsllsFargo.com, WellsFqrgo.com (16)

·         TARGET USBank.com: USBasnk.com [WhoIs], USBabnk.com, USBanbk.com, USBanjk.com, USBanmk.com, USBanlk.com, USBanj.com, USBnk.com (7)

UPDATE (01/31/2006): These were removed on or before 02/02/2006

·         Typo-squatting domains parked with oingo.com [WhoIs] and under active investigation:

·         TARGET Download.com: Downloae.com [WhoIs], Dpownload.com, Dlownload.com, Dkownload.com, Dowqnload.com, Doewnload.com, Dowsnload.com, Dowbnload.com, Downbload.com, Downjload.com, Downloiad.com, Downlolad.com, Downloaqd.com, Dosnload.com, Dowhload.com, Downloqd.com (16)

·         TARGET Orkut.com: Orekut.com [WhoIs], Ofrkut.com, Orfkut.com, Ordkut.com, Orikut.com, Orokut.com, Orjkut.com, Orkjut.com, Orkyut.com, Orkugt.com, Ofkut.com, Odkut.com, Oriut.com, Orkjt.com, Orkug.com (15)

·         TARGET PhotoBucket.com: PjotoBucket.com [WhoIs], PhotoBuckwt.com, PhotouBcket.com, PhotoiBucket.com, PhotoByucket.com, PhotoBuycket.com, PhotoBucxket.com, PhotoBucjket.com, PhotoBuckjet.com, PhotoBuckwet.com, PhotoBuckewt.com, PhotoBuckert.com, PhotoBuckedt.com, PhotoBuckest.com (14)

·         TARGET Sportsline.com: Sportwline.com [WhoIs], Sportsoine.com, Sportslihe.com, Sportslind.com, Soprtsline.com, Sportslnie.com, Soportsline.com, Spoertsline.com, Spotrtsline.com, Sportsaline.com, Sportslinbe.com, Sportslinew.com (12)

UPDATE (01/30/2006): These were removed on or before 02/02/2006

·         Typo-squatting domains parked with oingo.com [WhoIs] and under active investigation:

·         TARGET Friendster.com: Friendsterd.com [WhoIs], Feiendster.com, Ftiendster.com, Friwndster.com, Frisndster.com, Friehdster.com, Frienester.com, Friencster.com, Frienddter.com, Friendsyer.com, Friendsger.com, Friendsfer.com, Friendstsr.com, Friendstee.com, Friendstef.com, Fruiendster.com, Friuendster.com, Froiendster.com, Friwendster.com, Frirendster.com, Fridendster.com, Frisendster.com, Friejndster.com, Frienjdster.com, Friemndster.com, Friencdster.com, Friendcster.com, Friendswter.com, Friendsrter.com, Friendstger.com, Friendstedr.com, Friendstesr.com (32)

·         TARGET CareerBuilder.com: CzreerBuilder.com [WhoIs], CafeerBuilder.com, CareeeBuilder.com, CareerBuolder.com, CareerBuileer.com, CareerBuilser.com, CraeerBuilder.com, CarewerBuilder.com, CareesrBuilder.com, CareereBuilder.com, CareertBuilder.com, CareerBiuilder.com, CareerBuiilder.com, CareerBuillder.com, CareerBuilfder.com, CareerBuildfer.com, CareerBuilsder.com, CareerBuildser.com, CareerBuildewr.com, CareerBuildedr.com, CareerBuildesr.com (21)

UPDATE (01/25/2006):

·         3 typo-squatting domains of Microsoft.com parked with oingo.com [WhoIs] and under active investigation: Microsofr.com [WhoIs], Micvrosoft.com [WhoIs], Mifcrosoft.com

By Yi-Min Wang, Doug Beck, and Jeffrey Wang