Verisign Typosquatter Explorer

by Seth Finkelstein

Introduction

On Monday September 15 2003, a change to .com/.net behavior was announced. In sum, every mistyped domain name, one that had not been registered, would be redirected to a new site controlled by the company which runs a major part of the domain name system, Verisign.

When a URL has a misspelled domain name, Verisign's changes have the effect of redirecting every single HTTP page request (technically, HTTP response code 302). There is a redirection header and page which displays:

The document has moved <A HREF="<a href="http://sitefinder.verisign.com/lpc?url=[your url];&host=[your typo domain]">here</A>.<P>

So, for example, the URL

http://verisign-is-to.net/more/evil/than/satan/himself.html

Gets redirected to:

http://sitefinder.verisign.com/lpc?url=verisign-is-to.net/more/evil/than/satan/himself.html&host=verisign-is-to.net

This site suggests corrections to the typo. I have written a program " Verisign Typosquatter Explorer" in order to examine these suggestions. Future data may be analyzed as interest permits.

Note tests with some domains seem to return results which are not constant, i.e. differences when the program is run repeatedly. This is not a program bug. Reloading the Verisign page also changes which squat-suggested domains are displayed. I don't believe it's an advertising rotation, but the behavior is similar to that practice.

Support

This project was not supported by anyone. If anyone is providing financial support for such projects, the author would dearly like to know.


Version 1.2 September 17 2003

See also: Domain Investigations


Mail comments to: Seth Finkelstein <sethf@sethf.com>

For future information:   subscribe    to   Seth Finkelstein's Infothought list    or read the    Infothought blog

(if you subscribed a few months ago, please resubscribe due to a crash)

See more of Seth Finkelstein 's Censorware Investigations