Legacy Exclusive Member
- Jan 24, 2004
- Reaction score
What does everyone thing about this?
Strider URL Tracer with Typo-Patrol
What does everyone thing about this?
Strider URL Tracer with Typo-Patrol
When a user visits a Web site, her browser may be instructed to visit other third-party domains without her knowledge. Some of these third-party domains raise security, privacy, and safety concerns. The Strider URL Tracer, available for download, is a tool that reveals these third-party domains, and it includes a Typo-Patrol feature that generates and scans sites that capitalize on inadvertent URL misspellings, a process known as typo-squatting. The tool also enables parents to block typo-squatting domains that serve adult ads on typos of children's Web sites.
* Tool Download (v. 126.96.36.199, April 7, 2006) ("Save" to Desktop and double-click to install this research prototype; requires IE6 and WinXP)
o Quick Start and Help File
o Screenshots (typo domains of Slashdot.org, WashingtonPost.com, and others)
o We highly recommend running the scan from a virtual machine or a non-mission-critical machine.
* News on Strider Typo-Patrol
o "MS Research: Typo-Squatters Are Gaming Google," eWeek.com, December 19, 2005
o "Microsoft Ships 'URL Tracer' to Hunt Down Typosquatters," eWeek.com, April 7, 2006
o "Microsoft 'URL Tracer' Hunts Typosquatters," Slashdot, April 7, 2006
* Technical Report - "Strider Typo-Patrol: Discovery and Analysis of Systematic Typo-Squatting"
o Summary - With the Typo-Patrol tool, we were able to discover thousands of typo-squatting and brand-name-utilizing domains within a short time. So we estimate the number of such domains to be easily in the order of tens of thousands which, based on the maximum ACPA fine of $100,000 per domain, would amount to billions of dollars of potential liability, which is larger than the estimated $750 million value of the entire domain parking business.
In our three sets of scans, 40%~70% of active typo domains were parked with the following top six services (which can be verified by anyone who runs Typo-Patrol scans):
+ Oingo.com: 20%, 19%, and 44%
# See a sample screenshot of oingo-parked WashingtonPost.com typo domain.
# See a list of sample oingo-parked typo domains.
# 76% of oingo-parked typo domains were registered to this well-known, Panama-based typo-squatter, whose real U.S.(?) identity may be discovered by following the money trail of Google's payment to its Client ID "DTRG4295".
* We reported at http://research.microsoft.com/Typo-Patrol 2,182 typo domains owned by this typo-squatter and 1,668 of them have been de-activated.
# Our data shows that, when you make a typo and reach an active domain, one in every four such domains are parked with oingo.com and one in every six such domains are registered to this typo-squatter, and they are targeting almost every popular web site that we have patrolled, making domain name disputes by individual trademark owners a very expensive process for the industry. An industry-wide, coordinated effort involving a large number of victims or government intervention may be necessary to stop this growing problem. Some estimated it to be a $750-million industry with roughly 40% in legitimate generic-name domain business and 60% in typo-squatting and brand-name-utilization domain business.
+ Domainsponsor.com/Information.com: 21%, 14%, and 12%
# See a sample screenshot of domainsponsor-parked WashingtonPost.com typo domain.
# See a list of sample domainsponsor/information-parked typo domains.
+ Sedoparking.com: 8.6%, 3.3%, and 3.8%
# See a sample screenshot of sedoparking-parked WashingtonPost.com typo domain.
# See a list of sample sedoparking-parked typo domains.
+ Qsrch.com: 4.5%, 3.3%, and 1.8%
# See a sample screenshot of qsrch-parked Comcast.net typo domain.
# See a list of sample qsrch-parked typo domains.
+ Netster.com: 2.9%, 2.2%, and 4.1%
# See a sample screenshot of netster-parked WashingtonPost.com typo domain.
# See a list of sample netster-parked typo domains.
+ Hitfarm.com: 2.1%, 3.1%, and 2.3%
# See a sample screenshot of hitfarm-parked WashingtonPost.com typo domain.
# See a list of sample hitfarm-parked typo domains.
o Perhaps even more seriously, beyond typo-squatting, these parking services also park a large number of domains with names containing (non-typo) brand names:
+ See a few such domain names.
+ 780 *Disney* domains: grouped by parking services; grouped by IP addresses
+ 366 *Sony* domains: grouped by parking services; grouped by IP addresses
+ 280 *Ebay* domains: grouped by parking services; grouped by IP addresses
+ 190 *Nokia* domains: grouped by parking services; grouped by IP addresses
+ 112 *Canon* domains: grouped by parking services; grouped by IP addresses
+ 79 *Nintendo* domains: grouped by parking services; grouped by IP addresses
+ 71 *Panasonic* domains: grouped by parking services; grouped by IP addresses
+ 61 *Gucci* domains: grouped by parking services; grouped by IP addresses
+ 44 *Marriott* domains: grouped by parking services and traffic affiliates; grouped by IP addresses
+ Get access to .COM & .NET Top-Level Domain (TLD) Zone Files
o See sample typo traffic statistics at http://slsahdot.org
+ See http://slsahdot.org traffic anomaly due to this Slashdot
o Strider Typo-Patrol Project Home Page
* Typo-Squatting-Related Laws
o Uniform Domain-Name Dispute-Resolution Policy (UDRP), October 24, 1999
+ Applicable Disputes. You are required to submit to a mandatory administrative proceeding in the event that a third party (a "complainant") asserts to the applicable Provider, in compliance with the Rules of Procedure, that
# (i) your domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and
# (ii) you have no rights or legitimate interests in respect of the domain name; and
# (iii) your domain name has been registered and is being used in bad faith.
o Anticybersquatting Consumer Protection Act (ACPA), Signed by President Clinton, November 29, 1999
+ A person shall be liable in a civil action by the owner of a mark, including a personal name which is protected as a mark under this section, if, without regard to the goods or services of the parties, that person --
(i) has a bad faith intent to profit from that mark, including a personal name which is protected as a mark under this section; and...
+ In a case involving a violation of section 43(d)(1), the plaintiff may elect, at any time before final judgment is rendered by the trial court, to recover, instead of actual damages and profits, an award of statutory damages in the amount of not less than $1,000 and not more than $100,000 per domain name, as the court considers just.
o Truth in Domain Names Act, 2003
+ Sec. 2252B. False or misleading domain names on the Internet
# (a) Whoever knowingly uses a misleading domain name with the intent to deceive a person into viewing obscenity on the Internet shall be fined under this title or imprisoned not more than 2 years, or both.
# (b) Whoever knowingly uses a misleading domain name with the intent to deceive a minor into viewing material that is harmful to minors on the Internet shall be fined under this title or imprisoned not more than 4 years, or both.
* Potential Actions by Trademark Owners Based on the Typo-Patrol Tool
o Filing multi-domain disputes against registrants of typo-squatting domains
+ Tool Usage: use the "Group by Internet Address" view, expand an IP address node, and "right-click->Whois" on a typo domain to manually look up the registrant name.
+ Run the Reverse-IP tool against those IP addresses that host a large number of typo domains to discover even more typo domains owned by the same typo-squatters.
+ Related Information:
# "Cybersquatter Fined $100,000 Per Domain Name," November 2000
* Electronics Boutique Holdings Corp. v. Zuccarini, U.S. District Court, Eastern District of Pennsylvania, October 30, 2000
# "Disney-porn Hook-up Sends Typosquatter to Jail," March 1, 2004
* Zuccarini To Receive 30 Months in Prison, Feb. 27, 2004
# "Cyberscam Targeted by FTC," 2001
# "Battling Cybersquatters: New Tools for Trademark Holders," February 2000
# Domain name disputes
* National Arbitration Forum: State Farm Mutual Automobile Insurance Company v. Unasi Management, Inc.
* WIPO Arbitration and Mediation Center: Deutsche Telekom AG v. Unasi Management Inc.
* See many more examples
# Use whois.sc or whois.ws or whois.net or Domain Dossier - Investigate domains and IP addresses or samspade.org WhoIs lookups to find out who owns a given typo-squatting domain.
o Sending multi-domain takedown notices to ISPs hosting typo-squatting domains
+ Tool Usage: use the "Group by Internet Address" view and expand an IP address node.
+ Use Domain Dossier - Investigate domains and IP addresses or samspade.org IP Whois lookups to find out which ISP is hosting a given typo-squatting domain.
+ Takedown example
o Filing multi-domain trademark complaints with domain parking services serving ads on typo-squatting domains
+ Tool Usage: use "View Top Domains" and expand a domain parking service node.
+ Related Information:
# Google AdSense for Domains Trademark Complaint Procedure (see potential oingo.com examples)
# Sedo - Policies | Rules for Domain Parkers (see potential sedoparking.com examples)
* Other Related News and Links
o "Typosquatters Target Anti-Virus Vendors," 2005
o "Typo-squatter sued by FTC," 2002
o "Large-Scale Registration of Domains with Typographical Errors"
o "Google Squashes 'Typosquatting'," Associated Press, Jul. 09, 2005
o "Air France Wins Typo Squatting Dispute," Demys News Service, July 30, 2003
o "Harry Potter and the Order of the Typo," Personal Computer World, Dec. 10, 2004
o "Googkle.com installed malware by exploiting browser vulnerabilities," April 26, 2005
o Typogoogling, December 20, 2005
o "WIPO Responds to Significant Cybersquatting Activity in 2005," January 25, 2006
o "Domain Monetization: Allocation Methodology"
o Third-party domains associated with parked domains
+ Oingo.com (see sample parked domains)
+ DomainSponsor.com (see sample parked domains)
# "We have some names that routinely generate Revenue per 1000 Unique Impressions (RPM) of $100, $200 or more, and our overall portfolio generates an RPM of $60."
+ Sedo (see sample parked domains)
# "The RPM for some of our domains is $80 or more..."
+ Netster.com (see sample parked domains)
+ Hitfarm.com (see sample parked domains)
+ Qsrch.com (see sample parked domains)
+ TrafficZ.com (see sample parked domains)
+ Zedo.com (see sample parked domains)
+ Ownbox.com (see sample parked domains)
+ DomainSpa (see sample parked domains)
+ ParkingDots (see sample parked domains)
+ GoldKey (see sample parked domains)
# "All domains submitted must be reviewed by Yahoo for Trademark conflicts. Yahoo provides the feed for GoldKey."
+ DomainHop (see sample parked domains)
o IP addresses that host a large number of parked domains (April 8, 2006 data)
+ Run the Reverse-IP tool against these IP addresses to retrieve even more typo domains owned by the same typo-squatters.
+ Interserver Inc (typo-patrol results from scanning the first batch of typo domains in this file)
# 188.8.131.52: list of 57 parked domains; Domain WhoIs: Domaincar c/o Perthshire Marketing
# 184.108.40.206: list of 15 parked domains; Domain WhoIs: Domaincar c/o Perthshire Marketing
# 220.127.116.11: list of 11 parked domains; Domain WhoIs: Domaincar, Panama
# 18.104.22.168: list of 10 parked domains; Domain WhoIs: Domaincar, Panama
+ TELUS Communications Inc. (typo-patrol results from scanning this file)
# Try 22.214.171.124 at http://centralops.net/co/
# 126.96.36.199: list of 31 parked domains; Domain WhoIs: POPULAR ENTERPRISES, L.L.C.
# 188.8.131.52: list of 26 parked domains; Domain WhoIs: POPULAR ENTERPRISES, L.L.C.
# 184.108.40.206: list of 13 parked domains; Domain WhoIs: North American Internet, LLC
+ Internap Network Services (typo-patrol results from scanning this file)
# 220.127.116.11: list of 33 parked domains; Domain WhoIs: Navigation Catalyst Systems, Inc
# 18.104.22.168: list of 18 parked domains; Domain WhoIs: Navigation Catalyst Systems, Inc
# 22.214.171.124: list of 17 parked domains; Domain WhoIs: Navigation Catalyst Systems, Inc
# 126.96.36.199: list o 10 parked domains; Domain WhoIs: Navigation Catalyst Systems, Inc
+ Alchemy Communications Inc.
# 188.8.131.52: list of 28 parked domains; Domain WhoIs: Navigation Catalyst Systems, Inc
+ Sago Networks (typo-patrol results from scanning this file)
# 184.108.40.206: list of 52 parked domains; Domain WhoIs: Manila Industries, Inc.
o Typo domains redirecting back to target domains through third parties (April 8, 2006 data)
+ Owners of target domains may be paying typo-squatters, knowingly or unknowingly, for their traffic through affiliate programs.
+ 93 typo domains of overstock.com redirecting through click.linksynergy.com
+ 36, 22, and 6 typo domains of VerizonWireless.com redirecting through clickserve.cc-dt.com, service.bfast.com, and spellhelp.com, respectively
o Hidden, proxied, N/A, identity-shielded, or privacy-protected WHoIs records (April 8, 2006 data)
+ "Whois IDentity Shield, Vancouver, BC, Canada V6C 1A1"
# Hitfarm.com (http://whois.ws/whois-com/ip-address/hitfarm.com/)
+ "Moniker Privacy Services, Pompano Beach, FL 33069"
# Ultsearch.com (http://whois.ws/whois-com/ip-address/ultsearch.com/)
# Other examples: Kanoodle.com, searchabc.com, nbcsearch.com,
+ "Domains by Proxy, Inc., Scottsdale, Arizona 85260"
# Exactsearch.net (http://whois.ws/whois-net/ip-address/exactsearch.net/)
# Other examples: sportsinfosites.com, 404recovery.com
+ "Whois Privacy Protection Service, Inc., Bellevue, WA 98007"
# Mivrosoft.com (http://www.whois.sc/mivrosoft.com)
# Other examples: Microsocft.com, Vpptechnologies.com, etc.
+ "Privacy Protect, Inc, Houston Texas,77079"
# Bmnq.com (http://whois.ws/whois-com/ip-address/bmnq.com/)
# Other examples: Bnmq.com
+ "N/A N/A (Registrar: ENOM, INC.)"
# Sonicads.com (http://whois.ws/whois-com/ip-address/sonicads.com/)
Strider URL Tracer for Privacy Patrol:
Providing Visibility into the World-Wide Web of Beacons and Cookies
Use the Strider URL Tracer to automatically and systematically expose third-party web beacons and bugs, and then seriously ask the following questions: "What data are you collecting about me?"; "Are you following the privacy rules by giving me proper notices and choices?"; "Are you safely storing the data and for how long?"; "Who in your company has access to the data?"; "Are you correlating the data with other potentially personally identifiable information without my permission?"; "Are you selling or sharing the data with other companies without my knowledge?"; etc.
Proper uses of web beacons can improve web sites' ROI and web users' experience; abusive uses of web beacons may invade user privacy. Strider URL Tracer brings web beacons to the spotlight. Future extensions will expose abusive uses of web beacons.
* Use these tools to find out whether your machine's externally visible IP address is static and could be used to correlate your browsing activities on multiple web sites: DomainTools "My IP Information"; WhatIsMyIP.com; AuditMyPC.com.
In an enterprise environment, if your employees' machines' externally visible IP addresses are those of your web proxy servers, which can be mapped to your company name, then web beacons could potentially leak your company's business intelligence in the form of your employees' collective browsing activities.
* Network Advertising Initiative
o Opt Out of NAI Member Ad Network Cookies
o "Web Beacons Guidelines for Notice and Choice"
* "Ad firms set rules for Web tracking bugs," CNET News.com, November 26, 2002.
* Web Analytics Association
* World of Beacons:
o Tool Usage: copy-and-paste some of the URLs below into the Scan List, scan them, and switch to "Top Domains" view to see some of the most popular web beacons.
o Google-analytics.com (see ~24,000 URLs)
o Extreme-dm.com (see ~17,000 URLs)
o Hitbox.com (see ~15,000 URLs)
o Statcounter.com (see ~12,000 URLs)
o Sitemeter.com (see ~11,000 URLs)
o Webtrendslive.com (see ~9,000 URLs)
o Hitslink.com (see ~5,000 URLs)
o Addfreestats.com (see ~4,000 URLs)
o Webstats4u.com or Nedstatbasic.net (see ~3,000 URLs)
o Coremetrics.com (see ~2,000 URLs)
o Web-stat.com (see ~2,000 URLs)