Another interesting approach is rely on cosmic background noise bit flips. Do it on Google.com and you can get a few thousand visitors a week

I.e. Register a domain where the ASCII representaton is 1 bit off.

The original idea has a better name: Bitsquatting[0]

"Experiment To determine whether bit7errors can redirect connections to attacker controlled sites, the bitsquat domains in Table 3 were registered, and all HTTP requests to the domains were logged. The domains, such as li6e.com, mic2osoft.com, and fjcdn.net are very unlikely to be typos or keyboard errors."

[0] https://media.blackhat.com/bh-us-11/Dinaburg/BH_US_11_Dinabu...

Thanks! That's brilliant.

ISnt it more likely that it is just bots, that know your domain cos they have lists of every domain for that tld?

Same question I had. Though it wouldn't be hard to control for, just put a random honeypot domain and see how many visits it gets.

I didn't read the paper, but you'd know it'd bit squatting if the domain a-azon.com is hit with a HTTP Host header of amazon.com.

Yep, bitsquatting is also a very cool thing, first research on that topic was in 2011 IIRC :)

Typosquatting = human error

Bitsquatting = machine error (bitflip)

Bitsquatting

Didn't mention spinning up an SMTP server on the domain. That might catch some interesting info.

Thinking about high-profile domains: there are no close attacks on .gov (.gop is closest), but .mil is subject to both .mit (not so close) and .ml (Mali, quite close) attacks.

Hard to believe that many big traffic sites haven't bothered to snatch up any/all similar domains.

Interesting. Tell me, is the affiliate stuff mentioned in the article actually illegal?

It's almost certainly against the TOS for the affiliate program in question.