{"id":11695,"date":"2022-08-24T09:00:00","date_gmt":"2022-08-24T13:00:00","guid":{"rendered":"https:\/\/www.cscdbs.com\/blog\/?p=11695"},"modified":"2026-01-15T10:12:05","modified_gmt":"2026-01-15T15:12:05","slug":"registration-patterns-of-deceptive-domains","status":"publish","type":"post","link":"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/","title":{"rendered":"Registration Patterns of Deceptive Domains"},"content":{"rendered":"\n

A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name. The most convincing infringements frequently use a domain name that\u2019s deceptively similar to that of the official site of the target brand. This allows a variety of attacks to be executed, including phishing attacks\u2014where the domain is used to host a lookalike site or produce a deceptive sender address for emails\u2014and other kinds of brand infringement where users are misdirected to fake sites via mistyped URLs or search engine manipulation.<\/p>\n\n\n\n

One well established threat vector used in creating fraudulent websites is the use of strings like \u201cwww\u201d or \u201chttp\u201d within the domain name itself\u2014e.g., registering domains such as www-google.com or httpgoogle.com to impersonate the legitimate site (i.e., www.google.com or http:\/\/google.com).<\/p>\n\n\n\n

CSC carried out a study in August 2022 using its 3D Domain Monitoring technology to consider patterns of activity in domain registrations for names beginning with \u201cwww\u201d or \u201chttp\u201d over the preceding one-year period. The analysis includes identification of newly registered domains (N), re-registered domains (R) or dropped (i.e., lapsed) domains (D). Each instance of these activities for a particular domain is referred to as an \u201cevent.\u201d<\/p>\n\n\n\n

Findings<\/strong><\/p>\n\n\n\n

Between August 2021 and August 2022, more than 230,000 events were identified for \u201cwww\u201d domains, and more than 12,000 for \u201chttp\u201d domains. Figure 1 shows the continuous activity across the one-year period, with numerous peaks and troughs.<\/p>\n\n\n\n

\"\"
Figure 1:<\/strong>  Daily numbers of new registrations (N), re-registrations (R) and dropped (D) domains, for domain names beginning with \u201chttp\u201d (left axis; blues \/ dark grey) and \u201cwww\u201d (right axis; red \/ yellow \/ light grey).<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

Among the full dataset, a number of specific keyword strings were found to appear as the second-level domain names (the part of the domain name to the left of the dot) multiple times. They represent either repeated lapses and re-registrations of particular domain names, or the registration of distinct domains with the same second-level domain name but different top-level domain (TLD) extensions\u2014so-called \u201ccousin\u201d domains. Of these keyword strings, several referenced well known brand names, or variations or typos of those names, indicating an intention to target the brand in question, as shown in Tables 1 and 2.<\/p>\n\n\n\n

Keyword string<\/strong><\/td>No. registration or drop events<\/strong><\/td><\/tr>
www-roblox<\/td>21<\/td><\/tr>
www-lcloud<\/td>16<\/td><\/tr>
www-apple<\/td>15<\/td><\/tr>
wwwgoogle<\/td>13<\/td><\/tr>
www-avito<\/td>12<\/td><\/tr>
www-citizens<\/td>11<\/td><\/tr>
www-yandex<\/td>10<\/td><\/tr>
www-torproject<\/td>10<\/td><\/tr>
www-icloud<\/td>10<\/td><\/tr>
www-blablacar<\/td>10<\/td><\/tr>
www-bitstamp<\/td>10<\/td><\/tr>
www1royalbank<\/td>10<\/td><\/tr><\/tbody><\/table>
Table 1:<\/strong> Most frequently occurring brand-specific keyword second-level domain names in the dataset of \u201cwww\u201d domains.<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

Keyword string<\/strong><\/td>No. registration or drop events<\/strong><\/td><\/tr>
https-skinbaron<\/td>9<\/td><\/tr>
https-www-ruraivla-com-lsum-main<\/td>8<\/td><\/tr>
httpsgoogle<\/td>7<\/td><\/tr>
https-csmoney<\/td>7<\/td><\/tr>
httpgoogle<\/td>7<\/td><\/tr>
http18comic<\/td>7<\/td><\/tr>
httpsstreamlabs<\/td>6<\/td><\/tr>
https-googlecom<\/td>6<\/td><\/tr>
https-httpsgoogle<\/td>6<\/td><\/tr>
httpsgoogledotcom<\/td>6<\/td><\/tr>
httpsgoogleplay<\/td>6<\/td><\/tr>
https–google<\/td>6<\/td><\/tr>
httpsgoogle-com<\/td>6<\/td><\/tr>
httpsgooglecom<\/td>6<\/td><\/tr>
httpsecuregoogle<\/td>6<\/td><\/tr>
httpsdealersvwcredit<\/td>6<\/td><\/tr>
https-anydesk<\/td>6<\/td><\/tr>
httpqgoogle<\/td>6<\/td><\/tr>
httpagoogle<\/td>6<\/td><\/tr>
httpcredito-app-nubank<\/td>6<\/td><\/tr>
http2google<\/td>6<\/td><\/tr><\/tbody><\/table>
Table 2:<\/strong> Most frequently occurring brand-specific keyword second-level domain names in the dataset of \u201chttp\u201d domains.<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

Tables 3 and 4 show the top TLDs represented within the dataset.<\/p>\n\n\n\n

<\/p>\n\n\n\n

TLD<\/strong><\/td>No. registration or drop events<\/strong><\/td><\/tr>
.COM<\/td>204,795<\/td><\/tr>
.XYZ<\/td>6,233<\/td><\/tr>
.NET<\/td>4,411<\/td><\/tr>
.ORG<\/td>3,008<\/td><\/tr>
.TOP<\/td>1,646<\/td><\/tr>
.VIP<\/td>1,423<\/td><\/tr>
.INFO<\/td>950<\/td><\/tr>
.FR<\/td>937<\/td><\/tr>
.ONLINE<\/td>714<\/td><\/tr>
.UK<\/td>676<\/td><\/tr><\/tbody><\/table>
Table 3:<\/strong> Top 10 TLDs represented in the dataset of events for \u201cwww\u201d domains.<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

TLD<\/strong><\/td>No. registration or drop events<\/strong><\/td><\/tr>
.COM<\/td>8,284<\/td><\/tr>
.XYZ<\/td>1,267<\/td><\/tr>
.NET<\/td>429<\/td><\/tr>
.ORG<\/td>388<\/td><\/tr>
.LIVE<\/td>228<\/td><\/tr>
.ONLINE<\/td>180<\/td><\/tr>
.INFO<\/td>170<\/td><\/tr>
.UK<\/td>160<\/td><\/tr>
.FR<\/td>154<\/td><\/tr>
.SITE<\/td>150<\/td><\/tr><\/tbody><\/table>
Table 4:<\/strong> Top 10 TLDs represented in the dataset of events for \u201chttp\u201d domains.<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

Unsurprisingly, .COM dominates the dataset, reflecting both the continued popularity of the TLD, and its extensive use in official domain names of the brands being impersonated. However, a range of new generic TLDs (gTLDs) such as .XYZ, .TOP, .VIP, .ONLINE, .LIVE, and .SITE also feature in the lists, consistent with previous observations that these extensions are popular with fraudsters.<\/p>\n\n\n\n

Infringements targeting top brands<\/strong><\/p>\n\n\n\n

CSC also analysed the frequency of registration and drop events for \u201cwww\u201d and \u201chttp\u201d domains names incorporating any of the top 10 most valuable company brands in 2022, on the assumption that these are likely to be attractive targets for bad actors. The findings are shown in Table 5.<\/p>\n\n\n\n

Brand string<\/strong><\/td>No. registration or drop events for \u201cwww\u201d domains<\/strong><\/td>No. registration or drop events for \u201chttp\u201d domains<\/strong><\/td><\/tr>
apple<\/td>212<\/td>43<\/td><\/tr>
google<\/td>143<\/td>120<\/td><\/tr>
amazon<\/td>114<\/td>19<\/td><\/tr>
microsoft<\/td>14<\/td>6<\/td><\/tr>
tencent<\/td>0<\/td>0<\/td><\/tr>
mcdonalds<\/td>8<\/td>2<\/td><\/tr>
visa<\/td>58<\/td>10<\/td><\/tr>
facebook<\/td>38<\/td>31<\/td><\/tr>
alibaba<\/td>7<\/td>4<\/td><\/tr>
vuitton<\/td>1<\/td>0<\/td><\/tr>
TOTALS<\/strong><\/td>595<\/td>235<\/td><\/tr><\/tbody><\/table>
Table 5:<\/strong> Numbers of registration and drop events for domains containing the names of the top 10 most valuable company brands in 2022.<\/figcaption><\/figure>\n\n\n\n

<\/p>\n\n\n\n

The associated keywords also present in the domain names may give further insight into the intentions of those registering the domains. For example, in the dataset of 255 \u201capple\u201d domain events, we frequently see certain keywords, their variants or misspellings, that may indicate phishing activity, including \u201clogin\u201d (13 instances), \u201csupport\u201d (47) and \u201cactivate\u201d (17).<\/p>\n\n\n\n

Significantly, of the 564 active, unique domains containing any of the top 10 brand names taken from the dataset above, 16% feature active MX records, meaning they\u2019re configured to send or receive emails, another indicator that they may have been registered for use in phishing campaigns.<\/p>\n\n\n\n

Looking at the content of the websites among the brand specific dataset, the majority of domains were inactive by the time of analysis, although several had been flagged as dangerous or deceptive at the browser level, suggesting they may have previously hosted fraudulent sites. Others included pay-per-click links, monetizing the misdirected web traffic attracted to these sites, and potentially driving users to competitor sites. Some of the sites also display banner advertisements to gambling-related or adult sites. Figure 2 shows three examples of websites found to feature live, infringing content.<\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n
\n
\"\"<\/figure>\n<\/div>\n\n
\n
\"\"
Figure 2:<\/strong> Live fraudulent or infringing websites hosted on \u201cwww\u201d or \u201chttp\u201d domains, targeting Apple\u00ae<\/sup> (a potential phishing site), Microsoft\u00ae<\/sup>, and Facebook\u00ae<\/sup>.<\/figcaption><\/figure>\n<\/div>\n\n\n

<\/p>\n\n\n\n

Conclusions<\/strong><\/p>\n\n\n\n

Over one year, CSC\u2019s 3D Domain Monitoring technology identified nearly a quarter of a million registration or drop events of domains designed to be deliberately deceptive, by virtue of the inclusion of the strings \u201cwww\u201d or \u201chttp\u201d at the start. A significant proportion of these appear to target specific brands, with 830 of the events corresponding to just the 10 most valuable brands.<\/p>\n\n\n\n

Several domains were found to resolve (or previously resolved) to infringing content, while 16% of the domains relating to the 10 most valuable brands were configured with active MX records. This indicates they may have been registered for their email function\u2014an indicator of possible phishing campaigns.<\/p>\n\n\n\n

These findings highlight the importance of brand owners employing an active domain monitoring and enforcement program. CSC\u2019s 3D Domain Monitoring technology can detect the registration, re-registration, and dropping of domain names containing brand terms and other keywords of interest\u2014including variants like fuzzy matches and character replacements\u2014across a wide range of extensions. This enables brand owners to identify and mediate the risks associated with infringing third-party domain registration activity.<\/p>\n\n\n\n

If you\u2019d like to find out more about CSC\u2019s 3D Domain Monitoring and Enforcement services, please complete our contact form<\/a> to speak to one of our specialists.<\/p>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name. The most convincing infringements frequently use a domain name that\u2019s deceptively similar to that of the official site of the target brand. This allows a variety of attacks to be executed, including phishing […]<\/p>\n","protected":false},"author":17,"featured_media":10472,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9,7],"tags":[],"class_list":["post-11695","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-brands","category-domains"],"acf":[],"yoast_head":"\nRegistration Patterns of Deceptive Domains | CSC<\/title>\n<meta name=\"description\" content=\"A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name. The most convincing\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Registration Patterns of Deceptive Domains | CSC\" \/>\n<meta property=\"og:description\" content=\"A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name. The most convincing\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/\" \/>\n<meta property=\"og:site_name\" content=\"Digital Brand Services Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/corporationserviceco\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-24T13:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-15T15:12:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cscwebcontentstorage.blob.core.windows.net\/cscmarketing-cscdbs-media\/uploads\/2021\/11\/cscdbsblog_1000x55051.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"550\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Arielle Wallace\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cscdbs\" \/>\n<meta name=\"twitter:site\" content=\"@cscdbs\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Arielle Wallace\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/registration-patterns-of-deceptive-domains\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/registration-patterns-of-deceptive-domains\\\/\"},\"author\":{\"name\":\"Arielle Wallace\",\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/#\\\/schema\\\/person\\\/9f28d3ffdbe4e71bc030903c8037afe8\"},\"headline\":\"Registration Patterns of Deceptive Domains\",\"datePublished\":\"2022-08-24T13:00:00+00:00\",\"dateModified\":\"2026-01-15T15:12:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/registration-patterns-of-deceptive-domains\\\/\"},\"wordCount\":1094,\"publisher\":{\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/registration-patterns-of-deceptive-domains\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cscwebcontentstorage.blob.core.windows.net\\\/cscmarketing-cscdbs-media\\\/uploads\\\/2021\\\/11\\\/cscdbsblog_1000x55051.jpg\",\"articleSection\":[\"Brand Protection\",\"Domains\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/registration-patterns-of-deceptive-domains\\\/\",\"url\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/registration-patterns-of-deceptive-domains\\\/\",\"name\":\"Registration Patterns of Deceptive Domains | CSC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/registration-patterns-of-deceptive-domains\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/registration-patterns-of-deceptive-domains\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cscwebcontentstorage.blob.core.windows.net\\\/cscmarketing-cscdbs-media\\\/uploads\\\/2021\\\/11\\\/cscdbsblog_1000x55051.jpg\",\"datePublished\":\"2022-08-24T13:00:00+00:00\",\"dateModified\":\"2026-01-15T15:12:05+00:00\",\"description\":\"A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name. The most convincing\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/registration-patterns-of-deceptive-domains\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/registration-patterns-of-deceptive-domains\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/registration-patterns-of-deceptive-domains\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cscwebcontentstorage.blob.core.windows.net\\\/cscmarketing-cscdbs-media\\\/uploads\\\/2021\\\/11\\\/cscdbsblog_1000x55051.jpg\",\"contentUrl\":\"https:\\\/\\\/cscwebcontentstorage.blob.core.windows.net\\\/cscmarketing-cscdbs-media\\\/uploads\\\/2021\\\/11\\\/cscdbsblog_1000x55051.jpg\",\"width\":1000,\"height\":550},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/registration-patterns-of-deceptive-domains\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Registration Patterns of Deceptive Domains\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/\",\"name\":\"Digital Brand Services Blog\",\"description\":\"Domains, new gTLDs, brand protection, security & trademark news\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/#organization\",\"name\":\"CSC Digital Brand Services\",\"url\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/cscwebcontentstorage.blob.core.windows.net\\\/cscmarketing-cscdbs-media\\\/uploads\\\/2018\\\/06\\\/cropped-dbs_small.gif\",\"contentUrl\":\"https:\\\/\\\/cscwebcontentstorage.blob.core.windows.net\\\/cscmarketing-cscdbs-media\\\/uploads\\\/2018\\\/06\\\/cropped-dbs_small.gif\",\"width\":200,\"height\":200,\"caption\":\"CSC Digital Brand Services\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/corporationserviceco\",\"https:\\\/\\\/x.com\\\/cscdbs\",\"https:\\\/\\\/www.linkedin.com\\\/showcase\\\/csc-digital-brand-services\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.cscdbs.com\\\/blog\\\/#\\\/schema\\\/person\\\/9f28d3ffdbe4e71bc030903c8037afe8\",\"name\":\"Arielle Wallace\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Registration Patterns of Deceptive Domains | CSC","description":"A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name. The most convincing","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/","og_locale":"en_US","og_type":"article","og_title":"Registration Patterns of Deceptive Domains | CSC","og_description":"A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name. The most convincing","og_url":"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/","og_site_name":"Digital Brand Services Blog","article_publisher":"https:\/\/www.facebook.com\/corporationserviceco","article_published_time":"2022-08-24T13:00:00+00:00","article_modified_time":"2026-01-15T15:12:05+00:00","og_image":[{"width":1000,"height":550,"url":"https:\/\/cscwebcontentstorage.blob.core.windows.net\/cscmarketing-cscdbs-media\/uploads\/2021\/11\/cscdbsblog_1000x55051.jpg","type":"image\/jpeg"}],"author":"Arielle Wallace","twitter_card":"summary_large_image","twitter_creator":"@cscdbs","twitter_site":"@cscdbs","twitter_misc":{"Written by":"Arielle Wallace","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/#article","isPartOf":{"@id":"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/"},"author":{"name":"Arielle Wallace","@id":"https:\/\/www.cscdbs.com\/blog\/#\/schema\/person\/9f28d3ffdbe4e71bc030903c8037afe8"},"headline":"Registration Patterns of Deceptive Domains","datePublished":"2022-08-24T13:00:00+00:00","dateModified":"2026-01-15T15:12:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/"},"wordCount":1094,"publisher":{"@id":"https:\/\/www.cscdbs.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/#primaryimage"},"thumbnailUrl":"https:\/\/cscwebcontentstorage.blob.core.windows.net\/cscmarketing-cscdbs-media\/uploads\/2021\/11\/cscdbsblog_1000x55051.jpg","articleSection":["Brand Protection","Domains"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/","url":"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/","name":"Registration Patterns of Deceptive Domains | CSC","isPartOf":{"@id":"https:\/\/www.cscdbs.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/#primaryimage"},"image":{"@id":"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/#primaryimage"},"thumbnailUrl":"https:\/\/cscwebcontentstorage.blob.core.windows.net\/cscmarketing-cscdbs-media\/uploads\/2021\/11\/cscdbsblog_1000x55051.jpg","datePublished":"2022-08-24T13:00:00+00:00","dateModified":"2026-01-15T15:12:05+00:00","description":"A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name. The most convincing","breadcrumb":{"@id":"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/#primaryimage","url":"https:\/\/cscwebcontentstorage.blob.core.windows.net\/cscmarketing-cscdbs-media\/uploads\/2021\/11\/cscdbsblog_1000x55051.jpg","contentUrl":"https:\/\/cscwebcontentstorage.blob.core.windows.net\/cscmarketing-cscdbs-media\/uploads\/2021\/11\/cscdbsblog_1000x55051.jpg","width":1000,"height":550},{"@type":"BreadcrumbList","@id":"https:\/\/www.cscdbs.com\/blog\/registration-patterns-of-deceptive-domains\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cscdbs.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Registration Patterns of Deceptive Domains"}]},{"@type":"WebSite","@id":"https:\/\/www.cscdbs.com\/blog\/#website","url":"https:\/\/www.cscdbs.com\/blog\/","name":"Digital Brand Services Blog","description":"Domains, new gTLDs, brand protection, security & trademark news","publisher":{"@id":"https:\/\/www.cscdbs.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cscdbs.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cscdbs.com\/blog\/#organization","name":"CSC Digital Brand Services","url":"https:\/\/www.cscdbs.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cscdbs.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/cscwebcontentstorage.blob.core.windows.net\/cscmarketing-cscdbs-media\/uploads\/2018\/06\/cropped-dbs_small.gif","contentUrl":"https:\/\/cscwebcontentstorage.blob.core.windows.net\/cscmarketing-cscdbs-media\/uploads\/2018\/06\/cropped-dbs_small.gif","width":200,"height":200,"caption":"CSC Digital Brand Services"},"image":{"@id":"https:\/\/www.cscdbs.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/corporationserviceco","https:\/\/x.com\/cscdbs","https:\/\/www.linkedin.com\/showcase\/csc-digital-brand-services\/"]},{"@type":"Person","@id":"https:\/\/www.cscdbs.com\/blog\/#\/schema\/person\/9f28d3ffdbe4e71bc030903c8037afe8","name":"Arielle Wallace"}]}},"_links":{"self":[{"href":"https:\/\/www.cscdbs.com\/blog\/wp-json\/wp\/v2\/posts\/11695","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cscdbs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cscdbs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cscdbs.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cscdbs.com\/blog\/wp-json\/wp\/v2\/comments?post=11695"}],"version-history":[{"count":10,"href":"https:\/\/www.cscdbs.com\/blog\/wp-json\/wp\/v2\/posts\/11695\/revisions"}],"predecessor-version":[{"id":14779,"href":"https:\/\/www.cscdbs.com\/blog\/wp-json\/wp\/v2\/posts\/11695\/revisions\/14779"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cscdbs.com\/blog\/wp-json\/wp\/v2\/media\/10472"}],"wp:attachment":[{"href":"https:\/\/www.cscdbs.com\/blog\/wp-json\/wp\/v2\/media?parent=11695"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cscdbs.com\/blog\/wp-json\/wp\/v2\/categories?post=11695"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cscdbs.com\/blog\/wp-json\/wp\/v2\/tags?post=11695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}