Investigating Legitimate Companies’ Use of Combosquatting-Like Domains

This study presents a preliminary investigation into the phenomenon of legitimate companies adopting combosquatting-like domains. Combosquatting, a tactic where attackers register domain names blending a recognized trademark with additional phrases, poses significant cybersecurity threats. However, less attention has been paid to legitimate companies registering similar domains. Our research aims to fill this gap, exploring the motivations behind such registrations and their potential impact on consumer trust and brand integrity. We employed a five-step methodology, starting with compiling a comprehensive trademark list from the Tranco Top 500, Forbes Fortune 500, and Forbes Best Brands for Social Impact. Focusing on top-level domains (.com, .net, .org, .info), we generated a dataset of potential combosquatting instances from 168 million domains. Using python-whois, dnspython, and Python SSL library, we collected infrastructure-level data for these domains. We then identified domains indicative of shared ownership through high-confidence parameters like shared certificate serial numbers and WHOIS data. Our findings, based on 697 high-confidence shared ownership domains from 145 unique trademarks, reveal various motivations for such registrations, including defensive strategies, marketing, and brand segmentation. We categorized these into defensive registrations, different purposes or products, strategic navigation redirects, and regional sites. We argue that while most occurrences are benign, some domains without redirection could cause user confusion. Therefore, structurally organizing online presence without redirection through subdomains or paths might be more beneficial for companies. This qualitative analysis sets the stage for a future quantitative study employing machine learning models to classify shared ownership across an extensive dataset. Our preliminary results suggest the feasibility of such a model, highlighting the relevance of certificate, DNS and WHOIS information in determining shared ownership. This research contributes to a deeper understanding of combosquatting-like registrations among legitimate businesses, emphasizing the importance of security-aware domain strategy in maintaining digital brand integrity and consumer trust.