Have I Been Squatted?(haveibeensquatted.com)
haveibeensquatted.com
Have I Been Squatted?
https://haveibeensquatted.com/
40 comments
Yes it does, you can take a peak into the internals over here - https://github.com/JuxhinDB/twistrs/blob/3b20ed48c0c567a72d8...
It looks like it detects, among other things, all domains with edit distance one from your domain. That's a superset of all bit squat domains.
Hey folks, I'm the co-author of the project. I wasn't aware that this was posted on Hackernews which in fact explains the absolute explosion of traffic that has been coming through! Here's a re-post from my original Reddit post. Long story short, we got hugged to death, which is a far larger reaction that we anticipated. :-)
HIBS is a small side project in [Rust](https://github.com/JuxhinDB/twistrs) & React that allows users to search whether domains have been typosquatted (an increasing security risk). It's meant to be a platform to eventually enable users to continuously and freely monitor their domains similar to ;--have i been pwned?.
The current version is very much in an alpha state but we released it in order to gauge community interest and receive your feedback on what can be added and improved. Hope you have fun with it and feel free to ask any questions!
HIBS is a small side project in [Rust](https://github.com/JuxhinDB/twistrs) & React that allows users to search whether domains have been typosquatted (an increasing security risk). It's meant to be a platform to eventually enable users to continuously and freely monitor their domains similar to ;--have i been pwned?.
The current version is very much in an alpha state but we released it in order to gauge community interest and receive your feedback on what can be added and improved. Hope you have fun with it and feel free to ask any questions!
[deleted]
Putting your info in seems like a good way to get squatted.
A few years ago I had a beer with a guy who was doing just that: registering unregistered domains automatically when someone hit them. He was bragging it was a good business, but who knows.
Are you sharing anything except a domain name + the fact that you might be interested in the topic of squatting?
I think it’s low signal compared to traffic volume / search indices / visitor intent
Someone's going to invest potentially 100s of dollars a year x 100s of inputs it gets?
The open internet is crawlable. This seems pretty far from a risk vector.
The open internet is crawlable. This seems pretty far from a risk vector.
[deleted]
Getting a lot of:
Firefox can’t establish a connection to the server at wss://haveibeensquatted.com:3000/ws.
and Firefox can’t establish a connection to the server at wss://haveibeensquatted-xca5n.ondigitalocean.app/ws.Looks like a dev build that opens a web socket connection up to port 3000, probably for live reload or something. I am guessing they just got it working with create react app or something and shipped it as is, without rebuilding a production version.
Hug of death?
That's unfortunate. What did it do?
It works for me now. It checks if any other domains have been registered to trick people into thinking it's your website.
For example, I put in one of my websites (https://packetlosstest.com), and it gives the following:
For example, I put in one of my websites (https://packetlosstest.com), and it gives the following:
Domain IPs HTTP banner WHOIS
packetlosstest.arab 127.0.53.53
packetl.osstest.com 54.161.222.85
34.205.242.146
packelosstest.com 103.224.182.210 Apache/2.4.38 (Debian) Domain Name: PACKELOSSTEST.COM
Registry Domain ID: 2659396158_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.dynadot.com
Registrar URL: http://www.dynadot.com
…
packetlos.stest.com 59.110.61.108 nginx
packetlo.sstest.com 54.161.222.85
34.205.242.146
packetlosstest.com 34.196.254.27 Netlify Domain Name: PACKETLOSSTEST.COM
35.229.48.116 Registry Domain ID: 2374572514_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
…
The last one is my actual site, and the other five are apparently scammers preparing to impersonate me.I had a look at your personal site (linked from the one you posed) and I don't know how (or why) you dare to put so much of your personal information online. What's the worst that could happen? I don't know, but identity theft is up there and can have significant consequences.
You can do this yourself using DNSTwist
https://github.com/elceef/dnstwist
https://github.com/elceef/dnstwist
Also a shoutout to opensquat - https://github.com/atenreiro/opensquat
This is trying to make an outbound connection on port 3000 using a remote-access JS. Any reason why this is the case? Blocked by Little Snitch
I can’t speak for them, but that’s a common port for web app development. Could be the code that watches for changes and autoreloads trying to hit the development backend to see if it should update the page.
Deploy the production build of your app, people!
Deploy the production build of your app, people!
That's definitely what it is. My React dev tools light up on this site, saying the page is using the development build of React.
I run a domain tool called Newsy (https://newsy.co) so I have a plenty of domain squatting stories.
- A pretty famous one - gail.com - people mis-typing gmail.com but it gets a lot of traffic!
- I once hosted none.com.au domain - the user told me that people mis-type "nine.com.au" (nine.com.au is a TV Channel 9 website partnered with Microsoft - used to be called NineMSN?)
- A user I know also had the exact same domain name as another very popular site, but had ".net" TLD and was receiving ~8000 visits per day. He put a simple google ads on it and took a nice chunk of passive income.
- A pretty famous one - gail.com - people mis-typing gmail.com but it gets a lot of traffic!
- I once hosted none.com.au domain - the user told me that people mis-type "nine.com.au" (nine.com.au is a TV Channel 9 website partnered with Microsoft - used to be called NineMSN?)
- A user I know also had the exact same domain name as another very popular site, but had ".net" TLD and was receiving ~8000 visits per day. He put a simple google ads on it and took a nice chunk of passive income.
Say I have been squatted. What do I do about it?
A few things:
- You contact their hosting provider and report it.
- Check if the top-level domain registrar has a form for it and report it.
- If your trademark has been infringed, you can create a Uniform Domain Name Dispute Resolution Policy (UDRP) against the registrant [1]
- You setup DKIM, SPF and DMARC on your domain to avoid them from spoofing your domain.
[1] https://www.icann.org/resources/pages/filing-udrp-2013-05-21...
- You contact their hosting provider and report it.
- Check if the top-level domain registrar has a form for it and report it.
- If your trademark has been infringed, you can create a Uniform Domain Name Dispute Resolution Policy (UDRP) against the registrant [1]
- You setup DKIM, SPF and DMARC on your domain to avoid them from spoofing your domain.
[1] https://www.icann.org/resources/pages/filing-udrp-2013-05-21...
Not much unless they are deliberately copying your content and doing illegal things. I just found out our company name has been copied but they are offshore.
I don't know if it was intentionL or not, but the typo in the og hn article "sqautted" was a brilliant joke.
Reminds me of the excellent https://dnstwister.report/
My react-dev-tools is saying that the site "is using the development build of React."
I'm a big fan of the typo in the title :)
I hope they keep that easter egg.
Too bad it's not there in the domain name :'(
See:
"Bit-squatting – DNS hijacking by cosmic rays/memory errors" (2011)
https://news.ycombinator.com/item?id=2944445
"What Flips Your Bit: Cosmic Ray Errors at Mozilla" (2022)
https://news.ycombinator.com/item?id=31016042