Typosquatting & URL Hijacking

Protecting users from accidental keystrokes and deceptive look-alike domains.

Attackers register domains that are nearly identical to popular services, hoping a user will mistype a URL or fail to notice a subtle difference in a link.

How We Detect Look-alikes

Character Anomaly Detection

We calculate the similarity gap between the visited URL and your protected domains. If a domain is deceptively similar (e.g., microsft.com instead of microsoft.com), it triggers an alert.

Combo-Squatting

Detecting domains that combine a legitimate brand name with other keywords, usually to imply security or urgency.
login-microsoft-secure.com

Common Techniques We Block

  • Omission: gogle.com (missing 'o')
  • Repetition: faceboook.com (extra 'o')
  • Transposition: amzaon.com (swapped 'z' and 'a')
  • Substitution: linkcdin.com ('c' looks like 'e')
  • TLD Swapping: company.net instead of company.com

Heuristic Analysis

Arx doesn't require a blacklist of all possible misspellings. Our engine dynamically computes similarity scores in real-time within the browser extension, protecting against infinite variations of typosquatting domains.