← Back to detection methods

Bitsquatting

Detection of domain names that exploit single-bit memory errors to redirect traffic.

What is Bitsquatting?

Bitsquatting is a sophisticated attack technique that exploits hardware-level memory errors (bit flips) to redirect users to malicious websites. When a single bit in memory changes due to cosmic rays, electromagnetic interference, or hardware faults, it can alter domain names being processed.

Attackers register domains that are one bit different from legitimate domains, anticipating that memory errors will occasionally redirect traffic to their malicious sites.

How We Detect It

Our system calculates all possible single-bit variations of your monitored keywords by:

  • Converting each character to its binary representation
  • Flipping each bit one at a time
  • Converting back to characters and checking if the result forms a valid domain
  • Matching against newly registered domains

Real-World Examples

Character 'g' → 'c' Bit Flip

1-bit diff
google.comcoogle.com

Binary: 01100111 (g) → 01100011 (c)

A single bit flip changes 'g' to 'c', creating a domain that could catch memory errors.

Character 'a' → 'c' Bit Flip

1-bit diff
amazon.comcmazon.com

Binary: 01100001 (a) → 01100011 (c)

Flipping the second bit transforms 'a' to 'c', targeting potential hardware errors.

Number '0' → '1' Bit Flip

1-bit diff
web20site.comweb21site.com

Binary: 00110000 (0) → 00110001 (1)

The least significant bit changes '0' to '1', a common bit flip pattern.

Why Bitsquatting is Dangerous

  • Hardware exploitation: Takes advantage of physical computer errors
  • Difficult to detect: Users never intentionally typed the malicious domain
  • Intermittent attacks: Only works when memory errors occur
  • High success rate: Victims have no reason to suspect anything is wrong

Detection Accuracy

Our bitsquatting detection is highly precise because it only flags domains that are exactly one bit different from your keywords. This mathematical approach means:

  • Very low false positive rate
  • Catches even the most sophisticated bit-flip attempts
  • Works for any character set or domain format

Protection Strategy

While bit flips are rare, bitsquatting domains represent a serious threat because they're nearly impossible for users to detect. Our monitoring helps you:

  • Identify potential bitsquatting domains before they're used in attacks
  • Take proactive legal action against malicious registrations
  • Consider defensively registering critical bit-flip variations

Learn More

Explore our other detection methods to understand how we provide comprehensive brand protection:

Levenshtein Distance →Typosquatting →Homograph Attacks →