RCN — Typosquat Research

// security research

Typosquat.

Typosquatting is the practice of registering domain names that are one keystroke away from a legitimate site — exploiting human error to intercept traffic, harvest credentials, or distribute malware. Targets are often government portals, banks, and critical infrastructure where users already have an expectation of trust.

The domains listed below are registered and controlled for research purposes, demonstrating how easily high-value targets can be spoofed. None of these domains are used for malicious activity.

Why it's dangerous

🎣

Phishing

A convincing clone of a government login page can harvest credentials from users who mistype the URL — often never realising they hit the wrong site.

☠️

Malware Delivery

Typosquat domains can serve malicious downloads disguised as official software, documents, or security updates from the spoofed organisation.

🕵️

Traffic Interception

Misdirected users can be silently profiled — their IP, browser fingerprint, and behaviour logged — before being redirected to the real site.

Owned typosquat domains

Typosquat

hsbumd.de

→

Real target

hsbund.de

Organisation

Hochschule des Bundes

Controlled

Typosquat

bndbund.de

→

Real target

bnd.bund.de

Organisation

Bundesnachrichtendienst

Controlled

Typosquat

lernplattformbund.de

→

Real target

lernplattform.bund.de

Organisation

Bundesbehörden E-Learning

Controlled

Typosquat

widcert-bund.de

→

Real target

wid.cert-bund.de

Organisation

BSI CERT-Bund WID

Controlled

More domains being registered — this list will be updated as new targets are identified.

Disclaimer: All domains listed here are registered solely for security research and educational purposes. No malicious content is or will be served from these domains. This research demonstrates the real-world risk of typosquatting against German federal infrastructure and is intended to raise awareness among system administrators and end users. If you represent one of the targeted organisations and wish to discuss responsible disclosure, contact tempmailcHJqX1kyMUdhbGt5T@se-rcn.com.