A spate of dodgy domain names that attempt to imitate some of the internet's most popular websites have been visited at least 12 million times in 2018 so far.
According to a report by indpendent security journalist Brian Krebs, the internet has been flooded with a range of websites that end in ".cm" - the domain suffix for Cameroon - and attempt to mimic sites like ESPN.com. Organisations such as PayPal, it should be noted, also register a .cm web address and re-direct the mis-spelled URLs to the correct address.
Brian Krebs described the plethora of typosquatting websites as "potentially malicious", intended to trick internet users into thinking they are legitimate .com websites. Instead, they typically bombard visitors with fake security alerts intended to persuade them to buy security software that is anything but secure.
On 30 March, Krebs received a tip-off from a reader who had come across a four-year old access log for a network of 1,000 dot-cm typosquatting domains.
"The logs - which include detailed records of how many people visited the sites over the past three years and from where - were deleted shortly after that comment was posted here, but not before KrebsOnSecurity managed to grab a copy of the entire archive for analysis," wrote Krebs.
These logs contained geographic data about 25,000 internet addresses that accessed the domains during February 2018, with the majority of them based in the United States.
Security specialist Matthew Chambers, who conducted a three-month analysis into the logs, believes that people visited the sites around 12 million times in the first quarter of 2018 alone.
After omitting bots and search engine scrapers from the analysis, he identified 2,200,160 unique IP addresses in January; 3,352,032 in February; and, 3,197,119 unique IPs in March.
This data not only equates to 12 million hits at the start of 2018, but an estimated 50 million annually.
Krebs wrote that it "seems clear this network could make its operators a pretty penny regardless of the content that ends up getting served through it".
Chambers also conducted reverse DNS look-ups of the IP addresses that accessed the dodgy domains, with many of them resolving to .gov or .mil - US government and military organisations. NASA domains apparently accessed a typosquatting website 104 times; the Department of Justice, 80 times; and the CIA, six times.
He told Krebs: "I've been diving thru the data thus far, and came up with some interesting visitors. I pulled those when it was easy to observe that a particular agency owned a large range of IPs."
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff