2 min read

X’s Enforced URL Substitution to X.com Domains, an Invitation to Phishing Attacks


April 11, 2024

Promo Protect all your devices, without slowing them down.
Free 30-day trial
X’s Enforced URL Substitution to X.com Domains, an Invitation to Phishing Attacks

X, the social media formerly known as Twitter, has started automatically modifying links that ended in “twitter.com” to read as “x.com.”

Since the modification on April 9, the platform reads any web page ending in “twitter.com” as “x.com.” Although no actual redirection happened, the website renders any link ending in the platform’s old domain to display the new one.

X Eager to Shed its Former Twitter Identity

The move seems to align with the company’s arduous push to shed even the last remainder of the old platform’s identity. However, it could have exposed its significant user base to a world of trouble.

It’s worth noting that the mechanism acted indiscriminately; in other words, any website ending in “twitter.com” would have its termination pivoted to “x.com.”

The company’s bold move triggered a chain reaction in the ranks of disheartened or concerned users, who registered no less than 60 domains to prove its inefficacy.

Domains like “fedetwitter[.]com,” “roblotwitter[.]com,” “neobutwitter[.]com,” and other domains ending in “twitter.com” have been registered over the past few days.

Attempting to access any of these domains from within X would automatically truncate them to their Twitter-less counterpart, turning them into URLs ending in x.com (i.e., fedetwitter to fedex, roblotwitter to roblox).

One of the phony domain registrants took it a step further to demonstrate the perils of simple URL substitution and how it could lead to dangerous situations.

Upon accessing the link, users would be prompted with a message letting them know they’ve landed on a “honeypot” page while ridiculing the company’s decision to implement flawed URL substitution rules.

Poorly Implemented URL Substitution Could’ve Spelled Disaster

Fortunately, the company recognized the mistake and hit the killswitch on the recently imposed mechanism, so the platform no longer pivots any domain ending in “twitter.com” to “x.com.”

The dangers of URL substitution are significant, particularly on a widely used platform like Twitter, which is already rife with scams. Left untouched, the mechanism would have paved the way for threat actors to get creative by registering rogue domains and lacing them with phishing forms or other malicious content.

Dodging URL Substitution Scams and Other Threats

To prevent URL substitution situations from jeopardizing your digital well-being, always check if the link you want to access is the one you land on. Many factors could make this daunting, however, which is why specialized software could significantly boost your defenses.

Security solutions like Bitdefender Ultimate Security can help you detect and avoid fraudulent websites, phishing attempts, malicious content, and other intrusions.




Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like