Cybercriminals intentionally register domains or upload files with misspellings (e.g., “ziilp” instead of “zip”) to bypass antivirus signatures based on known strings. They also exploit users who copy-paste forum errors.