New research from Infoblox Threat Intel has revealed that parked domains are no longer harmless ad pages. Instead, they have become a reliable tool for malicious actors, the company announced.

The study reported that in large-scale experiments, more than 90% of visits to parked domains resulted in redirections to scams, scareware, illegal content, or malware. These redirections were driven by the abuse of “direct search” or zero-click advertising systems.

As a result, instead of displaying a basic ad page, parked domains immediately send visitors to advertiser-selected websites. In many cases, this happens without any user interaction or warning, the research revealed.

Infoblox also reported that fraud protection mechanisms used by major domain parking platforms are unintentionally helping cybercriminals evade detection by the security industry. Furthermore, policy changes introduced by Google appear to have increased the overall risk to users.

“A decade ago, research showed that parked domains were mostly harmless and rarely more than digital clutter,” said Dr. Renée Burton, Vice President of Infoblox Threat Intel. However, she added that current findings show parked domains have become almost exclusively malicious. The shift, she noted, represents a persistent and largely unrecognized threat.

Key findings reported in the research include:

• Direct Search is widely abused to send users from parked domains straight to advertising content.
• Many of these advertisers deliver scams, scareware, or malware.
• Three major domain portfolio holders use advanced tactics such as visitor profiling, lookalike domains, typo-based email collection, and DNS techniques like Fast Flux to redirect users to risky sites or harmless pages selectively.

According to Infoblox, the complex ecosystem surrounding parked domains makes abuse reporting nearly impossible, further complicating efforts to protect users online

Related post

View all