CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Majority of Parked Domains Redirect to Malicious Content

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A new study by Infoblox reveals that over 90% of parked domains now redirect visitors to malicious content, including scams, malware, and phishing sites. This shift represents a significant increase from a decade ago, when such redirects were rare. The malicious redirects primarily target users accessing these domains from residential IP addresses, while VPN users or non-residential IPs see benign parking pages. The study also identified a specific domain holder using typosquatting domains to target major websites and services, including Gmail, YouTube, and government sites like the FBI's IC3.

Timeline

  1. 16.12.2025 16:14 1 articles · 3h ago

    Infoblox Study Reveals Over 90% of Parked Domains Redirect to Malicious Content

    A new study by Infoblox found that over 90% of parked domains now redirect visitors to malicious content, including scams, malware, and phishing sites. The study also identified a specific domain holder using typosquatting domains to target major websites and services, including Gmail, YouTube, and government sites like the FBI's IC3. The malicious redirects primarily target users accessing these domains from residential IP addresses, while VPN users or non-residential IPs see benign parking pages.

    Show sources
    Open in new tab

Information Snippets

  • Over 90% of parked domains now redirect visitors to malicious content, including scams, malware, and phishing sites.

    First reported: 16.12.2025 16:14
    1 source, 1 article
    Show sources

  • Malicious redirects primarily target users accessing parked domains from residential IP addresses.

    First reported: 16.12.2025 16:14
    1 source, 1 article
    Show sources

  • VPN users or those accessing from non-residential IPs see benign parking pages.

    First reported: 16.12.2025 16:14
    1 source, 1 article
    Show sources

  • A specific domain holder uses typosquatting domains to target major websites and services, including Gmail, YouTube, and government sites.

    First reported: 16.12.2025 16:14
    1 source, 1 article
    Show sources

  • The malicious redirects involve a chain of redirects and profiling of the visitor's system using IP geolocation, device fingerprinting, and cookies.

    First reported: 16.12.2025 16:14
    1 source, 1 article
    Show sources

  • The domain parking services claim their search results are relevant to the parked domains, but the content displayed is often unrelated.

    First reported: 16.12.2025 16:14
    1 source, 1 article
    Show sources

  • A different threat actor exploits typos in DNS configurations to drive users to malicious websites, particularly when using Cloudflare’s DNS resolvers.

    First reported: 16.12.2025 16:14
    1 source, 1 article
    Show sources

  • The malicious activity is not attributed to any known party, and the domain parking or advertising platforms named in the study were not implicated in the malvertising.

    First reported: 16.12.2025 16:14
    1 source, 1 article
    Show sources