Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Parked and typosquatting domains now redirect most visitors to scams and malware

Target Trend
First reported
Last updated
Happening score
H score 42
1 unique sources, 1 articles

Summary

Hide ▲

Large-scale experiments found parked domains and typosquatting domains now commonly send visitors to scams, scareware, or malware, turning routine mistyped navigation into a high-risk event. The shift matters because more than 90% of visits to these domains were redirected to harmful destinations. The pattern affects people landing on expired or lookalike domains, especially from residential IP addresses, and often relies on redirect chains plus fingerprinting to choose a final lure.

Related Happenings

Vercel v0.dev phishing campaign using GenAI-built lure pages

Campaign
First: 07.05.2026 11:30 Last: 07.05.2026 11:30 Sources 1

About this happening: A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...

Open Happening

Broad Keitaro TDS abuse across more than 120 campaigns

Target Trend
First: 27.04.2026 09:33 Last: 27.04.2026 09:33 Sources 1

About this happening: **Keitaro TDS** was abused by **more than 120 distinct campaigns** between **October 2025 and January 2026**, showing a broad recurring pattern of malicious link delivery and spam...

Open Happening

TikTok for Business phishing campaign using Turnstile and reverse proxy

Campaign
First: 26.03.2026 16:09 Last: 26.03.2026 16:09 Sources 1

About this happening: A **phishing campaign** is targeting **TikTok for Business accounts** and uses **Cloudflare Turnstile** to block automated analysis before exposing a **reverse-proxy** credential-...

Open Happening

Ip6.arpa reverse-DNS phishing campaign using IPv6 tunneling

Campaign
First: 08.03.2026 16:12 Last: 08.03.2026 16:12 Sources 1

About this happening: A **phishing campaign** is abusing **ip6.arpa reverse DNS** and **IPv6 tunneling** to slip past domain reputation checks and **email security gateways**, making malicious links ha...

Open Happening

Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations

Threat Actor Meta
First: 05.03.2026 08:51 Last: 05.03.2026 08:51 Sources 1

About this happening: **Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....

Latest development: 17.05.2026 17:43

eSentire says Tycoon2FA now uses device-code phishing to target Microsoft 365 accounts, with invoice-themed lure emails carrying Trustifi click-tracking URLs that redirect through Trustifi, Cloudflare Workers, obfuscated JavaScript layers, and a fake Microsoft CAPTCHA page before sending victims to microsoft.com/devicelogin. The kit also adds anti-analysis defenses, including detection of Selenium, Puppeteer, Playwright, and Burp Suite, plus blocks for security vendors, VPNs, sandboxes, AI crawlers, and cloud providers.

Open Happening

Timeline

  1. 16.12.2025 16:14 2 articles · 5mo ago

    Infoblox publishes parked-domain redirect findings

    Initial Disclosure

    Infoblox published findings that parked and typosquatting domains now commonly redirect direct-navigation traffic to illegal content, scams, scareware, anti-virus software subscriptions, or malware, with over 90% of tested visits going to harmful destinations and redirects varying by residential IP address versus VPN or non-residential access.

    Show sources
    Open in new tab