Parked and typosquatting domains now redirect most visitors to scams and malware
Trend
Summary
Hide ▲
Show ▼
Large-scale experiments found parked domains and typosquatting domains now commonly send visitors to scams, scareware, or malware, turning routine mistyped navigation into a high-risk event. The shift matters because more than 90% of visits to these domains were redirected to harmful destinations. The pattern affects people landing on expired or lookalike domains, especially from residential IP addresses, and often relies on redirect chains plus fingerprinting to choose a final lure.
Related Happenings
U.S. Justice Department seizes World Cup piracy domains
Law Enforcement
H score67
First: 29.06.2026 14:21
Last: 29.06.2026 14:21
Sources 1
About this happening:
The **U.S. Justice Department's Criminal Division** seized **nearly 400 web domains** tied to **illegal FIFA World Cup streaming**, disrupting a piracy operation built on domain i...
U.S. Justice Department seizes World Cup piracy domains
Law EnforcementAbout this happening: The **U.S. Justice Department's Criminal Division** seized **nearly 400 web domains** tied to **illegal FIFA World Cup streaming**, disrupting a piracy operation built on domain i...
Chrome extension PUP distribution network with fake organic traffic
Malware Activity
H score18
First: 15.06.2026 14:07
Last: 15.06.2026 14:07
Sources 1
About this happening:
A network of **152 Google Chrome extensions** is distributing a **potentially unwanted program (PUP) family** through new-tab live-wallpaper add-ons, creating a broad browser-base...
Chrome extension PUP distribution network with fake organic traffic
Malware ActivityAbout this happening: A network of **152 Google Chrome extensions** is distributing a **potentially unwanted program (PUP) family** through new-tab live-wallpaper add-ons, creating a broad browser-base...
FBI public service announcement on fake FIFA websites
Public Sector Action
H score21
First: 28.05.2026 22:08
Last: 28.05.2026 22:08
Sources 1
About this happening:
The **FBI** and security researchers warn that **FIFA-themed fraud** is already targeting **World Cup 2026** fans ahead of the **June 11 kickoff**. Reported activity includes **mo...
FBI public service announcement on fake FIFA websites
Public Sector ActionAbout this happening: The **FBI** and security researchers warn that **FIFA-themed fraud** is already targeting **World Cup 2026** fans ahead of the **June 11 kickoff**. Reported activity includes **mo...
Ghost Stadium FIFA World Cup fraud campaign
Campaign
H score41
First: 27.05.2026 14:28
Last: 27.05.2026 14:28
Sources 1
About this happening:
A **Ghost Stadium**-linked **FIFA impersonation fraud campaign** is targeting **2026 FIFA World Cup** fans with cloned **fifa.com** pages, fake ticket and hospitality offers, and...
Ghost Stadium FIFA World Cup fraud campaign
CampaignAbout this happening: A **Ghost Stadium**-linked **FIFA impersonation fraud campaign** is targeting **2026 FIFA World Cup** fans with cloned **fifa.com** pages, fake ticket and hospitality offers, and...
Vercel v0.dev phishing campaign using GenAI-built lure pages
Campaign
H score29
First: 07.05.2026 11:30
Last: 07.05.2026 11:30
Sources 1
About this happening:
A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...
Vercel v0.dev phishing campaign using GenAI-built lure pages
CampaignAbout this happening: A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...
Timeline
-
16.12.2025 16:14 2 articles · 6mo ago
Infoblox publishes parked-domain redirect findings
Initial DisclosureInfoblox published findings that parked and typosquatting domains now commonly redirect direct-navigation traffic to illegal content, scams, scareware, anti-virus software subscriptions, or malware, with over 90% of tested visits going to harmful destinations and redirects varying by residential IP address versus VPN or non-residential access.
Show sources
- Most Parked Domains Now Serving Malicious Content — krebsonsecurity.com — 16.12.2025 16:14
- Most Parked Domains Now Serving Malicious Content — krebsonsecurity.com — 16.12.2025 16:14