New research from Infoblox Threat Intel shows that parked domains – long treated as harmless and forgotten ad pages – have become a reliable tool for malicious actors. In large‑scale experiments, over 90% of visits to parked domains redirected the visitor to scams, scareware, illegal content or malware, driven by abuse of “direct search/zero‑click” ad systems.
This means that instead of showing a simple ad page, these parked domains instantly send visitors to other websites chosen by advertisers – often without any clicks or warning. Fraud protection mechanisms used by the large parking platforms inadvertently provide cybercriminals with a means to hide from the security industry. Furthermore, policy changes by Google appear to have increased risks for users.
“A decade ago, research showed that parked domains were mostly harmless and rarely more than digital clutter,” said Dr. Renée Burton, Vice President of Infoblox Threat Intel. “Today, our research shows they’ve become almost exclusively malicious. The transformation is stark: What was once internet background noise is now a largely unrecognized persistent and pervasive threat.”
Key Takeaways:
- Direct Search is a highly abused mechanism provided by platforms to lead users who visit a parked domain directly to “advertising” content.
- Very often, these “advertisers” deliver scams and malware.
- The research identifies three major domain portfolio holders (“domainers”) who use advanced tactics – like profiling visitors, exploiting lookalike domains, typo-based email collection and rare DNS tricks including so-called Fast Flux – to steer users either to harmless ad pages or directly into risky sites. Each targets different brands and audiences, making the threat broad and difficult to detect.
- The complex ecosystem makes reporting abuse essentially impossible.