Parked Domains Now a Major Source of Scams & Malware – Infoblox Study

Parked Domains Now a Major Source of Scams & Malware – Infoblox Study

February 12, 2026 discoverhiddenusacom Technology

The Dark Side of Domain Parking: Why Typing a Web Address is Now a Risky Business

Direct navigation – simply typing a website address into your browser – has become surprisingly dangerous. A recent study reveals that the vast majority of “parked” domains, those expired or dormant web addresses, are now actively redirecting visitors to malicious sites filled with scams, and malware.

From Placeholder Pages to Threat Delivery Systems

For years, parked domains typically displayed placeholder pages from domain parking companies, attempting to monetize traffic through third-party links. While not entirely risk-free, the chance of encountering malicious content was relatively low. In 2014, research indicated that less than five percent of visits to parked domains resulted in redirection to harmful sites.

However, the landscape has drastically changed. Researchers at Infoblox discovered that over 90% of parked domains now lead to illegal content, scams, scareware, unwanted software subscriptions, or outright malware. This alarming shift transforms previously benign placeholders into potent delivery systems for cyber threats.

How the Redirects Work: Profiling and Targeted Attacks

The process isn’t a simple, direct redirection. Infoblox’s research shows a sophisticated chain of redirects, coupled with extensive visitor profiling. Websites analyse a user’s IP geolocation, device fingerprinting, and cookies to determine the most effective malicious destination.

“It was often a chain of redirects — one or two domains outside the parking company — before threat arrives,” explained David Brunsdon, a threat researcher at Infoblox. “Each time in the handoff the device is profiled again and again, before being passed off to a malicious domain or else a decoy page.”

Typosquatting and the Rise of Lookalike Domains

A key tactic fueling this trend is typosquatting – registering domain names that are common misspellings of popular websites. For example, typing “scotaibank[.]com” instead of “scotiabank[.]com” can lead unsuspecting users directly to malicious content. One domain holder was found to possess nearly 3,000 lookalike domains, including “gmai[.]com,” which is actively accepting email, meaning misdirected messages aren’t bouncing back but are going straight to scammers.

This isn’t limited to financial institutions. Typosquatting domains target major internet destinations like Craigslist, YouTube, Google, Wikipedia, Netflix, TripAdvisor, Yahoo, eBay, and Microsoft. A list of these domains is available here.

VPNs Offer a Layer of Protection, But the Problem Persists

Interestingly, Infoblox found that using a Virtual Private Network (VPN) can shield users from these malicious redirects. Visitors arriving at parked domains via a VPN or non-residential IP address are typically shown a normal parking page. However, those using a residential IP address are far more likely to be redirected to harmful sites.

Government and Security Sites Aren’t Immune

Even official websites aren’t safe. A researcher attempting to report a crime to the FBI’s Internet Crime Complaint Center (IC3) accidentally visited “ic3[.]org” instead of “ic3[.]gov” and was immediately redirected to a scam page claiming a “Drive Subscription Expired.”

Google Adsense Changes and Unintended Consequences

Recent policy changes by Google may have inadvertently exacerbated the problem. While Google Adsense previously allowed ads on parked pages by default, they now require users to actively opt-in. This change, while intended to improve ad quality, may have driven more traffic to less reputable parking services.

The Role of Affiliate Networks and the Lack of Accountability

The Infoblox report emphasizes that the parking companies themselves aren’t necessarily directly responsible for the malicious activity. Traffic is often sold to affiliate networks, who then resell it, creating a complex chain where the final advertiser may have no knowledge of the harmful content being displayed.

What Can You Do to Stay Safe?

The increasing prevalence of malicious content on parked domains highlights the need for heightened vigilance. Here are a few steps you can take to protect yourself:

  • Double-Check URLs: Always carefully verify the web address before entering it into your browser.
  • Use a VPN: Consider using a VPN, especially when accessing websites directly by typing in the address.
  • Keep Your Software Updated: Ensure your operating system, browser, and security software are up to date with the latest security patches.
  • Be Wary of Suspicious Redirects: If you’re unexpectedly redirected to a different website, immediately close your browser and re-enter the original address.

FAQ

Q: What is domain parking?
A: Domain parking is the practise of registering a domain name and displaying advertisements on it, typically while waiting to sell the domain or develop a website.

Q: What is typosquatting?
A: Typosquatting is the practise of registering domain names that are common misspellings of popular websites, with the intent to profit from user errors.

Q: Can antivirus software protect me from these threats?
A: While antivirus software can help detect and block some malware, it’s not foolproof. Staying vigilant and following safe browsing practices is crucial.

Q: Are parked domains always malicious?
A: No, not all parked domains are malicious. However, the risk has increased dramatically, with over 90% now leading to harmful content.

Did you know? Even variations on well-known government domains are now being targeted by malicious ad networks.

Stay informed and protect yourself from the growing threat lurking within parked domains. Share this article with your friends and family to help them stay safe online.