Forgot your password?
Close
typodupeerror
Security The Internet

Most Parked Domains Now Serving Malicious Content (krebsonsecurity.com) 37

Posted by BeauHD from the PSA dept.
An anonymous reader quotes a report from KrebsOnSecurity: Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to redirect visitors to sites that foist scams and malware. When Internet users try to visit expired domain names or accidentally navigate to a lookalike "typosquatting" domain, they are typically brought to a placeholder page at a domain parking company that tries to monetize the wayward traffic by displaying links to a number of third-party websites that have paid to have their links shown.

A decade ago, ending up at one of these parked domains came with a relatively small chance of being redirected to a malicious destination: In 2014, researchers found (PDF) that parked domains redirected users to malicious sites less than five percent of the time -- regardless of whether the visitor clicked on any links at the parked page. But in a series of experiments over the past few months, researchers at the security firm Infoblox say they discovered the situation is now reversed, and that malicious content is by far the norm now for parked websites. "In large scale experiments, we found that over 90% of the time, visitors to a parked domain would be directed to illegal content, scams, scareware and anti-virus software subscriptions, or malware, as the 'click' was sold from the parking company to advertisers, who often resold that traffic to yet another party," Infoblox researchers wrote in a paper published today.
This discussion has been archived. No new comments can be posted.

Most Parked Domains Now Serving Malicious Content More

Most Parked Domains Now Serving Malicious Content

Comments Filter:

  • scum all day (Score:5, Insightful)

    by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Friday December 19, 2025 @09:22AM (#65868741) Homepage Journal

    A lot of people think that social networks are the lowest form of shit on the internet, but in fact it's domain squatters. The practice should be illegal, punishable by both fines and being forced to sell the domain in an open auction for whatever the market will bear or relinquish it without recompense within 30 days.

    • Actually, it's domain registrars who 'park' domains and sell the access to scum.

      • Actually, it's domain registrars who 'park' domains and sell the access to scum.

        ACKTUALLY they are far from the only offenders.

        • Being one of many does not make you less guilty.

          • Being one of many does not make you less guilty.

            What it does is make your statement false and reveal your ignorance.

            • And I live rent free in your head. Honestly, is that all there is for you?

              • It's amazing how enthusiastically you miss the point over and over again. It's almost like you're stupid.

                • And all this time I thought the point was you were trying to prove how clever you were, how stupid I am, how I don't get it, and how you are just superior. Which of course you don't think I get because I don't believe you. Why would I? Why would you believe me if I said the same things to you? We all think we're right. And in the end it's all a big whoosh.

                  • I wasn't trying to prove anything, I was commenting on your exchange and making an observation about your deliberate disingenuousness and/or inability to focus.

          • That was not the argument.

            When you can maintain a train of thought long enough to have a meaningful one, come on back and I'll make it obvious you're clueless without having to feel bad about it.

  • how'd it take this long? (Score:4, Interesting)

    by v1 ( 525388 ) on Friday December 19, 2025 @09:22AM (#65868743) Homepage Journal

    What shocks me here is how long it took to become such a popular thing? Parking domains isn't that expensive, but certainly isn't free, especially in large numbers. The people doing the parking are basically squatting on property they speculate will have value down the road. They may as well collect a little "rent" on them while they squat?

    I can remember when "domain tasting" first became a thing, I looked at it and thought, "This is a TERRIBLE idea, it's going to make it more expensive for people to start up their own web site and 'interesting' domains are going to be unobtainable by the average person just because some squatter thinks they're parked on gold." No random person is going to pay thousands of dollars for a domain name they fancy just for a hobby, so it's just going to stifle small private sites.

    I don't know how it currently works, but back when it started you could "taste" a domain for months almost for free, and there was nothing stopping you from "tasting" it again the instant your current taste expired, So you could squat domains for an unlimited time almost for free. "gee, nobody would ever abuse that!"

    Though now with the explosion of TLDs, it's widened the market so far that the squatters are finding it hard to cover all the bases. Raise their rent! (and make the price go up exponentially to KEEP it parked) Watch the squatters scurry away like the cockroaches they are!

  • I accidentally misspelled Slashdot and got redirected to a "you're infected" page.

  • You will never find a more wretched hive of scum and villainy. We must be cautious.

  • Its people typing in domains, and going to random websites, yeah that's the problem! /sarc. More like its that the world wide web has become a transfer of executables, such that you can basically run an OS https://www.windows93.net/ [windows93.net] just think of the possibilities of running that level of code over just a basic document like how things used to be

    • Agreed. What's needed is a way to do essentially the same thing as AJAX without any client JS. There would be more latency with the processing happening on the server side, but that's an acceptable tradeoff for many purposes where it doesn't matter much.

  • My research supports their conclusions (Score:5, Interesting)

    by Arrogant-Bastard ( 141720 ) on Friday December 19, 2025 @09:36AM (#65868775)
    I've been looking at domains for 20+ years, and have a database with information on several hundred million of them. (1) Typosquatting is epidemic. (2) I see no signs that anyone -- not ICANN, not registrars, not web hosts -- is even attempting to do anything about it. (3) Registrar bulk pricing structures are clearly geared to cater to this market. (4) Registrar practices strongly encourage registrants to burn through domains as rapidly as possible -- that is, to use them for fraud or malware or phishing or whatever, then discard them, leaving them permanently unusable for everyone. (5) A conservative estimate of the fraction of extant junk domains -- where "junk" includes typosquatting, fraud, phishing, malware distribution, etc. -- is 90%. A realistic estimate is 95%. And I wouldn't disagree if someone advanced an estimate of 99% -- I think that's a bit high, but it's certainly plausible.

    It's really that bad. And it's going to stay that bad, because everyone involved -- ICANN, registrars, hosts -- is making a fortune off this.

    Defending against this is difficult, but one useful tactic is to use DNS RPZ to block resolution of entire TLDs, e.g., .xyz -- and to make point exceptions if/when they become necessary. I recommend doing this for all of the recent gTLDs, because they're completely overrun. I also recommend doing it for any newly-announced gTLDs, because they will be the same, shortly after launch: there's no point in waiting.
    • Pretty much any DNS filtering software can block parked and newly-registered domains.

      Though we shouldn't have to. Companies like GoDaddy need to get up off their asses.

      • Companies like GoDaddy need to get up off their asses.

        Companies like GoDaddy got up off their asses and sold domains as they were permitted to do. They aren't required to do any diligence beyond recording ostensible contact information which they aren't required to verify.

    • Re: (Score:2)

      by tlhIngan ( 30335 )

      Nevermind registrars used to provide domain parkers with heads up notices that an expired domain will be coming up so they can grab them first instead of letting them expire and someone else grabbing them. This includes domains by other domain parkers, so you end up a domain changing hands as each gives it a try to "win the jackpot".

      I've seen some sites that were parked because they expired, and they wanted like $1250 for it. Not sure how they came up with that figure, as it was a relatively obscure domain

  • Indeed. Look at sun.com (Score:5, Funny)

    by Viol8 ( 599362 ) on Friday December 19, 2025 @10:09AM (#65868851) Homepage

    Takes you to Oracle!

  • Funny how Google's role is basically a footnote at the end of Krebs' article. "Infoblox also pointed out that recent policy changes by Google may have inadvertently increased the risk"

    Over 20-25 years Google pushed for and normalized a system which prevented domain owners from having any control over the content on their parked sites. That was marginally acceptable when it was Google controlling the sites, but now that they're gone it leaves the doors wide open to abusive actors.

    Google bought Oingo over 20

  • ... as is a redo of the Web itself. We need decoupled namecoin/blockchain bases DNS combined with some WebFS-style offline capable thing. Perhaps even a redo of HTML and Web renderers themselves, they are a historically grown mess. Most of the Web and E-Mail (over 90%) these days is just trackers, scam and juck-ridden garbage.

Slashdot Top Deals

Your code should be more efficient!

Close