Parked Domains Become Weapons with Direct Search Advertising

Dec. 21, 2025, 7:35 p.m.

Description

Parked domains are increasingly being weaponized through direct search advertising, posing significant risks to users. The investigation found that over 90% of visits to parked domains led to scams, malware, or unwanted content. Three key actors were identified: one using lookalike domains and mail collection, another employing sophisticated 'double fast flux' techniques, and a third exploiting DNS configuration typos. These actors actively profile visitors and selectively redirect traffic to malicious advertisers. The complexity of the advertising ecosystem makes it difficult to trace the origin of threats. Recent policy changes and the rise of AI may inadvertently increase risks associated with parked domains.

External References

https://blogs.infoblox.com/threat-intelligence/parked-domains-become-weapons-with-direct-search-advertising
https://otx.alienvault.com/pulse/6942be15df5bec2ffa9b395d
Tags
malvertising
typosquatting
traffic distribution systems
dns abuse
2025-12-17
babar
direct search advertising
domain parking
fast flux
parked domains
tedy

Date

  • Created: Dec. 17, 2025, 2:28 p.m.
  • Published: Dec. 17, 2025, 2:28 p.m.
  • Modified: Dec. 21, 2025, 7:35 p.m.

Indicators

  • c3f1f456419f39f19c9e0d5aae2b50f701abe517a3cc2952869e516b260dbf88
  • 86586f6954da38e5a5df7e56334ef98e74838dee68de0355ae4fe03d36c82502
  • 4a3497d66a64c22342d855d2da370c9a4351e6403bbd224093c4b348bd611df4
  • 85.209.129.9
Download all indicators here!

Attack Patterns

  • Tedy
  • Babar

Additional Informations

  • ns2.torresdns.com
  • installupdate.online
  • lemaymotors.com
  • nojs.domaincntrol.com
  • ww2.mavilibeyazajans.com
  • colaureat.icu
  • arentmarket.com
  • numbatdns.com
  • gambel.law
  • velixnero.co.in
  • chatterjamtagbirdfile.monster
  • safezonefirewall.com
  • usaconnect.com
  • uasecho.com
  • echidns.com
  • scotaibank.com
  • mavilibeyazajans.com
  • ww1.scotaibank.com
  • Canada