Parked Domains Become Weapons with Direct Search Advertising
Essential information
- Published
- 17/12/2025 14:28
- Modified
- 21/12/2025 19:35
- Tags
- 2025-12-17 babar direct search advertising dns abuse domain parking fast flux malvertising parked domains tedy traffic distribution systems typosquatting
- Related entities
- 4 observables, 11 techniques (mitre), 2 malware, 19 others
Description
Parked domains are increasingly being weaponized through direct search advertising, posing significant risks to users. The investigation found that over 90% of visits to parked domains led to scams, malware, or unwanted content. Three key actors were identified: one using lookalike domains and mail collection, another employing sophisticated 'double fast flux' techniques, and a third exploiting DNS configuration typos. These actors actively profile visitors and selectively redirect traffic to malicious advertisers. The complexity of the advertising ecosystem makes it difficult to trace the origin of threats. Recent policy changes and the rise of AI may inadvertently increase risks associated with parked domains.