New Infoblox Threat Intel research finds that over 90% of visits to parked domains now redirect users to malicious content, reversing a decade-old risk profile.
DUBAI, UAE, 17 December 2025: New research from Infoblox Threat Intel shows that parked domains—long treated as harmless and forgotten ad pages—have become a reliable tool for malicious actors. In large-scale experiments, over 90% of visits to parked domains redirected users to scams, scareware, illegal content, or malware, driven by abuse of “direct search” or “zero-click” advertising systems.
Instead of displaying a simple advertisement, these parked domains immediately redirect visitors to third-party websites selected by advertisers, often without any user interaction or warning. Fraud protection mechanisms used by large parking platforms inadvertently provide cybercriminals with a way to evade detection by the security industry. In addition, recent policy changes by Google appear to have increased user exposure to risk.
“A decade ago, research showed that parked domains were mostly harmless and rarely more than digital clutter,” said Dr. Renée Burton, Vice President of Infoblox Threat Intel. “Today, our research shows they’ve become almost exclusively malicious. The transformation is stark: what was once internet background noise is now a largely unrecognized, persistent, and pervasive threat.”
Key Takeaways:
• Direct Search is a highly abused mechanism that routes users visiting parked domains directly to advertising content.
• In many cases, these advertisers are delivering scams, scareware, or malware.
• The research identifies three major domain portfolio holders using advanced tactics such as visitor profiling, lookalike domains, typo-based email collection, and rare DNS techniques including Fast Flux. These methods allow them to selectively redirect users to either benign ad pages or high-risk destinations, making detection difficult.
• The complexity of the parked-domain ecosystem makes abuse reporting nearly impossible.
For more details, read the full blog post.
—Ends—
Photo caption: Dr. Renée Burton, Vice President of Infoblox Threat Intel
About Infoblox
Infoblox unites networking, security, and cloud services through a protective DDI platform that delivers enterprise resilience and agility. Trusted by more than 13,000 customers worldwide, including most Fortune 100 companies, Infoblox integrates, secures, and automates critical network services to help organisations move fast without compromise. Visit www.infoblox.com or follow Infoblox on LinkedIn.
