A new study from the cybersecurity firm Infoblox confirms a grim prediction long held by domain industry experts. Earlier this year, Google formally shut down its AdSense for Domains program, which allowed domain owners to monetize unused “parked” domains with pay-per-click (PPC) ads. Analysts warned this move would undermine global internet security, and new data shows those fears are materializing.
With the PPC revenue stream severed, many investors holding large domain portfolios have pivoted to a “zero-click” or direct advertising model. In this setup, visitors to a parked domain are instantly redirected to an advertiser’s page. While not new, this model has taken a dark turn. According to Domain Name Wire, malicious redirects were once the exception; today, they are the rule. The Infoblox research found that a staggering 90 percent of parked domains now redirect visitors to malicious content. These dangerous landing pages include fake antivirus sites that scare users with false security alerts for their devices; “Get-rich-quick” scams and financial fraud schemes; platforms distributing malware and other harmful software.
The companies that manage domain parking platforms bear limited responsibility, as most employ Know Your Customer (KYC) procedures to vet initial advertisers. The core vulnerability lies in advertisers reselling traffic. A visitor to a parked domain may pass through a chain of five or more redirects, with each subsequent link increasing the odds of a malicious actor entering the chain.
Attackers further evade detection with sophisticated techniques, such as selective redirects. In these cases, the malicious redirect only activates for visitors from IP addresses associated with a specific geographic region.
Infoblox experts conclude that this situation creates a triple threat: it exposes users to significant security risks, fuels public distrust in domain parking, and damages the professional reputation of domain investors.
