Parked Domains Become Weapons with Direct Search Advertising
ID: b4afcc15-3b09-52a8-a94d-826eb5df8da1
STIX ID: report--b4afcc15-3b09-52a8-a94d-826eb5df8da1
Feed Name: Infoblox Threat Intel Blog
This report documents how parked and lookalike domains are weaponized via direct-search/zero-click parking and traffic distribution systems to funnel real users to scams, scareware, ad fraud, and malware. The authors profile three notable domain portfolio operators (a torresdns portfolio including scotaibank.com, a double fast-flux operator including ic3.org, and a GoDaddy-typosquat operator domaincntrol.com) and describe TTPs such as device fingerprinting, staged redirects, DNS name-server rotation, and selective resolver targeting; it includes active exploitation examples and IoCs (malicious domains and SHA256 hashes).
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.