Brian Krebs digs into a zero-click network of mostly typo domains.
The story reviewed a number of typo domain names and where they pointed. They all seemed to forward to other pages that sometimes led to malware. In other words, “zero-click” parking.
Krebs reviewed some of the domains that the typos forwarded to. He found that they were all registered with the email address firstname.lastname@example.org*. Krebs entered that email address into the “forgot password” tool on Yahoo email and it revealed that the backup email address was k*****ng@mediabreakaway[dot]com.
Media Breakaway is Scott Richter’s company. It owns the domain parking service The Parking Place, which uses a combination of monetization techniques.
A reader on Kreb’s site noted that four years of access logs for the network of domain names were available for download on the hosting provider’s site. Krebs was able to download it and Chambers reviewed the data.
The data show that the network received about 12 million visits during the first quarter of 2018.
It’s possible some of these are for non-.cm domain names or on traffic funneled through those domains. Any way you look at it, though, it’s a lot of traffic.
* This type of research won’t be possible if Whois goes dark after GDPR.