The bit about the gmai.com mailserver is disturbing. One would imagine there are many other typo squatters with a similar setup.

    PORT     STATE SERVICE
    80/tcp   open  http
    443/tcp  open  https
    8080/tcp open  http-proxy

I park mine by having no IP address, MX record is "0 ." meaning it does not receive email, the SPF record is "v=spf1 -all" and DMARC is a strict reject, CAA is 0 issue ";", BIMI is "v=BIMI1; l=; a=;". I do the same for wildcard DNS. There's probably more I should add.

We did a large-scale study of this phenomenon recently: https://www.cs.bu.edu/faculty/crovella/paper-archive/wung-if...

Across a broad sample of typo domains of major sites, most registered domains aren’t actually reachable, implying they are registered for defensive, legitimate, or unrelated purposes. Interestingly, the typo space on major sites is actually very sparsely registered (2% at edit distance 1), meaning that typosquatting may actually be underexploited.

This just happened to me a month ago, I was waiting for a unused domain to expire. The domain was hosted on Epik (which I think is a trashy company but w/e).

About a month before expiration it somehow got renewed for 10 years, which is weird because it was not available ... and is now hosting a "get-rich-quick" scam that pretends to be a genuine Petro Canada campaign.

Yesterday I received spam with link on https://storage.googleapis.com/ that redirected to some parked domain.

Hopefully “direct navigation” does not become a boogeyman like “side loading” has.

Their definition of parked domain is a bit odd, with "expired" domain names and typosquatting” domains. I work at a registrar and the absolutely vast majority of parked domains for us are domains owned by customers that register alternative versions, campaign, products and misspellings of their primary domain. Parked in that sense mean an almost empty zone with occasionally a default landing page, sometimes as a paid DNS service at the registrar, and sometimes as a free service (There are still registration and renewal fees).

Putting a redirect onto such domain would be a major bad faith act by the registrar and a reason to avoid that registrar at all costs. The customer is the owner of that name, has their name attached as the registrant, and generally hold some legal risk while doing so. It also goes directly against the primary reason why the customers bought the domains in the first place.

The ones that hold advertisement are generally two specific cases. One is "expired" domains which are not actually expired but where the registrar holds on to it in the hope that the old or new customer will buy it for an extra cost. The other is names which a customer or the registrar itself bought as an investment in hope to auction out. That kind of behavior was historically frowned at but is fairly common practice for a smaller number of domains. Usually you don't put redirects on those since you want to expose the fact that the domain is for sale.

So I am very confused where they got their 90% number from, but then I would not call typosquatting as parked domains if its registered by a malicious actor and used for a scam on their own servers (or hacked servers as it may be).

We've unfortunately come a long (bad) way from the innocuous "backpack girl" parking pages.

For a refresher: https://i.kym-cdn.com/entries/icons/original/000/033/037/gir...