Understanding the Dark Side of Domain Parking

Domain parking is a booming business with millions of dollars in revenues. However, it is also among the least regulated: parked domains have been routinely found to connect to illicit online activities even though the roles they play there have never been clarified. In this paper, we report the first systematic study on this "dark side" of domain parking based upon a novel infiltration analysis on domains hosted by major parking services. The idea here is to control the traffic sources (crawlers) of the domain parking ecosystem, some of its start nodes (parked domains) and its end nodes (advertisers and traffic buyers) and then "connect the dots", delivering our own traffic to our end nodes across our own start nodes with other monetization entities (parking services, ad networks, etc) in-between. This provided us a unique observation of the whole monetization process and over one thousand seed redirection chains where some ends were under our control. From those chains, we were able to confirm the presence of click fraud, traffic spam and traffic stealing. To further understand the scope and magnitude of this threat, we extracted a set of salient features from those seed chains and utilized them to detect illicit activities on 24 million monetization chains we collected from leading parking services over 5.5 months. This study reveals the pervasiveness of those illicit monetization activities, parties responsible for them and the revenues they generate which approaches 40% of the total revenue for some parking services. Our findings point to an urgent need for a better regulation of domain parking.

[1]  Chris Kanich,et al.  Show Me the Money: Characterizing Spam-advertised Revenue , 2011, USENIX Security Symposium.

[2]  Stefan Savage,et al.  The ZeroAccess Auto-Clicking and Search-Hijacking Click Fraud Modules , 2013 .

[3]  Dan Klein,et al.  Feature-Rich Part-of-Speech Tagging with a Cyclic Dependency Network , 2003, NAACL.

[4]  Tyler Moore,et al.  Measuring the Perpetrators and Funders of Typosquatting , 2010, Financial Cryptography.

[5]  Alexandre Gerber,et al.  Dissecting ghost clicks: ad fraud via misdirected human clicks , 2012, ACSAC '12.

[6]  Paul Barford,et al.  Impression Fraud in On-line Advertising via Pay-Per-View Networks , 2013, USENIX Security Symposium.

[7]  He Liu,et al.  Click Trajectories: End-to-End Analysis of the Spam Value Chain , 2011, 2011 IEEE Symposium on Security and Privacy.

[8]  Babak Rahbarinia,et al.  SinkMiner: Mining Botnet Sinkholes for Fun and Profit , 2013, LEET.

[9]  Fang Yu,et al.  Knowing your enemy: understanding and detecting malicious web advertising , 2012, CCS '12.

[10]  Gianluca Stringhini,et al.  Shady paths: leveraging surfing crowds to detect malicious web pages , 2013, CCS.

[11]  Vern Paxson,et al.  What's Clicking What? Techniques and Innovations of Today's Clickbots , 2011, DIMVA.

[12]  Tyler Moore,et al.  Fashion crimes: trending-term exploitation on the web , 2011, CCS '11.

[13]  Yin Zhang,et al.  Measuring and fingerprinting click-spam in ad networks , 2012, CCRV.

[14]  Tommy Blizard,et al.  Click-fraud monetizing malware: A survey and case study , 2012, 2012 7th International Conference on Malicious and Unwanted Software.

[15]  Fang Yu,et al.  Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures , 2013, 2013 IEEE Symposium on Security and Privacy.

[16]  Stefan Savage,et al.  Juice: A Longitudinal Study of an SEO Botnet , 2013, NDSS.

[17]  Christopher Krügel,et al.  Delta: automatic identification of unknown web-based infection campaigns , 2013, CCS.

[18]  Yin Zhang,et al.  ViceROI: catching click-spam in search ad networks , 2013, CCS.

[19]  Yin Zhang,et al.  Measuring and fingerprinting click-spam in ad networks , 2012, SIGCOMM.

[20]  Chris Kanich,et al.  Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context , 2010, USENIX Security Symposium.

[21]  Vern Paxson,et al.  Measuring Pay-per-Install: The Commoditization of Malware Distribution , 2011, USENIX Security Symposium.

[22]  Michael K. Reiter,et al.  Understanding Domain Registration Abuses , 2010, SEC.

[23]  Yi-Min Wang,et al.  Strider Typo-Patrol: Discovery and Analysis of Systematic Typo-Squatting , 2006, SRUTI.

[24]  Wenke Lee,et al.  SURF: detecting and measuring search poisoning , 2011, CCS '11.

[25]  David W. Corne,et al.  Towards modernised and Web-specific stoplists for Web document analysis , 2003, Proceedings IEEE/WIC International Conference on Web Intelligence (WI 2003).

[26]  Mark Steedman,et al.  Example Selection for Bootstrapping Statistical Parsers , 2003, NAACL.

[27]  Thomas Gottron,et al.  Locality sensitive hashing for scalable structural classification and clustering of web documents , 2013, CIKM.

[28]  Michael K. Reiter,et al.  Understanding domain registration abuses , 2012, Comput. Secur..