If you think that typo domains are associated with malware or phishing schemes, think again.
According to Jonathan Spring, it’s more profitable to make money with typo domains instead of tricking or infecting visitors.
My hypothesis for the real reason is that the typo domains are not worth compromising, while compromise is likely the cause of the popular domains appearing on black lists. Since there are so many typo domains, I assume they are making money. They are probably profiting from advertising revenue from screen views, which is ostensibly completely legal, although the owners of the actual site the user meant to type would probably be displeased by the loss of revenue. Because of this, they also have a strong interest in keeping typo domains clean of violent malicious activity so that they can continue syphoning off ad revenue.
Read on here to discover some interesting stats that Jonathan found, when looking at data from 108 million domains provided by CrySys lab.