GoDaddy removes 15,000 subdomains used for online scams


GoDaddy which is a Web hosting provider and domain registrar has removed around 15,000 subdomains which were being used as part of a spam operation that tempted users on web pages that sells fake products.

Users normally receive numerous spam emails that promotes products and when they click on any links in these mails, they would be directed to one of these subdomains that are hosted on genuine without the knowledge of the genuine site’s owner.

The common thing about these subdomains are that they sol products which are funded by fake support from celebrities.

Some of the celebrity names used for these scams include Stephen Hawking, Jennifer Lopez, Gwen Stefani, Blake Shelton, Wolf Blitzer, the Shark Tank TV show, and many others.

The products that were advertised through these subdomains include brain supplements, CBD oil, weight loss pills etc.

These untrustworthy domains were not first discovered by GoDaddy but by the security researcher Jeff White of Palo Alto Networks.

He found these domains around 2 years ago on which he started investigating about its operations. Since then he has been gathering spam emails which the scammers were sending and indexing the subdomain URLs promoting these fake products.

It was this year beginning that White shared his findings with GoDaddy in which majority of the domains were hosted.

GoDaddy conducted their own investigation and according to it, the company found that the scammer group used either phishing or credential stuffing attacks to gain access to its customers’ accounts over the past few years.

After gaining access to GoDaddy accounts, the scam operators created a subdomain for the customers’ legitimate sites. It was then later used to host one of the dodgy product promo pages and tempted the users with email spam campaigns. It is estimated that hundreds of accounts were hacked in this spam.

Last month, GoDaddy has taken down more than 15000 subdomains hosted on its servers after which they also reset passwords for compromised accounts. The affected users were then notified regarding the issue.

The traffic landed on the fake subdomains were believed to be more than millions. A detailed report about the two-year investigation has also been published by White.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    New Oracle WebLogic zero-day discovered in the wild

    Previous article

    Docker Hub Database hack impacted 190,000 users

    Next article

    You may also like

    More in Malware


    Leave a reply

    Your email address will not be published. Required fields are marked *