Home Cyber Attack GoDaddy Shut Down 15K Scam Subdomains From Hacked Websites

GoDaddy Shut Down 15K Scam Subdomains From Hacked Websites

by Abeerah Hashim
GoDaddy takes down scam subdomains

Online scams no more remain confined to fake websites. Rather the scammers have even exploited legit websites to execute their malicious purposes. Recently, GoDaddy has taken off thousands of such scam subdomains suspiciously associated with legitimate websites.

GoDaddy Takes Down Scam Subdomains

As revealed by Palo Alto Networks, GoDaddy has taken down thousands of scam subdomains linked to otherwise legit websites. These subdomains remained linked to the victim sites without the consent or knowledge of the site owners. They have disclosed the details in a blog post.

Allegedly, GoDaddy has removed more than 15000 subdomains involved in scam campaigns. The web pages linked to these subdomains lured users to buy their products.

The researcher first spotted the scam roughly two years ago. He became curious to dig out the details upon noticing the similarity among these sites.

“Over two years I had watched some of these sites and could identify a template being used that slowly morphed over time, selling different products, and always using different URLs to mask their intentions, but visually appearing quite similar.”

The scam campaigns tricked the users by phishing emails that redirected the recipients to the scam web pages apparently linked to legit websites. This caused the users to believe their scam.

The sites also displayed endorsements from celebrities and popular entities, such as the Shark Tank TV Show, Stephen Hawking, Jennifer Lopez and more. The products sold at these websites included things like brain enhancement pills, weight loss products, and CBD oil.

Some scam web pages. (Source: Palo Alto Networks)

GoDaddy Reset Passwords Of Hacked Customer Accounts

Reportedly, the researchers, as well as GoDaddy, also spotted several compromised accounts while investigating the scam.

“These efforts allowed us to map out thousands of compromised servers and abused domains and hundreds of compromised accounts.”

Supposedly, the scammers took over these accounts either by phishing or credential stuffing. This helped them to create the scam web pages under legitimate websites.

As a security measure, they have reset passwords of these accounts to observe the possible existence of potential malware.

Take your time to comment on this article.

You may also like