Globally distributed security company Sucuri has published a brief report about the “domain renewal scams” that used real paper letters to trick the site owners into transferring their domains and renewing them for 3 to 4 times more than the normal price.
More Than 200K Expired Domains Spreading Malicious Ads
Cybersquatting is a very profitable business. Overdue domains are purchased by the hackers for the purpose of resale, Black SEO or for spreading malicious content. Sucuri Company has published an article on its blog about how criminals make millions of dollars in overdue domains.
The expert investigation began with the client to contact technical support. The customer complained that the ads displayed “XWINNER COM” on its website and asked to look into the incident and clear the site from malware.
An analysis of HTTP traffic revealed that the client site loads images from the site “www.twomediaxthemes.com”. The impression was that the hackers somehow managed to introduce a reference to the image in the website templates:-
However, these injections are not inherent to the burglary site, but, the most detailed analysis showed that the links have been added to the template image by a developer. This was reinforced by comments in the code and the description for the site template. However, the domain template developer did not belong.
As the cyber criminals park the site on the hosting site and then distribute malicious advertisements and when any one request or surf to the site, in return the server returns an HTTP 200 response and displays malicious ads.
The security company Sucuri found that the new owner of the domain is currently registered by the China Capital Investment Limited. According to the analysis and DomainTools, it is this company that owns 107,288 domains and the site was located on a server with IP address 220.127.116.11. According to the same DomainTools, the server serves 196,879 sites.
The average cost of 1 domain name is $10 per year. So China Capital Investment Limited paid more than a million dollars for their 100K+ domains and the whole 18.104.22.168 server costs around $2 million dollars per year. So, now it’s clear like water that no one pays millions of dollars just to park domains if they don’t expect any return on their investment.
Assuming that the campaign brings in the day $0.15 from one site, so, the total profit for the year from 1 site is $54.75. Hence, from the 200K plus sites the criminals can earn more than $10 million annually.