• World CyberCon India
Cybersecurity News Data Breaches Firewall Daily

Hostinger’s Preview Domain Feature Exploited by Hackers

An unknown malicious actor exploited Hostinger's preview domain feature and tricked Indian banking users into revealing sensitive information.

Hostinger’s Preview Domain Feature Exploited by Hackers
  • PublishedAugust 10, 2022

Digital Risk Management firm, CloudSEK, discovered a new phishing attack by an unknown malicious actor. The attack has been linked to Hostinger’s preview domain feature, which allows users to access a site before it is available to everyone.

Hostinger is a popular hosting and domain registrar with over 24 million users. As a hosting provider, one of its features allows users to view an unfinished website with an attached domain.

The hackers exploited the domain’s DNS Zone Propagation time, which is the time between when a domain is registered and becomes available globally. Depending on the domain provider, the DNS Zone Propagation time is different. As for Hostinger, the propagation time is somewhere between 12 to 24 hours.

Hostinger’s preview domain exploited

According to a post by Infosecurity Magazine, the unknown threat actor exploited the DNS Zone Propagation time and distributed phishing URLs and campaigns. The main target of the exploit was bank users in India, who received phishing emails and texts through the preview domains.

The post also stated the nature of preview domains, saying, “preview domain URLs are temporary mirrors of their root domains, with the Hostinger preview URL scheme being domain-tld.preview-domain.com.”

The preview URLs of these unfinished websites stay available for up to 120 hours, and hackers use this timeframe to launch a phishing attack on users, who’re more likely prone to fall for these tricks.

CloudSEK expresses concern

CloudSEK has shared its concern over Hostinger’s preview domain feature exploit. The company urged firms to monitor similar-looking domains and take down suspicious ones before they could do more harm. These attacks usually stem from a simple-looking website or a page that tricks users into thinking they are using the official website. However, by simply changing the website’s design, text, and links, hackers exploit users into giving them personal and financial information, which becomes an ordeal for users, who usually get drained of their bank balances.

Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.

1 Comment

  • […] users who do not belong to a company or campaign or have the technical knowledge about phishing, scams, and digital fraud, may want the verification batch for bragging purposes. These individuals […]

Comments are closed.