{"id":5147,"date":"2022-12-09T12:11:16","date_gmt":"2022-12-09T12:11:16","guid":{"rendered":"https:\/\/adex.com\/?p=5147"},"modified":"2026-04-23T10:50:24","modified_gmt":"2026-04-23T10:50:24","slug":"another-case-of-subdomain-takeover-detected-potential-fraud-on-carmax-website","status":"publish","type":"post","link":"https:\/\/adex.com\/blog\/another-case-of-subdomain-takeover-detected-potential-fraud-on-carmax-website\/","title":{"rendered":"Another Case of Subdomain Takeover Detected: Potential Fraud on Carmax Website"},"content":{"rendered":"\n

Shortly after Adex specialists discovered a potential fraud case on FC Barcelona\u2019s website<\/a>, a similar issue was identified on another popular website \u2013 Carmax.com.<\/em><\/p>\n\n\n\n

Adex provides anti-ad fraud services to one of the biggest global ad platforms \u2013 PropellerAds. The company pays close attention to the quality of ad campaigns launched via its platform and also carefully verifies that URLs provided, in fact, belong to advertisers.<\/p>\n\n\n\n

During a standard automated campaign check, Adex\u2019s staff was alerted about a suspicious link leading to a well-known vehicle retailer \u2013 Carmax. <\/p>\n\n\n\n

Apart from being a top-rated company in the USA and one of the country\u2019s largest retailers of used cars, the Carmax domain is also a tidbit for fraudsters, with over 13M monthly organic visits.<\/p>\n\n\n\n

\"Adex<\/a>
Data from SemRush<\/figcaption><\/figure>\n\n\n\n

Having in mind the previous case with subdomain takeover<\/a>, the specialists instantly began investigating the matter.<\/p>\n\n\n\n

\"Adex<\/a>
A suspicious subdomain<\/figcaption><\/figure>\n\n\n\n
\"Adex<\/a><\/figure>\n\n\n\n

While the root domain\u2019s content centers on car reselling, the subdomain focuses on gambling, an improbable combination of topics for multiple reasons, starting from SEO to legal complications.<\/p>\n\n\n\n

Once the NS records had been compared, it came out that the root domain was hosted on Akamai DNS, and the subdomain was managed with Microsoft Azure.<\/p>\n\n\n\n

\"Adex<\/a>
Root domain<\/figcaption><\/figure>\n\n\n\n
\"Adex<\/a>
Subdomain<\/figcaption><\/figure>\n\n\n\n
\n\n\n\n

Fake subdomain<\/strong><\/h2>\n\n\n\n

What is peculiar about this case is the name of the potentially fraudulent subdomain – expresstestdrives-qa.carmax.com<\/em><\/strong> \u2013 thematically matched with the root domain; it would be harder for website owners to detect.<\/p>\n\n\n

As it\u2019s typical for subdomain takeover scenarios, the indexation was turned off, so no one could simply Google the page, and the traffic spikes most probably went unnoticed for domain owners as the subdomain was hosted on a different server.<\/p>\n<\/div><\/div>\n