Underminr Vulnerability Affects 88 Million Domains

The ADAMnetworks research team discovered a shared-hosting vulnerability called “Underminr” that allows attackers to bypass DNS filtering and hide malicious connections ^[1].

This flaw is significant because it enables cybercriminals to conceal command-and-control traffic by masking it behind domains that security systems already trust. By evading these controls, attackers can maintain persistent access to compromised systems without triggering standard security alerts ^[1].

The research team identified the vulnerability on Thursday, May 21 ^[2]. The flaw specifically targets the shared-hosting ecosystem, where multiple websites are hosted on a single server and share the same IP address ^[1]. This architectural commonality provides a loophole that attackers can exploit to route traffic through legitimate-looking channels ^[3].

According to the researchers, approximately 88 million domains worldwide are potentially affected by the Underminr vulnerability ^[1]. The scale of the impact reflects the widespread use of shared-hosting services for small businesses and individual bloggers who may not have advanced network monitoring in place ^[3].

When attackers use this method, they can bypass DNS filters that typically block known malicious domains. Because the traffic appears to be heading toward a trusted shared-hosting provider, the security software allows the connection to proceed ^[1]. This allows for the seamless execution of command-and-control operations, the process by which a compromised computer receives instructions from a remote attacker ^[1].

ADAMnetworks said the discovery highlights a systemic weakness in how shared-hosting environments handle traffic validation ^[3]. The researchers said that the ability to hide malicious connections behind trusted domains increases the risk of long-term data breaches and undetected espionage ^[2].