A few days ago our team reported that more than 250 Trump Organization sub-domains directed to servers in Russia. Several publications picked up this story, including Mother Jones. In their article, they assert that the Trump domain registry had been hacked by a third party.
Were the Trump Organization Sub-domains Hacked?
Let’s take a closer look.
First, we wondered how could these 250+ sub-domains have gone unnoticed for four, whole years.
Since they are using GoDaddy’s DNS servers, any changes would have to be made through the Trump Organization’s GoDaddy account.
In an attempt to understand this better, we registered a new domain at GoDaddy. Then we had a look at the DNS records. This is what fresh, unspoiled DNS records look like.
So we added a few sub-domains. Now look:
We tried to point one of our sub-domains to the Russian IP that the Trump sub-domains use; GoDaddy wouldn’t let us due to security concerns.
Here’s where it gets more interesting. In 2015, Brad Parscale comes in and changes were made. In the same year—2015—the DNS for the domain name http://721fifth.com was changed to point to a new host – http://trump2.parscalecloud.com .
Did no one notice that there were two suspiciously named sub-domains in that DNS record?
So, were the Trump sub-domains hacked? What do you think?
Read the rest of the series:
Part III: “Trump Sub-Domains Part III”
Written by Unhackthevote
Read More of our Research: