Millions of indexed blogspot.in URLs are at risk of being exploited for malicious purposes after Google allowed the domain to expire and it was bought and offered for sale by another company.
Google allowed its blogspot.in domain to expire in early June 2020, and it was bought by another company that is selling it for $ 6,000.
In 2012, Google rolled out a new feature that redirects Blogspot sites to country-specific URLs that match their geolocation and comply with content takedown requests faster.
One of the domains that has been used by Blogspot is blogspot.in, which Google registration allows to expire in early June 2020.
This registration error caused 4.4 million URLs to break in Google search results because the domain was no longer responding to requests.
For example, if someone in India accessed a blogspot.in URL, the site would not load with the error message “blogspot.in server IP address could not be found”.
Likewise, blogspot.in permalinks shared by users on social networks are also broken as Google lost control of the domain name.
Although the blogspot.in profiles appear to have moved to Blogger.com, these URLs are still live in Google search results and do not redirect users to new blogs.
After learning this on June 3, 2020, Gulshan Kumar, BleepingComputer contacted Google but never received a response.
The domain is ripe for abuse
Today, it was discovered that an India-based shared hosting provider named domainming.com purchased the domain on June 24, 2020, after it became inactive.
Domain Name: blogspot.in Registry Domain ID: DE2DC9C0E8E694C28ADEF0F444F121B45-IN Registrar WHOIS Server: Registrar URL: www.domainming.com Updated Date: 2020-06-29T20:00:06Z Creation Date: 2020-06-24T20:00:05Z Registry Expiry Date: 2021-06-24T20:00:05Z Domain Status: inactive http://www.icann.org/epp#inactive
It’s not yet clear if the buyer has contacted Google to make arrangements to transfer the domain, but Blogspot.in is now on sale on the Sedo Domain Marketplace for $ 5,999.
This award is a small sum to take control of millions of URLs that are listed in Google search and posted on social platforms and forums.
With so many URLs, a malicious actor could buy the domain and use it to spread scams, malware, or blackhat SEO.
Due to the risks associated with expiring a very active domain, it’s odd that Google allowed this to happen given how cheap it would be to keep it registered even if it wasn’t in use.
We have contacted Google and the new domain owner again for comment, but have yet to hear back.