330 custom email domains, and what this tells us about how attackers build infrastructure for fake account creation
Essential information
- Published
- 18/11/2025 21:53
- Modified
- 18/11/2025 22:45
- Tags
- 2025-11-18 anti-abuse behavioral analysis bot detection domain registration email infrastructure fake accounts fingerprinting
- Related entities
- 200 observables, 7 techniques (mitre)
Description
A large-scale fake account creation campaign was detected and blocked, involving tens of thousands of attempted registrations using bots. The attackers employed a modified Chrome browser with anti-detect techniques like canvas randomization. The campaign stood out due to the use of 330 unique custom email domains, created between August 16 and September 8, 2025, specifically for bypassing anti-abuse defenses. This approach made detection more challenging as the domains appeared legitimate and would not be found on public blocklists. The investigation highlights the limitations of relying solely on static disposable domain lists and emphasizes the need for a multi-layered defense approach, including fingerprinting, behavioral analysis, proxy detection, and email intelligence.