Abstract digital image showing glowing lines and points forming network connections over a dark grid background with numbers and data symbols, representing data flow or Domains Targeting Spotify Job-Seekers in quantum computing concepts.
Blog Security Snack

Cluster of Domains Targeting Spotify Job-Seekers

05/19/2025
Share this entry
DomainTools Favicon
DomainTools Investigations

DomainTools internal monitoring identified a cluster of domains targeting Spotify job-seekers, with 389 domains and counting from Monday 2025-05-12 onward. The new domains diverge markedly from the main/known-good spotify[.]com domain, and are registered through Dynadot or Cosmotown and protected by Cloudflare. Many of these domains already show Google or Googlemail MX records. 

Though their ultimate purpose remains unclear, the surge in domains targeting tech job-seekers aligns closely with the sharp rise in job-application scams over the past year. 

The node visualization shown below shows an incredibly tight clustering of the observed domains across seven metrics, indicating a coordinated campaign. 

A full CSV file of the domains can be found on Github.

Domain profile:
First seen: 2025-05-12 or later
Registrar: Dynadot or Cosmotown
Nameservers: Cloudflare
IPspace: Cloudflare

Visualization from DomainTools Iris showing 389 domains associated by Registrar, Registrant, MX domain, IP, Nameserver, and SSL certificate issuer common name, first seen over the past week.
Color legend for the above visualization.

DomainTools Iris users can import the investigation with this hash: 

U2FsdGVkX189XliTt+KJJHzYAfeaSNhbE3ZX6qsfyKQERoUcqps0CFBo1GHjm7Mz1kFO6amYR4WJXelBYOXiVAqhnaJUK+475yK8OlwGuw9CU0nimtykulVSRLcZ/CRieiDXkRUnyLRN5tcRHO+s1/4KCLYPX8Y5v7x1J2bpWxXQYjeAp/2wS/d/UAi6oTdYYQvb8fBW2s0545wE8hAEuqGXuSEgXTx9derkh2POxKx0KZZQy9c2FkCEoGLn47UjLFJu78/Z0GNsWXnOch15eF6VFTz5NSB8/dnnudhtPLFrW0kz2byE8doEJE7Ziq9L


Related Content

DomainTools Investigations May 2025 newsletter cover, titled "Security Research for the Community," features a portrait of Daniel Schwalbe, CISO & Head of Investigations, alongside the DomainTools logo.
Blog

Newsletter No. 5: A Little Bit of Research in my life…

Read more
Tracking LummaC2 Infrastructure with Cats
Blog

Tracking LummaC2 Infrastructure with Cats 

Read more
Using DomainTools Iris to Enhance Classic Whois and RDAP
Blog

Using DomainTools Iris to Enhance Classic Whois and RDAP

Read more
DomainTools Logo
Pricing Contact Login Support Request a Demo

© 2025 DomainTools

DomainTools® and DomainTools™ are owned by DomainTools, all rights reserved.

Privacy Policy    |    California Privacy Notice
Do Not Sell My Personal Information    |    Terms of Service    |    Sitemap