Keypoints
- Underminr is a variant of domain fronting that hides malicious connections.
- Attackers abuse shared CDN infrastructure and tenant routing mismatches.
- The technique can conceal C&C, VPN, and proxy traffic.
- It can bypass Protective DNS and other egress filtering defenses.
- ADAMnetworks says about 88 million domains may be affected.