Spirit Airlines' Abandoned Azure Booking APIs and Exposed Phishing Domains
Comments
dlcarrier
BTheEPIC
Honestly, that would likely help. I feel like, even with the flood of people leaving Windows, Linux is still pretty stereotyped. I generalized my numbers in my post as an oversimplification, but I had no idea that web servers were still actively denying Linux clients without a captcha.
BTheEPIC
When I heard about Spirit's liquidation today, I dug into their web infrastructure. After discovering that their entire booking flow and Azure API was left exactly as it was before their announcement, I grabbed 3 obvious phishing domains for $11.48 each to block malicious actors.
AmazingEveryDay
It's like they didn't even consult an LLM on how to perform an orderly shutdown! Thanks for the interesting read, I'd be a bit paranoid registering those domains though you seem to have benign intentions.
bigfatkitten
To be fair, if I’m working for a company that just went bust, I’m already an unsecured creditor who is probably facing a long battle to be paid what I’m already owed.
I’m sure as hell not going a hang around for free to do an orderly shutdown of their IT infrastructure.
BTheEPIC
That's exactly why I don't blame their IT team at all. Truthfully, the reason this story intrigued me was just how little preparation the higher-ups made beforehand. For a company that's been in a bankruptcy case since Aug 2025, you'd think they'd have made some preparations for the worst.
BTheEPIC
Truthfully, I just felt that those three domains were way too predictable to leave open, especially if I wrote about them. I have documented that I have done nothing but redirect to their own site, though it might still be a risk.
onetokeoverthe
[dead]
Should I put Windows or OS X in my user agent?