Summer Sale Scam: Watch Out for $99 Griddles and Lookalike Domains

Summer's knocking, and that got me itching for a new grill (a flat top griddle, to be specific) for the backyard. My quest for the perfect flat top has begun, and like any self-respecting bargain hunter, I hit the online streets. Forget those fancy retail sites with their "premium" prices – Facebook Marketplace is usually my go-to for scoring sweet backyard cooking deals.

And wouldn't you know it? Scrolling through the usual mix of slightly-used treasures (and some definite rust buckets), BAM! There it was. A gleaming flat top griddle, the kind that usually goes for $900 or more, slapped with a "Today Only: $99" sticker. It even shows the griddle in front of someone’s garage, making it look extra-authentic.

The link whisked me away to a site that looked identical to the well-known furnitue store Wayfair. It had a ticking timer screaming about the deal running out and a dwindling stock. My heart was pounding, my palms sweating, and my wallet was practically twitching.

But then, that little voice in the back of my head – the one that's seen one too many "too good to be true" deals – piped up. So, I did a quick sanity check and hopped over to the real Wayfair site. Nada. Zilch. No $99 miracle griddle in sight.

That's when I squinted at the URL from Facebook Marketplace: waysummersale[.]com. Ding ding ding! This wasn't Wayfair (real domain: wayfair.com); it was a digital wolf in sheep's clothing – a classic lookalike domain scam. I immediately reported this ad to Facebook, indicating it was impersonating another site. The ad disappeared and a disappointed, griddle-less me went to bed.

The next day, I decided to peek behind the curtain of waysummersale[.]com with a good old whois query:

Registered on May 12th, 2025 – the very same day I was browsing for my griddle! Talk about being in the wrong place at the wrong (or perhaps right?) time. 

Next up, I wanted to see what the threat intel world thought of this fresh domain. First stop: https://urlscan.io/. Since waysummersale[.]com was brand spanking new, it came back with a "no classification" – not surprising.

Then I fired up Palo Alto Networks' "Test A Site" tool. And sure enough, they flagged it as "Newly-Registered-Domain" and "Unknown," slapping a "High-Risk" label on it. Their reasoning? Any domain less than 32 days old gets the side-eye. Generic, but fair.

Finally, I pulled out the big guns: Infoblox Dossier. This tool is behind a paywall. Thankfully, employee perks! The screenshots below show the domain's short but shady timeline and even pinpointed the suspicious name servers as a key indicator before any actual malicious activity was confirmed. This is the realm of "Suspicious Domains" or "High-Risk Domains" – we don't have definitive proof of wrongdoing, but the signs are definitely there. Think Minority Report for the Internet, but instead of arresting future criminals, we just advise you to steer clear of their digital hangouts.

Interestingly, as I was writing this blog, it looks like waysummersale[.]com is already fading into the digital ether, it could be that defenders have taken actions, or that it’s part of the attacker’s plan after all to rotate to different domain names (a type of DGA-style attack). A new imposter had taken its place when I tried to look for my griddle today: bbqstoresale[.]com, promising the same unbelievable deals on BBQ gear. Of course, I did my civic duty and reported that one to Facebook Marketplace too, after grabbing a quick screenshot for posterity.

Sigh. The saga of finding an affordable flat top griddle continues. This sort of thing really irritates me, and not just because it got my hopes up for a cheap griddle. As far as Internet users go, I am quite security savvy. Heck, I even co-wrote a book on DNS Security, and even I almost fell for this scam! At least I dodged a bullet (or should I say, a dodgy domain) and maybe helped someone else avoid a grilling scam. Stay safe out there, folks!