More than 250 “shadow” domains created under an account belonging to the Trump Organization may serve as evidence that the company has been compromised by hackers, Mother Jones reported.

According to security researchers who contacted Mother Jones, an unauthorized source has been creating hundreds of subdomains registered to the Trump Organization and has been carrying out the campaign since 2013.

The alleged hackers have supposedly been creating subdomains attached to legitimate Trump Organization websites and have been doing so without detection for several years, suggesting they have had ongoing access to the Trump Organization’s account with web domain registrar GoDaddy.

The Trump Organization owns its fair share of domain names, including websites like trump.com and trumporg.com that are active and regularly used. A number of other sites have been registered but never have had a website hosted at the domain. Those domains are typically registered to keep someone else from registering it and using it is a malicious manner.

Sites like TrumpFraud.org or VoteAgainstTrump.com are owned by the Trump Organization, as are the domains BarronTrump.com, CelebrityPokerDealer.com, and DonaldTrumpPyramidScheme.com.

In total, the Trump Organization has registered more than 3,640 domains. The alleged hackers have been creating subdomains on a number of those sites, which adds a prefix to the domain address. These can be used in legitimate ways to set up dedicated parts of a website. A Trump hotel may use a subdomain like booking.trumphotel.com for those who want to set reservations, for example.

What the apparent attackers have been doing is a bit shadier. The hackers have been creating what are essentially nonsensical subdomains that just contain a random collection of letters. One of the so-called shadow domains is gjyg.donaldjtrumpoffice.com.

While it might seem innocuous, such a scheme could be used for all sorts of nefarious purposes. Because the subdomains still have the primary domain that appears to be an official Trump Organization website, people visiting the domains are likely to trust it and could be exposed to a phishing attack or encouraged to download malware from a file hosted on one of the shadow domains.

Security researchers have confirmed at least one case of a shadow domain on a Trump Organization-registered site hosting malware. A file hosted at the subdomain bfdh.barrontrump.com was identified by Kaspersky antivirus software as being malicious.

Making the situation sketchier is that while all of the primary domains are registered from within the United States or countries in which the Trump Organization does business, the shadow domains all appear to have IP addresses that are located in Russia —and the Trump Organization has insisted that it does not have any interests in Russia.

The Trump Organization has thus far denied any breach. A spokesperson for the company told International Business Times, “There has been no ‘hack’ within the Trump Organization and the domain names...do not host active websites and do not have any content. Publishing anything to the contrary would be highly irresponsible.”

It is possible that the Trump Organization itself was not compromised or “hacked,” but hackers were able to gain access to the company’s external GoDaddy account to carry out the subdomain scheme.

The spokesperson continued: “Moreover, we have no association with the ‘shadow domains’ you reference below and are looking into your inquiry with our third party domain registrar. There is no malware detected on any of these domains and our security team takes any and all threats very seriously.”