domain

Abusing .arpa: The TLD That Isn’t Supposed to Host Anything

Threat actors are exploiting the .arpa top-level domain (TLD), typically not meant for hosting content, to conduct phishing attacks. By using IPv6 tunnels, they create malicious domains that bypass security controls. These phishing campaigns employ tricks like embedding hyperlinks in images, leading victims to malicious sites through a series of redirects. The attack involves manipulating DNS record management to host phishing content, taking advantage of the .arpa domain’s trusted nature. This novel exploitation complicates detection since these domains appear legitimate and are often unblocked by security policies.

https://www.infoblox.com/blog/threat-intelligence/abusing-arpa-the-tld-that-isnt-supposed-to-host-anything/

Most Parked Domains Now Serving Malicious Content

TLDR: Most parked domains now redirect to malicious sites, with over 90% leading to scams or malware, reversing a decade-old trend. Researchers at Infoblox found that users typing in expired or misspelled domains face increased risks, especially from residential IP addresses, which leads to deceptive content. Malicious redirects are linked to typosquatting domains mimicking popular sites, exposing users to potential malware and scams.

https://krebsonsecurity.com/2025/12/most-parked-domains-now-serving-malicious-content/

Scroll to Top