Hackers Abuse .arpa Top-Level Domain to Host Phishing Scams

Hackers abuse the .arpa Top-Level Domain to host phishing scams, using IPv6 tunnels, reverse DNS tricks, and shadow domains to bypass security checks.

Online scams usually involve fake websites with names that look slightly off, but a new investigation has found that threat actors are now leveraging the .arpa top-level domain (TLD), a reserved segment of the internet’s infrastructure, to bypass standard security protocols.

Infoblox, a DNS security and management firm, recently discovered these campaigns abusing a space that was never intended to host web content. Unlike common endings like .com or .net, which are meant for hosting websites, .arpa is a reserved space used strictly for internet infrastructure. It is primarily used for reverse DNS, a process that maps an IP address back to a domain name.

Exploiting IPv6 Tunnels and Reverse DNS

According to researchers at Infoblox Threat Intel, the scammers use free services called IPv6 tunnels ...