Hackers hijack .arpa domain for phishing scams - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  Hackers hijack .arpa domain for phishing scams
De:       Mike Powell
Data:     Tue, 3 Mar 2026 10:44:48 -0500
-----------------------------------------------------------
Hackers hijack .arpa domain for phishing scams - hosting malicious websites
and domains where no one can spot them

By Efosa Udinmwen published 16 hours ago

Attackers exploit IPv6 and hidden .arpa addresses to deliver phishing links

    Hackers are abusing .arpa domains to effectively hide phishing attacks
    Phishing emails mimic trusted brands to trick users into revealing
credentials
    IPv6 address ranges give attackers control over malicious .arpa subdomains

A new type of phishing attack has been seen exploiting the .arpa domain, a part
of the internet normally used for essential network functions rather than
websites.

Unlike more familiar domains such as .com or .net, .arpa helps computers match
IP addresses to domain names, a process called reverse DNS.

But new research from Infoblox Threat Intel claims attackers now use this space
to host phishing pages while avoiding standard security checks.

Why abusing .arpa is a serious threat

"When we see attackers abusing .arpa, they're weaponizing the very core of
the internet," said Dr. Renee Burton, VP of Infoblox Threat Intel.

She explained .arpa was never meant to host websites, so many security systems
do not monitor it closely, and by using it to deliver malicious pages,
attackers can bypass defenses that rely on known domain names or typical URL
patterns.

The attack works with IPv6, the newest type of internet address. Cybercriminals
gain control of a range of addresses and then configure them to point to
servers hosting phishing pages.  In some cases, these addresses are managed
through services such as Cloudflare, which hide the true location of the
malicious content.

Some DNS providers even allow users to manage .arpa domains in ways never
intended for web hosting.  This allows attackers to attach harmful content to
entries that normally would not lead to a website.

The abuse also involves free IPv6 tunnels, which provide administrative access
to large address ranges even if the tunnels themselves are not used for data
transit.

The malicious content is delivered through phishing emails, which often mimic
well-known brands and promise rewards such as "free gifts" or prizes to
make the messages appear legitimate.

When a user clicks the image or link in the email, the user is redirected to a
fake website that captures login details or other sensitive information.

The emails serve as bait, the unusual .arpa addresses remain hidden in the
background, so the visible URL appears normal.

Because .arpa is essential to DNS operations, its domains are less likely to be
blocked automatically.

Attackers also create unique, hard-to-detect addresses by adding random
subdomains, making it difficult for security systems to identify them.

This attack method shows that cybercriminals do not need to exploit software
flaws to succeed.  By creatively repurposing existing internet mechanisms, they
can trick users into giving away credentials through seemingly legitimate
channels.

Burton warns that defenders need to treat DNS infrastructure as "high-value
real estate for attackers" and monitor all possible points of abuse.
Organizations can reduce risk by tightening firewall rules, enforcing identity
protection policies, and ensuring quick malware removal if attacks succeed.


https://www.techradar.com/pro/security/hackers-hijack-arpa-domain-for-phishing-
scams-hosting-malicious-websites-and-domains-where-no-one-can-spot-them

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)

-----------------------------------------------------------
[Voltar]