Attackers are weaponizing the core of the internet to bypass your filters. 🕸️
New Phishing Anomaly · Reverse DNS abuse in the .arpa top-level domain.
We are seeing a novel phishing method that bypasses traditional domain reputation checks by hosting malicious content on reverse DNS records within the .arpa space. Attackers are creating IPv6 tunnels and abusing @[Google](urn:li:organization:1441) and other DNS provider controls to host fraudulent sites.
Because .arpa is a reserved infrastructure domain, most security products don’t even look at it as a potential threat surface. This allows phishing emails to deliver links that look like legitimate internet plumbing while siphoning executive credentials.
The uncomfortable truth: If your security stack only looks for malicious .com or .net URLs, you are blind to attacks coming from the internet’s own foundation.
→ Block all outbound HTTP/HTTPS traffic to the .arpa top-level domain at the gateway.
→ Inspect DNS logs for unusual reverse lookup patterns involving high-volume IPv6 tunnels.
→ Update your phishing protection rules to include infrastructure-based TLDs.
Does your current web filter even recognize .arpa as a resolvable web destination? 👇
#Cybersecurity #DNS #Phishing #InfrastructureSecurity #SOC #CodeDefence