Attackers are weaponizing the core of the internet to bypass your filters. 🕸️

Attackers are weaponizing the core of the internet to bypass your filters. 🕸️

New Phishing Anomaly · Reverse DNS abuse in the .arpa top-level domain.

We are seeing a novel phishing method that bypasses traditional domain reputation checks by hosting malicious content on reverse DNS records within the .arpa space. Attackers are creating IPv6 tunnels and abusing @[Google](urn:li:organization:1441) and other DNS provider controls to host fraudulent sites.

Because .arpa is a reserved infrastructure domain, most security products don’t even look at it as a potential threat surface. This allows phishing emails to deliver links that look like legitimate internet plumbing while siphoning executive credentials.

The uncomfortable truth: If your security stack only looks for malicious .com or .net URLs, you are blind to attacks coming from the internet’s own foundation.

→ Block all outbound HTTP/HTTPS traffic to the .arpa top-level domain at the gateway.

→ Inspect DNS logs for unusual reverse lookup patterns involving high-volume IPv6 tunnels.

→ Update your phishing protection rules to include infrastructure-based TLDs.

Does your current web filter even recognize .arpa as a resolvable web destination? 👇

#Cybersecurity #DNS #Phishing #InfrastructureSecurity #SOC #CodeDefence