TI Mindmap HUB
Threat Intelligence Report

Abusing .arpa: The TLD That Isn’t Supposed to Host Anything

📅 February 27, 2026 📰 www.infoblox.com 🔍 0 CVE(s) referenced

Threat actors are exploiting the trusted .arpa TLD and IPv6 reverse DNS domains—alongside hijacked CNAMEs and subdomain shadowing—to craft phishing campaigns that bypass traditional security controls and evade detection.

vendor

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap
🎯 IOC Extraction
⚔️ MITRE ATT&CK TTPs
📦 STIX 2.1 Bundle