216.73.217.80

Phishing via 'com-' prefix domains

· Published 06/02/2025 03:31 · Modified 06/02/2025 09:50

Export JSON

Essential information

Published
06/02/2025 03:31
Modified
06/02/2025 09:50
Tags
2025-02-06 com-prefix dns-monitoring domain spoofing newly-registered-domains phishing sunpass toll fraud
Related entities
9 observables, 4 techniques (mitre), 3 others

Description

This analysis reveals a new trend using domains with a "com-" prefix to mimic legitimate websites. The scam targets users of Florida's toll system, exploiting the similarity between .com and fraudulent "com-" domains. A surge in "com-" prefix domain registrations has been observed, particularly using top-level domains like .top, .xyz, and .com. The article suggests monitoring DNS logs for these domains, as many have been confirmed malicious. The trend shows an increase in registrations since November, with 10% of recently registered domains found in Phishtank. This tactic is part of an ongoing cat-and-mouse game between attackers and security tools.

External references