[CPWG] DNS Abuse in link-shortening service using .US

[Greg Shatan [NARALO]]

All,

Here's another form of DNS Abuse that is quite problematic, and described
in detail in the Krebs on Security piece.  Apparently, there is a
link-shortening service called Prolific Puma that has become a favorite for
use in malware and phishing scams.  Prolific Puma creates second level .us
domains that obfuscate the true URL.  The Krebs piese is based on an
Infoblox report that is mentioned in the article.

.US Harbors Prolific Malicious Link Shortening Service – Krebs on Security
<https://krebsonsecurity.com/2023/10/us-harbors-prolific-malicious-link-shortening-service/>

"The top-level domain for the United States — *.US* — is home to thousands
of newly-registered domains tied to a malicious link shortening service
that facilitates malware and phishing scams, new research suggests. The
findings come close on the heels of a report that identified .US domains as
among the most prevalent in phishing attacks over the past year."
-- 
*Greg Shatan*
*Chair, NARALO*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/cpwg/attachments/20231103/db839fa3/attachment.html>