by infoblox
Prolific Puma controls one of the largest networks we track. Since April 2022, they have registered between 35k and 75k unique domain names. Figure 3 shows the number of unique domain names registered per day using 3 or 4 long domain labels. As we recently reported RDGAs have increasingly replaced traditional DGAs and offer new challenges to defenders. The use of this technique allows them to easily automate their operations for scale; Prolific Puma domains are among the thousands of new domains Infoblox detects daily that are generated by an RDGA.
Prolific Puma uses NameSilo as their domain name registrar and tends to strategically age their domains before hosting their service with anonymous providers. Despite a lack of clear relation to the United States, Prolific Puma consistently abuses the us top level domain (usTLD), a TLD intended to be reserved for U.S. citizens and organizations. Prolific Puma is known to register both new domains and dropped domains. As an example, 3ty[.]us was previously used by a different actor in June 2022 for Facebook messenger phishing campaigns and was then registered by Prolific Puma after the registration lapsed in July 2023.
read more < infoblox
Kerbs on security: .US Harbors Prolific Malicious Link Shortening Service > read more
Prolific Puma controls one of the largest networks we track. Since April 2022, they have registered between 35k and 75k unique domain names. Figure 3 shows the number of unique domain names registered per day using 3 or 4 long domain labels. As we recently reported RDGAs have increasingly replaced traditional DGAs and offer new challenges to defenders. The use of this technique allows them to easily automate their operations for scale; Prolific Puma domains are among the thousands of new domains Infoblox detects daily that are generated by an RDGA.
Prolific Puma uses NameSilo as their domain name registrar and tends to strategically age their domains before hosting their service with anonymous providers. Despite a lack of clear relation to the United States, Prolific Puma consistently abuses the us top level domain (usTLD), a TLD intended to be reserved for U.S. citizens and organizations. Prolific Puma is known to register both new domains and dropped domains. As an example, 3ty[.]us was previously used by a different actor in June 2022 for Facebook messenger phishing campaigns and was then registered by Prolific Puma after the registration lapsed in July 2023.
read more < infoblox
Kerbs on security: .US Harbors Prolific Malicious Link Shortening Service > read more
Last edited:
