Phishing via 'com-' prefix domains

Feb. 6, 2025, 9:50 a.m.

Description

This analysis reveals a new phishing trend using domains with a "com-" prefix to mimic legitimate websites. The scam targets users of Florida's Sunpass toll system, exploiting the similarity between sunpass.com and fraudulent "com-" domains. A surge in "com-" prefix domain registrations has been observed, particularly using top-level domains like .top, .xyz, and .com. The article suggests monitoring DNS logs for these domains, as many have been confirmed malicious. The trend shows an increase in registrations since November, with 10% of recently registered domains found in Phishtank. This tactic is part of an ongoing cat-and-mouse game between attackers and security tools.

External References

https://isc.sans.edu/diary/rss/31654
https://otx.alienvault.com/pulse/67a42d22b8d594bc0a57ad23
Tags
phishing
2025-02-06
newly-registered-domains
domain-spoofing
sunpass
dns-monitoring
com-prefix
toll-fraud

Date

  • Created: Feb. 6, 2025, 3:31 a.m.
  • Published: Feb. 6, 2025, 3:31 a.m.
  • Modified: Feb. 6, 2025, 9:50 a.m.

Indicators

  • com-zfrulb.top
  • com-yzgv.top
  • com-ywbl.top
  • com-xyuoph.top
  • com-wsxder.top
  • com-vfgbnj.top
  • com-uilqsc.top
  • com-tyuiop.top
  • com-typopn.top
Download all indicators here!

Attack Patterns

Additional Informations

  • Transportation
  • Government
  • United States of America