Nov '23

Uncovering Prolific Puma, Massive Domain Generator & URL Shortener – GBHackers

Hackers can exploit Massive Domain Generator and URL Shortener services by creating large numbers of deceptive or malicious domains and using URL shorteners to hide the true destination of links. 
This can be used for the following illicit purposes:- 
Recently, cybersecurity analysts at Infoblox uncovered a massive domain generator and URL shortener service dubbed “Prolific Puma Service.”
In 2023, the $8 trillion cybercrime economy ranks third globally. Puma aids this network, crafting deceptive domain names (RDGA) for:-
Disrupting Prolific Puma Service means hitting the criminal economy hard, as they create numerous deceptive domains and shorten links for malicious actors, hiding their actions.
This finding highlights the power of using DNS data to spot threats. Prolific Puma was tracked via DNS, showing challenges for domain authorities in controlling abuse. 
Distance from the crime can divert the takedowns, and researchers first spotted Puma domains via RDGA detection six months ago.
Prolific Puma offers covert link shortening for threat actors, and directly accessing an active SLD presents this message:-
Link shorteners simplify web link sharing and tackle social media size limits. When a user clicks, a DNS request resolves the shortening service’s IP, like tinyurl[.]com. 
The web request contains a hash to redirect, and additional DNS queries find the content’s IP. Legitimate users shorten links, but malicious actors may use complex redirection layers.
Malicious use of link shorteners, like TinyURL, BitLy, and Google, is common for phishing. Companies should avoid popular shorteners in emails. Prolific Puma’s services remained low-key.
Investigating link shorteners is tricky, as the final landing page can’t be determined without a full URL. Detecting suspicious domains with no public presence raises questions about their usage.
Prolific Puma registered thousands of usTLD domains since May 2023, violating usTLD rules. The usTLD is known for abuse, and privacy issues persist, mainly with NameSilo as the registrar. 
Private registration in the usTLD is unauthorized but exists, and to combat DNS threats, collaboration is needed.
Threat actors show unique traits in their tactics, and Prolific Puma, a DNS threat actor, uses private registration but public usTLD domains with an email reference to the obscure song ‘October 33’ by the lesser-known band, the Black Pumas. 
They also adopt the name ‘Leila Puma,’ which alludes to the same band and adds a touch of mystery with a personal Ukrainian email.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.
In today’s digital age, cybersecurity has become a critical aspect of our daily lives. Instead of just apologizing after a cyber attack, it’s important to take proactive measures to stay safe and secure. This year, let’s make a pledge to #SecureOurWorld and protect ourselves from all the malicious activities that happen on the internet. With the right security practices and tools, we can ensure a safer online experience for ourselves and everyone around us.
Stay safe online with free daily cybersecurity updates. Sign up now!
GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.
[email protected]




Joker has been buying and selling domains since the late 90's. He has worked with many portfolios and investors over the past decade as well.

Leave a Reply

Your email address will not be published. Required fields are marked *