Infoblox Threat Intel

Prolific Puma

Prolific Puma is a threat actor that uses algorithmically generated domains to create shortened links for other malicious actors. The short links help bad actors to evade detection while they distribute phishing, scams and malware. Prolific Puma is the first actor to be identified as a malicious link shortening service. They register hundreds to thousands of new domains daily and notably abuse the .US TLD.

Operating since: At least January 2020
Infoblox discovered: March 2022
Infoblox published: October 2023
Prevalence: Uncommon

Threat actor resources

Media Article

Krebs on Security
October 31, 2023

.US Harbors Prolific Malicious Link Shortening Service

The top-level domain for the United States — .US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests.

Blog

Infoblox Threat Intel
October 31, 2023

Prolific Puma: Shadowy Link Shortening Service Enables Cybercrime

Halloween might be the spookiest time of the year, but threat actors are doing frightening things on the internet every day.

Media Article

BetaNews
6 months ago

Prolific Puma protects pernicious phishing plotters

We’re all familiar with link shortening services, those handy tools that allow you to shrink URLs down to a manageable size to make them easier to share.

Infoblox Threat Intel

Prolific Puma

Threat actor resources

Media Article

.US Harbors Prolific Malicious Link Shortening Service

Blog

Prolific Puma: Shadowy Link Shortening Service Enables Cybercrime

Media Article

Prolific Puma protects pernicious phishing plotters

Products

Solutions

Company

Resources

Get Infoblox Email Updates