Intel Drops #1

Active phishing emails targeting EU and US companies deliver PDFs with QR codes that redirect to identical credential-harvesting sites hosted on dallasonrasolutions.cloud and withbible.com; the latter may be a compromised long-registered domain. Evidence includes hundreds of related EMLs, consistent HELO headers, and two source IPs (51.89.86.103, 23.26.201.168), collectively indicating a single coordinated campaign and providing actionable IoCs.