logo

Seized and Still Dangerous: IP-Literal Download Link, Netlify Credential Page, and a VIP Target

ID: 87e74ab6-e0d3-5763-acae-1a9263439567

STIX ID: report--87e74ab6-e0d3-5763-acae-1a9263439567

Feed Name: IRONSCALES

Threat Score
70/100

Date Published: 2026-06-29

Date Updated: 2026-07-02

Author: [email protected] (Audian Paxson)

...
...

A targeted credential-harvesting phishing campaign used a disposable sender domain (myvoiso.com, now in clientHold) and an IP-literal download link (http://66.179.188.94) plus a Netlify-hosted credential collection page (https://securefilepro-cloud.netlify.app) to phish a Finance Senior Director; the message showed SPF=none, DKIM=fail, DMARC=none, and diverted replies to a throwaway Gmail account ([email protected]).

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.