Seized and Still Dangerous: IP-Literal Download Link, Netlify Credential Page, and a VIP Target
ID: 87e74ab6-e0d3-5763-acae-1a9263439567
STIX ID: report--87e74ab6-e0d3-5763-acae-1a9263439567
Feed Name: IRONSCALES
Threat Score
A targeted credential-harvesting phishing campaign used a disposable sender domain (myvoiso.com, now in clientHold) and an IP-literal download link (http://66.179.188.94) plus a Netlify-hosted credential collection page (https://securefilepro-cloud.netlify.app) to phish a Finance Senior Director; the message showed SPF=none, DKIM=fail, DMARC=none, and diverted replies to a throwaway Gmail account ([email protected]).
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
