Threat actors are utilizing a novel phishing technique that abuses the implicitly trusted .arpa top-level domain and IPv6 tunnels to bypass standard security controls. By registering reverse DNS domains for IPv6 blocks and creating A records instead of PTR records, attackers host malicious content on infrastructure that evades reputation-based blocking and policy filters.