cR0w@cR0w@infosec.exchange
@0xfeedc0fe@infosec.exchange That's a nice way to sidestep that HR crap. Well done.
0xfeedc0fe@0xfeedc0fe@infosec.exchange
@cR0w@infosec.exchange just a quick follow up with some recent samples. danmartin[.]ro was the previous host. https://github.com/Phishing-Database/phishing/pull/869 includes a list of urlscan results
catenacciovintage[.]com is the current host https://github.com/Phishing-Database/phishing/pull/878
it looks like they're primarily targeting South Africa at the moment but I wouldn't be surprised to see a shift to .edu domains in some of the lures over the coming weeks as the fall semester starts.