Dr. Christopher Kunz
Active #hetzner phishing campaign, landing page for "unpaid invoice" leads to typical CC phishing.
IOC: glorious-gem[.]com, kundenportalservice[.]com
Feb 4 at 8:06amWeb
Show threadFlorian LohoffFeb 4

@christopherkunz got a couple of them and it only was very obvious because of the E-Mail address used.

Pretty good made though

Show threadDr. Christopher KunzFeb 4

@flohoff Yup, they were using an alias that I never (knowingly) used for anything, and rspamd went "*************" too.

I just thought it'd be interesting to take a couple screengrabs.