Pivoting IoC’s in a phishing campaign