Phishing actors exploit complex routing and misconfigurations to spoof domains