An exposed .git folder let us dox a phishing campaign