Look closely. The NIP-05 domain is misspelled, and they were clever enough to create a redirect to the real domain.
There's also the scam DM in my inbox.
Discussion
nothing says legit than a nice slimy dm
Yeh, they blew what could have been a good, slow burn.
ooh, thats interesting. I'm not sure what we could do about malicious pubkeys with slightly misspelled domains... 🤔
Don't trust; verify.
This is the problem with using nip 05s for verification, classic phishing maneuver