The phishing site has the same server version and time as the real site, and if you create an account on the phishing site, you can log in on the main site. The phishing site is not a phishing site at all. It's run by the Atlantis admins. It's a second onion address that points to the same server. I believe they are using it as a form of deniable marketing. They are behind this spam, but they want to make it look like a phisher is doing it, and the "fools" who sign up on the phishing site will go on to use their site as normal.