| Type | URL | IP Address | Threat Actor Email(s) |
|---|---|---|---|
| Centurylink | blah-812[.]tk/CENTURYLINK[.]COM/centurylink[.]zip | 47[.]245[.]25[.]81 | resultzigbalodeni@yandex[.]com |
| Office365 | pharsepiteueyfeyvey657[.]tk/data/AM[.]zip | 178[.]159[.]36[.]161 | ovoko101@dnmultiglobal[.]com |
| Whatsapp/Facebook | bokepjoin[.]virall17[.]ga/Whatsapp20Grupnew[.]zip | 213[.]136[.]74[.]52 | meki@gmail[.]com |
| UK Audio Mart | ukaudiomart[.]sslzimbraon[.]ml/login/login[.]zip | 37[.]72[.]171[.]98 | mrolland781@gmail[.]com sheddyslim2012@gmail[.]com |
| US Audio Mart | usaudiomart[.]sslzimbraon[.]ml/login/login_files[.]zip | 37[.]72[.]171[.]98 | mrolland781@gmail[.]com sheddyslim2012@gmail[.]com |
| OurTime Dating | uwclassroms[.]tk/Ourtime1[.]zip | 192[.]210[.]199[.]66 | joycewebber26@gmail[.]com |
| Mailbox Validation | fields-812[.]ml/skking89/Revalidate[.]zip | 149[.]129[.]136[.]5 | vipegen@gmail[.]com |
| American Express | gael-812[.]ga/jibash1/Amexss1[.]zip | 149[.]129[.]136[.]5 | ambitiousjibash1@gmail[.]com |
| Yahoo | lines-812[.]ml/e/yahoologin[.]zip | 149[.]129[.]136[.]5 | jhaymasterjhay@gmail[.]com |
| Office365 | lines-812[.]tk/office365/Whyxoffice365%202018[.]zip | 149[.]129[.]136[.]5 | n/a (unconfigured) |
| Email Upgrade | rakari-812[.]tk/ss/english-fixed[.]zip | 8[.]209[.]92[.]252 | bansytbobo@gmail[.]com |
| Email Phish | fuliton[.]xyz/white/UpdateNew[.]zip | 94[.]156[.]175[.]61 | mken2kg@gmail[.]com |
| Apple Phish | apple[.]appleid[.]com-webscr-bgd84[.]info/#/welcome | 162[.]214[.]77[.]213 | n/a |
| 16Shop | web[.]app-store[.]appleid[.]temporarily-locked[.]vomicine[.]com/admin/login[.]php | 162[.]241[.]201[.]127 | rippfckyurslf@gmail[.]com |
| 16Shop | appleid[.]apple[.]com[.]neoarmsaibntaksada[.]com/admin/login[.]php | 162[.]241[.]70[.]188 | edi[.]wowogans@yandex[.]com |
| 16Shop | appleid[.]apple[.]com[.]neoarmsaibntaksadc[.]com/admin/login[.]php | 162[.]241[.]70[.]188 | bangkemailashu@gmail[.]com |
| 16Shop | apple[.]com[.]bd01184d5b82f295c8-s601ca33[.]fannipaytakht[.]com/admin/login[.]php | 94[.]130[.]255[.]200 | jiushihiyiyi@yandex[.]com |
| 16Shop | support-appleid[.]pffttakksesikeh[.]com/admin/login[.]php | 167[.]172[.]149[.]0 | corona_virus@support-appleid[.]pffttakksesikeh[.]com |
| OFF iT Panel | icloud[.]com-fmi[.]support/admin/ | 5[.]100[.]152[.]162 | n/a |
| iTech updated | appleid-connect[.]com/admin/auth[.]php | 199[.]79[.]63[.]113 | n/a |
| HijaIyh | appleld-appsauths[.]servequake[.]com/hipanel | 104[.]223[.]170[.]169 | n/a (result[.]iyh[.]json is encoded somehow) |
| Phoenix | icloud[.]com[.]imap-log[.]in/admin/ | 82[.]202[.]175[.]117 | n/a |
| YOURLS | apple[.]com-user[.]id/admin/ | 93[.]170[.]123[.]138 | n/a |
| YOURLS | icloud[.]com-user[.]id/admin/ | 93[.]170[.]123[.]138 | n/a |
| Phoenix | icloud[.]com-map[.]support/admin/ | 5[.]180[.]102[.]79 | n/a |
| iPanel Pro | icloud[.]com-viewlost[.]dev/admin/login[.]php | 31[.]31[.]196[.]65 | n/a |
| iTech updated | icloud[.]com[.]applegermany[.]live/admin/auth[.]php | 37[.]140[.]192[.]115 | n/a |
| iPanel Pro | apple[.]com-isignin[.]live/admin/login[.]php | 190[.]14[.]38[.]22 | n/a |
| iPanel Pro | apple[.]com-isupport[.]live/admin/login[.]php | 190[.]14[.]38[.]22 | n/a |
| iPanel Pro | icloud[.]com-cn[.]live/admin/login[.]php | 190[.]14[.]38[.]22 | n/a |
| iPanel Pro | icloud[.]com-findmyiphone[.]live/admin/login[.]php | 190[.]14[.]38[.]22 | n/a |
| iPanel Pro | icloud[.]com-ilogins[.]live/admin/login[.]php | 190[.]14[.]38[.]22 | n/a |
| iPanel Pro | icloud[.]com-isupport[.]live/admin/login[.]php | 190[.]14[.]38[.]22 | n/a |
| iPanel Pro | icloud[.]com[.]app-ilogin[.]live/admin/login[.]php | 190[.]14[.]38[.]22 | n/a |
| iPanel Pro | icloud[.]com[.]app-logins[.]live/admin/login[.]php | 190[.]14[.]38[.]22 | n/a |
| iPanel Pro | icloud[.]com[.]map-app[.]live/admin/login[.]php | 190[.]14[.]38[.]22 | n/a |
| OFF iT Panel | icloud[.]com-auth[.]live/admin/ | 198[.]7[.]58[.]222 | n/a |
| OFF iT Panel | icloud[.]com-us[.]ltd/admin/ | 198[.]7[.]58[.]222 | n/a |
| 16Shop (cracked) | appleid[.]supportteam82195[.]fadefavourite[.]com/admin/login[.]php | 209[.]87[.]149[.]212 | n/a |