| Type/Target | URL | IP Address | Threat Actor Email(s) |
|---|---|---|---|
| 16Shop | appleid[.]apple[.]com[.]lolsurprisehappytin[.]com/admin/login[.]php | 162[.]241[.]70[.]188 | tampunganlele01@gmail[.]com |
| YoungSister | ang-appleid-hel[.]sampah-karimbat[.]com/panel[.]php | 162[.]241[.]201[.]43 | n/a |
| Phoenix | icloud[.]com-find[.]page/admin/ | 192[.]111[.]147[.]51 | n/a |
| YOURLS | www[.]findmyiphone[.]uk | 192[.]111[.]147[.]51 | dierkurakura@gmail[.]com |
| YOURLS | appd[.]findmyiphone[.]uk | 192[.]111[.]147[.]51 | n/a |
| HijaIyh | apple[.]com[.]happytinyears[.]com/hipanel | 141[.]193[.]158[.]218 | n/a |
| ByteUnlock | dashboard[.]ios-id[.]co | 204[.]93[.]160[.]157 | ac00ntpay@gmail[.]com |
| Apple | apple[.]com[.]check-findmy[.]info/AppleNew20201[.]zip | 204[.]93[.]161[.]64 | robyrobian10@gmail[.]com |
| ByteUnlock | dashboard[.]check-findmy[.]info | 204[.]93[.]161[.]64 | robyrobian10@gmail[.]com |
| account[.]google[.]com[.]ios-id[.]co | 204[.]93[.]160[.]157 | ac00ntpay@gmail[.]com | |
| Xiaomi | account[.]xiaomi[.]com[.]ios-id[.]co | 204[.]93[.]160[.]157 | ac00ntpay@gmail[.]com |
| Apple | apple[.]com[.]ios-id[.]co | 204[.]93[.]160[.]157 | ac00ntpay@gmail[.]com |
| iCloud | icloud[.]com[.]ios-id[.]co | 204[.]93[.]160[.]157 | ac00ntpay@gmail[.]com |
| Apple | iforgot[.]apple[.]com[.]ios-id[.]co | 204[.]93[.]160[.]157 | ac00ntpay@gmail[.]com |
| iTunes | itunes[.]com[.]ios-id[.]co | 204[.]93[.]160[.]157 | ac00ntpay@gmail[.]com |
| Apple | mapconnect[.]apple[.]com[.]ios-id[.]co | 204[.]93[.]160[.]157 | ac00ntpay@gmail[.]com |
| Apple | support[.]apple[.]com[.]ios-id[.]co | 204[.]93[.]160[.]157 | ac00ntpay@gmail[.]com |
| Phoenix (Russian) | icloud[.]com-lost[.]in/admin/ | 188[.]120[.]234[.]251 | tomhen267@gmail[.]com |
| Phoneix (Russian) | icloud[.]com[.]acc-ids[.]us/admin/ | 31[.]31[.]198[.]108 | imanunlockingservices@protonmail[.]com |
| Phoenix (Russian) | icloud[.]com-manage[.]me/admin/ | 178[.]159[.]36[.]140 | zpkgsm96@gmail[.]com |
| Apple | apple[.]com-info[.]mobi | 178[.]159[.]36[.]140 | zpkgsm96@gmail[.]com |
| iCloud | icloud[.]com-info[.]mobi | 178[.]159[.]36[.]140 | zpkgsm96@gmail[.]com |
| Apple | appeid[.]appieid[.]co[.]jp-itunes[.]music-appstore[.]jp-i2music[.]info | 93[.]157[.]63[.]185 | alexx[.]person@gmail[.]com |
| iCloud | icloud[.]com[.]locate[.]support | 107[.]174[.]39[.]150 | n/a |
| iCloud | icloud[.]com-za[.]net | 23[.]95[.]226[.]191 | support@iserver[.]pro |
| iCloud | icloud[.]com[.]support-user[.]me | 23[.]95[.]226[.]191 | n/a |
| Apple | apple[.]com-za[.]net | 23[.]95[.]226[.]191 | support@iserver[.]pro |
| OFF iT | apple[.]com-os[.]info/admin/ | 5[.]100[.]152[.]162 | eloirzadi123@gmail[.]com gsmcrackpro1@gmail[.]com |
| Apple | appleid[.]fmi-support[.]com | 142[.]44[.]210[.]150 | n/a |
| iCloud | icloud[.]fmi-support[.]com | 142[.]44[.]210[.]150 | n/a |
| Apple | iforgot[.]fmi-support[.]com | 142[.]44[.]210[.]150 | n/a |
| iTunes | itunes[.]fmi-support[.]com | 142[.]44[.]210[.]150 | n/a |
| Apple | maps[.]fmi-support[.]com | 142[.]44[.]210[.]150 | n/a |
| Apple | support[.]fmi-support[.]com | 142[.]44[.]210[.]150 | n/a |
| Apple | appleid[.]fmi-la[.]com | 142[.]44[.]210[.]150 | n/a |
| iCloud | icloud[.]fmi-la[.]com | 142[.]44[.]210[.]150 | n/a |
| Apple | iforgot[.]fmi-la[.]com | 142[.]44[.]210[.]150 | n/a |
| iTunes | itunes[.]fmi-la[.]com | 142[.]44[.]210[.]150 | n/a |
| Apple | maps[.]fmi-la[.]com | 142[.]44[.]210[.]150 | n/a |
| Apple | support[.]fmi-la[.]com | 142[.]44[.]210[.]150 | n/a |
| iPanel Pro | icloud[.]com-os[.]info/admin/login[.]php | 5[.]100[.]152[.]162 | eloirzadi123@gmail[.]com gsmcrackpro1@gmail[.]com |
| Sharepoint | server-portal[.]ga/Attachments-D%20script[.]zip | 23[.]94[.]30[.]178 | fastlinkexpresservice@contractor[.]net jacksonwilliamsjames@gmail[.]com whogohostalerts@gmail[.]com |
| Paypal | systemsupport[.]xyz/script%201/Update[.]zip | 172[.]105[.]125[.]184 | CaZaNoVa163@outlook[.]com cazanova[.]haxor@bk[.]ru |
| Luno | online-11092[.]xyz/Luno/LUNO_2020[.]zip | 102[.]130[.]115[.]253 | caliphate[.]obento@bk[.]ru caliphateobento@gmail[.]com |
| Mail Phish | abokisurez[.]xyz/netease[.]zip | 204[.]93[.]178[.]29 | ahmedlogs@yahoo[.]com ahmedlogs@yandex[.]com roshnacco@gmail[.]com shantuohypo2017@163[.]com |
| Covid19 Spam | freenetgift[.]xyz/animation[.]zip | 54[.]38[.]206[.]97 | thccloudoon@gmail[.]com |
| Chase Bank | litaccs[.]xyz/CHASE%20(2)[.]zip | 54[.]38[.]141[.]141 | weberpeter345@gmail[.]com |
| Office 365 | ulakta-812[.]ga/elitepage%20(2)[.]zip | 35[.]228[.]89[.]77 | michaelrobison440@gmail[.]com |
| Yahoo | sakat-812[.]gq/yahoo/yahoologin[.]zip | 35[.]178[.]200[.]216 | n/a |
| WeTransfer | imindmyshitalways[.]cf/3276588/wt[.]zip | 23[.]254[.]224[.]88 | resultbox084@gmail[.]com |
| Assorted Skid Crap | teltak[.]ga/ferti-sehapark[.]cf[.]zip | 88[.]99[.]57[.]222 | n/a |
| Paypal | beststrategy[.]ml/Paypal%20new[.]zip | 192[.]185[.]111[.]228 | bonar250@yandex[.]com |
| eFax | casilonod[.]gq/EFAX[.]zip | 207[.]180[.]192[.]202 | troy[.]j0hnston@yandex[.]com |
| eFax | cojogodo[.]ml/EFAX[.]zip | 207[.]180[.]192[.]202 | troy[.]j0hnston@yandex[.]com |
| OneDrive | familyfirstfinancial[.]top/toba[.]zip | 178[.]159[.]36[.]218 | myresultbox[.]13@gmail[.]com |
| DHL | divisionstraw[.]top/wp-includes/3/DHL[.]zip | 192[.]227[.]142[.]147 | sir_kashh@protonmail[.]com |
| ScotiaBank | sc0tiabank-conifrmation[.]namrata[.]ga/scotia[.]zip | 173[.]249[.]48[.]70 | all[.]results13@gmail[.]com |
| Microsoft | dfghu[.]xyz/checkNOlogin[.]zip | 91[.]235[.]116[.]180 | montiilogs@outlook[.]com montiitest@seznam[.]cz |
| Chase Bank | secure[.]finavour[.]xyz/CHASEpg[.]zip | 198[.]54[.]116[.]161 | sharenwillson0@gmail[.]com |
| Chase Bank | secure[.]finavour[.]xyz/wp/chase[.]com/CHASEpg[.]zip | 198[.]54[.]116[.]161 | sharenwillson0@gmail[.]com |