Well folks, this is my 2nd volume of "Crap I Found On The Internet". Today, i've got a mix of Apple phishes and freenom domains (which i've scanned for kits)
| Type | URL | IP Address | Threat Actor Email |
|---|---|---|---|
| Phoenix | www[.]icloud[.]com-signin[.]id/admin/ | 192[.]111[.]147[.]51 | N/A |
| iCloud URL Shortener | apple[.]com-dn[.]info/admin/login[.]php | 31[.]31[.]196[.]197 | N/A |
| iBenchrif URL Shortener | apple[.]com-log[.]eu | 93[.]157[.]63[.]221 | N/A |
| iBenchrif URL Shortener | icloud[.]com-log[.]eu/admin/login[.]php | 93[.]157[.]63[.]221 | N/A |
| Adobe Document Phish | virus-812[.]ml/approve/PDF[.]zip | 35[.]175[.]211[.]65 | dnovanton@gmail[.]com |
| Adobe Document Phish | virus-812[.]ml/review/PDF[.]zip | 35[.]175[.]211[.]65 | dnovanton@gmail[.]com |
| Web Shell | virus-812[.]ml/shell[.]php | 35[.]175[.]211[.]65 | N/A |
| Apple Phish | dontcrosstheline[.]tk/Apple%202020[.]zip | 67[.]220[.]188[.]162 | coffeyanderson001@gmail[.]com |
| Docusign Phish | fake-812[.]gq/docusign/grace[.]zip | 15[.]222[.]44[.]122 | rakapaksi133@gmail[.]com |
| Yahoo Phish | fake-812[.]gq/yahoo/yahoologin[.]zip | 15[.]222[.]44[.]122 | youremailhere@gmail[.]com |
| Web Shell | fake-812[.]gq/shell[.]php | 15[.]222[.]44[.]122 | N/A |
| Web Shell | useless-812[.]cf/shell[.]php | 54[.]169[.]91[.]206 | N/A |
| Web Shell | mugged-812[.]cf/shell[.]php | 54[.]206[.]107[.]221 | N/A |
| Malware Zip | mugged-812[.]cf/document/Invoice%2027745[.]zip | 54[.]206[.]107[.]221 | N/A |
| YOURLS Panel | apple[.]com-auth[.]id/admin/ | 185[.]52[.]2[.]117 | N/A |
| URL Shortener | www[.]apple[.]com-ilocation[.]info/user/login | 37[.]140[.]192[.]154 | N/A |
| Phoenix | apple[.]com[.]applesupport[.]live/admin/ | 5[.]100[.]152[.]162 | N/A |
| HijaIyh_App | verify-appleidaccnt[.]serveirc[.]com/hipanel | 3[.]80[.]4[.]49 | N/A |
| Phoenix | icloud[.]com-dev[.]in/admin/ | 178[.]159[.]36[.]140 | N/A |