Blog for hpHosts, and whatever else I feel like writing about ....

Wednesday, 21 September 2016

WARNING: Apple phishes

Been yet another influx of Apple phishes, all seemingly registered to the same individual, all using those lovely new gTLDs (cheers for that ICANN!).

uk_iosapplecareupdate.saf1.cloud
uk_iosAppleCareupdate.vefy1.support
uk_iosAppleCareupdate.vefy1.cloud
uk_iosAppleCareupdate.upd1.cloud
uk_iosAppleCareupdate.sgn1.support
uk_iosAppleCareupdate.sgn1.cloud
uk_iosAppleCareupdate.set1.support
uk_iosAppleCareupdate.set1.cloud
uk_iosAppleCareupdate.serv1.support
uk_iosAppleCareupdate.serv1.cloud
uk_iosAppleCareupdate.saf1.support
uk_iosAppleCareupdate.saf1.cloud
uk_iosAppleCareupdate.reg1.support
uk_iosAppleCareupdate.reg1.cloud
uk_iosAppleCareupdate.prof1.support
uk_iosAppleCareupdate.prof1.cloud
uk_iosAppleCareupdate.pro1.support
uk_iosAppleCareupdate.pro1.cloud
uk_iosAppleCareupdate.int1.support
uk_iosAppleCareupdate.int1.cloud
uk_AppleCarevalidate.vefy1.support
uk_AppleCarevalidate.vefy1.cloud
uk_AppleCarevalidate.upd1.cloud
uk_AppleCarevalidate.sgn1.support
uk_AppleCarevalidate.sgn1.cloud
uk_AppleCarevalidate.set1.support
uk_AppleCarevalidate.set1.cloud
uk_AppleCarevalidate.serv1.support
uk_AppleCarevalidate.serv1.cloud
uk_AppleCarevalidate.saf1.support
uk_AppleCarevalidate.saf1.cloud
uk_AppleCarevalidate.reg1.support
uk_AppleCarevalidate.reg1.cloud
uk_AppleCarevalidate.prof1.support
uk_AppleCarevalidate.prof1.cloud
uk_AppleCarevalidate.pro1.support
uk_AppleCarevalidate.pro1.cloud
uk_AppleCarevalidate.int1.support
uk_AppleCarevalidate.int1.cloud
uk_AppleAssistverifylog_in.vefy1.support
uk_AppleAssistverifylog_in.vefy1.cloud
uk_AppleAssistverifylog_in.upd1.cloud
uk_AppleAssistverifylog_in.sgn1.support
uk_AppleAssistverifylog_in.sgn1.cloud
uk_AppleAssistverifylog_in.set1.support
uk_AppleAssistverifylog_in.set1.cloud
uk_AppleAssistverifylog_in.serv1.support
uk_AppleAssistverifylog_in.serv1.cloud
uk_AppleAssistverifylog_in.saf1.support
uk_AppleAssistverifylog_in.saf1.cloud
uk_AppleAssistverifylog_in.reg1.support
uk_AppleAssistverifylog_in.reg1.cloud
uk_AppleAssistverifylog_in.prof1.support
uk_AppleAssistverifylog_in.prof1.cloud
uk_AppleAssistverifylog_in.pro1.support
uk_AppleAssistverifylog_in.pro1.cloud
uk_AppleAssistverifylog_in.int1.support
uk_AppleAssistverifylog_in.int1.cloud
ukappleverify.sub1.link
ukAppleAssistverify.int1.link
ukAppleAssistverify.ap1.link
uk_applesecurelog_in.int1.link
uk_applesecurelog_in.ap1.link
uk_applesafeauth.sub1.link
uk_applesafeauth.int1.link
uk_appleglobalupdate.sub1.link
uk_appleglobalupdate.int1.link
uk_applecarevalidate.sub1.link
uk_applecarevalidate.ap1.link
uk_iosAppleCareupdate.upd1.support
uk_AppleCarevalidate.upd1.support
uk_AppleAssistverifylog_in.upd1.support
ukappleverify.int1.link
ukappleverify.ap1.link
ukAppleCareverify.sub1.link
ukAppleCareverify.int1.link
ukAppleCareverify.ap1.link
ukAppleAssistverify.sub1.link
uk_applesecurelog_in.sub1.link
uk_applesafeauth.ap1.link
uk_appleglobalupdate.ap1.link
uk_applecarevalidate.int1.link


The vast majority are housed on:

IP: 23.95.37.25
AS: 36352 23.95.36.0/22 AS-COLOCROSSING - ColoCrossing, US

With the rest on;

IP: 104.232.32.18
ASN: 36352 104.232.32.0/22 AS-COLOCROSSING - ColoCrossing, US

IP: 216.126.225.145
ASN: 20150 216.126.225.0/24 SERVERCRATE - CubeMotion LLC, US

Personally I'd suggest firewalling both the IPs and ALL of the new gTLDs, but that's just me. I'll leave the decision to you.