Been yet another influx of Apple phishes, all seemingly registered to the same individual, all using those lovely new gTLDs (cheers for that ICANN!).
The vast majority are housed on:
AS: 36352 18.104.22.168/22 AS-COLOCROSSING - ColoCrossing, US
With the rest on;
ASN: 36352 22.214.171.124/22 AS-COLOCROSSING - ColoCrossing, US
ASN: 20150 126.96.36.199/24 SERVERCRATE - CubeMotion LLC, US
Personally I'd suggest firewalling both the IPs and ALL of the new gTLDs, but that's just me. I'll leave the decision to you.