# icloudphotos.litong5969.work — SUSPICIOUS

> icloudphotos.litong5969.work is impersonating Apple with brand impersonation scam tactics. Check the full report for details and safety guidance.

## Summary
PhishDestroy identifies icloudphotos.litong5969.work as an active brand impersonation scam targeting Apple users. This domain closely mimics Apple's iCloud Photos service to deceive victims into entering credentials or payment details. The site leverages social engineering tactics, exploiting trust in Apple's brand to harvest sensitive information. No drainer kit or advanced malware delivery mechanisms were observed during the initial investigation, though this may evolve as the campaign matures.

Technical indicators confirm this domain as a high-risk impersonation threat. VirusTotal reports a 0/95 detection rate at the time of analysis, indicating it remains undetected by most AV engines. The domain is registered through Alibaba Cloud Computing Ltd. d/b/a HiChina and resolves to IP address 50.71.105.230. It was created on March 10, 2021, and secured with a Let's Encrypt SSL certificate. The domain has not been flagged by Google Safe Browsing (GSB) and remains absent from major blocklists as of the latest scan.

The threat is currently active and under ongoing investigation by PhishDestroy’s threat intelligence team. No immediate public blocklists have been updated to flag this domain, though proactive blocking is recommended for users and organizations. The remaining risk is considered moderate due to its low detection rate and potential for rapid evolution. Users are advised to avoid interacting with this domain and report any suspicious activity to PhishDestroy or Apple Security for further analysis.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Apple

## Domain Intelligence
- Registered: 2021-03-10 13:25:24
- Registrar: Alibaba Cloud Computing Ltd. d/b/a HiChina (www.net.cn)
- IP: 50.71.105.230

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a900bb47-0d82-4e55-9185-95d9dce08001
- PhishDestroy: https://phishdestroy.io/domain/icloudphotos.litong5969.work/
- LLM endpoint: https://phishdestroy.io/domain/icloudphotos.litong5969.work/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/icloudphotos.litong5969.work/
Last updated: 2026-03-25