# inc-icloudlocation.com — MALICIOUS > PhishDestroy identifies inc-icloudlocation.com as a fake 'iCloud location tracker' impersonating Apple. ## Summary PhishDestroy has elevated-risk intelligence confirming inc-icloudlocation.com is a live Apple brand impersonation campaign designed to harvest user credentials. The threat level is elevated because the domain weaponizes the Apple brand within a deceptive iCloud-location narrative to trick victims into revealing personal or financial information. This technique has been observed in recent credential harvesting campaigns targeting users seeking to track lost devices or access cloud features, making the payload particularly convincing to Apple customers. Technical analysis shows inc-icloudlocation.com resolves to IP 31.148.99.121 and was registered on February 23, 2026 through Czech registrar Gransy, s.r.o. Security monitoring confirms this domain appears on two distinct blocklists: OpenPhish and PhishingArmy. VirusTotal assessment reveals 17 out of 95 participating security vendors flagged the domain as malicious based on behavioral, content, and reputation analysis. Although the site holds a valid Let's Encrypt SSL certificate, this does not indicate trustworthiness; it only confirms encrypted traffic flow to a known malicious host. The combination of recent registration, low trust scores, and inclusion on active blocklists underscores the immediate danger posed by this domain. Users encountering inc-icloudlocation.com must treat it as a confirmed Apple impersonation site. Do not enter Apple ID credentials, payment information, or any sensitive data. If accidentally entered, immediately change your Apple ID password and enable two-factor authentication via Apple’s official settings. Report the domain to your email provider, browser vendor, and platforms like PhishDestroy or OpenPhish. To avoid similar risks, navigate only to apple.com or trusted first-party subdomains. Always verify URLs by typing them manually or using secure bookmarks; hover over links to inspect the true destination before clicking. This domain should be universally blocked and avoided due to its confirmed malicious intent. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Apple ## Domain Intelligence - Registered: 2026-02-23 03:43:04 - Registrar: Gransy, s.r.o. - IP: 31.148.99.121 ## Detection Status - VirusTotal: 17 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["OpenPhish", "PhishingArmy"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/808450c9-be29-4fa9-bb48-aabedf56e0d4 - PhishDestroy: https://phishdestroy.io/domain/inc-icloudlocation.com/ - LLM endpoint: https://phishdestroy.io/domain/inc-icloudlocation.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/inc-icloudlocation.com/ Last updated: 2026-03-29