Been yet another influx of Apple phishes, all seemingly registered to the same individual, all using those lovely new gTLDs (cheers for that ICANN!).
The vast majority are housed on:
AS: 36352 188.8.131.52/22 AS-COLOCROSSING - ColoCrossing, US
With the rest on;
ASN: 36352 184.108.40.206/22 AS-COLOCROSSING - ColoCrossing, US
ASN: 20150 220.127.116.11/24 SERVERCRATE - CubeMotion LLC, US
Personally I'd suggest firewalling both the IPs and ALL of the new gTLDs, but that's just me. I'll leave the decision to you.