So yesterday my girlfriend received a bunch of weird iMessages saying that "Find my iPhone" had found her lost iPhone (which obviously wasn't lost). It included this link http://bit.do/lost-or-stolen which in turn just redirects to http://188.26.15.18 (it's still up). The page looks exactly like the "Manage your Apple ID" page.<p>But before I managed to stop her she had tried to login and I assume her credentials got sent to some hacker. We immediately changed all of her passwords, but has anyone else seen this?<p>A traceroute seems like it ends up in Russia:<p><pre><code> $ traceroute 188.26.15.18
...
9 xr01.amsterdam.rdsnet.ro (80.249.208.51) 31.182 ms 31.053 ms 31.012 ms
10 10.30.2.101 (10.30.2.101) 98.765 ms 98.810 ms 98.754 ms
11 188-26-15-18.rdsnet.ro (188.26.15.18) 100.827 ms 100.678 ms 100.752 ms
</code></pre>
And HTTP headers hints that it's just a simple Python web server:<p><pre><code> $ curl -I http://188.26.15.18
HTTP/1.0 200 OK
Server: SimpleHTTP/0.6 Python/2.6.5
Date: Tue, 01 Sep 2015 07:05:29 GMT
Content-type: text/html
Content-Length: 19169
Last-Modified: Mon, 31 Aug 2015 14:39:29 GMT</code></pre>