# cloud-sign.app — SUSPICIOUS

> PhishDestroy identifies cloud-sign.app as a cloud login phishing page. This domain, created March 19, 2026, evades 95/95 VirusTotal scanners.

## Summary
PhishDestroy identifies cloud-sign.app as a credential-stealing phishing site impersonating legitimate cloud login portals. This domain lures users by mimicking trusted cloud authentication pages, aiming to harvest usernames and passwords under the guise of routine access verification. When victims enter their credentials, the site either captures the data for malicious use or redirects them to a fake error page while attackers gain unauthorized access to real cloud accounts. Security teams have observed similar campaigns targeting employees with cloud-based workflows, making this a high-risk threat to both individuals and organizations.  This domain was flagged by PhishDestroy after being registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolving to IP 216.198.79.65. The domain went live on March 19, 2026, and currently uses a Let’s Encrypt SSL certificate to appear legitimate. Most strikingly, VirusTotal reports zero detections out of 95 security engines, indicating this phishing page is actively evading automated detection. These technical indicators suggest a sophisticated campaign in early stages, likely testing effectiveness before broader deployment.  If you visited cloud-sign.app, immediately change any passwords you may have entered and enable multi-factor authentication on all cloud accounts. Scan your device with updated antivirus software and monitor accounts for unusual activity. Do not re-enter credentials or interact further with the site. Report the domain to your IT team or cybersecurity platform for blocking. Avoid clicking links from unsolicited emails or messages referencing cloud logins, and verify any suspicious requests through official channels.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-19 10:58:14
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 216.198.79.65

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/48961a9a-ed38-481d-9297-e113a9181b36
- PhishDestroy: https://phishdestroy.io/domain/cloud-sign.app/
- LLM endpoint: https://phishdestroy.io/domain/cloud-sign.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cloud-sign.app/
Last updated: 2026-03-23