# cloud.botmining.vip — SUSPICIOUS

> cloud.botmining.vip is a fake Apple cloud login page detected on April 7, 2026, hosted on 104.21.4.50. Avoid entering credentials to prevent theft.

## Summary
PhishDestroy identifies cloud.botmining.vip as an active site impersonating Apple’s cloud login portal to steal user credentials. The domain mimics authentic Apple services to lure visitors into entering sensitive account details, with no antivirus detections as of today according to VirusTotal.  This domain was flagged on April 7, 2026, and was registered through Dominet (HK) Limited. It resolves to IP 104.21.4.50 and holds a valid Let’s Encrypt SSL certificate, which attackers often use to appear legitimate. The lack of detections—0 out of 95 scanners—suggests this threat is still under the radar for many security tools.  If you visited cloud.botmining.vip, assume your credentials may have been exposed. Immediately change your Apple ID password and enable two-factor authentication. Scan your devices for malware and monitor your account for unusual activity. Report suspicious messages or links to Apple directly.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Apple

## Domain Intelligence
- Registered: 2026-04-07 04:41:49
- Registrar: Dominet (HK) Limited
- IP: 104.21.4.50

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/c51b18d4-d2cc-4c37-988e-64e0a1203ca4
- PhishDestroy: https://phishdestroy.io/domain/cloud.botmining.vip/
- LLM endpoint: https://phishdestroy.io/domain/cloud.botmining.vip/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cloud.botmining.vip/
Last updated: 2026-04-11