# cloudamply.com — SUSPICIOUS

> cloudamply.com is a live generic phishing domain with 0/95 VirusTotal detections. Threat identified: credential theft lure.

## Summary
PhishDestroy identifies cloudamply.com as an active generic phishing domain engaged in credential theft. The domain exhibits low detection coverage, rapid deployment tactics, and trusted SSL issuance, indicating a high-risk lure likely targeting unsuspecting users under false pretenses. This campaign poses an elevated threat to individuals and organizations due to its freshness and lack of current blocklist integration.

This domain was flagged on June 17, 2024, through Porkbun LLC and resolves to IP 104.21.21.236. It currently shows 0 detections out of 95 VirusTotal engines, has not been listed on any known blocklists, and holds an SSL certificate issued by Google Trust Services. The infrastructure routing and certificate authority suggest an attempt to appear legitimate at first glance, while the newly registered domain status reinforces its use in opportunistic credential harvesting lures.

Mitigation requires immediate network-level blocking of the domain cloudamply.com and its resolving IP address 104.21.21.236. Organizations should update firewall rules, DNS sinkholes, and proxy filters. Users should be alerted to avoid entering credentials on any site hosted at this domain. Report the domain to threat intelligence platforms (e.g., VirusTotal, AbuseIPDB) and corporate security teams. Conduct a review of recent login logs for patterns consistent with credential theft. Given the low detection rate, proactive threat hunting is advised to uncover related infrastructure or campaigns leveraging similar TTPs.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2024-06-17 18:18:55
- Registrar: Porkbun LLC
- IP: 104.21.21.236

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/100d6511-f93e-4964-b1b6-3f82aca7a985
- PhishDestroy: https://phishdestroy.io/domain/cloudamply.com/
- LLM endpoint: https://phishdestroy.io/domain/cloudamply.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/cloudamply.com/
Last updated: 2026-03-29