# icloud.sa.com — MALICIOUS > PhishDestroy identifies icloud.sa.com as a brand impersonation site with 12/95 VirusTotal detections. This Apple-targeting scam poses elevated risk. ## Summary PhishDestroy identifies icloud.sa.com as an active brand impersonation scam targeting Apple users. The domain masquerades as iCloud to harvest credentials or deliver malicious payloads. This tactic, known as brand impersonation, is frequently used to exploit trust in recognizable brands like Apple, leading unsuspecting users to surrender sensitive login details or download malware disguised as official software. Technical indicators reveal this domain was flagged by 12 of 95 security vendors on VirusTotal, indicating a significant but not universal consensus on its malicious nature. The domain resolves to IP 188.114.97.3 and is associated with Google Trust Services for its SSL certificate, which may lend an air of legitimacy to casual observers. The registrar remains unconfirmed in available data, and the domain has been blocked by OpenPhish and OISD, placing it on 2 security blocklists. These factors collectively highlight its elevated risk profile. Currently, icloud.sa.com remains active and accessible, posing an ongoing threat to users who may inadvertently interact with it. Immediate action is advised: users should avoid accessing this domain and report it to their security teams or relevant authorities such as Google Safe Browsing. While multiple blocklists have flagged this domain, its persistence underscores the need for continuous monitoring and proactive threat intelligence sharing. Remaining risk is elevated due to its active status and the potential for further malicious activities, including the distribution of crypto drainers or credential theft tools. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Apple ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 188.114.97.3 ## Detection Status - VirusTotal: 12 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["OpenPhish", "OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/712e3144-375c-4466-9e88-8864783e0045 - PhishDestroy: https://phishdestroy.io/domain/icloud.sa.com/ - LLM endpoint: https://phishdestroy.io/domain/icloud.sa.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/icloud.sa.com/ Last updated: 2026-03-29