# lcloud.app — MALICIOUS

> PhishDestroy identifies lcloud.app as a crypto drainer impersonating cloud services. VirusTotal flags 15 security vendors.

## Summary
PhishDestroy identifies lcloud.app as an active crypto drainer domain designed to deceive users into connecting cryptocurrency wallets under the guise of cloud storage services. The threat level is elevated due to confirmed malicious infrastructure and active evasion tactics. Users must treat this domain as hostile to prevent irreversible financial losses.    This domain exhibits multiple red flags confirming its malicious nature. VirusTotal reports 15 out of 95 security vendors flag lcloud.app as malicious, while InversionDNS has already blocked it. The domain was registered on October 22, 2020, through Namecheap Inc., resolving to IP address 198.54.125.162. Additionally, it appears on one security blocklist, and its SSL certificate is issued by Sectigo Limited. These indicators collectively demonstrate a well-established but still active threat actor leveraging deceptive SSL certificates to appear legitimate.    Crypto drainers like lcloud.app typically employ fake cloud storage interfaces to trick users into connecting their wallets. Once connected, these sites drain assets via malicious smart contracts. Users should never input wallet credentials or connect devices to suspicious domains. Mitigation requires verifying domain authenticity through official channels, using hardware wallets for transactions, and blocking known malicious IPs. Security teams should prioritize monitoring for similar domains and warn users about this evolving threat vector.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2020-10-22 19:06:03
- Registrar: Namecheap Inc.
- IP: 198.54.125.162

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["InversionDNS"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/676ce714-8fe9-4ef7-80de-1e42f7e1651d
- PhishDestroy: https://phishdestroy.io/domain/lcloud.app/
- LLM endpoint: https://phishdestroy.io/domain/lcloud.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/lcloud.app/
Last updated: 2026-03-22