si55896.adminerallo.cloud

https://si55896.adminerallo.cloud/

172.67.178.125 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

6 days ⚠

HTTP

200 · 18.6s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "PANELITO Admin"

Save

Registered-domain escalation

Submit adminerallo.cloud as the primary IOC, enriched with evidence from hostile subdomains like si55896.adminerallo.cloud.

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

PANELITO

Credential Phishing

technology | finance | ecommerce | government | other · 4/5/2026

Summary

The page at si55896.adminerallo.cloud presents a login UI titled 'Welcome to PANELITO' with a strong admin-oriented phrasing. Static HTML contains a login section that appears to be a SPA, and the page loads admin.js and external scripts. The domain is extremely new (6 days) and uses a Cloudflare-backed host, with a valid SSL cert issued recently. The UI, labels, and assets imply a credential collection interface masquerading as an admin panel named PANELITO, likely capturing admin credentials for a malicious purpose.

Attack Techniques (5)

New-domain typosquint/brand impersonation signals via PANELITO Admin brandingSPA-style credential capture: static HTML shows no form but external admin.js renders login formCredential harvesting UI with password field and 'Login to Panel' actionExternal script loading admin.js and Cloudflare beacon suggests remote control/exfiltrationSuspicious POST to /cdn-cgi/rum? indicating possible beacon/telemetry submission

Indicators of Compromise (9)

▸Domain: si55896.adminerallo.cloud (very new, 6 days old)

▸Page title: PANELITO Admin

▸Login placeholders and input fields aiming to collect credentials (Username/admin, Password)

▸External script: https://si55896.adminerallo.cloud/admin.js

▸External script: https://static.cloudflareinsights.com/beacon.min.js/...

▸POST to https://si55896.adminerallo.cloud/cdn-cgi/rum? (204)

▸SSL certificate issued recently (valid from Mar 6 2026)

▸No static login form in HTML; SPA likely renders credentials via JS

▸External assets referencing branding that imitates an admin panel

Risk AssessmentUsed in abuse reports

The site is a high-risk credential harvesting page. The domain is newly created (6 days) and hosts a visually cohesive admin login UI labeled PANELITO, which strongly indicates impersonation of an admin panel. The static HTML contains no form, but dynamic JavaScript likely renders a login form to capture usernames and passwords. A POST beacon to /cdn-cgi/rum? and loading of Cloudflare insights script are common in malicious rigs. The SSL cert is valid but recently issued, and the domain is hosted behind Cloudflare, suggesting an attempt to evade basic screening while presenting a realistic admin interface to lure administrators into divulging credentials.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence