allegro.pl-y34t63.click

https://allegro.pl-y34t63.click

172.67.178.178 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

0 days ⚠

HTTP

200 · 15.8s

SSL

Valid· E8, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Save

Registered-domain escalation

Submit pl-y34t63.click as the primary IOC, enriched with evidence from hostile subdomains like allegro.pl-y34t63.click.

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Unknown

Credential Phishing

E-Commerce · 4/5/2026

Summary

The page at allegro.pl-y34t63.click visually impersonates a legitimate service, but the domain is a brand-new, suspicious domain not owned by Allegro. The final URL shows a bare, empty HTML skeleton with no forms, yet the screenshot reportedly displays branding, indicating a possible SPA clone. The domain is extremely new (0 days) and protected behind Cloudflare, with a Let's Encrypt cert issued today, which is a common tactic for hasty phishing setups intended to mimic Allegro branding without hosting legitimate content.

Attack Techniques (5)

Typosquat/brand impersonation via a non-official domain (allegro.pl-y34t63.click) that targets Allegro brandingVisual brand impersonation likely via cloned UI assets loaded in the screenshot despite an empty static HTML shellNew-domain phishing infrastructure with a valid SSL certificate issued days ago to appear legitimateUse of Cloudflare infrastructure to obscure hosting and impede direct tracingSPA-based rendering suspected (no static forms in HTML; branding revealed in screenshot)

Indicators of Compromise (6)

▸DOMAIN: allegro.pl-y34t63.click (brand-imposter domain)

▸SSL SANs: *.pl-y34t63.click, pl-y34t63.click with Let’s Encrypt certificate issued today

▸Domain age: 0 days (very new)

▸HTTP status 200 for root and API call to ipify.org (no content in HTML, indicating dynamic rendering or blocked content)

▸Page HTML: empty shell (no forms, no inputs) despite screenshot showing branding

▸Network requests include a call to https://api.ipify.org/?format=text (common for geolocation/anti-detection tricks; also indicates external calls not necessary for legitimate Allegro pages)

Risk AssessmentUsed in abuse reports

High risk phishing domain targeting Allegro users. The domain allegro.pl-y34t63.click is brand-imposter and a new registration with a valid SSL cert is typical of credential-logging setups. The static HTML contains no forms, yet the attached screenshot indicates visible Allegro-like branding, suggesting a cloned UI delivered via JavaScript after load. The presence of Cloudflare hosting and a brand-new certificate further supports an active attempt to evade automated scanning while presenting a credible façade to victims. Immediate action recommended: suspend_domain and block_url to prevent credential harvesting, and notify hosting provider/registrar with the corroborating indicators (new domain, impersonation clue in page branding, external asset loading).

Recommended Action

Monitor

Cross-Reference8

URL Intelligence