Domain Age
2 Months
Tranco Rank
#1,521,657
Hosting Provider
DigitalOcean, LLC
Threat History
Issues Found
Recommendation: IMMEDIATE ACTION REQUIRED: Block all traffic to `.litellm.cloud` at the firewall or DNS level. If you have installed or updated `litellm` on or after March 24, 2026, audit your environment for versions 1.82.7 or 1.82.8. You must assume all credentials on affected systems (SSH, Cloud APIs, Database passwords) are compromised and rotate them immediately. Check for persistence markers at `~/.config/sysmon/sysmon.py`.
This domain is a confirmed malicious endpoint used in a supply chain attack against the litellm Python library. It facilitates the exfiltration of stolen credentials and sensitive system data from compromised environments.
URLert analyzed recent scan activity for litellm.cloud and found 2 results.
| Status | Target URL | Type | Time |
|---|---|---|---|
| Suspicious | https://models.litellm.cloud/ | 2mo ago | |
| Suspicious | https://models.litellm.cloud/ | 2mo ago |
Historical and current IP address mappings for this domain.
| IP Address / Hosting | Status | Subdomains | Last Seen |
|---|---|---|---|
Hosted by: OPTIBOUNCE Optibounce, LLC (AS214967) | Historical | models.litellm.cloud litellm.cloud | 4 days ago |
Hosted by: NAMECHEAP-NET - Namecheap, Inc. (AS22612) | Historical | litellm.cloud | 4 days ago |
Hosted by: DigitalOcean, LLC (AS14061) | Active | litellm.cloud | 4 days ago |
Received a suspicious link? Paste the full link to investigate.
Access this classification data programmatically via our API.
{
"domain": "litellm.cloud",
"confidence": "high",
"category": {
"purpose": "potentially_malicious",
"specialization": "Data Exfiltration Endpoint"
},
"identity": {
"headline": "Malicious domain used for data exfiltration and C2",
"summary": "This domain is a confirmed malicious endpoint used in a supply chain attack against the litellm Python library. It facilitates the exfiltration of stolen credentials and sensitive system data from compromised environments.",
"operator": null,
"parent_entity": null,
"topics": [
"malware",
"data exfiltration",
"supply chain attack",
"credential theft"
]
},
"functions": {
"is_ugc_platform": false,
"is_file_host": false,
"is_url_shortener": false,
"is_public_idp": false,
"is_crypto_platform": false,
"allows_user_subdomains": false,
"is_form_builder": false,
"is_document_host": false
},
"facts": {
"registered_date": "2026-03-23T16:32:04.762000Z",
"rank": 1521657,
"hosting_provider": "DigitalOcean, LLC"
}
}