# ant-ofx-biz-ukp-hri-sp29ct1.pages.dev — MALICIOUS

> High-risk phishing domain ant-ofx-biz-ukp-hri-sp29ct1.pages.dev is offline. Avoid interaction and report suspicious activity immediately.

## Summary
PhishDestroy identifies ant-ofx-biz-ukp-hri-sp29ct1.pages.dev as a high-risk generic phishing domain. This domain was initially flagged due to suspicious activity and its association with phishing threats designed to deceive users into disclosing sensitive information. The domain's suspicious nature was confirmed by multiple security sources, underlining the importance of caution when encountering this URL.

The domain was registered on March 9, 2026, through Cloudflare, Inc. It resolved to the IP address 172.66.44.174 and appeared on at least one security blocklist. VirusTotal analysis detected malicious indicators from 15 out of 95 security vendors, reinforcing the domain’s compromised status. The page title indicated it was a suspected phishing site hosted via Cloudflare’s service, which is often exploited by threat actors to mask true intent.

Currently, the domain is offline and inaccessible, effectively preventing further user exposure. PhishDestroy recommends users avoid any interaction with this domain and report any suspicious emails or messages referencing it. Organizations should update internal blocklists to include this domain to mitigate risk. Continuous monitoring of similar domains and prompt takedown efforts remain critical to reduce phishing threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-09 01:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.174
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: kipp.ns.cloudflare.com marjory.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "DNS8", "ESET", "Emsisoft", "Fortinet", "G-Data", "Gridinsoft", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://i.ibb.co/N2kXcSt3/323a78400d93.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/caf4e014-db9c-4fe2-8593-70209c5cacd2
- Wayback Machine: https://web.archive.org/web/https://ant-ofx-biz-ukp-hri-sp29ct1.pages.dev
- PhishDestroy: https://phishdestroy.io/domain/ant-ofx-biz-ukp-hri-sp29ct1.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/ant-ofx-biz-ukp-hri-sp29ct1.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ant-ofx-biz-ukp-hri-sp29ct1.pages.dev/
Last updated: 2026-03-19