# app-uphol-cdn-auth.pages.dev — MALICIOUS

> Warning: app-uphol-cdn-auth.pages.dev is a high-risk phishing site flagged for social engineering. Avoid and report suspicious activity.

## Summary
PhishDestroy identifies app-uphol-cdn-auth.pages.dev as a high-risk generic phishing domain. It was created recently on February 21, 2026, indicating its use in targeted malicious activity. The domain is classified under social engineering threats exploiting user trust.

Technical indicators include its resolution to IP 172.66.46.236 and registration through Cloudflare, Inc. Fourteen out of ninety-five security vendors on VirusTotal and three separate blocklists flag this domain, confirming its malicious infrastructure. The page title observed was a standard Cloudflare phishing warning.

The domain is currently taken offline, mitigating immediate risk. Google Safe Browsing explicitly flags it for social engineering, and PhishDestroy recommends continued monitoring for potential reuse or related domains leveraging similar tactics. Users should remain cautious and verify URLs before interaction.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.46.236
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["tessa.ns.cloudflare.com", "bruce.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c2040-034e-7452-9c84-525a3174b4ed.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/0ce3b64e-2f1b-440e-a5cd-4b4b6b64f3c0
- PhishDestroy: https://phishdestroy.io/domain/app-uphol-cdn-auth.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/app-uphol-cdn-auth.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/app-uphol-cdn-auth.pages.dev/
Last updated: 2026-03-19