# app-uphold-auth.pages.dev — SUSPICIOUS > PhishDestroy confirms app-uphold-auth.pages.dev as a credential theft phishing site with a 3/95 VirusTotal detection rate. Act now to block this active threat. ## Summary PhishDestroy identifies app-uphold-auth.pages.dev as an active credential theft phishing domain operating under Cloudflare Pages with elevated risk status. This domain is specifically designed to impersonate Uphold’s authentication portal, tricking users into surrendering login credentials. The threat involves real-time harvesting of usernames and passwords, enabling subsequent unauthorized access to Uphold accounts and potential cryptocurrency theft. This domain was flagged with a risk level of elevated and is known to deliver a Uphold-branded login page aimed at capturing sensitive credentials. VirusTotal analysis shows 3 out of 95 security vendors detecting the threat, clouding its initial reputation. The domain resolves to IP 188.114.96.3 via Cloudflare, Inc., leveraging Google Trust Services SSL certificates to appear legitimate. The use of pages.dev under Cloudflare Pages suggests rapid deployment and evasion of traditional blocklists. At least one major blocklist has already flagged this domain, confirming its active malicious status. PhishDestroy recommends immediate blocking of app-uphold-auth.pages.dev at DNS and firewall levels. Users who entered credentials should change passwords immediately and enable two-factor authentication on all linked accounts, especially cryptocurrency platforms. Organizations are advised to deploy updated threat intelligence feeds and browser protections to intercept future variants. Network administrators should inspect traffic for connections to 188.114.96.3 and inspect TLS handshakes involving Google Trust Services certificates for this domain pattern. Exercise heightened caution with any Uphold login prompts received via email or messaging platforms. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 3 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/17b16c00-4b52-43e2-8942-1b5bf8bab06f - PhishDestroy: https://phishdestroy.io/domain/app-uphold-auth.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/app-uphold-auth.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/app-uphold-auth.pages.dev/ Last updated: 2026-03-21