# help-us-uphold-login.pages.dev — MALICIOUS

> help-us-uphold-login.pages.dev is flagged for credential phishing. Learn why this dangerous site was taken offline and how to protect your login info.

## Summary
PhishDestroy identifies help-us-uphold-login.pages.dev as a high-risk credential phishing domain designed to steal sensitive login information. This site was flagged due to its impersonation tactics and is currently offline to prevent further harm. Users encountering this domain are at risk of unknowingly revealing personal credentials to cybercriminals.

This phishing attack works by mimicking legitimate login pages to trick users into entering their usernames, passwords, or other sensitive data. The domain was reported on multiple security blocklists, including Google Safe Browsing, which classifies it under social engineering threats. Additionally, 13 out of 95 security vendors on VirusTotal detected malicious activity linked to this domain. The site was registered through Cloudflare and hosted on the IP 172.66.44.174 before being taken offline.

If you have visited help-us-uphold-login.pages.dev and submitted any login details, it is crucial to immediately change your passwords on affected accounts and enable two-factor authentication where possible. Monitor your accounts for unusual activity and consider running a complete security scan on your devices. Always verify website URLs carefully before entering credentials to avoid falling victim to phishing scams.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.174
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["romina.ns.cloudflare.com", "leonidas.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ced12-b891-72d6-9d2c-553764661772.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/8d8ceffd-87ec-4583-904b-8b2fa9b1e34a
- PhishDestroy: https://phishdestroy.io/domain/help-us-uphold-login.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/help-us-uphold-login.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/help-us-uphold-login.pages.dev/
Last updated: 2026-03-19