# home-sso-uphols.pages.dev — MALICIOUS

> home-sso-uphols.pages.dev is a high-risk phishing site flagged for social engineering. Stay vigilant and avoid sharing sensitive info on this domain.

## Summary
PhishDestroy identifies home-sso-uphols.pages.dev as a high-risk generic phishing domain. The site is classified under social engineering threats due to attempts to impersonate legitimate login processes and steal sensitive user credentials. This domain mimics Single Sign-On (SSO) interfaces to deceive users into divulging private information.

The domain was registered recently through Cloudflare, Inc., on February 21, 2026, and continues to operate actively. It has been flagged by 16 out of 95 VirusTotal security vendors and appears on four separate security blocklists. Google Safe Browsing categorizes it as a social engineering threat, confirming its malicious intent. The use of pages.dev hosting indicates exploitation of legitimate infrastructure to host deceptive content.

Currently, home-sso-uphols.pages.dev remains active and poses a significant danger for users who may fall victim to credential theft or identity fraud. PhishDestroy recommends immediate caution and avoidance of interaction with this domain. Security systems should block access to prevent exposure to this ongoing phishing campaign.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.69
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["meadow.ns.cloudflare.com", "hugh.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b9155-a5c9-77ef-846d-7c9e343cd500.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/4e89ed6c-79a8-44c4-87d8-22203fbc9c8c
- PhishDestroy: https://phishdestroy.io/domain/home-sso-uphols.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/home-sso-uphols.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/home-sso-uphols.pages.dev/
Last updated: 2026-03-19