# sso-upheld-en.created.app — MALICIOUS

> The domain sso-upheld-en.created.app is flagged for social engineering risks. Avoid interaction and verify before sharing any info online.

## Summary
PhishDestroy identifies sso-upheld-en.created.app as an active domain currently under investigation due to a potential generic phishing threat. Although the risk level is not yet fully confirmed, caution is advised since the domain is flagged for suspicious social engineering activity.

Supporting evidence includes a Google Safe Browsing classification marking the domain for social engineering, which typically indicates phishing efforts to deceive users. Despite this concern, VirusTotal scans reveal zero detections from 95 security vendors, showing no current malware or known phishing signatures. The domain resolves to IP 216.150.1.129, but additional contextual domain age or registrar information remains inconclusive, requiring further monitoring.

Users are recommended to avoid interacting or submitting credentials on sso-upheld-en.created.app until the investigation concludes. Security professionals should track updates from trusted threat intelligence sources. The domain remains active and flagged, so vigilance and caution are crucial to mitigate any possible exposure to phishing schemes associated with this domain. PhishDestroy continues to monitor developments under unique seed 97c3b4.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: Uphold Login - Secure Access to Your Digital Wallet

## Domain Intelligence
- Registered: 2026-03-06 11:07:01
- Registrar: Tucows Domains Inc.
- Country: CA
- IP: 216.150.1.129
- IP Country: US
- IP City: Walnut
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: ["ns1.vercel-dns.com", "ns2.vercel-dns.com"]
- SSL Issuer: Let's Encrypt / R13

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc29c-b70d-7263-bce9-6534a25d45ec.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/sso-upheld-en.created.app
- Wayback Machine: https://web.archive.org/web/https://sso-upheld-en.created.app
- PhishDestroy: https://phishdestroy.io/domain/sso-upheld-en.created.app/
- LLM endpoint: https://phishdestroy.io/domain/sso-upheld-en.created.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sso-upheld-en.created.app/
Last updated: 2026-03-19