# sso-uphold-eng.pages.dev — MALICIOUS

> sso-uphold-eng.pages.dev flagged for phishing and social engineering. Offline now, learn what this means for your online safety.

## Summary
PhishDestroy identifies sso-uphold-eng.pages.dev as a high-risk generic phishing domain designed to deceive users by mimicking legitimate services. This threat is significant as it attempts to steal sensitive information, putting users at risk of financial loss and identity theft. Despite being offline, the domain’s prior activity underscores the importance of vigilance when interacting with unfamiliar web addresses.

The domain was registered through Cloudflare, Inc. on February 21, 2026, and resolved to the IP address 172.66.47.188. Multiple security sources, including Google Safe Browsing, have flagged it for social engineering, and it appears on three separate security blocklists. VirusTotal analysis shows 14 out of 95 security vendors detected malicious activity, confirming a consensus about its dangerous nature.

Users should avoid interacting with this domain or any associated URLs. It is advisable to verify the authenticity of websites before submitting personal information, especially those mimicking trusted platforms. Employing updated antivirus software and enabling browser security features can further mitigate exposure to phishing attempts like sso-uphold-eng.pages.dev.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.188
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["frank.ns.cloudflare.com", "diva.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a990e-6655-717a-a2f9-a510081dbd76.png
- PhishDestroy: https://phishdestroy.io/domain/sso-uphold-eng.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sso-uphold-eng.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sso-uphold-eng.pages.dev/
Last updated: 2026-03-19