# sso-uphold-io-auth.pages.dev — MALICIOUS

> sso-uphold-io-auth.pages.dev is flagged as a high-risk phishing site. Avoid interaction and stay informed with PhishDestroy's latest findings.

## Summary
PhishDestroy identifies sso-uphold-io-auth.pages.dev as a high-risk generic phishing domain designed to deceive users and steal sensitive data. Such threats remain a critical concern due to their potential to compromise personal and financial information.

The domain was registered recently on February 21, 2026, through Cloudflare, Inc., and it has been flagged on three security blocklists. Notably, 14 out of 95 VirusTotal security engines detected malicious activity, with the domain resolving to IP 172.66.47.4. Currently, the site is offline, reducing immediate risk.

Users are advised to avoid visiting this domain or entering any personal data. Regularly update security software, remain cautious about unsolicited links, and rely on trusted sources like PhishDestroy to verify suspicious URLs.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.4
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["syeef.ns.cloudflare.com", "oaklyn.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Phishing Database", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c388e-8208-766c-976c-80cf3b876572.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/98843424-1bc9-4a6a-bfbd-4f6c3e645dfd
- PhishDestroy: https://phishdestroy.io/domain/sso-uphold-io-auth.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sso-uphold-io-auth.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sso-uphold-io-auth.pages.dev/
Last updated: 2026-03-19