# sso-uphold-login-com.pages.dev — MALICIOUS

> sso-uphold-login-com.pages.dev is linked to credential phishing. Learn how to protect yourself from this high-risk domain flagged by multiple security vendors.

## Summary
PhishDestroy identifies sso-uphold-login-com.pages.dev as a high-risk credential phishing domain. This domain was designed to deceive users into revealing sensitive login information by impersonating legitimate services, posing a significant threat to account security and personal data.

The domain was registered recently on February 21, 2026, through Cloudflare, Inc., and has been flagged by 14 out of 95 security vendors on VirusTotal. It also appears on three distinct security blocklists, underscoring its malicious intent. The use of a Cloudflare infrastructure and the pages.dev subdomain suggests an attempt to exploit trusted platforms to lend credibility to the phishing campaign.

Currently, the domain has been taken offline, effectively halting ongoing phishing attempts. Users are advised to remain vigilant against similar phishing URLs and avoid entering credentials on suspicious sites. Employing multi-factor authentication and regularly monitoring account activity can further mitigate risks associated with such threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.188
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["miki.ns.cloudflare.com", "howard.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019af456-5576-702d-906c-91317b3e0b4b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/e0876bbf-e2d9-46ca-96cf-5339585c940d
- PhishDestroy: https://phishdestroy.io/domain/sso-uphold-login-com.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/sso-uphold-login-com.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/sso-uphold-login-com.pages.dev/
Last updated: 2026-03-19