# update-sec.click — MALICIOUS

> Caution: update-sec.click is an active credential phishing site flagged for social engineering. Avoid entering personal info and report suspicious activity.

## Summary
PhishDestroy identifies update-sec.click as an active credential phishing domain targeting unsuspecting users. The domain is primarily used to harvest login credentials through deceptive social engineering tactics. While no antivirus vendors have flagged this site yet, its activity and behavior strongly indicate malicious intent aimed at compromising user accounts.

The domain was registered recently on February 25, 2026, through Global Domain Group LLC, which is a known registrar frequently utilized by threat actors for disposable phishing domains. It resolves to IP address 188.114.97.3 and is listed on two distinct security blocklists. Furthermore, Google Safe Browsing flags update-sec.click for social engineering, underscoring its use in deceitful schemes that attempt to trick users into divulging sensitive information.

Currently, update-sec.click remains active and poses a significant risk. Given the lack of detections on VirusTotal, the domain is under ongoing investigation to validate and track its threat footprint. PhishDestroy recommends users avoid interacting with the domain, refrain from submitting any credentials, and employ updated security tools that detect social engineering threats. Organizations should monitor network traffic for connections to this domain and apply appropriate email and web filtering policies to mitigate exposure.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-03-08 19:07:01
- Registrar: Global Domain Group LLC
- Country: US
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["lola.ns.cloudflare.com", "seth.ns.cloudflare.com"]
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "SOCRadar"]
- Google Safe Browsing: FLAGGED
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "MetaMask"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ccea1-8172-738a-bc0b-f606a88b9829.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/dfb8ad05-bc26-446a-b9a2-0426e8bb5142
- Wayback Machine: https://web.archive.org/web/https://update-sec.click
- PhishDestroy: https://phishdestroy.io/domain/update-sec.click/
- LLM endpoint: https://phishdestroy.io/domain/update-sec.click/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/update-sec.click/
Last updated: 2026-03-19