# uphol--dlogin.pages.dev — MALICIOUS

> uphol--dlogin.pages.dev is flagged for credential phishing. Learn how this scam works and what to do if you encountered this dangerous site.

## Summary
PhishDestroy identifies uphol--dlogin.pages.dev as a high-risk credential phishing domain designed to steal login information. This site poses a serious threat by tricking users into revealing sensitive credentials, potentially leading to identity theft or unauthorized account access.

This phishing scheme operates by mimicking legitimate login pages to deceive visitors into entering their usernames and passwords. The domain was registered through Cloudflare and has been flagged by Google Safe Browsing for social engineering. It appeared on multiple security blocklists and was taken offline after detection, but users should remain vigilant as similar scams persist.

If you visited uphol--dlogin.pages.dev and submitted any login details, immediately change your passwords on affected accounts and enable two-factor authentication. Monitor your accounts for suspicious activity, and consider running a security scan on your devices. Reporting phishing attempts to your IT department or security providers can help prevent further harm.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.250
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["ezra.ns.cloudflare.com", "elma.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Netcraft", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ae63e-398d-759c-8db5-82a58a676c7d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/014b3b3a-253b-4576-be71-6f6a78815221
- PhishDestroy: https://phishdestroy.io/domain/uphol--dlogin.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/uphol--dlogin.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/uphol--dlogin.pages.dev/
Last updated: 2026-03-19