# uphold-official-en.pro — SUSPICIOUS

> Investigating uphold-official-en.pro as an active cryptocurrency wallet phishing domain. Resolves to 104.21.32.142 with 0/95 detections.

## Summary
PhishDestroy identifies uphold-official-en.pro as a recently activated cryptocurrency wallet phishing domain designed to impersonate the legitimate Uphold platform. The domain leverages a spoofed 'official-en' suffix to mimic Uphold's branding, likely deploying a drainer script to siphon cryptocurrency assets from unsuspecting victims. The malicious infrastructure remains under active analysis to determine the full scope of the drainer kit and campaign distribution methods.

Technical indicators reveal a concerning lack of detection, with VirusTotal currently scoring 0/95 despite the domain resolving to IP 104.21.32.142. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED on March 15, 2026, and secured via a Let's Encrypt SSL certificate. Notably, the domain has not yet been flagged by Google Safe Browsing (GSB) and remains absent from all major threat intelligence blocklists, highlighting its novelty and evasion tactics.

Current status remains active, with the domain actively resolving and no active takedown measures observed. Immediate response actions include coordinating with ISPs and domain registrars to disrupt the infrastructure, while security teams are advised to monitor for related IOCs and update blocklists proactively. Remaining risk is classified as 'under_investigation' due to the domain's recent creation and low detection rates, though the potential for widespread phishing attacks targeting cryptocurrency users is significant.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-15 15:04:27
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 104.21.32.142

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/42649ef4-76cd-4bd2-889c-488c18154c7b
- PhishDestroy: https://phishdestroy.io/domain/uphold-official-en.pro/
- LLM endpoint: https://phishdestroy.io/domain/uphold-official-en.pro/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/uphold-official-en.pro/
Last updated: 2026-03-23