# upholded-log-in.pages.dev — MALICIOUS

> Discover why upholded-log-in.pages.dev is flagged as a high-risk phishing site and learn about its takedown and threat indicators.

## Summary
PhishDestroy identifies upholded-log-in.pages.dev as a high-risk generic phishing domain. The threat posed by this domain is significant due to its intent to deceive users into divulging sensitive information through fraudulent login interfaces or similar social engineering tactics.

Supporting this classification, the domain was created recently on February 21, 2026, and is registered via Cloudflare, Inc., a common registrar used by both legitimate and malicious actors. It resolved to IP address 172.66.47.39 and was flagged by 15 out of 95 security vendors on VirusTotal. Moreover, Google Safe Browsing categorizes it under "SOCIAL_ENGINEERING," and it appears on three distinct security blocklists. The domain’s page title was identified as "Suspected phishing site | Cloudflare," further corroborating its malicious nature.

Mitigation efforts have effectively taken the domain offline, curtailing its active threat potential. Users and organizations are advised to continue exercising caution by avoiding this domain and similar URLs mimicking legitimate services. PhishDestroy emphasizes the importance of monitoring newly registered domains with suspicious naming conventions, especially those hosted or proxied via services like Cloudflare, to prevent exposure to credential harvesting and social engineering attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.47.39
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["kobe.ns.cloudflare.com", "autumn.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c580c-b6c6-772d-8354-e9b0352969cc.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/76c83839-f778-49e0-aa38-37711d612002
- PhishDestroy: https://phishdestroy.io/domain/upholded-log-in.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/upholded-log-in.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/upholded-log-in.pages.dev/
Last updated: 2026-03-19