# uplevel.limited — MALICIOUS

> uplevel.limited is a confirmed phishing site posing serious risks. Users should avoid visiting and report suspicious emails referencing this domain.

## Summary
PhishDestroy identifies uplevel.limited as a high-risk generic phishing domain designed to deceive users and potentially steal sensitive information. The domain was flagged due to its association with phishing tactics and has been actively monitored in security communities.

The domain uplevel.limited was registered on February 21, 2026, through Atak Domain Bilgi Teknolojileri A.Ş. and resolved to the IP address 172.67.199.44. VirusTotal analysis indicates that 11 out of 95 security vendors flagged this domain, and it appears on three separate security blocklists, confirming its malicious intent. The domain’s page title currently returns a connection timeout error, likely indicating attempts to disrupt access or ongoing takedown efforts.

Currently, uplevel.limited is offline, reducing immediate risk to users. However, given its recent activity and high-risk classification, users are strongly advised to avoid interacting with this domain or related URLs. Security teams should continue monitoring for potential reactivation or related phishing infrastructure, and users should report any suspicious communications referencing this domain to their security providers.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: uplevel.limited | 522: Connection timed out

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Atak Domain Bilgi Teknolojileri A.Ş.
- Country: TR
- IP: 172.67.199.44
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["darwin.ns.cloudflare.com", "mallory.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Lionic", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01993c0d-0ca4-70bd-aff5-20839fbaef81.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/f058b9c1-3a2b-4039-b5c9-f7184585d383
- PhishDestroy: https://phishdestroy.io/domain/uplevel.limited/
- LLM endpoint: https://phishdestroy.io/domain/uplevel.limited/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/uplevel.limited/
Last updated: 2026-03-19