# web-cd-uphold-io.pages.dev — MALICIOUS

> web-cd-uphold-io.pages.dev is a high-risk phishing site flagged for social engineering. Avoid interacting; domain now offline.

## Summary
PhishDestroy identifies web-cd-uphold-io.pages.dev as a high-risk generic phishing domain flagged primarily for social engineering. The domain, created on February 21, 2026, was registered through Cloudflare, Inc. and masqueraded as a legitimate service to deceive users. The page title indicated a suspected phishing site, reinforcing its malicious intent.

Technical indicators for this domain include its resolution to IP 172.66.44.173, hosted through Cloudflare's infrastructure. It appeared on three separate security blocklists and was flagged by Google Safe Browsing under the SOCIAL_ENGINEERING category. VirusTotal results show 14 out of 95 security vendors detected malicious activity related to this domain, corroborating its high-threat status.

Currently, web-cd-uphold-io.pages.dev has been taken offline, mitigating immediate risk to users. PhishDestroy recommends continued monitoring, as phishing campaigns may reemerge with similar infrastructures or spoofed domain patterns. Users should avoid interaction with similar domains and report suspicious URLs to maintain cybersecurity hygiene.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 172.66.44.173
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["etta.ns.cloudflare.com", "dante.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["Criminal IP", "alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce0a2-7b1c-722a-918a-18081e554b5d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/676581a8-fe86-49c3-8af4-d267695019a1
- PhishDestroy: https://phishdestroy.io/domain/web-cd-uphold-io.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/web-cd-uphold-io.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/web-cd-uphold-io.pages.dev/
Last updated: 2026-03-19