Home› SaaS› arc-phss.my.salesforce.com
This site failed important safety checks — please read this before going any further.
Be careful — Suspicious

No — arc-phss.my.salesforce.com doesn't look safe

35/ 100 trust score
Industry: SaaS Checked Jun 25, 2026 SaaS average: 53 31 signals
Check another site

In plain English

This page looks and feels like a real Salesforce login screen — the security setup and infrastructure are solid — but it hides who runs it, offers no contact info, and provides no privacy policy or terms. For a page asking you to enter a password, that's a worrying combination. Treat it with serious caution until you can independently verify it's the intended login portal for your organization.

What you should do now

Don't panic. These steps limit the damage, and the sooner you take them the better.

1

Don't enter any details

No passwords, card numbers or personal information — even if the site looks professional.

2

Close the tab

Especially if you got here from an email, text message or social media ad.

3

Already paid? Call your bank

Contact your bank or card provider right away. They can often stop or reverse a recent payment.

4

Warn others

Report the site and share this check with anyone who sent you the link.

N Partner pick
Better safe than sorry. Stay covered everywhere: NordVPN's Threat Protection blocks known scam sites before they load.
 Try NordVPN →
Cross-referenced 31 live signals from Google Safe Browsing, VirusTotal, WHOIS and more on Jun 25, 2026. How we score →

Where the score comes from

We look at six areas. Here's how arc-phss.my.salesforce.com did in each.
90
Security

Strong security posture: a valid certificate from a well-known issuer, modern encryption, and multiple browser protections against hijacking and clickjacking. This is better than many major login portals.

50
Identity

The WHOIS record for this subdomain returns no match, which effectively hides ownership. For a login page handling credentials, that lack of direct registrant visibility is a meaningful gap.

85
Reputation

Clean on all blacklists and threat databases, with four years of archived history showing consistent operation. No complaints or flags found.

30
Transparency

No contact information, no about page, no social media presence, and no company disclosure anywhere on the site. For a login page that asks for a username and password, this is unusually opaque.

40
Compliance

Missing privacy policy and terms of service on a page that collects login credentials. Even as a subdomain of Salesforce, this should have a privacy link accessible before login.

85
Infrastructure

Solid technical foundation: DNSSEC enabled, fast load times, multiple security headers, and no email handling, which makes sense for a dedicated login portal. Nothing concerning here.

What we checked

The 31 signals behind this report.
Security & Transport
Certificate Issuer
DigiCert Inc
Clickjacking Protection
Present
Content Security Policy
Present
Google Web Risk
Clean
HSTS Header
Present
Hidden Content
11 hidden elements
SSL Certificate
Valid
Security Headers
5 of 6
TLS Version
TLS 1.3
Identity & WHOIS
About Page
Not found
Branding
Basic
Business Disclosure
Not found
Contact Info
Not found
Legal Pages
Partial
Infrastructure & DNS
DNS Blacklists
Clean
DNS Resolution
3 IP(s)
DNSSEC
Enabled
Email (MX Records)
None
Page Load Time
403ms
Reputation & Reach
Page Description
Salesforce Customer Secure Login Page. Login to your Salesforce Customer Account.
Page Heading
Salesforce login
Page Language
en-us
Page Title
Login | Salesforce
Sitemap
Not found
Social Media Presence
None found
Structured Data
None found
Tranco Rank
Not ranked
Trustpilot
No Trustpilot profile
Web Archive History
4 years
Website Status
Online
robots.txt
Present

Think this verdict is wrong?

Site owners can request a fresh scan. Scores update automatically as signals change.

Report this site

When you land on arc-phss.my.salesforce.com, the first thing you notice is that it looks exactly like a Salesforce login page. That’s by design — the SSL certificate, encryption standards, and browser protections are all excellent. Technically, this page could be a legitimate Salesforce subdomain used by the American Red Cross for single sign-on, as hinted at by the homepage text.

But here’s the problem: a login page that collects usernames and passwords should tell you exactly who operates it and how to reach them. This one doesn’t. There’s no contact information, no about page, no privacy policy, and no terms of service. The WHOIS record for the subdomain returns nothing, making it impossible to confirm ownership independently. While the underlying Salesforce infrastructure is likely secure, the opacity at this specific subdomain is a red flag.

For anyone wondering “is arc-phss.my.salesforce.com safe to use” — the technical answer is “probably,” but the lack of transparency means you should verify directly with your IT team before typing credentials. A legitimate enterprise login page should never hide who is responsible for it.

More SaaS sites

How similar sites score. See all →
k1x.io icon k1x.io 45 console.druva.com icon console.druva.com 75 formtoro.com icon formtoro.com 55 statusdude.com icon statusdude.com 45 pangram.com icon pangram.com 75 iconicit.screenconnect.com icon iconicit.screenconnect.com 18