# internal-medicine-associates-of-auburn.pages.dev — SUSPICIOUS > PhishDestroy identifies internal-medicine-associates-of-auburn.pages.dev as a generic phishing domain impersonating medical associates. Resolves to 172.66.44. ## Summary PhishDestroy identifies active generic phishing activity on internal-medicine-associates-of-auburn.pages.dev, a fraudulent domain impersonating Internal Medicine Associates of Auburn. This domain poses a high risk to users expecting legitimate medical communications, as threat actors frequently leverage healthcare impersonation to harvest credentials or deliver malware. The domain’s registration through Cloudflare’s pages.dev service suggests a low-cost, fast-deploy approach typical of opportunistic phishing campaigns, while the use of Google Trust Services for SSL certificates adds superficial legitimacy to deceive users. Given the absence of detections on VirusTotal (0/95), this domain remains undetected by most antivirus engines, increasing the risk of successful exploitation by attackers. This domain was flagged by PhishDestroy’s automated pipeline using seed 6b2d08. VirusTotal currently reports 0/95 detections, indicating no antivirus or security vendor has flagged the domain as malicious. The domain is registered under Cloudflare, Inc., a common choice for threat actors due to its free tier and rapid deployment capabilities. It resolves to IP address 172.66.44.249, which belongs to Cloudflare’s infrastructure, further masking its true origin. The SSL certificate is issued by Google Trust Services, a trusted CA, which may lull users into a false sense of security. As of the latest analysis, this domain has not been listed on any major blocklists, such as PhishTank or OpenPhish, though its recent activation suggests it may be in the early stages of deployment. The combination of low detection rates, trusted infrastructure, and healthcare impersonation makes this domain a credible threat vector. To mitigate risk, users must avoid interacting with internal-medicine-associates-of-auburn.pages.dev or any links associated with it, as it is actively engaged in phishing. Organizations should implement email filtering rules to block domains hosted on pages.dev or Cloudflare IP ranges, particularly those mimicking healthcare providers. Network defenders should monitor for outbound connections to 172.66.44.249 and block or alert on such traffic. Users who encounter this domain should report it immediately to their IT security team or via PhishDestroy’s reporting portal. Healthcare organizations should proactively warn patients or associates about potential impersonation scams targeting their brand. Given the domain’s low detection profile, immediate action is critical to prevent credential theft or malware delivery before antivirus vendors update their signatures. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.249 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/c4cb52bf-5e51-4ed7-ad0f-0ac4f3c32d4a - PhishDestroy: https://phishdestroy.io/domain/internal-medicine-associates-of-auburn.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/internal-medicine-associates-of-auburn.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/internal-medicine-associates-of-auburn.pages.dev/ Last updated: 2026-03-26