# ip-84-32-32-6.005.ptr.cherryservers.net — SUSPICIOUS

> ip-84-32-32-6.005.ptr.cherryservers.net is linked to medium-risk phishing. Stay vigilant and avoid interactions with this offline domain.

## Summary
PhishDestroy has detected a phishing campaign associated with the domain ip-84-32-32-6.005.ptr.cherryservers.net, posing a medium risk to users. This domain was used for generic phishing attacks aimed at stealing sensitive information, highlighting the importance of cautious online behavior and verifying domain legitimacy before engagement.

The domain resolves to the IP address 84.32.32.6 and was registered through Kaunas University of Technology. It was created recently on March 4, 2026. VirusTotal scan results indicate that 4 out of 95 security vendors flagged this domain, and it appears on three separate security blocklists. Currently, the domain is offline, which may indicate that takedown efforts have been successful or the infrastructure was abandoned by its operators.

Users should remain cautious of any communications or links referencing ip-84-32-32-6.005.ptr.cherryservers.net even after it is offline, as phishing campaigns often rotate domains quickly. It is advisable to avoid clicking suspicious links, verify sender authenticity, and report any phishing attempts. Employing updated security solutions and monitoring domain blocklists can also help mitigate potential risks associated with similar threats.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Page title: ip-84-32-32-6.005.ptr.cherryservers.net

## Domain Intelligence
- Registered: 2026-03-04 15:07:01
- Registrar: Kaunas University of Technology
- Country: LT
- IP: 84.32.32.6
- IP Country: US
- IP City: Chicago
- IP Org: AS204770 UAB Cherry Servers
- Nameservers: ["ns1-08.azure-dns.com", "ns2-08.azure-dns.net", "ns3-08.azure-dns.org", "ns4-08.azure-dns.info"]
- SSL Issuer: none

## Detection Status
- VirusTotal: 4 vendors flagged
  Vendors: ["Fortinet", "Seclookup", "SOCRadar", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/0V2LYTFK/ab1e13d02b40.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/93b95cbf-4ce7-4cf0-a65f-7903967dff7f
- Wayback Machine: https://web.archive.org/web/https://ip-84-32-32-6.005.ptr.cherryservers.net
- PhishDestroy: https://phishdestroy.io/domain/ip-84-32-32-6.005.ptr.cherryservers.net/
- LLM endpoint: https://phishdestroy.io/domain/ip-84-32-32-6.005.ptr.cherryservers.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ip-84-32-32-6.005.ptr.cherryservers.net/
Last updated: 2026-03-19