# pub-00bef5f99dab49e39fc5ca6f34eab29a.r2.dev — MALICIOUS

> pub-00bef5f99dab49e39fc5ca6f34eab29a.r2.dev hosts a generic phishing scam. VirusTotal flags 16/95 vendors. Verify safety on PhishDestroy.

## Summary
PhishDestroy identifies pub-00bef5f99dab49e39fc5ca6f34eab29a.r2.dev as a high-risk domain involved in generic phishing attacks. This threat type typically targets users with deceptive tactics to steal credentials or sensitive information without impersonating a specific brand. Due to its active status, users should exercise heightened caution when encountering this domain.

This domain has been flagged by 16 out of 95 security vendors on VirusTotal, reflecting a significant level of detection. It is currently blocked by reputable sources including OpenPhish, PhishingArmy, and OISD, and appears on three security blocklists. The domain resolves to IP address 104.18.50.34 and uses a Let's Encrypt SSL certificate, which, while common, does not guarantee legitimacy. These combined intelligence points confirm the domain's malicious intent and justify its high-risk classification.

To mitigate risks associated with this generic phishing domain, users should avoid clicking links or entering any credentials on sites hosted at pub-00bef5f99dab49e39fc5ca6f34eab29a.r2.dev. Employing browser security tools and verifying suspicious URLs on PhishDestroy before interaction is highly recommended. Organizations should update email filters and educate personnel about generic phishing threats to reduce successful attacks from such domains.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.50.34

## Detection Status
- VirusTotal: 16 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["OpenPhish", "PhishingArmy", "OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/fbe3bf44-216a-4686-a92b-e81d04db7dd3
- PhishDestroy: https://phishdestroy.io/domain/pub-00bef5f99dab49e39fc5ca6f34eab29a.r2.dev/
- LLM endpoint: https://phishdestroy.io/domain/pub-00bef5f99dab49e39fc5ca6f34eab29a.r2.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pub-00bef5f99dab49e39fc5ca6f34eab29a.r2.dev/
Last updated: 2026-03-27