# pub-135a4055f8454025aa2f06845da4f8d8.r2.dev — MALICIOUS

> PhishDestroy warns: pub-135a4055f8454025aa2f06845da4f8d8.r2.dev is a live fake-login page now blocked by 3 lists. Verify any suspicious link before clicking.

## Summary
PhishDestroy identifies pub-135a4055f8454025aa2f06845da4f8d8.r2.dev as a high-risk fake-login phishing site currently active on the internet. This domain is engineered to mimic a legitimate online service and steal user credentials the moment they are entered. It has already been detected by multiple automated crawlers and is now blocked by OpenPhish, PhishingArmy, and OISD, showing strong consensus that this infrastructure is actively used in credential-harvesting campaigns. The domain resolves to IP address 104.18.54.45 and is secured with a Let’s Encrypt SSL certificate, giving it a false appearance of legitimacy to unwary visitors.  PhishDestroy’s analysis confirms that pub-135a4055f8454025aa2f06845da4f8d8.r2.dev first appeared on security blocklists on seed ba19de and is now flagged by 17 out of 95 VirusTotal partners. This detection ratio indicates a high-confidence threat rather than a borderline case. The domain is served from Cloudflare R2 storage, a legitimate cloud service that is being abused to host the phishing payload. Security telemetry shows that this infrastructure is part of a broader campaign aimed at harvesting user login details for financial services, social platforms, and corporate portals.  If you have visited pub-135a4055f8454025aa2f06845da4f8d8.r2.dev or entered any credentials, assume they have been compromised. Immediately change passwords on all related accounts and enable multi-factor authentication where available. Scan your device with updated antivirus software and review recent transaction histories for signs of fraud. Report the domain to PhishDestroy for takedown and warn colleagues or family members who may have been exposed. Staying vigilant and verifying links before clicking remains the best defense against credential theft.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.54.45

## Detection Status
- VirusTotal: 17 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["OpenPhish", "PhishingArmy", "OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f5d64803-a3f8-45b3-9a23-38743aaa221e
- PhishDestroy: https://phishdestroy.io/domain/pub-135a4055f8454025aa2f06845da4f8d8.r2.dev/
- LLM endpoint: https://phishdestroy.io/domain/pub-135a4055f8454025aa2f06845da4f8d8.r2.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pub-135a4055f8454025aa2f06845da4f8d8.r2.dev/
Last updated: 2026-03-27