# pub-328b2c608f85458baef54afef68fbb4a.r2.dev — MALICIOUS > pub-328b2c608f85458baef54afef68fbb4a.r2.dev hosts high-risk phishing threats flagged by 16 of 95 VirusTotal vendors. Users should avoid interaction. ## Summary pub-328b2c608f85458baef54afef68fbb4a.r2.dev is classified as a high-risk phishing domain. It actively attempts to deceive users by mimicking legitimate sites or services to steal sensitive information such as login credentials, financial data, or personal details. The threat posed is significant due to the domain’s confirmed presence on multiple security blocklists and detection by various antivirus engines. According to available intelligence, this domain is flagged by 16 out of 95 VirusTotal security vendors, indicating a strong consensus on its malicious nature. It is listed on at least three reputable security blocklists: OpenPhish, PhishingArmy, and OISD, which specialize in identifying phishing threats. The domain uses a Let's Encrypt SSL certificate, which provides encryption but does not validate the domain’s legitimacy. It resolves to the IP address 104.18.54.45, which is associated with cloud hosting services often exploited by threat actors. Although details about its registrar or creation date are not specified here, the domain’s inclusion on multiple blocklists and vendor detections underline its untrustworthiness. To mitigate risks associated with pub-328b2c608f85458baef54afef68fbb4a.r2.dev, users should refrain from visiting this domain or submitting any personal or financial information if encountered. Organizations should consider blocking the IP and domain at their network perimeter and keep endpoint security solutions updated to detect phishing attempts. Additionally, educating users on recognizing phishing indicators—such as unexpected requests for credentials or suspicious URLs—can reduce the likelihood of successful exploitation. Continuous monitoring using threat intelligence feeds that include this domain will help maintain strong defenses against this phishing threat. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.54.45 ## Detection Status - VirusTotal: 16 vendors flagged - Google Safe Browsing: clean - Blocklists: 3 hits Lists: ["OpenPhish", "PhishingArmy", "OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/793617c4-487e-45f6-b391-960a7c2dea32 - PhishDestroy: https://phishdestroy.io/domain/pub-328b2c608f85458baef54afef68fbb4a.r2.dev/ - LLM endpoint: https://phishdestroy.io/domain/pub-328b2c608f85458baef54afef68fbb4a.r2.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pub-328b2c608f85458baef54afef68fbb4a.r2.dev/ Last updated: 2026-03-27