# pub-41bd2945a75e4a608d621f664b0202fc.r2.dev — MALICIOUS

> pub-41bd2945a75e4a608d621f664b0202fc.r2.dev is a confirmed phishing site taken offline after multiple security flags. Learn what happened and stay safe.

## Summary
PhishDestroy identifies pub-41bd2945a75e4a608d621f664b0202fc.r2.dev as a high-risk phishing domain that was recently taken offline. Although its page now shows "Not Found," this domain was linked to deceptive practices aimed at stealing sensitive information from unsuspecting users. Its registration through Cloudflare and presence on two security blocklists highlight its malicious intent.

This phishing scheme likely operated by mimicking legitimate services to trick visitors into submitting personal or financial data. Despite the domain currently resolving to an IP address and being offline, VirusTotal flagged it with alerts from 14 out of 95 security vendors, underscoring the threat it posed. Such domains often exploit trust in well-known platforms to capture credentials or install malware.

If you visited pub-41bd2945a75e4a608d621f664b0202fc.r2.dev, it is important to immediately change any passwords you may have entered and monitor your accounts for suspicious activity. Avoid clicking links or downloading files from unknown sources, and use reputable security tools to scan your devices. Staying vigilant against phishing attempts like this helps keep your data and identity secure.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 404)
- Page title: Not Found

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 104.18.54.45
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- SSL Issuer: Let's Encrypt / E7

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Fortinet", "G-Data", "Lionic", "Phishing Database", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["PhishDestroy", "PhishingDB"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cec4a-b2e3-744a-8b9e-759c8a7c86fb.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/aa29974e-3354-4bc6-8a66-322a42ff3939
- PhishDestroy: https://phishdestroy.io/domain/pub-41bd2945a75e4a608d621f664b0202fc.r2.dev/
- LLM endpoint: https://phishdestroy.io/domain/pub-41bd2945a75e4a608d621f664b0202fc.r2.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pub-41bd2945a75e4a608d621f664b0202fc.r2.dev/
Last updated: 2026-03-19