# pub-519769e9eb634616b1746c2018641d56.r2.dev — MALICIOUS > Domain pub-519769e9eb634616b1746c2018641d56.r2.dev flagged as a generic phishing site with 17/95 VirusTotal detections. Avoid interactions. ## Summary The domain pub-519769e9eb634616b1746c2018641d56.r2.dev has been identified as a high-risk generic phishing site, designed to deceive users into divulging sensitive information or downloading malicious payloads. While no specific brand or drainer kit has been explicitly linked in the available intelligence, its operational characteristics align with typical phishing campaigns aimed at credential theft or malware delivery. The domain's structure suggests it may be leveraging cloud storage services (e.g., R2.dev by Cloudflare) to host malicious content, a tactic commonly observed in campaigns distributing fake login portals or fraudulent file downloads. Given its active status and the absence of a recognizable target, this appears to be an opportunistic phishing operation rather than a targeted brand impersonation. This domain resolves to the IP address 104.18.54.45 and is secured with a Let's Encrypt SSL certificate, which may be used to lend an air of legitimacy to the phishing page. The domain was flagged by 17 out of 95 VirusTotal security vendors, indicating a significant level of detection but not universal consensus. PhishDestroy's analysis reveals that the domain is registered through Cloudflare's registrar services, with its creation date not explicitly provided but its recent activity and blocklist presence suggesting recent deployment. The domain has been blocked by four major threat intelligence feeds, including OpenPhish, PhishingArmy, PhishingDB, and OISD, reinforcing its malicious classification. Additionally, the domain is not flagged in Google Safe Browsing (GSB), which may indicate a relatively new or evasive campaign not yet widely recognized by all security platforms. As of the latest assessment, the domain remains active and poses an ongoing threat to unsuspecting users. Immediate response actions include blocking the domain at the network and DNS levels, as well as updating firewall and endpoint protection rules to prevent access. However, the remaining risk is non-trivial, particularly given the domain's use of legitimate cloud infrastructure, which can complicate takedown efforts. Users are strongly advised to exercise caution when encountering unsolicited links or files, verify the authenticity of domains before interacting, and report suspicious activity to their security teams. Organizations should also consider deploying advanced threat detection mechanisms capable of identifying similar evasive tactics, such as domain generation algorithms (DGAs) or cloud-based phishing infrastructures. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.54.45 ## Detection Status - VirusTotal: 17 vendors flagged - Google Safe Browsing: clean - Blocklists: 4 hits Lists: ["OpenPhish", "PhishingArmy", "PhishingDB", "OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d1749d04-7858-42f0-a992-637cb2acf6a7 - PhishDestroy: https://phishdestroy.io/domain/pub-519769e9eb634616b1746c2018641d56.r2.dev/ - LLM endpoint: https://phishdestroy.io/domain/pub-519769e9eb634616b1746c2018641d56.r2.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pub-519769e9eb634616b1746c2018641d56.r2.dev/ Last updated: 2026-03-27