# pub-668942aad21b4decacc840ecfb0df6e1.r2.dev — MALICIOUS > pub-668942aad21b4decacc840ecfb0df6e1.r2.dev is flagged as a generic phishing site. VirusTotal reports 17/95 vendors detecting it. Avoid interaction! ## Summary PhishDestroy has identified pub-668942aad21b4decacc840ecfb0df6e1.r2.dev as an active and elevated risk, categorized as a generic phishing threat. This domain is designed to deceive users into divulging sensitive information or performing actions that compromise their security. The specific tactics employed by this phishing site may vary, but the underlying goal remains consistent: to steal credentials, financial data, or other personal information. Technical indicators support this assessment. As of this analysis, VirusTotal reports that 17 out of 95 security vendors have flagged this domain as malicious. Furthermore, pub-668942aad21b4decacc840ecfb0df6e1.r2.dev appears on two security blocklists, including PhishingArmy and OISD. The domain resolves to the IP address 104.18.54.45, and utilizes an SSL certificate issued by Let's Encrypt. The convergence of these factors reinforces the determination that this domain poses a significant phishing risk. Users who have visited pub-668942aad21b4decacc840ecfb0df6e1.r2.dev are strongly advised to take immediate precautions. This includes changing any passwords that may have been entered on the site, scanning their devices for malware, and being vigilant for any signs of identity theft or financial fraud. It is also crucial to report the phishing attempt to relevant authorities and security organizations to help prevent further harm. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.54.45 ## Detection Status - VirusTotal: 17 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["PhishingArmy", "OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/23e9863e-a467-4da2-b18c-5d02cbe0a1bd - PhishDestroy: https://phishdestroy.io/domain/pub-668942aad21b4decacc840ecfb0df6e1.r2.dev/ - LLM endpoint: https://phishdestroy.io/domain/pub-668942aad21b4decacc840ecfb0df6e1.r2.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pub-668942aad21b4decacc840ecfb0df6e1.r2.dev/ Last updated: 2026-03-29