# pub-6b898b25dccb43a8b9fd13efe75efaf8.r2.dev — MALICIOUS

> Pub-6b898b25dccb43a8b9fd13efe75efaf8.r2.dev is flagged as a credential phishing domain by 17 of 95 VirusTotal vendors. Avoid entering sensitive data here.

## Summary
PhishDestroy identifies pub-6b898b25dccb43a8b9fd13efe75efaf8.r2.dev as a credential phishing domain engaged in active deception campaigns. The domain is currently classified as a high-risk threat and remains operational as of the latest assessment. No specific brand impersonation has been confirmed in available intelligence, but the threat type aligns with standardized phishing tactics targeting user credentials.

This domain was flagged by 17 of 95 VirusTotal vendors, indicating a significant detection rate among cybersecurity solutions. The domain resolves to IP address 104.18.54.45 and operates under a Let's Encrypt SSL certificate. It appears on 3 independent security blocklists, including OpenPhish, PhishingArmy, and OISD. These indicators collectively suggest a well-documented pattern of malicious behavior. The domain’s association with Cloudflare’s r2.dev storage service may be leveraged to obscure its true hosting infrastructure.

Users are strongly advised to avoid interacting with pub-6b898b25dccb43a8b9fd13efe75efaf8.r2.dev due to its confirmed high-risk status. If credentials or personal information were inadvertently submitted, immediate password changes and account reviews are recommended. Organizations should ensure their threat intelligence systems are updated to block this domain and its associated indicators. The domain’s active status and broad detection footprint make it a persistent threat requiring immediate caution.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.54.45

## Detection Status
- VirusTotal: 17 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["OpenPhish", "PhishingArmy", "OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/4b2d532a-74af-486f-92d2-ff2085fe448f
- PhishDestroy: https://phishdestroy.io/domain/pub-6b898b25dccb43a8b9fd13efe75efaf8.r2.dev/
- LLM endpoint: https://phishdestroy.io/domain/pub-6b898b25dccb43a8b9fd13efe75efaf8.r2.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pub-6b898b25dccb43a8b9fd13efe75efaf8.r2.dev/
Last updated: 2026-03-27