# pub-8b8de6dbc21b4bb49ceaead3297322f4.r2.dev — MALICIOUS

> pub-8b8de6dbc21b4bb49ceaead3297322f4.r2.dev is a live credential harvesting phishing domain flagged by 17/95 security vendors. Check the full report.

## Summary
PhishDestroy identifies pub-8b8de6dbc21b4bb49ceaead3297322f4.r2.dev as an active credential harvesting domain designed to steal user credentials under the guise of a legitimate service. This domain resolves to IP address 104.18.54.45 and is currently hosted on Cloudflare’s R2 storage service, which threat actors frequently abuse to host phishing pages due to its reliability and anonymity. The infrastructure supports rapid deployment and evasion of takedown efforts, making it a high-risk threat vector for end users who may unknowingly input sensitive login details into a spoofed interface.  This domain was flagged by 17 out of 95 VirusTotal security vendors, indicating significant malicious recognition across the threat intelligence community. It is also blocked by three major blocklists: OpenPhish, PhishingArmy, and OISD, reinforcing its confirmed malicious status. The domain uses a Let's Encrypt SSL certificate, which is commonly leveraged to appear legitimate and bypass browser security warnings. While the exact domain creation date is not provided, its presence on multiple blocklists and active hosting strongly suggest recent deployment in ongoing phishing campaigns.  Users who have accessed this domain or entered any credentials should immediately change their passwords on all accounts using the same or similar login details. Run a full system scan using updated antivirus software to detect any potential malware infections resulting from credential theft. Report any suspicious activity to your IT security team and consider enabling multi-factor authentication (MFA) on all critical accounts to reduce future risk. Avoid interacting with this domain and ensure your browser security settings are configured to block known phishing sites.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.54.45

## Detection Status
- VirusTotal: 17 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["OpenPhish", "PhishingArmy", "OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/493f97c6-fdb3-4c9e-9ea7-bfdfbb3b501b
- PhishDestroy: https://phishdestroy.io/domain/pub-8b8de6dbc21b4bb49ceaead3297322f4.r2.dev/
- LLM endpoint: https://phishdestroy.io/domain/pub-8b8de6dbc21b4bb49ceaead3297322f4.r2.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pub-8b8de6dbc21b4bb49ceaead3297322f4.r2.dev/
Last updated: 2026-03-27