# pub-98040ea363724ccebacba31c3ad69f60.r2.dev — MALICIOUS > PhishDestroy identifies pub-98040ea363724ccebacba31c3ad69f60.r2.dev as an active credential harvesting domain—17/95 antivirus engines flagged. ## Summary PhishDestroy identifies pub-98040ea363724ccebacba31c3ad69f60.r2.dev as an active credential harvesting end point. The domain is weaponized to trick users into surrendering login credentials under false pretenses, often impersonating legitimate services such as cloud storage or document-sharing platforms. Once harvested, credentials are exfiltrated to attacker-controlled infrastructure for subsequent account takeover and data theft campaigns. Security telemetry shows this host resolving to 104.18.50.34 via Cloudflare, with a Let’s Encrypt certificate in place to enhance believability. This domain was flagged by PhishingArmy and OISD and appears on two independent blocklists, indicating widespread consensus on its malicious nature. VirusTotal analysis shows 17 out of 95 participating security vendors have already labeled the domain as malicious, underscoring elevated risk to visitors. The infrastructure footprint is consistent with opportunistic phishing operations, where low-cost automation and rapid domain rotation obscure the true scale of compromise. If you visited or entered any information on pub-98040ea363724ccebacba31c3ad69f60.r2.dev, immediately change passwords for any accounts you may have exposed and enable multi-factor authentication wherever possible. Run a full antivirus scan on the device used to access the site. Report the domain to your organization’s security team or to PhishDestroy’s public portal to aid collective defense. Avoid re-visiting the link and treat any local credentials as potentially compromised until verified safe. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.18.50.34 ## Detection Status - VirusTotal: 17 vendors flagged - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["PhishingArmy", "OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/e9f04ff2-f189-4535-bd55-bd315db577ad - PhishDestroy: https://phishdestroy.io/domain/pub-98040ea363724ccebacba31c3ad69f60.r2.dev/ - LLM endpoint: https://phishdestroy.io/domain/pub-98040ea363724ccebacba31c3ad69f60.r2.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/pub-98040ea363724ccebacba31c3ad69f60.r2.dev/ Last updated: 2026-03-28