# pub-e3bfeaa6bcd34e0dadf2c3380a0824f3.r2.dev — MALICIOUS

> pub-e3bfeaa6bcd34e0dadf2c3380a0824f3.r2.dev engages in credential harvesting phishing. 17/95 vendors flag it. Check the full report.

## Summary
The domain pub-e3bfeaa6bcd34e0dadf2c3380a0824f3.r2.dev poses a high-risk threat by conducting credential harvesting phishing attacks. It is designed to trick users into submitting sensitive login information, potentially compromising accounts and leading to further identity theft or financial fraud. This targeted phishing tactic leverages deceptive pages to acquire usernames and passwords under false pretenses.

Technical analysis reveals that 17 out of 95 security vendors on VirusTotal have flagged this domain as malicious, indicating broad consensus on its harmful nature. The domain uses a Let's Encrypt SSL certificate, which can lend false legitimacy to phishing pages. It resolves to IP address 104.18.54.45 and is currently listed on at least three distinct security blocklists, including OpenPhish, PhishingArmy, and OISD. This corroborates its active participation in high-risk phishing campaigns and justifies its classification as a significant threat.

Users who have encountered or visited pub-e3bfeaa6bcd34e0dadf2c3380a0824f3.r2.dev should immediately refrain from entering any credentials or personal data on this site. It is recommended to run comprehensive malware scans on affected devices, change passwords for potentially impacted accounts, and enable multi-factor authentication to mitigate further risk. Reporting the domain to security teams or web browsers can also help prevent wider exposure. Vigilance and caution are essential to avoid falling victim to this aggressive credential theft operation.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.54.45

## Detection Status
- VirusTotal: 17 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["OpenPhish", "PhishingArmy", "OISD"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1ad239f6-8984-489d-88be-c019baed03f9
- PhishDestroy: https://phishdestroy.io/domain/pub-e3bfeaa6bcd34e0dadf2c3380a0824f3.r2.dev/
- LLM endpoint: https://phishdestroy.io/domain/pub-e3bfeaa6bcd34e0dadf2c3380a0824f3.r2.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pub-e3bfeaa6bcd34e0dadf2c3380a0824f3.r2.dev/
Last updated: 2026-03-27