ScanMalware.com

Security Scan Report: pub-5de0eeee09ff443eac563eb154d4aa6c.r2.dev

Redirected to: blob:https://pub-5de0eeee09ff443eac563eb154d4aa6c.r2.dev/2604f180-d9db-4cee-897b-5608cf56e603

Site favicon
Submitted: Dec 5, 2025, 5:21:11 AMCompleted: Dec 5, 2025, 5:22:28 AMpubliccompleted
Loading additional data...

Summary

This website contacted 22 IPs in 2 countries across 8 domains to perform 18 HTTP transactions. The main domain is .

Submitted URL: https://pub-5de0eeee09ff443eac563eb154d4aa6c.r2.dev/docs.html

Effective URL: blob:https://pub-5de0eeee09ff443eac563eb154d4aa6c.r2.dev/2604f180-d9db-4cee-897b-5608cf56e603Redirected

AI Security Verdict

Confirmed Scam

Confidence: 95%

10
Risk Score

Phishing page impersonating DocuSign on a cloud storage domain; confirmed scam.

Risk Factors
Cloud storage hosting with credential collection form
Brand impersonation of DocuSign on non‑official domain
Newly registered domain (<30 days old)
Unranked domain (not in Cisco Umbrella top 1M)
Login form collecting email and password
Domain age information unavailable

Details

Page Title

DocuSign Share File

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

unknown

(0%)

Domain Information

The domain 'pub-5de0eeee09ff443eac563eb154d4aa6c.r2.dev' uses the developer-focused generic top-level domain (.dev) and includes subdomain 'pub-5de0eeee09ff443eac563eb154d4aa6c'. Count 2 characters in 'r2' split between zero vowels and one consonant; it also includes 1 digit. It segments into 2 words: r, 2. Median word length comes out to one character. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://pub-5de0eeee09ff443eac563eb154d4aa6c.r2.dev/docs.html

Page Load Overview

0.46s
Total Load Time
18
HTTP Requests
8
Domains
20.8 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:615 chars
Detector Agreement:67%

Website Classification

Primary Category

unknown0% confidence
Type: webapp
Method: structural

All Detected Categories

No categories detected

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
9172.66.46.227United States
AS13335CLOUDFLARENET
2172.217.18.10United States
AS15169GOOGLE
1172.67.190.76United States
AS13335CLOUDFLARENET
1104.18.50.34United States
AS13335CLOUDFLARENET
13.33.186.135United States
AS16509AMAZON-02
123.55.161.156Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
1146.75.122.132Frankfurt am Main, Hesse, Germany
AS54113FASTLY
1146.75.120.193Frankfurt am Main, Hesse, Germany
AS54113FASTLY
0104.18.54.45United States
AS13335CLOUDFLARENET
015.197.167.90United States
AS16509AMAZON-02
1822--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T188E3BF28FB2470EB6C26E337AA1976C9DB133C72A84D8019B45CF96C5B81079E5E7077

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:hDjnVgeOlnTqOedgQteJ3N+EnRf5M2/80SBvlHENaE68ZfhVwkbgliCd7XWuxEJS:JVgeO4SJySqfn

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:147471:yoAOVomagRGweILABGEBJggOiDQBIgQCwHDCGR2wNCCUA9C4EvFEcoFAKVlBQKIiIgARMgHkRpCJFKwSqQsxYPGEAABCImwU

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:00003c3c3c3c0000
Perceptual Hash:8f9660e99ba08bd9
Difference Hash:646468697161c561
Wavelet Hash:37003e3f3fff6000
Color Hash:#64d22d

Other Hashes

Crop Resistant:b2888ecef0fa8080,646468697161c761

Scan History

Scan history not available

Unable to load historical scan data