Security Scan Report: pub-c2125f1d98c745aab85dc34377d8852c.r2.dev

Submitted: Jul 5, 2026, 8:52:04 AMCompleted: Jul 5, 2026, 8:53:15 AMpubliccompleted
Loading additional data...

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 2 HTTP transactions. The main domain is pub-c2125f1d98c745aab85dc34377d8852c.r2.dev and was registered NaN years ago.

Submitted URL: https://pub-c2125f1d98c745aab85dc34377d8852c.r2.dev/index.html

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

Page impersonates MetaMask to harvest secret recovery phrases; high‑risk phishing site.

Risk Factors
Unranked domain presenting a well‑known brand
Credential‑only forms (password fields without username)
Social Engineering Safe Browsing alert
Domain age information unavailable

Details

Page Title

MetaMask

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

education learning

(26%)

Domain Information

Within the developer-focused generic top-level domain (.dev), 'pub-c2125f1d98c745aab85dc34377d8852c.r2.dev' is registered and includes subdomain 'pub-c2125f1d98c745aab85dc34377d8852c'. The core label 'r2' covers 2 characters containing zero vowels alongside 1 consonant; it also includes 1 digit. Word splitting yields two words: r, 2. Median word length comes out to one character. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://pub-c2125f1d98c745aab85dc34377d8852c.r2.dev/index.html

Page Load Overview

5.60s
Total Load Time
109
HTTP Requests
8
Domains
301 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:1,814 chars
Detector Agreement:67%

Website Classification

Primary Category

education learning26% confidence
Type: webapp
Method: ml+structural+ocr_tiebreaker

All Detected Categories

education learning
26%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1963.176.8.218Aws · CLOUDFrankfurt am Main, Hesse, Germany
AS16509Amazon.com, Inc.
15185.199.108.153United States
AS54113Fastly, Inc.
15142.251.20.95Google · CDNUnited States
AS15169Google LLC
15192.178.183.95Google · CDNUnited States
AS15169Google LLC
15104.17.25.14Cloudflare · WAFUnited States
AS13335Cloudflare, Inc.
15151.101.129.155Fastly · CDNUnited States
AS54113Fastly, Inc.
15104.18.50.34Cloudflare · WAFUnited States
AS13335Cloudflare, Inc.
1097--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T10453435154F80527D2B3D1D846D5AE3A7EF0C30BC886D44176AC0BD89FA2C83DA6F79A

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

384:ZptnAFv5tFAFGwLq3UUVYhO22aHt+Vj7k1+BQXLCtP0FqTwk+aPuDIaEUdXIfyne:ZpVAFv5tFAFzLq3UGW4sRRmoLZJEUG3

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:63660:BAawKCABUATDKQAojl0pLxgSgGCqAiCHIDoBIKgsxHEYoExmAVBZYDCkYgRAYg2ECIsCYAiGpgCu4GUEAoIIAlEIhBwrUlgw

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffe7c3c3c3ebe7ff
Perceptual Hash:b332cfc99898c963
Difference Hash:630c0e160e160e0c
Wavelet Hash:81e7c3c3c3c3c3c3
Color Hash:#93521f

Other Hashes

Crop Resistant:630c0e160e160e0c

Scan History

Scan history not available

Unable to load historical scan data