ScanMalware.com

Security Scan Report: pub-3d3066223cca4c8e957d0a6f7110c773.r2.dev

Submitted: Oct 13, 2025, 6:12:38 AMCompleted: Oct 13, 2025, 6:12:58 AMpubliccompleted
Loading additional data...

Summary

This website contacted 5 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main domain is pub-3d3066223cca4c8e957d0a6f7110c773.r2.dev.

Submitted URL: https://pub-3d3066223cca4c8e957d0a6f7110c773.r2.dev/index.html

AI Security Verdict

Confirmed Scam

Confidence: 95%

10
Risk Score

High‑confidence phishing site harvesting credentials on a cloud‑storage domain.

Risk Factors
Credential harvesting password field without username
Brand impersonation of a well‑known email service
Login form hosted on a cloud storage domain (r2.dev)
Form submission to a WordPress internal script (wp‑includes)
Unranked, likely newly registered domain
Domain age information unavailable

Details

Page Title

pub-3d3066223cca4c8e957d0a6f7110c773.r2.dev

Scan Type

public

Language

🇧🇬

BG

(80% confidence)

Category

unknown

(0%)

Domain Information

Within the developer-focused generic top-level domain (.dev), 'pub-3d3066223cca4c8e957d0a6f7110c773.r2.dev' is registered, featuring subdomain 'pub-3d3066223cca4c8e957d0a6f7110c773'. The registrable portion 'r2' spans 2 characters split between 0 vowels and one consonant, plus one digit. Tokenizing the label suggests two words: r, 2. Median word length comes out to 1 character. 'r' is most common in Chinese (Zhuyin) usage. It also appears in Sinhala and Chinese (Simplified) contexts. Net impression: Chinese (Zhuyin) phrase with character flair.

Screenshot

Security scan screenshot of https://pub-3d3066223cca4c8e957d0a6f7110c773.r2.dev/index.html

Page Load Overview

6.39s
Total Load Time
3
HTTP Requests
2
Domains
950 KB
Total Size

Language Analysis

Primary Language

🇧🇬BG
Code: bg
Confidence:80%
Script:Unknown
Direction:ltr

Detection Details

Language Code:bg
Detection Confidence:80%
Script Type:Unknown
HTML Lang Attribute:bg
Text Length:3,342 chars
Detector Agreement:100%

Website Classification

Primary Category

unknown0% confidence
Type: dynamic
Method: structural

All Detected Categories

No categories detected

Detected Features

Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
0104.18.50.34United States
AS13335CLOUDFLARENET
0104.18.54.45United States
AS13335CLOUDFLARENET
0194.153.145.104Bulgaria
AS13147Net Info JSCo
02606:4700:3117::6812:3222United States
AS13335CLOUDFLARENET
02606:4700:3113::6812:362dUnited States
AS13335CLOUDFLARENET
35--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T148C41B7257A264CE6219E40AF4103A893C9290BFBF63C697705D3EEE77D2470867B25C

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

12288:y3v3g0lpCzI9WwRYP85QvfJjwcSRYxU5Q1fJ9w7KktF9BORYP65Q3fJhw/XzXG+z:zMpZVRYP85cfJjwnRYxU5afJ9w79tMRD

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:561883:goQOoUCKEBI3CjCalAhISReIC2lEIIyiIghEECYuKqKEK0BEiMwkpAwN21EBokCKigAAiijL5AUNdEABBiAkRFxitmgAIDJ6

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:dfc7c7c7c3d7c3cf
Perceptual Hash:b4c38c4cd936c33b
Difference Hash:b62e0c0e1a26a71e
Wavelet Hash:00c3c7c7c3d3c3c7
Color Hash:#d2a679

Other Hashes

Crop Resistant:b62e0c0e1a26a71e,8384c84f3c2c2328,69b195b5d8d59595,c343471f181a4c4c

Scan History

Scan history not available

Unable to load historical scan data