Security Scan Report: pub-aa528a8c2a80444d86f51aa23a8e1015.r2.dev

Redirected to:
blob:https://pub-aa528a8c2a80444d86f51aa23a8e1015.r2.dev/70f7cf0e-826f...
Submitted: Apr 24, 2026, 7:43:59 PMCompleted: Apr 24, 2026, 7:45:06 PMpubliccompleted
Loading additional data...

Summary

This website contacted 4 IPs in 1 country across 4 domains to perform 9 HTTP transactions. The main domain is and was registered NaN years ago.

Submitted URL: https://pub-aa528a8c2a80444d86f51aa23a8e1015.r2.dev/blob.html

Effective URL: blob:https://pub-aa528a8c2a80444d86f51aa23a8e1015.r2.dev/70f7cf0e-826f-41a5-bd43-e3a8dbb45d6eRedirected

AI Security Verdict

High Risk

Confidence: 94%

8
Risk Score

High‑risk brand impersonation site using blob URLs and disguised password fields; avoid and report.

Risk Factors
Unranked domain claiming major brand
Disguised password fields (type=text with password placeholder)
Blob URL usage – strong phishing evasion technique
Unicode evasion in form fields
Multiple password fields without accompanying username
Domain age information unavailable

Details

Page Title

Netflix

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

finance banking

(52%)

Domain Information

Within the developer-focused generic top-level domain (.dev), 'pub-aa528a8c2a80444d86f51aa23a8e1015.r2.dev' is registered, featuring subdomain 'pub-aa528a8c2a80444d86f51aa23a8e1015'. The second-level label 'r2' is 2 characters long containing 0 vowels alongside one consonant, notching 1 digit. It segments into 2 words: r, 2. The median word length lands at 1 character. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://pub-aa528a8c2a80444d86f51aa23a8e1015.r2.dev/blob.html

Page Load Overview

0.35s
Total Load Time
9
HTTP Requests
4
Domains
303 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:1,015 chars
Detector Agreement:100%

Website Classification

Primary Category

finance banking52% confidence
Type: webapp
Method: ml+structural

All Detected Categories

finance banking
52%
entertainment media
44%
corporate business
40%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
3104.18.54.45United States
AS13335Cloudflare, Inc.
2142.251.110.95United States
AS15169Google LLC
2104.17.24.14United States
AS13335Cloudflare, Inc.
2151.101.2.137United States
AS54113Fastly, Inc.
94--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1F47373319191028EF41F88846BAF27027D499E8B8900B5D177BCA95C2F4A7B4C59FFCB

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:hfdzIuswg4LFe1dKw+uuSzIjnC2XnCUISiZc776GlKF9zpFJ2ZdoTMKtW/QYkxSF:NdpQKS2CIhIjGl9ZdoTMKtW/QYkxSF

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:74057:AEEQAERRSgU3+UERAoKCxQGIQSnwRDBM0SIggQEAQoF4OgEiAYC8AA8gR08FITEAGIQIkATgUMCCOASAqpAC5lKBIgwABagA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffffff7e00000000
Perceptual Hash:cccce272b3999991
Difference Hash:b0a4b2b0c0a00000
Wavelet Hash:ffffffff00000000
Color Hash:#d2797c

Other Hashes

Crop Resistant:b0a4b2b0c0a00000

Scan History

Scan history not available

Unable to load historical scan data