Security Scan Report: pub-1bae389293eb48d58e53398a6e375d75.r2.dev

Submitted: Jul 2, 2026, 3:50:22 PMCompleted: Jul 2, 2026, 3:51:40 PMpubliccompleted
Loading additional data...

Summary

This website contacted 6 IPs in 1 country across 7 domains to perform 2 HTTP transactions. The main domain is pub-1bae389293eb48d58e53398a6e375d75.r2.dev and was registered NaN years ago.

Submitted URL: https://pub-1bae389293eb48d58e53398a6e375d75.r2.dev/xulopa.html

AI Security Verdict

High Risk

Confidence: 78%

7
Risk Score

Page hosts a credential‑stealing login form masquerading as a webmail portal with external data exfiltration attempts, classified as high‑risk phishing.

Risk Factors
Credential collection form on a generic, unranked domain
External JavaScript POST to unknown domain (potential exfiltration)
Unranked domain reputation
Domain age information unavailable

Details

Page Title

Webmail Login

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(32%)

Domain Information

Domain 'pub-1bae389293eb48d58e53398a6e375d75.r2.dev' uses the developer-focused generic top-level domain (.dev) and includes subdomain 'pub-1bae389293eb48d58e53398a6e375d75'. The core label 'r2' covers 2 characters containing zero vowels alongside one consonant; bonus characters include one digit. Tokenizing the label suggests 2 words: r, 2. The median word length lands at 1 character. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://pub-1bae389293eb48d58e53398a6e375d75.r2.dev/xulopa.html

Page Load Overview

4.81s
Total Load Time
21
HTTP Requests
7
Domains
248 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:218 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software32% confidence
Type: webapp
Method: ml+structural

All Detected Categories

technology software
32%
social_media
25%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
6104.18.50.34Cloudflare · WAFUnited States
AS13335Cloudflare, Inc.
3162.241.27.10United States
AS46606Unified Layer
3104.18.11.207Cloudflare · WAFUnited States
AS13335Cloudflare, Inc.
3104.17.24.14Cloudflare · WAFUnited States
AS13335Cloudflare, Inc.
3151.101.129.155Fastly · CDNUnited States
AS54113Fastly, Inc.
3142.251.14.95Google · CDNUnited States
AS15169Google LLC
216--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1B30352E0B670D98D637D7226E3E4BD0477283636A65C4984F0DC2B98E7A7B40B90D5CE

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:2/xhQkKMbGPnaTPIsXJ2IaX8aqSACsofi/WoeZmXg8yqrPSz/v6:2TQkL2aTIs7SACso2WTZmXZyqraz/v6

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:39414:CYAIyymoshVVAgEgKg0GCEIQBDCqWkAJhc0pe060NkUWhRHgMABmQ4lKlwACGLkYMgOZGE5ogBOAGaISMEQragQCEBQaABSI

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:e7e7e7e7ffffffff
Perceptual Hash:b33399cc66663299
Difference Hash:0c0c0c0c04080000
Wavelet Hash:24242400e4e4fcfc
Color Hash:#4f862d

Other Hashes

Crop Resistant:0c0c0c0c04080000

Scan History

Scan history not available

Unable to load historical scan data