Security Scan Report: pub-f44d81b8724d45818e53a22e6e4f737a.r2.dev

Submitted: Jul 2, 2026, 3:50:20 PMCompleted: Jul 2, 2026, 3:51:35 PMpubliccompleted
Loading additional data...

Summary

This website contacted 2 IPs in 1 country across 2 domains to perform 2 HTTP transactions. The main domain is pub-f44d81b8724d45818e53a22e6e4f737a.r2.dev and was registered NaN years ago.

Submitted URL: https://pub-f44d81b8724d45818e53a22e6e4f737a.r2.dev/index%20%283%29.html

AI Security Verdict

Confirmed Scam

Confidence: 95%

10
Risk Score

The site hosts credential‑collecting forms and is flagged by Google Safe Browsing for social engineering, indicating a confirmed phishing scam.

Risk Factors
Social Engineering Safe Browsing alert
Credential forms on a non‑official domain
Unranked domain reputation
External network calls from form pages
Domain age information unavailable

Details

Page Title

N/A

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(78%)

Domain Information

The domain name 'pub-f44d81b8724d45818e53a22e6e4f737a.r2.dev' uses the developer-focused generic top-level domain (.dev) and includes subdomain 'pub-f44d81b8724d45818e53a22e6e4f737a'. The core label 'r2' covers 2 characters with 0 vowels and one consonant; it also includes 1 digit. Tokenizing the label suggests 2 words: r, 2. Median word length is one character. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://pub-f44d81b8724d45818e53a22e6e4f737a.r2.dev/index%20%283%29.html

Page Load Overview

1.11s
Total Load Time
8
HTTP Requests
2
Domains
159 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:564 chars
Detector Agreement:50%

Website Classification

Primary Category

technology software78% confidence
Type: webapp
Method: ml+structural

All Detected Categories

technology software
78%
documentation technical
62%
government public service
61%
cryptocurrency blockchain
60%
news media journalism
58%

Detected Features

Login Form

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
4104.18.54.45Cloudflare · WAFUnited States
AS13335Cloudflare, Inc.
4104.18.50.34Cloudflare · WAFUnited States
AS13335Cloudflare, Inc.
82--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T10D13856F54E704211903A0B43BE963463670C4078A07EE197EAC93949FC6F8ADDB73E9

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

384:h8QQe0YFkfImBT781hfUfYh2iJFcNgTuqzFKF7yofxBqerDJn3vgWefma3xiaMx1:cfImBT7jaJFFzFKFRxBqeC8

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:42305:CgFmEQLlYFAFAWZCEglQAGEJiILgERKiRxCQSQhQIEhUQkcxgEMugZBXCIgCiBILDVnAA8jJIRBAZaCEysOFABbMBAYYpgCE

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0018181818180000
Perceptual Hash:d9dc667399668c88
Difference Hash:4cb2b2b2b2b23000
Wavelet Hash:8c1c3c3c38380018
Color Hash:#1f9342

Other Hashes

Scan History

Scan history not available

Unable to load historical scan data