ScanMalware.com

Security Scan Report: ktyg.pages.dev

Redirected to: https://mia.nl.tab.digital/login

Site favicon
Submitted: Jan 5, 2026, 5:30:10 PMCompleted: Jan 5, 2026, 5:31:22 PMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 1 country across 2 domains to perform 26 HTTP transactions. The main domain is mia.nl.tab.digital and was registered NaN years ago.

Submitted URL: http://ktyg.pages.dev/

Effective URL: https://mia.nl.tab.digital/loginRedirected

AI Security Verdict

Confirmed Scam

Confidence: 100%

10
Risk Score

Confirmed scam: malicious domain with credential harvesting and brand impersonation.

Risk Factors
Malicious primary domain indicator (mia.nl.tab.digital) detected
Login form collecting passwords on a suspicious domain
Brand impersonation (Nextcloud) on an unranked domain
Redirect to a known malicious domain
Unranked/low reputation domain used for credential harvesting
Domain age information unavailable

Details

Page Title

Login – Nextcloud

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(79%)

Domain Information

The domain 'ktyg.pages.dev' uses the developer-focused generic top-level domain (.dev) and includes subdomain 'ktyg'. Count 5 characters in 'pages' split between 2 vowels and 3 consonants. Tokenizing the label suggests 1 word: pages. The median word length lands at 5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of http://ktyg.pages.dev/

Page Load Overview

2.16s
Total Load Time
26
HTTP Requests
2
Domains
140 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:283 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software79% confidence
Type: webapp
Method: ml+structural

All Detected Categories

technology software
79%
documentation technical
45%
real estate property
31%
corporate
25%

Detected Features

Login Form
Search
OG: website

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
10172.67.130.170United States
AS13335CLOUDFLARENET
8188.114.97.3United States
AS13335CLOUDFLARENET
8104.21.3.117United States
AS13335CLOUDFLARENET
263--

Detected Technologies2

PasswordField
100%
Vue.js
30%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1B1059EB25C4438357A27D315318FA6AE332B71035D22569DD4CE71880BFABEC627257E

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

12288:AsUNmVZtB4b6chxpBOSabYKgPZtB4bSUDqNkg2EeFlqkcAslv4:UmPt3ctkU4

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:822605:FDERBAAAKsBhdYBdBhUkgYxQuGSCJqcTABFQAzcqKFAZZQAwAxd0iSMC2giwcGouwAQIKFEQAMpiAwgAhTSAw/oSuQQqSINa

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:00181818387ee100
Perceptual Hash:c99c32e31cf0c93e
Difference Hash:d0f0b2b2f1c08733
Wavelet Hash:007878f8fcfee310
Color Hash:#538bac

Other Hashes

Crop Resistant:d9d9d9d9f8e0c183,a2d24c4d4a828282,d0f0b2b2f1c08733

Scan History

Scan history not available

Unable to load historical scan data