ScanMalware.com

Security Scan Report: vfgfdea.pages.dev

Redirected to: https://mia.nl.tab.digital/login

Submitted: Dec 16, 2025, 6:09:05 AMCompleted: Dec 16, 2025, 6:09:28 AMpubliccompleted
Loading additional data...

Summary

This website contacted 8 IPs in 1 country across 2 domains to perform 25 HTTP transactions. The main domain is mia.nl.tab.digital and was registered NaN years ago.

Submitted URL: https://vfgfdea.pages.dev/

Effective URL: https://mia.nl.tab.digital/loginRedirected

AI Security Verdict

Confirmed Scam

Confidence: 96%

10
Risk Score

The site is a confirmed phishing scam using a known malicious domain to harvest Nextcloud credentials.

Risk Factors
Malicious Indicators of Compromise match on primary domain
Credential harvesting form (password field) on suspicious domain
Brand impersonation of Nextcloud on a non‑official domain
Redirect from unrelated domain to malicious domain
Unranked domain claiming a well‑known service
Domain age information unavailable

Details

Page Title

Login – Nextcloud

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(79%)

Domain Information

Within the developer-focused generic top-level domain (.dev), 'vfgfdea.pages.dev' is registered; it also runs on subdomain 'vfgfdea'. The second-level label 'pages' is 5 characters long containing two vowels alongside three consonants. Tokenizing the label suggests 1 word: pages. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://vfgfdea.pages.dev/

Page Load Overview

4.63s
Total Load Time
25
HTTP Requests
2
Domains
140 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:283 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software79% confidence
Type: webapp
Method: ml+structural

All Detected Categories

technology software
79%
documentation technical
45%
real estate property
31%
corporate
25%

Detected Features

Login Form
Search
OG: website

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
4104.21.3.117United States
AS13335CLOUDFLARENET
3172.67.130.170United States
AS13335CLOUDFLARENET
3172.66.47.47United States
AS13335CLOUDFLARENET
32606:4700:3037::ac43:82aaUnited States
AS13335CLOUDFLARENET
32606:4700:3034::6815:375United States
AS13335CLOUDFLARENET
3172.66.44.209United States
AS13335CLOUDFLARENET
32606:4700:310c::ac42:2cd1United States
AS13335CLOUDFLARENET
32606:4700:310c::ac42:2f2fUnited States
AS13335CLOUDFLARENET
258--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1BF059EB25C4438357A27D315318FA6AE331BB1035D22569DD4CE71880BFABEC62B257E

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

12288:FsUNmVZtB4b6chxpBOSabYKgPZtB4bSUDqNkg2EeFlqkcAslJh:zmPt3ctk2h

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:822590:BEsXwGFCA3H1MRoTpVBKyRsVUIE4kQQsQFQRgBEGAMAKAgMJB4QAMGFEFAwsJAIYQioQKtYEyggeBojnJEXirONlBkihFBCf

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:00181818387ee100
Perceptual Hash:c99c32e31cf0c93e
Difference Hash:d0f0b2b2f1c08733
Wavelet Hash:007878f8fcfee310
Color Hash:#b2d279

Other Hashes

Crop Resistant:d9d9d9d9f8e0c183,82d24c4d4a808282,d0f0b2b2f1c08733

Scan History

Scan history not available

Unable to load historical scan data