ScanMalware.com

Security Scan Report: cvfdrts.pages.dev

Redirected to: https://mia.nl.tab.digital/login

Site favicon
Submitted: Dec 14, 2025, 3:03:10 PMCompleted: Dec 14, 2025, 3:03:47 PMpubliccompleted
Loading additional data...

Summary

This website contacted 8 IPs in 1 country across 2 domains to perform 26 HTTP transactions. The main domain is mia.nl.tab.digital and was registered NaN years ago.

Submitted URL: http://cvfdrts.pages.dev/

Effective URL: https://mia.nl.tab.digital/loginRedirected

AI Security Verdict

Confirmed Scam

Confidence: 95%

10
Risk Score

The site is a confirmed phishing scam using a malicious domain to harvest Nextcloud credentials.

Risk Factors
Primary domain malicious indicator (apt redwolf)
Credential‑harvesting login form on a malicious domain
Brand impersonation (Nextcloud) on a non‑official domain
Redirect from unrelated domain to malicious site
Unranked domain lacking reputable reputation
Domain age information unavailable

Details

Page Title

Login – Nextcloud

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(79%)

Domain Information

The domain name 'cvfdrts.pages.dev' uses the developer-focused generic top-level domain (.dev); it also runs on subdomain 'cvfdrts'. The core label 'pages' covers 5 characters containing 2 vowels alongside three consonants. Breaking it apart gives one word: pages. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of http://cvfdrts.pages.dev/

Page Load Overview

7.14s
Total Load Time
26
HTTP Requests
2
Domains
140 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:283 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software79% confidence
Type: webapp
Method: ml+structural

All Detected Categories

technology software
79%
documentation technical
45%
real estate property
31%
corporate
25%

Detected Features

Login Form
Search
OG: website

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
5172.67.130.170United States
AS13335CLOUDFLARENET
3104.21.3.117United States
AS13335CLOUDFLARENET
3172.66.47.113United States
AS13335CLOUDFLARENET
3172.66.44.143United States
AS13335CLOUDFLARENET
32606:4700:310c::ac42:2c8fUnited States
AS13335CLOUDFLARENET
32606:4700:3037::ac43:82aaUnited States
AS13335CLOUDFLARENET
32606:4700:3034::6815:375United States
AS13335CLOUDFLARENET
32606:4700:310c::ac42:2f71United States
AS13335CLOUDFLARENET
268--

Detected Technologies1

PasswordField
100%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1FAC2F613900A0EBED112C59425ADF93C830DFB936A919498E7EA1CDE51D2CAAF1771CE

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:cCEX5f97+vvT3aZfglpl6kMzK8URHpwDoFEzNwhpVeHuHeNE5ah:cCE197+vvT3aZfglpl6kMO8URHpwDoFg

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:27703:oF0MWSEAFQQMAhMUgAgg8oVIACAEATxBFZQKBimqlXEKTU4KI2YBCzF4cAAKhZAGD2SYJDIFIsCaGLJIAIYpGEAEMAgQweSB

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:00181818387ee100
Perceptual Hash:c99c32e31cf0c93e
Difference Hash:d0f0b2b2f1c08733
Wavelet Hash:007878f8fcfee310
Color Hash:#a8ac53

Other Hashes

Crop Resistant:d9d9d9d9f8e0c183,a2d24c4d4a828282,d0f0b2b2f1c08733

Scan History

Scan history not available

Unable to load historical scan data