Security Scan Report: iam56.ru

Redirected to: https://iam56.dynu.com/index.php/login

Submitted: Oct 20, 2025, 4:06:48 AMCompleted: Oct 20, 2025, 4:08:03 AMpubliccompleted
Loading additional data...

Summary

This website contacted 5 IPs in 2 countries across 2 domains to perform 24 HTTP transactions. The main domain is iam56.dynu.com and was registered NaN years ago.

Submitted URL: https://iam56.ru/

Effective URL: https://iam56.dynu.com/index.php/loginRedirected

AI Security Verdict

Confirmed Scam

Confidence: 95%

10
Risk Score

Phishing page impersonating Nextcloud; confirmed scam with credential harvesting.

Risk Factors
Malicious Indicators of Compromise present
Credential harvesting form (username/email + password)
Impersonation of a known service (Nextcloud) on an unranked, dynamic DNS domain
Redirect from a standard domain to a dynamic DNS subdomain
Dynamic DNS hosting (dynu.com) associated with suspicious activity
Domain age information unavailable

Details

Page Title

Login – Nextcloud

Scan Type

public

Language

🇺🇸

English

(51% confidence)

Category

technology software

(74%)

Domain Information

Domain 'iam56.ru' uses the Russian country-code top-level domain (.ru) without a subdomain. The registrable portion 'iam56' spans 5 characters holding two vowels versus one consonant, plus 2 digits. It segments into 2 words: iam, 56. The median word length lands at 2.5 characters. 'imam' most strongly signals Slovenian. You may catch it in Esperanto and Bosnian as well.

Screenshot

Security scan screenshot of https://iam56.ru/

Page Load Overview

51.35s
Total Load Time
24
HTTP Requests
2
Domains
333 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:51%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:51%
Script Type:Latin
HTML Lang Attribute:en
Text Length:271 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software74% confidence
Type: webapp
Method: ml+structural

All Detected Categories

technology software
74%
documentation technical
32%
corporate
25%

Detected Features

Login Form
Search
OG: website

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
8188.114.96.3United States
AS13335CLOUDFLARENET
495.220.118.239Mytishchi, Moscow Oblast, Russia
AS12714PJSC MegaFon
42a06:98c1:3121::3United States
AS13335CLOUDFLARENET
4188.114.97.3United States
AS13335CLOUDFLARENET
42a06:98c1:3120::3United States
AS13335CLOUDFLARENET
245--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T183F2071390460EBDE612865425EDB53E821EFAD33A955488CBEA1CCE05C3DAFF17608E

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:XFbGxb197+vvT3aZfglpl6kP42jllrunriKfaMhufagwpVevE5480ZQ:XFbkh97+vvT3aZfglpl6kQcllrunrikP

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:35135:nUI2FQVgD9CGAQkXosAlIKyeRwQCEErhq5iABITKEEaECAAEYQRZpANYwtIoCCKDHSA2qBVWgBiF6IoCwF4gDcqDLFyAX0JQ

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Scan History

Scan history not available

Unable to load historical scan data