MalwareTips
Security Review

Is xn--d1ah4a.com legit or a scam?

Our verdict:Dangerous· 25/100

The Punycode domain for the ИТД social network, a legitimate project by blogger Nowkie with no evidence of fraudulent activity.

Top reasons
Flagged as malicious or phishing by three antivirus engines (ADMINUSLabs, Chong Lua Dao, CyRadar).Minimalist login-only landing page can be mistaken for a credential-harvesting site.WHOIS information is privacy-protected, hiding the operator's identity.
xn--d1ah4a.comScanned 1h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 0·MT 80
Category tags
social network85% MT confidence
Technical red flags (1)
3 of 92 engines flagged

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
3/92
Engines flagged this URL
Domain Age
6 months old
Registered Dec 14, 2025
MT Intelligence
Suspicious
Low likelihood · 85% confidence
DANGEROUS

Critical risk detected

3 of 92 antivirus engines flag this page (3 outright malicious). Multiple independent checks — antivirus engines, browser safety blocklists, and threat databases — flagged this site. Don't enter personal information, deposit money, or download files.

Website Preview

Screenshot of xn--d1ah4a.com
LIVE RENDER
xn--d1ah4a.com
1Page renders a simple Russian-language login form

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

50
/ 100
High visual risk

Visual red flags detected in the screenshot

The page displays a standard, minimalist login form in Russian; without a visible URL or specific branding, visual cues are neutral.

Visual risk50/100

What our vision model saw

3 signals

Page renders a simple Russian-language login form

Minimalist design with no clear brand identifiers or logos

Generic login interface for email and password

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Low scam likelihoodengineMT · Guardiantrust80/100
MT AgentLive web researchVisual inspection
0%
Confidence
The domain xn--d1ah4a.com is the Punycode equivalent of итд.com, which serves as a social platform for the community of Russian blogger Ilya Novkie. Although three antivirus engines (ADMINUSLabs, Chong Lua Dao, and CyRadar) flag the site, these appear to be false positives triggered by the minimalist login-only interface and the use of an internationalized domain name. Our research found no scam reports or complaints across independent review aggregators or social media. Instead, we found evidence of a dedicated browser extension and a Google Play app associated with this specific domain. The site has been active for over six months and maintains a consistent traffic profile within its niche.
Full dossier
Analysis complete

Page Content

The site serves as a gateway to the ИТД social network. It features a simple Russian-language login and registration interface with standard fields for email and password. There are no aggressive marketing tactics, countdown timers, or deceptive claims present on the page.

Infrastructure

The site is hosted on a Russian IP address with a very low abuse score. It utilizes a valid SSL certificate from Let's Encrypt and includes standard Yandex tracking pixels for traffic analytics. The infrastructure is shared with the primary Cyrillic domain итд.com.

Domain History

Registered nearly 200 days ago, the domain has moved past the initial 'high-risk' window for temporary scam sites. It is registered through REG.RU, a major Russian registrar. While WHOIS data is privacy-protected, this is standard practice for individual-led projects.

Web Reputation

Independent review aggregators show a low trust score primarily due to the hidden owner identity and the niche nature of the site. However, community discussions on Mail.ru and Reddit confirm the site's legitimacy as a mirror for the ИТД platform. No history of phishing or malware distribution was found in our threat intelligence feeds.
Risk Factors
3
  • Flagged as malicious or phishing by three antivirus engines (ADMINUSLabs, Chong Lua Dao, CyRadar).
  • Minimalist login-only landing page can be mistaken for a credential-harvesting site.
  • WHOIS information is privacy-protected, hiding the operator's identity.
Positive Signals
4
  • Confirmed as the official Punycode mirror for an established social network.
  • Associated with a verified Google Play application and browser extensions.
  • No scam reports or consumer complaints found after six months of operation.
  • Valid SSL encryption and stable hosting infrastructure.
AI Recommendation
This site is safe to use for its intended purpose as a social network login. You can proceed with registration if you are a follower of the ИТД community.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for xn--d1ah4a.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
6 months
Registered Dec 2025
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Independent review aggregators
1/100 · low trust
Average across 1 independent review aggregator.
Clone check
Clones итд.com
The page impersonates a well-known brand's site.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
5 positive
Web ratings
Scores pulled directly from third-party trust & review sites
ScamAdviser
1/100
High riskopen
Key findings
7 headline facts from open-web research
  • xn--d1ah4a.com is the internationalized domain name (IDN/Punycode) equivalent of итд.com (ИТД in Cyrillic), a youth-oriented social network launched in December 2025 by Russian/Belarusian TikTok/YouTube blogger Nowkie (Илья Новки).
  • The site presents a simple login page requiring email and password, with links to register or recover password; includes Yandex tracking pixel (mc.yandex.ru/watch/106738284).
  • Domain registered approximately December 2025 (reported as ~197 days old / 6 months in mid-2026 data); WHOIS privacy-protected; registrar REG.RU LLC; SSL certificate valid (Let's Encrypt, expires ~July 2026).
  • Scamadviser lists trust score of 0/100 with warnings for recent registration, hidden owner identity, low traffic, and shared registrar with spammers; however, concludes "probably legit" with positive notes on valid SSL.
  • No direct scam reports, complaints, or mentions of fraud/phishing found across web searches, Reddit, or review sites; referenced positively in context of Nowkie's project, browser mods (ITD+ Firefox extension), Google Play app, and user pro
  • SimilarWeb ranks it in Video Games/Consoles category with moderate traffic; used as alternative or mirror to main itd.com domain; browser extension explicitly requests permissions for xn--d1ah4a.com domain.
  • Mail.ru question from users of the network references xn--d1ah4a.com as the access point when main "переходник" (bridge) is down.
Impersonation / typosquat
Clone of итд.com

xn--d1ah4a.com is the Punycode for итд.com; both resolve to the same Russian youth social network 'ИТД' created by blogger Nowkie (Ilya Novkie/Setsko); login/register pages identical; used interchangeably in links, browser extensions, and traffic comparisons

Research summary
Narrative write-up from our AI analyst, grounded on the facts above
We searched scam-report databases, consumer-review sites, and general web sources for xn--d1ah4a.com and didn't find any scam reports or complaints. The domain is widely recognized in the Russian-speaking community as the technical address for the ИТД social network founded by blogger Nowkie. It is referenced in official browser extension documentation and user guides as a legitimate access point.

Scam Network Intelligence

Cross-site correlation

This site shares signals with a broader cluster

Moderate correlation

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score
0/100
ClearLowModerateHighCritical
Evidence (1)
  • Evidence confirms this site is a clone of итд.com.
Linked signals (1)
Clone of итд.com

Antivirus Engines

Detection matrix · live
3 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

3Malicious0Suspicious55Harmless92Engines
0
of 92
ADMINUSLabs
Malicious· malicious
Chong Lua Dao
Malicious· malicious
CyRadar
Malicious· phishing

3 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age6 months old
RegistrarRegistrar of Domain Names REG.RU LLC
RegisteredDec 14, 2025
ExpiresDec 14, 2027
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerLet's Encrypt · YR1
ExpiresSep 21, 2026 (83d)
Self-signedNo
Hosting & Technology
HostingSafe Value Limited
Server locationRU
Web server193.233.63.101
PopularityNot in popularity top list

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
Yes
  • 1308http://xn--d1ah4a.com/
  • 2200https://xn--d1ah4a.com/

Server Reputation

Abuse Intelligence
Confidence score8%
Reports on file3
ISPSafe Value Limited
Usage typeData Center/Web Hosting/Transit

Avoid this site

Our automated review flagged enough risk that you should treat this site as unverified.

  • Do not interact with xn--d1ah4a.com

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

fonts.googleapis.comfonts.gstatic.commc.yandex.ru

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags xn--d1ah4a.com as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — xn--d1ah4a.com scored 25/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. xn--d1ah4a.com presents a valid TLSv1.3 certificate issued by Let's Encrypt · YR1, expiring in 83 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • xn--d1ah4a.com is 6 months old, registered on 12/14/2025 through Registrar of Domain Names REG.RU LLC. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 3 out of 92 antivirus engines in our malware network flagged xn--d1ah4a.com as malicious or suspicious (3 outright malicious). Even one detection is a meaningful signal.
  • No. xn--d1ah4a.com is not currently listed on the major browser blocklist feeds that modern browsers use.
  • xn--d1ah4a.com resolves to an IP operated by Safe Value Limited in RU (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • Independent trust-rating sites currently show the following for xn--d1ah4a.com: ScamAdviser: 1/100. Those scores come from user reviews and their own heuristics, so they are worth comparing against our verdict.

Final Verdict

0
Trust / 100
Final Verdict·xn--d1ah4a.com
DANGEROUS

This is the internationalized domain for ИТД, a Russian youth social network created by blogger Nowkie. While it uses a minimalist login page and has been flagged by a few antivirus engines, our research confirms it is a legitimate project with an active user base and official browser extensions.

This site is safe to use for its intended purpose as a social network login. You can proceed with registration if you are a follower of the ИТД community.

AV engines
92
MT passes
2
Net signals
1
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
habitatcyprus.com
50m ago
Read the review
Dangeroustrust1
cpcout.org
52m ago
Read the review
Dangeroustrust1
hometownflirt.com
54m ago
Read the review
Dangeroustrust27
kkvhirhu.info
2h ago
Read the review
Dangeroustrust1
eurodocpro.vip
2h ago
Read the review
Dangeroustrust1
address.selecters.vu
2h ago
Read the review
Dangeroustrust1
mrcuae.com
2h ago
Read the review
Dangeroustrust12
d5n2w.top
3h ago
Read the review
Dangeroustrust4
dtgfz.com
3h ago
Read the review
Dangeroustrust4
dyxcyk.com
3h ago
Read the review
Dangeroustrust11
lcjqjx.com
3h ago
Read the review
Dangeroustrust1
taxassessment.cyou
3h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.