ScanMalware.com

Security Scan Report: href.li

Redirected to:
https://usmanagement.dormila.cfd/?v=fda8&session=49cab1ea71ba2e20b803b...
Submitted: Apr 8, 2026, 11:05:00 AMCompleted: Apr 8, 2026, 11:06:21 AMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 1 country across 2 domains to perform 7 HTTP transactions. The main domain is usmanagement.dormila.cfd and was registered NaN years ago.

Submitted URL: https://href.li/?https://usmanagement.dormila.cfd/uslogi

Effective URL: https://usmanagement.dormila.cfd/?v=fda8&session=49cab1ea71ba2e20b803bba4e9326e59&cid=ec98e4d0e7739e79&iat=1775646304&loc=US&build=6.1.0Redirected

The Cisco Umbrella rank of the primary domain is #129,868 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 85%

8
Risk Score

IDS flagged the redirect as a phishing page; treat as high‑risk and do not provide any credentials.

Risk Factors
Network IDS high alert indicating phishing redirect
Use of a low‑ranking, obscure domain after a redirect
Absence of legitimate content; only a generic security challenge page
Domain age information unavailable

Details

Bot Protection Detected

This website is protected by Cloudflare bot protection. Our scanner was challenged or blocked during access.

Page Title

Just a moment...

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

finance banking

(46%)

Domain Information

The domain 'href.li' uses the .li country-code top-level domain. Its registrable label 'href' stretches across 4 characters with one vowel and three consonants. Tokenizing the label suggests 1 word: href. Median word length is four characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://href.li/?https://usmanagement.dormila.cfd/uslogi

Page Load Overview

0.61s
Total Load Time
7
HTTP Requests
2
Domains
N/A
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:90 chars
Detector Agreement:100%

Website Classification

Primary Category

finance banking46% confidence
Type: static
Method: ml+structural

All Detected Categories

finance banking
46%
cryptocurrency blockchain
37%
government public service
35%
adult content
32%
documentation technical
27%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
3192.0.78.26San Francisco, California, United States
AS2635Automattic, Inc
2104.21.17.41United States
AS13335Cloudflare, Inc.
2172.67.220.224United States
AS13335Cloudflare, Inc.
73--

Detected Technologies4

Cloudflare
50%
HTTP/3
40%
HSTS
40%
Cloudflare Bot Management
30%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T11FD1D592A6AB113971E3C0E166B7735F70A185079106CA14BE9C35508FCBCAB4F7ABC8

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

192:rLN8ahjSqyZVtDd2SMyDx5kAP6N9i6Q3ibxZeAikE:rLOqEOSrDx7PGiji/eAir

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:6230:ES4ABEgJAAKAEYRAqAAigAAIATQIQYLCQogEEsQA0gBEUwWhIiEiAgCBhEgzxJRBAQG2hgUJNALcAEiAAhIlAiMAg1QBQAQB

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffffffe7e7ffffff
Perceptual Hash:b389cc663399cc66
Difference Hash:000010484d300800
Wavelet Hash:0c0c040ce7e7cfcf
Color Hash:#d22da6

Other Hashes

Crop Resistant:000010484d300800

Scan History

Scan history not available

Unable to load historical scan data