ScanMalware.com

Security Scan Report: href.li

Redirected to: https://us.dormila.cfd/?v=6caa&session=9467f16fe820b2b9d77946e93e50a060&cid=a4bb84840285887d&iat=1774975349&loc=US&build=6.1.0

Submitted: Mar 31, 2026, 4:42:26 PMCompleted: Mar 31, 2026, 4:43:44 PMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 1 country across 2 domains to perform 7 HTTP transactions. The main domain is us.dormila.cfd and was registered NaN years ago.

Submitted URL: https://href.li/?https://us.dormila.cfd/uslogi

Effective URL: https://us.dormila.cfd/?v=6caa&session=9467f16fe820b2b9d77946e93e50a060&cid=a4bb84840285887d&iat=1774975349&loc=US&build=6.1.0Redirected

The Cisco Umbrella rank of the primary domain is #129,868 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 88%

8
Risk Score

Page is a phishing redirect with strong IDS evidence; avoid and report.

Risk Factors
High severity IDS alert indicating phishing redirect
Redirect chain to an untrusted .cfd domain
Low reputation ranking of the primary domain
Use of an obscure, likely newly‑registered external domain
Domain age information unavailable

Details

Bot Protection Detected

This website is protected by Cloudflare bot protection. Our scanner was challenged or blocked during access.

Page Title

Just a moment...

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

healthcare medical

(37%)

Domain Information

The domain name 'href.li' uses the .li country-code top-level domain. The second-level label 'href' is 4 characters long split between one vowel and 3 consonants. Splitting it apart reveals one word: href. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://href.li/?https://us.dormila.cfd/uslogi

Page Load Overview

0.55s
Total Load Time
7
HTTP Requests
2
Domains
N/A
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:59 chars
Detector Agreement:100%

Website Classification

Primary Category

healthcare medical37% confidence
Type: static
Method: ml+structural

All Detected Categories

healthcare medical
37%
news media journalism
31%
phishing/scam
20%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
2192.0.78.27San Francisco, California, United States
AS2635Automattic, Inc
2104.21.17.41United States
AS13335Cloudflare, Inc.
2172.67.220.224United States
AS13335Cloudflare, Inc.
73--

Detected Technologies4

Cloudflare
50%
HTTP/3
40%
HSTS
40%
Cloudflare Bot Management
30%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1D7C1C752E56B007E74A380696BF3731F70B181039107D604BDAC65594F8BDAF8ABAFC8

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

96:nWUxgMpRDPi0FTHGAhDxH5ClQldDx3JkAP6NAR0ij94kQ03ibxZR4AiScSE:yM3fF7GAhDxwyDx5kAP6N9i6Q3ibxZeF

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:5794:AIABACDSiFRqAwACDMIQAjAKRTBiGQYAEJpGGAAQAAQSAaAIHgjcBMEBWEAREQUR5YhSgEAXYABCAxQAgBEJ0AYABBiWIIRA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffffffe7efffffff
Perceptual Hash:b326cc993366cc99
Difference Hash:0000000808000000
Wavelet Hash:ccccccc428383c3c
Color Hash:#93291f

Other Hashes

Crop Resistant:0000000808000000

Scan History

Scan history not available

Unable to load historical scan data