urlscan.io logo urlscan.io
SecurityTrails logo

far.cleanlfl.com Open in urlscan Pro
185.186.76.222  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://portermartinandhoffman.net/
Effective URL: https://far.cleanlfl.com/click
Submission: On January 12 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 2 HTTP transactions. The main IP is 185.186.76.222, located in Zurich, Switzerland and belongs to M247, RO. The main domain is far.cleanlfl.com.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on December 21st 2023. Valid for: a year.
This is the only time far.cleanlfl.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2602:ff23:0:8... 398019 (DYNU)
2 3 87.240.129.133 47541 (VKONTAKTE...)
1 185.186.76.222 9009 (M247)
2 2
Apex Domain
Subdomains		 Transfer
3 vk.com
direct.vk.com
vk.com — Cisco Umbrella Rank: 3529
away.vk.com — Cisco Umbrella Rank: 84256
2 KB
1 cleanlfl.com
far.cleanlfl.com
448 B
1 portermartinandhoffman.net
portermartinandhoffman.net
267 B
2 3
Domain Requested by
1 far.cleanlfl.com away.vk.com
1 away.vk.com
1 vk.com 1 redirects
1 direct.vk.com 1 redirects
1 portermartinandhoffman.net 1 redirects
2 5

This site contains no links.

Subject Issuer Validity Valid
*.vk.com
GlobalSign Organization Validation CA - SHA256 - G2		 2023-03-16 -
2024-02-20		 a year crt.sh
*.cleanlfl.com
RapidSSL TLS RSA CA G1		 2023-12-21 -
2024-12-20		 a year crt.sh

This page contains 1 frames:

Primary Page: https://far.cleanlfl.com/click
Frame ID: 9C9392B3C482DBDA925C2802BEB7B95F
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Wrong Link

Page URL History Show full URLs

  1. http://portermartinandhoffman.net/ HTTP 302
    https://direct.vk.com/away.php?to=https://far.cleanlfl.com/click HTTP 301
    https://vk.com/away.php?to=https://far.cleanlfl.com/click HTTP 302
    https://away.vk.com/away.php?rh=8069d5f3-51c5-44fc-a6e9-ecd846c131ac Page URL
  2. https://far.cleanlfl.com/click Page URL

Page Statistics

2
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

5
Subdomains

2
IPs

3
Countries

1 kB
Transfer

1 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://portermartinandhoffman.net/ HTTP 302
    https://direct.vk.com/away.php?to=https://far.cleanlfl.com/click HTTP 301
    https://vk.com/away.php?to=https://far.cleanlfl.com/click HTTP 302
    https://away.vk.com/away.php?rh=8069d5f3-51c5-44fc-a6e9-ecd846c131ac Page URL
  2. https://far.cleanlfl.com/click Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://portermartinandhoffman.net/ HTTP 302
  • https://direct.vk.com/away.php?to=https://far.cleanlfl.com/click HTTP 301
  • https://vk.com/away.php?to=https://far.cleanlfl.com/click HTTP 302
  • https://away.vk.com/away.php?rh=8069d5f3-51c5-44fc-a6e9-ecd846c131ac

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
away.php
away.vk.com/
Redirect Chain
  • http://portermartinandhoffman.net/
  • https://direct.vk.com/away.php?to=https://far.cleanlfl.com/click
  • https://vk.com/away.php?to=https://far.cleanlfl.com/click
  • https://away.vk.com/away.php?rh=8069d5f3-51c5-44fc-a6e9-ecd846c131ac
437 B
812 B 		Document
General
Check archive.org
Download Go to
Full URL
https://away.vk.com/away.php?rh=8069d5f3-51c5-44fc-a6e9-ecd846c131ac
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.240.129.133 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS vk.com, RU),
Reverse DNS
srv133-129-240-87.vk.com
Software
kittenx / KPHP/7.4.115504
Resource Hash
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-expose-headers
X-Frontend
cache-control
no-store
content-encoding
gzip
content-length
270
content-type
text/html; charset=windows-1251
date
Fri, 12 Jan 2024 13:04:18 GMT
server
kittenx
x-frame-options
DENY
x-frontend
front609306
x-powered-by
KPHP/7.4.115504
x-trace-id
PHVO2sMFM_EwqsbKRBpzbUBesgfdJw

Redirect headers

access-control-expose-headers
X-Frontend
cache-control
no-store
content-encoding
gzip
content-length
20
content-type
text/html; charset=windows-1251
date
Fri, 12 Jan 2024 13:04:18 GMT
location
https://away.vk.com/away.php?rh=8069d5f3-51c5-44fc-a6e9-ecd846c131ac
origin-agent-cluster
?0
server
kittenx
strict-transport-security
max-age=15768000
x-frame-options
DENY
x-frontend
front609306
x-powered-by
KPHP/7.4.115504
x-trace-id
UlLNe5JhTwEj6OdaWs1IvZA8qIrGMQ
Primary Request click
far.cleanlfl.com/ 		294 B
448 B 		Document
General
Check archive.org
Download Go to
Full URL
https://far.cleanlfl.com/click
Requested by
Host: away.vk.com
URL: https://away.vk.com/away.php?rh=8069d5f3-51c5-44fc-a6e9-ecd846c131ac
Protocol
HTTP/1.0
Security
TLS 1.3, , AES_256_GCM
Server
185.186.76.222 Zurich, Switzerland, ASN9009 (M247, RO),
Reverse DNS
Software
Werkzeug/2.0.3 Python/3.6.9 /
Resource Hash
2df4ffd24827ed7d04d427f8b7b28954ac1e2ae96dff15ca647c54481c50136c

Request headers

Referer
https://away.vk.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Length
294
Content-Type
text/html; charset=utf-8
Date
Fri, 12 Jan 2024 13:04:18 GMT
Server
Werkzeug/2.0.3 Python/3.6.9

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

3 Cookies

Domain/Path Name / Value
.vk.com/ Name: remixlang
Value: 6
.vk.com/ Name: remixstlid
Value: 9084063536840293582_bs9PblT7y7D99Z2IrG4ZLceKneUAQW31IVgH90xzwyL
.vk.com/ Name: remixua
Value: -1%7C-1%7C202%7C3886705511

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

away.vk.com
direct.vk.com
far.cleanlfl.com
portermartinandhoffman.net
vk.com
185.186.76.222
2602:ff23:0:8888::206
87.240.129.133
2df4ffd24827ed7d04d427f8b7b28954ac1e2ae96dff15ca647c54481c50136c