stylobrands.com Open in urlscan Pro
2606:4700:3032::681c:1ec5 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
Submission: On June 17 via manual (June 17th 2020, 6:27:42 pm UTC) from HK

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3032::681c:1ec5, located in United States and belongs to CLOUDFLARENET, US. The main domain is stylobrands.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on September 12th 2019. Valid for: a year.

This is the only time stylobrands.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WeTransfer (Online)

Domain & IP information

	IP Address		AS Autonomous System
10	2606:4700:303... 2606:4700:3032::681c:1ec5		13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	1

10 2606:4700:3032::681c:1ec5 (United States)

ASN13335 (CLOUDFLARENET, US)

stylobrands.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	stylobrands.com stylobrands.com	219 KB
10	1

	Domain	Requested by
10	stylobrands.com	stylobrands.com
10	1

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-09-12` - `2020-09-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
Frame ID: B4369D9FC26661979B27C6E5593F9F94
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

10
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

219 kB
Transfer

520 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request index.php Show response
stylobrands.com/z/wetransfer/ 15 KB
4 KB 104ms
39ms Document
text/html 2606:4700:3032::681c:1ec5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:1ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.17
Resource Hash: 47b53494614c17538d55aa2577df2a83c18d335141a6bf3710014cfea0649ace

Request headers

:method: GET
:authority: stylobrands.com
:scheme: https
:path: /z/wetransfer/index.php?email=abril.nava@conduent.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Wed, 17 Jun 2020 18:27:24 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dd0cd867fa2a55caab23ea408505daa6a1592418444; expires=Fri, 17-Jul-20 18:27:24 GMT; path=/; domain=.stylobrands.com; HttpOnly; SameSite=Lax; Secure
x-powered-by: PHP/7.3.17
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
cf-request-id: 0365223d5a0000c771e7883200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5a4ed30ef834c771-AMS
content-encoding: br

GET
H2 200 bootstrap.css
stylobrands.com/z/wetransfer/ 141 KB
18 KB 22ms
20ms Stylesheet
text/css 2606:4700:3032::681c:1ec5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stylobrands.com/z/wetransfer/bootstrap.css
Requested by: Host: stylobrands.com
URL: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:1ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4b6ed2645519ec2c128badb2a2e7720052f8441ffa94c4f0bceca02311004da

Request headers

Referer: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 18:27:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 09 Jun 2020 00:53:54 GMT
server: cloudflare
age: 5063
etag: W/"2007e2-235f3-5a79c29592c80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5a4ed30f48eac771-AMS
cf-request-id: 0365223d880000c771e7888200000001

GET
H2 200 font-awesome.css
stylobrands.com/z/wetransfer/ 21 KB
5 KB 32ms
30ms Stylesheet
text/css 2606:4700:3032::681c:1ec5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stylobrands.com/z/wetransfer/font-awesome.css
Requested by: Host: stylobrands.com
URL: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:1ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50dbecb3ed007ae3c814e0c220f9e9a153d02fbafa3d9465c4b222042976a8ec

Request headers

Referer: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 18:27:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 09 Jun 2020 01:01:18 GMT
server: cloudflare
age: 5063
etag: W/"2007fe-55e3-5a79c43d01380-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5a4ed30f48eec771-AMS
cf-request-id: 0365223d880000c771e7889200000001

GET
H2 200 animate.css
stylobrands.com/z/wetransfer/ 52 KB
4 KB 21ms
19ms Stylesheet
text/css 2606:4700:3032::681c:1ec5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stylobrands.com/z/wetransfer/animate.css
Requested by: Host: stylobrands.com
URL: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:1ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26968435703f42f548195e31049e1f621c267346a0295be2bafa457b5904ace9

Request headers

Referer: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 18:27:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 09 Jun 2020 01:03:06 GMT
server: cloudflare
age: 5063
etag: W/"200568-ce3f-5a79c4a400680-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5a4ed30f48f0c771-AMS
cf-request-id: 0365223d880000c771e788a200000001

GET
H2 200 jquery.js Show response
stylobrands.com/z/wetransfer/ 85 KB
29 KB 33ms
31ms Script
application/javascript 2606:4700:3032::681c:1ec5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stylobrands.com/z/wetransfer/jquery.js
Requested by: Host: stylobrands.com
URL: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:1ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

Request headers

Referer: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 18:27:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 09 Jun 2020 01:03:46 GMT
server: cloudflare
age: 5063
etag: W/"200800-1538f-5a79c4ca26080-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5a4ed30f48f2c771-AMS
cf-request-id: 0365223d880000c771e788b200000001

GET
H2 200 popper.js Show response
stylobrands.com/z/wetransfer/ 19 KB
7 KB 20ms
19ms Script
application/javascript 2606:4700:3032::681c:1ec5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stylobrands.com/z/wetransfer/popper.js
Requested by: Host: stylobrands.com
URL: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:1ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1550d30e03f777fb25a2761e42fd8640fc2891fe3f8319524e5a0f17ede803d

Request headers

Referer: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 18:27:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 09 Jun 2020 01:04:26 GMT
server: cloudflare
age: 5063
etag: W/"208218-4af7-5a79c4f04ba80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5a4ed30f48f5c771-AMS
cf-request-id: 0365223d8a0000c771e788c200000001

GET
H2 200 bootstrap.js Show response
stylobrands.com/z/wetransfer/ 48 KB
12 KB 22ms
21ms Script
application/javascript 2606:4700:3032::681c:1ec5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stylobrands.com/z/wetransfer/bootstrap.js
Requested by: Host: stylobrands.com
URL: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:1ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b00834c17c50af103e353ef86a69d90bbcaa819ed92b4d6ed670a425514e3c3a

Request headers

Referer: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 18:27:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 09 Jun 2020 01:04:56 GMT
server: cloudflare
age: 5063
etag: W/"2007f9-bf36-5a79c50ce7e00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5a4ed30f48f6c771-AMS
cf-request-id: 0365223d8a0000c771e788d200000001

GET
H2 200 logo.png
stylobrands.com/z/wetransfer/ 37 KB
37 KB 20ms
19ms Image
image/png 2606:4700:3032::681c:1ec5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stylobrands.com/z/wetransfer/logo.png
Requested by: Host: stylobrands.com
URL: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:1ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bcd24cf138944f04a237d543221d29063756b4318d583073e936c4b87632f9bc

Request headers

Referer: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 18:27:24 GMT
cf-cache-status: HIT
last-modified: Tue, 09 Jun 2020 01:11:44 GMT
server: cloudflare
age: 5063
etag: "20820b-936f-5a79c69201400"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5a4ed30f899ac771-AMS
content-length: 37743
cf-request-id: 0365223db40000c771e7892200000001

GET
H2 200 email-decode.min.js Show response
stylobrands.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
853 B 13ms
13ms Script
application/javascript 2606:4700:3032::681c:1ec5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stylobrands.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: stylobrands.com
URL: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::681c:1ec5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 18:27:24 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 10 Jun 2020 17:45:48 GMT
server: cloudflare
etag: W/"5ee11c4c-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
cf-ray: 5a4ed30f796dc771-AMS
cf-request-id: 0365223dab0000c771e7891200000001
expires: Fri, 19 Jun 2020 18:27:24 GMT

GET
H2 200 bg.png
stylobrands.com/z/wetransfer/ 102 KB
102 KB 25ms
21ms Image
image/png 2606:4700:3032::681c:1ec5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stylobrands.com/z/wetransfer/bg.png
Requested by: Host: stylobrands.com
URL: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:1ec5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e049d5c5f7c4a814be9bb2605ce0d382e718535eddf7cf40c628f52b7924c2e9

Request headers

Referer: https://stylobrands.com/z/wetransfer/index.php?email=abril.nava@conduent.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 18:27:24 GMT
cf-cache-status: HIT
last-modified: Tue, 09 Jun 2020 01:07:14 GMT
server: cloudflare
age: 5063
etag: "2007df-196d6-5a79c59083480"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 5a4ed30fa9f8c771-AMS
content-length: 104150
cf-request-id: 0365223dcb0000c771e7894200000001

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WeTransfer (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.stylobrands.com/	1970-01-19 11:03:30	Name: __cfduid Value: dd0cd867fa2a55caab23ea408505daa6a1592418444

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

stylobrands.com
2606:4700:3032::681c:1ec5
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26968435703f42f548195e31049e1f621c267346a0295be2bafa457b5904ace9
47b53494614c17538d55aa2577df2a83c18d335141a6bf3710014cfea0649ace
50dbecb3ed007ae3c814e0c220f9e9a153d02fbafa3d9465c4b222042976a8ec
b00834c17c50af103e353ef86a69d90bbcaa819ed92b4d6ed670a425514e3c3a
bcd24cf138944f04a237d543221d29063756b4318d583073e936c4b87632f9bc
c4b6ed2645519ec2c128badb2a2e7720052f8441ffa94c4f0bceca02311004da
d1550d30e03f777fb25a2761e42fd8640fc2891fe3f8319524e5a0f17ede803d
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
e049d5c5f7c4a814be9bb2605ce0d382e718535eddf7cf40c628f52b7924c2e9

stylobrands.com Open in urlscan Pro 2606:4700:3032::681c:1ec5 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

219 kBTransfer

520 kBSize

1 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

Indicators

stylobrands.com Open in urlscan Pro
2606:4700:3032::681c:1ec5 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

219 kB
Transfer

520 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!