agodapromote.com Open in urlscan Pro
43.131.34.30 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://agodapromote.com/
Effective URL:
https://agodapromote.com/
Submission: On August 24 via api (August 24th 2023, 6:03:31 am UTC) from JP — Scanned from JP

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 2 domains to perform 11 HTTP transactions. The main IP is 43.131.34.30, located in Frankfurt am Main, Germany and belongs to TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN. The main domain is agodapromote.com.
TLS certificate: Issued by R3 on August 23rd 2023. Valid for: 3 months.

This is the only time agodapromote.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Agoda (Travel)

Domain & IP information

	IP Address	AS Autonomous System
1 1	43.133.141.14 43.133.141.14	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
10	43.131.34.30 43.131.34.30	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
1	112.124.0.217 112.124.0.217	37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.)
11	3

1 43.133.141.14 (Jakarta, Indonesia) 1 redirects

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

agodapromote.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 43.131.34.30 (Frankfurt am Main, Germany)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

agodapromote.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 112.124.0.217 (Hangzhou, China)

ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)

cdn.dcloud.net.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	agodapromote.com 1 redirects agodapromote.com	1 MB
1	dcloud.net.cn cdn.dcloud.net.cn — Cisco Umbrella Rank: 75772	579 B
11	2

	Domain	Requested by
11	agodapromote.com	1 redirects agodapromote.com
1	cdn.dcloud.net.cn	agodapromote.com
11	2

This site contains no links.

Subject Issuer	Validity	Valid
agodapromote.com R3	`2023-08-23` - `2023-11-21`	3 months	crt.sh
*.dcloud.net.cn Certum Domain Validation CA SHA2	`2023-08-07` - `2024-09-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://agodapromote.com/
Frame ID: D7A3BF9BE4BBA88508EE2F5EEACA5166
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page URL History Show full URLs

http://agodapromote.com/ HTTP 301
https://agodapromote.com/ Page URL

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

3
Countries

1099 kB
Transfer

5089 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://agodapromote.com/ HTTP 301
https://agodapromote.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response agodapromote.com/ Redirect Chain http://agodapromote.com/ https://agodapromote.com/	767 B 1020 B	1477ms 612ms	Document text/html	43.131.34.30 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://agodapromote.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 43.131.34.30 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash `dca1ad2ec6cd6ec23b889b21bb12f55f4aae561b8de30e55c4dd558c6360dbb0` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 accept-language jp-jp,jp;q=0.9 Response headers Accept-Ranges bytes Connection keep-alive Content-Length 767 Content-Type text/html Date Thu, 24 Aug 2023 06:03:15 GMT ETag "64d96ba8-2ff" Last-Modified Sun, 13 Aug 2023 23:47:52 GMT Server nginx X-Cache-Status MISS Redirect headers Connection keep-alive Content-Length 166 Content-Type text/html Date Thu, 24 Aug 2023 06:03:13 GMT Location https://agodapromote.com/ Server nginx X-Cache-Status MISS
GET H/1.1	200 OK	index.97465e7b.css agodapromote.com/static/	94 KB 31 KB	1173ms 1173ms	Stylesheet text/css	43.131.34.30 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://agodapromote.com/static/index.97465e7b.css Requested by Host: agodapromote.com URL: https://agodapromote.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 43.131.34.30 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash `f6789ee8a50f44f18ba717956bd34c4cd17b1d658443e92408976907b83a0242` Request headers accept-language jp-jp,jp;q=0.9 Referer https://agodapromote.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Thu, 24 Aug 2023 06:03:15 GMT Content-Encoding gzip Last-Modified Sun, 13 Aug 2023 23:47:52 GMT Server nginx ETag W/"64d96ba8-17894" X-Cache-Status MISS Transfer-Encoding chunked Vary Accept-Encoding, Accept-Encoding Content-Type text/css Cache-Control max-age=43200 Connection keep-alive Expires Thu, 24 Aug 2023 18:03:15 GMT
GET H/1.1	200 OK	chunk-vendors.ee0fdaa0.js Show response agodapromote.com/static/js/	837 KB 309 KB	1607ms 769ms	Script application/javascript	43.131.34.30 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://agodapromote.com/static/js/chunk-vendors.ee0fdaa0.js Requested by Host: agodapromote.com URL: https://agodapromote.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 43.131.34.30 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash `2abf00fbf701b1c50fa0c8774b87905810aa90d3453c935edc83cd68c60badac` Request headers accept-language jp-jp,jp;q=0.9 Referer https://agodapromote.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Thu, 24 Aug 2023 06:03:16 GMT Content-Encoding gzip Last-Modified Sun, 13 Aug 2023 23:47:52 GMT Server nginx ETag W/"64d96ba8-d138a" X-Cache-Status HIT Transfer-Encoding chunked Vary Accept-Encoding, Accept-Encoding Content-Type application/javascript Cache-Control max-age=43200 Connection keep-alive Expires Thu, 24 Aug 2023 04:07:43 GMT
GET H/1.1	200 OK	index.b92a0910.js Show response agodapromote.com/static/js/	4 MB 688 KB	2082ms 1228ms	Script application/javascript	43.131.34.30 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://agodapromote.com/static/js/index.b92a0910.js Requested by Host: agodapromote.com URL: https://agodapromote.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 43.131.34.30 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash `955bee7594ebf14d5f55f01da14b0ce2d8906925dd75230f0d610fe8e0248062` Request headers accept-language jp-jp,jp;q=0.9 Referer https://agodapromote.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Thu, 24 Aug 2023 06:03:16 GMT Content-Encoding gzip Last-Modified Sun, 13 Aug 2023 23:47:52 GMT Server nginx ETag W/"64d96ba8-3fa9bf" X-Cache-Status HIT Transfer-Encoding chunked Vary Accept-Encoding, Accept-Encoding Content-Type application/javascript Cache-Control max-age=43200 Connection keep-alive Expires Thu, 24 Aug 2023 04:07:43 GMT
GET H/1.1	200 OK	shadow-grey.png cdn.dcloud.net.cn/img/	136 B 579 B	1177ms 465ms	Image image/png	112.124.0.217 ALIBABA-CN-NET Ha...
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.dcloud.net.cn/img/shadow-grey.png Requested by Host: agodapromote.com URL: https://agodapromote.com/static/index.97465e7b.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 112.124.0.217 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f` Request headers accept-language jp-jp,jp;q=0.9 Referer https://agodapromote.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Thu, 24 Aug 2023 06:03:20 GMT Last-Modified Thu, 06 Jun 2019 06:42:07 GMT Server nginx ETag "5cf8b5bf-88" Content-Type image/png Cache-Control max-age=7200 Connection close Accept-Ranges bytes Content-Length 136 Expires Thu, 24 Aug 2023 08:03:20 GMT
GET H/1.1	200 OK	pages-login-login.95755f5c.js Show response agodapromote.com/static/js/	20 KB 6 KB	405ms 405ms	Script application/javascript	43.131.34.30 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://agodapromote.com/static/js/pages-login-login.95755f5c.js Requested by Host: agodapromote.com URL: https://agodapromote.com/static/js/index.b92a0910.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 43.131.34.30 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash `e3feafdc80ad3bc14ff4615882fac3d36d80d73e8b6e1d81940eedce601a7b3d` Request headers accept-language jp-jp,jp;q=0.9 Referer https://agodapromote.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Thu, 24 Aug 2023 06:03:25 GMT Content-Encoding gzip Last-Modified Sun, 13 Aug 2023 23:47:52 GMT Server nginx ETag W/"64d96ba8-51c4" X-Cache-Status HIT Transfer-Encoding chunked Vary Accept-Encoding, Accept-Encoding Content-Type application/javascript Cache-Control max-age=43200 Connection keep-alive Expires Thu, 24 Aug 2023 04:07:45 GMT
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0ccf8dd29c61715a6364ea9ec36d32c295e82ca837488590130c51cee298b7d3` Request headers accept-language jp-jp,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Content-Type image/svg+xml
GET H/1.1	200 OK	48.png agodapromote.com/static/icon/	36 KB 36 KB	826ms 826ms	Image image/png	43.131.34.30 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Show image Full URL https://agodapromote.com/static/icon/48.png Requested by Host: agodapromote.com URL: https://agodapromote.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 43.131.34.30 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash `a502fa1b640d29a3821f3583fae9bc6d484d2dd2288ca2ec5e3d0f74c83bdb6b` Request headers accept-language jp-jp,jp;q=0.9 Referer https://agodapromote.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Thu, 24 Aug 2023 06:03:25 GMT Last-Modified Sun, 13 Aug 2023 23:47:52 GMT Server nginx ETag "64d96ba8-9053" X-Cache-Status HIT Content-Type image/png Cache-Control max-age=2592000 Connection keep-alive Accept-Ranges bytes Content-Length 36947 Expires Fri, 22 Sep 2023 16:07:46 GMT
GET H/1.1	200 OK	1.png agodapromote.com/static//logo/	8 KB 9 KB	391ms 391ms	Image image/png	43.131.34.30 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Show image Full URL https://agodapromote.com/static//logo/1.png Requested by Host: agodapromote.com URL: https://agodapromote.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 43.131.34.30 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash `f6cb5b1869064694d46f00340696f72358bebcbf0b737d83eadf12e9892af125` Request headers accept-language jp-jp,jp;q=0.9 Referer https://agodapromote.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Thu, 24 Aug 2023 06:03:25 GMT Last-Modified Sun, 13 Aug 2023 23:47:52 GMT Server nginx ETag "64d96ba8-2143" X-Cache-Status HIT Content-Type image/png Cache-Control max-age=2592000 Connection keep-alive Accept-Ranges bytes Content-Length 8515 Expires Fri, 22 Sep 2023 16:07:46 GMT
GET H/1.1	200 OK	49.png agodapromote.com/static/icon/	971 B 1 KB	404ms 403ms	Image image/png	43.131.34.30 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Show image Full URL https://agodapromote.com/static/icon/49.png Requested by Host: agodapromote.com URL: https://agodapromote.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 43.131.34.30 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash `a2aa4e452ff2715e916ef7b8770c1e96982e7a11c1f422ea8f5980e600cc6da4` Request headers accept-language jp-jp,jp;q=0.9 Referer https://agodapromote.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Thu, 24 Aug 2023 06:03:25 GMT Last-Modified Sun, 13 Aug 2023 23:47:52 GMT Server nginx ETag "64d96ba8-3cb" X-Cache-Status HIT Content-Type image/png Cache-Control max-age=2592000 Connection keep-alive Accept-Ranges bytes Content-Length 971 Expires Fri, 22 Sep 2023 16:07:46 GMT
GET H/1.1	200 OK	3.png agodapromote.com/static/icon/	9 KB 9 KB	787ms 396ms	Image image/png	43.131.34.30 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Show image Full URL https://agodapromote.com/static/icon/3.png Requested by Host: agodapromote.com URL: https://agodapromote.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 43.131.34.30 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash `86fff17440b2a7a499aa8a3f7069cf5eba4ab0804e6dad702487817c16a29b86` Request headers accept-language jp-jp,jp;q=0.9 Referer https://agodapromote.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Thu, 24 Aug 2023 06:03:26 GMT Last-Modified Sun, 13 Aug 2023 23:47:52 GMT Server nginx ETag "64d96ba8-2327" X-Cache-Status HIT Content-Type image/png Cache-Control max-age=2592000 Connection keep-alive Accept-Ranges bytes Content-Length 8999 Expires Fri, 22 Sep 2023 16:07:46 GMT
GET H/1.1	200 OK	4.png agodapromote.com/static/icon/	7 KB 7 KB	809ms 405ms	Image image/png	43.131.34.30 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Show image Full URL https://agodapromote.com/static/icon/4.png Requested by Host: agodapromote.com URL: https://agodapromote.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 43.131.34.30 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx / Resource Hash `4bdfbe5dacbb1e4823b11eec0b372e331464228297f47451f1ed66e7f931f8b0` Request headers accept-language jp-jp,jp;q=0.9 Referer https://agodapromote.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Thu, 24 Aug 2023 06:03:26 GMT Last-Modified Sun, 13 Aug 2023 23:47:52 GMT Server nginx ETag "64d96ba8-1c5f" X-Cache-Status HIT Content-Type image/png Cache-Control max-age=2592000 Connection keep-alive Accept-Ranges bytes Content-Length 7263 Expires Fri, 22 Sep 2023 16:07:46 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Agoda (Travel)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.dcloud.net.cn/	1970-01-20 23:50:17	Name: __uni__uid Value: CgIBX2Tm8qg31H6aJl4jAg==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

agodapromote.com
cdn.dcloud.net.cn
112.124.0.217
43.131.34.30
43.133.141.14
0ccf8dd29c61715a6364ea9ec36d32c295e82ca837488590130c51cee298b7d3
2abf00fbf701b1c50fa0c8774b87905810aa90d3453c935edc83cd68c60badac
4bdfbe5dacbb1e4823b11eec0b372e331464228297f47451f1ed66e7f931f8b0
86fff17440b2a7a499aa8a3f7069cf5eba4ab0804e6dad702487817c16a29b86
955bee7594ebf14d5f55f01da14b0ce2d8906925dd75230f0d610fe8e0248062
a2aa4e452ff2715e916ef7b8770c1e96982e7a11c1f422ea8f5980e600cc6da4
a502fa1b640d29a3821f3583fae9bc6d484d2dd2288ca2ec5e3d0f74c83bdb6b
ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f
dca1ad2ec6cd6ec23b889b21bb12f55f4aae561b8de30e55c4dd558c6360dbb0
e3feafdc80ad3bc14ff4615882fac3d36d80d73e8b6e1d81940eedce601a7b3d
f6789ee8a50f44f18ba717956bd34c4cd17b1d658443e92408976907b83a0242
f6cb5b1869064694d46f00340696f72358bebcbf0b737d83eadf12e9892af125

agodapromote.com Open in urlscan Pro 43.131.34.30 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

3 Countries

1099 kBTransfer

5089 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

1 Cookies

Indicators

agodapromote.com Open in urlscan Pro
43.131.34.30 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

3
Countries

1099 kB
Transfer

5089 kB
Size

1
Cookies

11 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!