pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev Open in urlscan Pro
104.18.2.35 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html
Effective URL:
https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html
Submission: On August 17 via automatic, source openphish (August 17th 2024, 2:13:45 pm UTC) — Scanned from IT

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 104.18.2.35, located in and belongs to CLOUDFLARENET, US. The main domain is pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev.
TLS certificate: Issued by E6 on August 1st 2024. Valid for: 3 months.

This is the only time pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	104.18.2.35 104.18.2.35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	198.187.31.254 198.187.31.254	22612 (NAMECHEAP...) (NAMECHEAP-NET)
7	104.17.245.203 104.17.245.203	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	4

6 104.18.2.35 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.187.31.254 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server47-2.web-hosting.com

gothicmagic.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.17.245.203 (None, )

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	unpkg.com unpkg.com — Cisco Umbrella Rank: 1314	10 KB
6	r2.dev 1 redirects pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev	189 KB
3	gothicmagic.biz gothicmagic.biz	2 KB
17	3

	Domain	Requested by
7	unpkg.com	pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev unpkg.com
6	pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev	1 redirects pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev
3	gothicmagic.biz	pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev gothicmagic.biz
17	3

This site contains no links.

Subject Issuer	Validity	Valid
*.r2.dev E6	`2024-08-01` - `2024-10-30`	3 months	crt.sh
gothicmagic.biz R11	`2024-07-11` - `2024-10-09`	3 months	crt.sh
unpkg.com WE1	`2024-07-28` - `2024-10-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html
Frame ID: 85B75BDE4FE626418D9A7847E13ADEB2
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sharepoint | Sign in

Page URL History Show full URLs

http://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html HTTP 307
https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html Page URL
https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/cdn-cgi/phish-bypass?atok=pBTWiyfqtoq5xMu40bFSfQXsqIyKAFIpvLyFcE99.P0-172390... HTTP 301
https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html Page URL

Page Statistics

17
Requests

88 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

200 kB
Transfer

327 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html HTTP 307
https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html Page URL
https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/cdn-cgi/phish-bypass?atok=pBTWiyfqtoq5xMu40bFSfQXsqIyKAFIpvLyFcE99.P0-1723904007-0.0.1.1-%2Fsharepnt.html HTTP 301
https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html HTTP 307
https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html

17 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

sharepnt.html Show response
pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/
Redirect Chain

http://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html
https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html

4 KB
5 KB

620ms
82ms

Document
text/html

104.18.2.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6c3de018ccd85459044a1a70b3f41f31dd37a964f5a7e58049e93308bd3bef8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

CF-RAY: 8b4a43cf39d3badf-MXP
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Sat, 17 Aug 2024 14:13:27 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK cf.errors.css
pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/cdn-cgi/styles/ 23 KB
5 KB 63ms
62ms Stylesheet
text/css 104.18.2.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev
URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Sat, 17 Aug 2024 14:13:27 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 09 Aug 2024 15:29:31 GMT
Server: cloudflare
ETag: W/"66b635db-5df3"
Transfer-Encoding: chunked
X-Frame-Options: DENY
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=7200, public
Connection: keep-alive
CF-RAY: 8b4a43d1fdaebadf-MXP
Expires: Sat, 17 Aug 2024 16:13:27 GMT

GET
H/1.1 200
OK icon-exclamation.png
pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/cdn-cgi/images/ 452 B
889 B 107ms
104ms Image
image/png 104.18.2.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev
URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Sat, 17 Aug 2024 14:13:28 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 09 Aug 2024 15:29:31 GMT
Server: cloudflare
ETag: "66b635db-1c4"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=7200, public
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 8b4a43d79d54badf-MXP
Content-Length: 452
Expires: Sat, 17 Aug 2024 16:13:28 GMT

GET
H/1.1 404
Not Found favicon.ico
pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/ 27 KB
27 KB 169ms
168ms Other
text/html 104.18.2.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66

Request headers

Referer: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Sat, 17 Aug 2024 14:13:29 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 8b4a43daa995badf-MXP
Content-Length: 27150
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1

200
OK

Primary Request sharepnt.html Show response
pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/
Redirect Chain

https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/cdn-cgi/phish-bypass?atok=pBTWiyfqtoq5xMu40bFSfQXsqIyKAFIpvLyFcE99.P0-1723904007-0.0.1.1-%2Fsharepnt.html
https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html

151 KB
151 KB

314ms
312ms

Document
text/html

104.18.2.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e426ca2fc6854eab520720854d38585dacd07022a0781ecb80dff83ca6d98e59

Request headers

Referer: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
CF-RAY: 8b4a43ef3cc1badf-MXP
Connection: keep-alive
Content-Length: 154313
Content-Type: text/html
Date: Sat, 17 Aug 2024 14:13:32 GMT
ETag: "9ce211366e5633bbd164410583438b70"
Last-Modified: Tue, 13 Aug 2024 15:47:01 GMT
Server: cloudflare
Vary: Accept-Encoding

Redirect headers

CF-RAY: 8b4a43eedc30badf-MXP
Cache-Control: private, no-cache
Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Sat, 17 Aug 2024 14:13:32 GMT
Location: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html
Server: cloudflare
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

GET
H2 200 style.css
gothicmagic.biz/FSHDFYLGJJKLJj/sharepoint/css/ 2 KB
750 B 1065ms
224ms Stylesheet
text/css 198.187.31.254
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://gothicmagic.biz/FSHDFYLGJJKLJj/sharepoint/css/style.css
Requested by: Host: pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev
URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.187.31.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server47-2.web-hosting.com
Software: LiteSpeed /
Resource Hash: b6ccf22161feefac19fae1d810409c9e711af3148f153bd5db731d9fe30562bf

Request headers

Referer: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 14:13:33 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:03:06 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 530
expires: Sat, 24 Aug 2024 14:13:33 GMT

GET
H2 200 helper.css
gothicmagic.biz/FSHDFYLGJJKLJj/sharepoint/css/ 2 KB
782 B 1069ms
228ms Stylesheet
text/css 198.187.31.254
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://gothicmagic.biz/FSHDFYLGJJKLJj/sharepoint/css/helper.css
Requested by: Host: pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev
URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.187.31.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server47-2.web-hosting.com
Software: LiteSpeed /
Resource Hash: 3d2d790da155fea22019d28e7c35562e67c73057e3e908edc44378ec24a58ed7

Request headers

Referer: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 14:13:33 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:04:02 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 561
expires: Sat, 24 Aug 2024 14:13:33 GMT

GET
H2 200 ionicons.esm.js Show response
unpkg.com/ionicons@5.5.2/dist/ionicons/ 399 B
709 B 992ms
96ms Script
application/javascript 104.17.245.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/ionicons@5.5.2/dist/ionicons/ionicons.esm.js

Requested by

Host: pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev
URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.245.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20193736d900f0b602a678f804676349764578ab2adcd07ffebb6d06df1afd96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/
Origin: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 14:13:33 GMT
content-encoding: gzip
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 14320762
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HR5HM9Y7NT9FW6XMKNB3S184-fra
server: cloudflare
etag: "18f-B+zGUTbQ1uVsG8y1uf+53Qdwne0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8b4a43f71c5e0d61-MXP

GET
DATA 200
OK truncated
/ 72 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 64fbc5854ea158fc46497376ca32d3dc5ba37213c8e061607ff00d04a26b7f25

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84da4e35fb8b78715775f49d1ae9cc064c38f62f7fcf6234b99d531e62a7f324

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 24a8a365301768ddcf849160e1342d63b1feae4d5dacb1cb3d608c8cb6fa5994

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 590f45556412336488ff1db500b4e34104f30e7161e494992e4d0493a3d06dc6

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ca9497a9e2c19628ef30c1405a682b5eefab5a38821d35c563642e1e79a62a0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 137aa9734d8c02300502944ed1376d395a9f4ba97676e701ed32d07dbbf28be6

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a15b29fe61cdf379483582fe360b12868747042fa87bb40b0e9af42ccfd548ee

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b66a50616923e92b5b89fa4f2ca2f9a0281f5a27845885cf21dd397a0c1abb07

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3fe2e6bec88c9dfda8a8a396ef687309fb6663b5da176f5dce730e44763e298b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 main.js Show response
gothicmagic.biz/FSHDFYLGJJKLJj/shrpnt/js/ 2 KB
697 B 742ms
225ms Script
text/javascript 198.187.31.254
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://gothicmagic.biz/FSHDFYLGJJKLJj/shrpnt/js/main.js
Requested by: Host: pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev
URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.187.31.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server47-2.web-hosting.com
Software: LiteSpeed /
Resource Hash: 439ae564a6f312b794b18b13061b661f09aaa383dc6d3728f783e7a8ff2cb8f0

Request headers

Referer: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 14:13:33 GMT
content-encoding: br
last-modified: Tue, 13 Aug 2024 15:37:09 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/javascript
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 525

GET
H2 200 p-e26ac56f.js Show response
unpkg.com/ionicons@5.5.2/dist/ionicons/ 7 KB
5 KB 129ms
33ms Script
application/javascript 104.17.245.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/ionicons@5.5.2/dist/ionicons/p-e26ac56f.js

Requested by

Host: pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev
URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.245.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

411ebf3f42ff97b8fdcb02ef60f534e0fd011b86878ec33abf2509b4bfe58037

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://unpkg.com/ionicons@5.5.2/dist/ionicons/ionicons.esm.js
Origin: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 14:13:34 GMT
content-encoding: gzip
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 14320781
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HR5HKRMHZGCGQ6025ANZ3R14-fra
server: cloudflare
etag: "1d56-gDHdPSZYuc2h8Mf9Yj/8nfSlS9o"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8b4a43f83ebb0d61-MXP

GET
H2 200 p-5c60b45e.entry.js Show response
unpkg.com/ionicons@5.5.2/dist/ionicons/ 4 KB
2 KB 156ms
106ms Script
application/javascript 104.17.245.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/ionicons@5.5.2/dist/ionicons/p-5c60b45e.entry.js

Requested by

Host: unpkg.com
URL: https://unpkg.com/ionicons@5.5.2/dist/ionicons/p-e26ac56f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.245.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce00b2696a4a9c7d1326fd09623e8c8f4624c9abdf5424b2cf19b9de2f981f18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://unpkg.com/ionicons@5.5.2/dist/ionicons/p-e26ac56f.js
Origin: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 14:13:34 GMT
content-encoding: gzip
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 14310785
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HR5V4R5HW323XCDM0Z262YNG-fra
server: cloudflare
etag: "f0c-XGC0Xo+O3L3bEnfKma9bLpz3l0o"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8b4a43f9290f0d61-MXP

GET banner.png
gothicmagic.biz/FSHDFYLGJJKLJj/sharepoint/css/images/ 0
0

GET
H2 200 p-3f680f7e.js Show response
unpkg.com/ionicons@5.5.2/dist/ionicons/ 809 B
737 B 105ms
97ms Script
application/javascript 104.17.245.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/ionicons@5.5.2/dist/ionicons/p-3f680f7e.js

Requested by

Host: pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev
URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.245.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ebe32eb96d80df14656ed485b5c625752e142607e910255e2d19021008c976d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://unpkg.com/ionicons@5.5.2/dist/ionicons/p-5c60b45e.entry.js
Origin: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 14:13:34 GMT
content-encoding: gzip
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 14316595
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HR5NK95ECP5KEJP1WX3SHZ2M-fra
server: cloudflare
etag: "329-ka9laISJtweBFGezhbjKpn5aTrg"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8b4a43fa1b600d61-MXP

GET
H2 200 logo-microsoft.svg Show response
unpkg.com/ionicons@5.5.2/dist/ionicons/svg/ 257 B
370 B 63ms
57ms Fetch
image/svg+xml 104.17.245.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/ionicons@5.5.2/dist/ionicons/svg/logo-microsoft.svg

Requested by

Host: unpkg.com
URL: https://unpkg.com/ionicons@5.5.2/dist/ionicons/p-5c60b45e.entry.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.245.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff89741ee0f1269165230e52844db5d08b9922d0f42f22e2729ea83e4de75ac2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 14:13:34 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 199655
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01J5ACJEP3384XTGGA9W4JTVJP-fra
server: cloudflare
etag: "101-MQLjGYZ6/ahUOQBSwB7tWvHy9RQ"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8b4a43facc8d0d61-MXP

GET
H2 200 mail-unread-outline.svg Show response
unpkg.com/ionicons@5.5.2/dist/ionicons/svg/ 578 B
503 B 63ms
57ms Fetch
image/svg+xml 104.17.245.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/ionicons@5.5.2/dist/ionicons/svg/mail-unread-outline.svg

Requested by

Host: unpkg.com
URL: https://unpkg.com/ionicons@5.5.2/dist/ionicons/p-5c60b45e.entry.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.245.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

817ce252711b7a89ca9fed7b6fc18034ecd53b13b6d43c63b89cb9085bcfae27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 14:13:34 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 422127
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01J53RCYPX76H7XJA8W1H3ZJ06-fra
server: cloudflare
etag: "242-KXD899yLeqaEgSFN65P5kNkcLcg"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8b4a43facc920d61-MXP

GET logo-yahoo.svg
unpkg.com/ionicons@5.5.2/dist/ionicons/svg/ 0
0

GET
H2 200 logo-google.svg Show response
unpkg.com/ionicons@5.5.2/dist/ionicons/svg/ 608 B
703 B 62ms
57ms Fetch
image/svg+xml 104.17.245.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/ionicons@5.5.2/dist/ionicons/svg/logo-google.svg

Requested by

Host: unpkg.com
URL: https://unpkg.com/ionicons@5.5.2/dist/ionicons/p-5c60b45e.entry.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.245.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

30784209a7e96e1424933c81ddebfc535c377169a0f02a1941a4f36cc98d9a15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 17 Aug 2024 14:13:34 GMT
content-encoding: gzip
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 14309875
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HR5W0NYGJRZNEPTTBCSN9NQQ-fra
server: cloudflare
etag: "260-/pv+KquTP6tvq9GuhiKqg+HmiZY"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8b4a43facc9a0d61-MXP

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: gothicmagic.biz
URL: https://gothicmagic.biz/FSHDFYLGJJKLJj/sharepoint/css/images/banner.png

Domain: unpkg.com
URL: https://unpkg.com/ionicons@5.5.2/dist/ionicons/svg/logo-yahoo.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| url function| gmailClick object| Ionicons

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/	1970-01-20 22:53:10	Name: __cf_mw_byp Value: pBTWiyfqtoq5xMu40bFSfQXsqIyKAFIpvLyFcE99.P0-1723904007-0.0.1.1-/sharepnt.html

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)
rendering	warning	URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html(Line 6) Message: The key "with" is not recognized and ignored.
recommendation	verbose	URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
javascript	error	URL: https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev/sharepnt.html Message: Access to fetch at 'https://unpkg.com/ionicons@5.5.2/dist/ionicons/svg/logo-yahoo.svg' from origin 'https://pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://unpkg.com/ionicons@5.5.2/dist/ionicons/svg/logo-yahoo.svg Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gothicmagic.biz
pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev
unpkg.com
gothicmagic.biz
unpkg.com
104.17.245.203
104.18.2.35
198.187.31.254
0ca9497a9e2c19628ef30c1405a682b5eefab5a38821d35c563642e1e79a62a0
137aa9734d8c02300502944ed1376d395a9f4ba97676e701ed32d07dbbf28be6
20193736d900f0b602a678f804676349764578ab2adcd07ffebb6d06df1afd96
24a8a365301768ddcf849160e1342d63b1feae4d5dacb1cb3d608c8cb6fa5994
2ebe32eb96d80df14656ed485b5c625752e142607e910255e2d19021008c976d
30784209a7e96e1424933c81ddebfc535c377169a0f02a1941a4f36cc98d9a15
3d2d790da155fea22019d28e7c35562e67c73057e3e908edc44378ec24a58ed7
3fe2e6bec88c9dfda8a8a396ef687309fb6663b5da176f5dce730e44763e298b
411ebf3f42ff97b8fdcb02ef60f534e0fd011b86878ec33abf2509b4bfe58037
439ae564a6f312b794b18b13061b661f09aaa383dc6d3728f783e7a8ff2cb8f0
590f45556412336488ff1db500b4e34104f30e7161e494992e4d0493a3d06dc6
64fbc5854ea158fc46497376ca32d3dc5ba37213c8e061607ff00d04a26b7f25
817ce252711b7a89ca9fed7b6fc18034ecd53b13b6d43c63b89cb9085bcfae27
84da4e35fb8b78715775f49d1ae9cc064c38f62f7fcf6234b99d531e62a7f324
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66
a15b29fe61cdf379483582fe360b12868747042fa87bb40b0e9af42ccfd548ee
b66a50616923e92b5b89fa4f2ca2f9a0281f5a27845885cf21dd397a0c1abb07
b6c3de018ccd85459044a1a70b3f41f31dd37a964f5a7e58049e93308bd3bef8
b6ccf22161feefac19fae1d810409c9e711af3148f153bd5db731d9fe30562bf
ce00b2696a4a9c7d1326fd09623e8c8f4624c9abdf5424b2cf19b9de2f981f18
e426ca2fc6854eab520720854d38585dacd07022a0781ecb80dff83ca6d98e59
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
ff89741ee0f1269165230e52844db5d08b9922d0f42f22e2729ea83e4de75ac2

pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev Open in urlscan Pro 104.18.2.35 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

17 Requests

88 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

200 kBTransfer

327 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

9 Console Messages

Security Headers

pub-fbd73e17e99742e38ec2a2bca4efe2a6.r2.dev Open in urlscan Pro
104.18.2.35 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

88 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

200 kB
Transfer

327 kB
Size

1
Cookies

17 HTTP transactions
9 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!