barrettatile.com Open in urlscan Pro
67.195.197.76 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://tinyurl.com/gqa9fs3
Effective URL:
http://barrettatile.com/Update.html
Submission: On June 11 via api (June 11th 2018, 11:50:05 pm UTC) from CA

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 7 domains to perform 8 HTTP transactions. The main IP is 67.195.197.76, located in Sunnyvale, United States and belongs to YAHOO-3 - Yahoo!, US. The main domain is barrettatile.com.

This is the only time barrettatile.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.20.218.42 104.20.218.42	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	67.195.197.76 67.195.197.76	26101 (YAHOO-3) (YAHOO-3 - Yahoo!)
2 4	79.170.40.67 79.170.40.67	20738 (AS20738) (AS20738)
1	198.1.122.127 198.1.122.127	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer)
1	193.109.247.16 193.109.247.16	204343 (COMPUBYTE-AS) (COMPUBYTE-AS)
1	172.217.18.174 172.217.18.174	15169 (GOOGLE) (GOOGLE - Google LLC)
1	34.205.210.251 34.205.210.251	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
8	6

1 104.20.218.42 (San Francisco, United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

tinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.195.197.76 (Sunnyvale, United States)

ASN26101 (YAHOO-3 - Yahoo!, US)
PTR: p11ats-i.geo.vip.bf1.yahoo.com

barrettatile.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 79.170.40.67 (United Kingdom) 2 redirects

ASN20738 (AS20738, GB)
PTR: www.outitgoes.com

www.outitgoes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.1.122.127 (Provo, United States)

ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: the.theemailcompany.com

www.theemailguide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.109.247.16 (Moscow, Russian Federation)

ASN204343 (COMPUBYTE-AS, RU)
PTR: dev.ucoz.net

solliansillsltd.ucoz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.174 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s29-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.205.210.251 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-205-210-251.compute-1.amazonaws.com

np.lexity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	outitgoes.com 2 redirects www.outitgoes.com	18 KB
2	barrettatile.com barrettatile.com	14 KB
1	lexity.com np.lexity.com	4 KB
1	google-analytics.com www.google-analytics.com	17 KB
1	ucoz.com solliansillsltd.ucoz.com	466 B
1	theemailguide.com www.theemailguide.com	31 KB
1	tinyurl.com 1 redirects tinyurl.com	569 B
8	7

	Domain	Requested by
4	www.outitgoes.com	2 redirects barrettatile.com
2	barrettatile.com	barrettatile.com
1	np.lexity.com	barrettatile.com
1	www.google-analytics.com	barrettatile.com
1	solliansillsltd.ucoz.com	barrettatile.com
1	www.theemailguide.com	barrettatile.com
1	tinyurl.com	1 redirects
8	7

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://barrettatile.com/Update.html
Frame ID: 28E944153560904212305980B63DBF89
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://tinyurl.com/gqa9fs3 HTTP 301
http://barrettatile.com/Update.html Page URL

Detected technologies

Apache Traffic Server (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /ATS\/?([\d.]+)?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

83 kB
Transfer

115 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://tinyurl.com/gqa9fs3 HTTP 301
http://barrettatile.com/Update.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.outitgoes.com/default.css HTTP 301
https://www.outitgoes.com/default.css

Request Chain 4

http://www.outitgoes.com/login_panel_gradient.jpg HTTP 301
https://www.outitgoes.com/login_panel_gradient.jpg

Request Chain 5

http://www.google-analytics.com/ga.js HTTP 307
https://www.google-analytics.com/ga.js

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set Update.html Show response
barrettatile.com/
Redirect Chain

http://tinyurl.com/gqa9fs3
http://barrettatile.com/Update.html

4 KB
5 KB

372ms
110ms

Document
text/html

67.195.197.76
Yahoo!

General

Check archive.org

Show headers Download Go to

Full URL: http://barrettatile.com/Update.html
Protocol: HTTP/1.1
Server: 67.195.197.76 Sunnyvale, United States, ASN26101 (YAHOO-3 - Yahoo!, US),
Reverse DNS: p11ats-i.geo.vip.bf1.yahoo.com
Software: ATS/7.1.0 /
Resource Hash: f42978535eee05984bb49f270e32cdf76a4f5a24d5f6d4c37618b62b8d644b7a

Request headers

Host: barrettatile.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 28E944153560904212305980B63DBF89

Response headers

Date: Mon, 11 Jun 2018 23:49:53 GMT
Set-Cookie: BX=fa9rabddhu2l1&b=3&s=7e; expires=Thu, 11-Jun-2020 23:49:53 GMT; path=/; domain=.barrettatile.com
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Host: p11w58.geo.bf1.yahoo.com
X-INKT-URI: http://www.barrettatile.com//Update.html
X-INKT-SITE: http://www.barrettatile.com
Last-Modified: Wed, 17 Aug 2016 09:44:35 GMT
Accept-Ranges: bytes
Content-Length: 4000
Content-Type: text/html
Age: 0
Connection: keep-alive
Server: ATS/7.1.0

Redirect headers

Date: Mon, 11 Jun 2018 23:49:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dbc7a63a957a2d911f1eb97981525efc51528760992; expires=Tue, 11-Jun-19 23:49:52 GMT; path=/; domain=.tinyurl.com; HttpOnly tinyUUID=b1f0aa4a902094fb2dfe0000; expires=Tue, 11-Jun-2019 23:49:51 GMT; Max-Age=31536000; path=/; domain=.tinyurl.com
Location: http://barrettatile.com/Update.html
X-tiny: cache 0.0089809894561768
Server: cloudflare
CF-RAY: 4297fa0da78b6511-FRA

GET
H/1.1

200
OK

default.css
www.outitgoes.com/
Redirect Chain

http://www.outitgoes.com/default.css
https://www.outitgoes.com/default.css

5 KB
5 KB

112ms
26ms

Stylesheet
text/css

79.170.40.67
AS20738

General

Check archive.org

Show headers Download Go to

Full URL: https://www.outitgoes.com/default.css
Requested by: Host: barrettatile.com
URL: http://barrettatile.com/Update.html
Protocol: HTTP/1.1
Server: 79.170.40.67 , United Kingdom, ASN20738 (AS20738, GB),
Reverse DNS: www.outitgoes.com
Software: Apache/2.2.34 (Red Hat) /
Resource Hash: 9995407957e06b460ebdef847f2966698845231a2887aadc3ac1706193464002

Request headers

Referer: http://barrettatile.com/Update.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 11 Jun 2018 23:49:53 GMT
Last-Modified: Wed, 29 Oct 2008 11:04:00 GMT
Server: Apache/2.2.34 (Red Hat)
Accept-Ranges: bytes
ETag: "600552-122a-45a62523f0800"
Content-Length: 4650
Content-Type: text/css

Redirect headers

Location: https://www.outitgoes.com/default.css
Content-length: 0

GET
H/1.1 200
OK update.jpg
barrettatile.com/index/ 9 KB
9 KB 127ms
126ms Image
text/html 67.195.197.76
Yahoo!

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://barrettatile.com/index/update.jpg
Requested by: Host: barrettatile.com
URL: http://barrettatile.com/Update.html
Protocol: HTTP/1.1
Server: 67.195.197.76 Sunnyvale, United States, ASN26101 (YAHOO-3 - Yahoo!, US),
Reverse DNS: p11ats-i.geo.vip.bf1.yahoo.com
Software: ATS/7.1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: barrettatile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://barrettatile.com/Update.html
Cookie: BX=fa9rabddhu2l1&b=3&s=7e
Connection: keep-alive
Cache-Control: no-cache
Referer: http://barrettatile.com/Update.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Jun 2018 23:49:53 GMT
Last-Modified: Mon, 11 Jun 2018 23:49:53 GMT
Server: ATS/7.1.0
Age: 0
Transfer-Encoding: chunked
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-INKT-SITE: http://www.barrettatile.com
X-Host: p11w63.geo.bf1.yahoo.com
Connection: keep-alive
X-INKT-URI: http://www.barrettatile.com//index.html
Content-Type: text/html
Expires: Sun, 10 Jun 2018 23:49:53 GMT

GET
H/1.1 200
OK ninja-hp-logo.jpg
www.theemailguide.com/images/ 30 KB
31 KB 775ms
204ms Image
image/jpeg 198.1.122.127
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.theemailguide.com/images/ninja-hp-logo.jpg
Requested by: Host: barrettatile.com
URL: http://barrettatile.com/Update.html
Protocol: HTTP/1.1
Server: 198.1.122.127 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: the.theemailcompany.com
Software: Apache/2.4.12 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 /
Resource Hash: 2e5f1dbb453433cfec00df81d0afb2e99ced0b8ebdae347c47dd1ef7ab85ec86

Request headers

Referer: http://barrettatile.com/Update.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 11 Jun 2018 23:49:54 GMT
Last-Modified: Thu, 24 May 2012 18:56:45 GMT
Server: Apache/2.4.12 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
ETag: "787e-4c0ccd0283540"
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 30846
Expires: Wed, 11 Jul 2018 23:49:54 GMT

GET
H/1.1 200
OK / Show response
solliansillsltd.ucoz.com/media/ 321 B
466 B 159ms
50ms Script
text/javascript 193.109.247.16
COMPUBYTE-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://solliansillsltd.ucoz.com/media/?t=video;w=1052;h=64;f=http%3A%2F%2Fsolliansillsltd.ucoz.com%2Ffuta.swf
Requested by: Host: barrettatile.com
URL: http://barrettatile.com/Update.html
Protocol: HTTP/1.1
Server: 193.109.247.16 Moscow, Russian Federation, ASN204343 (COMPUBYTE-AS, RU),
Reverse DNS: dev.ucoz.net
Software: uServ/3.2.2 /
Resource Hash: 8639b6cc2ba37f537257199feb206305577c253974ae2f347ada2c16ba0245c5

Request headers

Referer: http://barrettatile.com/Update.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 11 Jun 2018 23:49:53 GMT
Content-Encoding: gzip
Server: uServ/3.2.2
Transfer-Encoding: chunked
Content-Type: text/javascript; charset=UTF-8
Cache-Control: private
Connection: keep-alive
Keep-Alive: timeout=15

GET
H/1.1

200
OK

login_panel_gradient.jpg
www.outitgoes.com/
Redirect Chain

http://www.outitgoes.com/login_panel_gradient.jpg
https://www.outitgoes.com/login_panel_gradient.jpg

12 KB
13 KB

27ms
27ms

Image
image/jpeg

79.170.40.67
AS20738

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.outitgoes.com/login_panel_gradient.jpg
Requested by: Host: barrettatile.com
URL: http://barrettatile.com/Update.html
Protocol: HTTP/1.1
Server: 79.170.40.67 , United Kingdom, ASN20738 (AS20738, GB),
Reverse DNS: www.outitgoes.com
Software: Apache/2.2.34 (Red Hat) /
Resource Hash: f3297b1306f3704663aff9483c7e6e983a27eaf9f0567d58995128a11b75f2c3

Request headers

Referer: http://barrettatile.com/Update.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 11 Jun 2018 23:49:53 GMT
Last-Modified: Wed, 29 Oct 2008 11:04:00 GMT
Server: Apache/2.2.34 (Red Hat)
Accept-Ranges: bytes
ETag: "60055c-31ba-45a62523f0800"
Content-Length: 12730
Content-Type: image/jpeg

Redirect headers

Location: https://www.outitgoes.com/login_panel_gradient.jpg
Content-length: 0

GET
S

200

ga.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

45 KB
17 KB

6ms
6ms

Script
text/javascript

172.217.18.174
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: barrettatile.com
URL: http://barrettatile.com/Update.html

Protocol

SPDY

Server

172.217.18.174 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s29-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://barrettatile.com/Update.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 18 May 2018 01:10:24 GMT
server: Golfe2
age: 2193
date: Mon, 11 Jun 2018 23:13:20 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 17168
expires: Tue, 12 Jun 2018 01:13:20 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK ec76bfd923084f23361effad11d7ee9a Show response
np.lexity.com/embed/YW/ 9 KB
4 KB 222ms
108ms Script
text/plain 34.205.210.251
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://np.lexity.com/embed/YW/ec76bfd923084f23361effad11d7ee9a?id=1dc15786b6e6
Requested by: Host: barrettatile.com
URL: http://barrettatile.com/Update.html
Protocol: HTTP/1.1
Server: 34.205.210.251 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-205-210-251.compute-1.amazonaws.com
Software: /
Resource Hash: 57f9782b98e6863b7576325f4a3e52c751903cbb3a070c525dd110a6d59b3afb

Request headers

Referer: http://barrettatile.com/Update.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 11 Jun 2018 23:49:54 GMT
content-encoding: gzip
Connection: keep-alive
transfer-encoding: chunked

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| check object| _gaq object| _gat object| nlgpzxks

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.barrettatile.com/	1970-01-19 10:11:59	Name: BX Value: fa9rabddhu2l1&b=3&s=7e

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

barrettatile.com
np.lexity.com
solliansillsltd.ucoz.com
tinyurl.com
www.google-analytics.com
www.outitgoes.com
www.theemailguide.com
104.20.218.42
172.217.18.174
193.109.247.16
198.1.122.127
34.205.210.251
67.195.197.76
79.170.40.67
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
2e5f1dbb453433cfec00df81d0afb2e99ced0b8ebdae347c47dd1ef7ab85ec86
57f9782b98e6863b7576325f4a3e52c751903cbb3a070c525dd110a6d59b3afb
8639b6cc2ba37f537257199feb206305577c253974ae2f347ada2c16ba0245c5
9995407957e06b460ebdef847f2966698845231a2887aadc3ac1706193464002
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f3297b1306f3704663aff9483c7e6e983a27eaf9f0567d58995128a11b75f2c3
f42978535eee05984bb49f270e32cdf76a4f5a24d5f6d4c37618b62b8d644b7a

barrettatile.com Open in urlscan Pro 67.195.197.76 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

0 %HTTPS

0 %IPv6

7 Domains

7 Subdomains

6 IPs

3 Countries

83 kBTransfer

115 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

barrettatile.com Open in urlscan Pro
67.195.197.76 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

0 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

83 kB
Transfer

115 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!