dev.dmitrysorokin.ru Open in urlscan Pro
46.254.20.159 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html
Submission: On February 11 via automatic, source openphish (February 11th 2022, 1:29:20 am UTC) — Scanned from DE

Summary HTTP 10 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 46.254.20.159, located in Russian Federation and belongs to EUROBYTE Eurobyte LLC, RU. The main domain is dev.dmitrysorokin.ru.

This is the only time dev.dmitrysorokin.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
7	46.254.20.159 46.254.20.159	210079 (EUROBYTE ...) (EUROBYTE Eurobyte LLC)
1	2a02:26f0:6c0... 2a02:26f0:6c00:283::34ef	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:6c0... 2a02:26f0:6c00:29f::34ef	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
10	3

7 46.254.20.159 (Russian Federation)

ASN210079 (EUROBYTE Eurobyte LLC, RU)
PTR: hosted-by.ihc.ru

dev.dmitrysorokin.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:283::34ef (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

msagfx.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:29f::34ef (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

auth.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	dmitrysorokin.ru dev.dmitrysorokin.ru	545 KB
2	gfx.ms auth.gfx.ms — Cisco Umbrella Rank: 48785	418 B
1	live.com msagfx.live.com — Cisco Umbrella Rank: 647710
10	3

	Domain	Requested by
7	dev.dmitrysorokin.ru	dev.dmitrysorokin.ru
2	auth.gfx.ms	dev.dmitrysorokin.ru
1	msagfx.live.com	dev.dmitrysorokin.ru
10	3

This site contains links to these domains. Also see Links.

Domain
account.live.com
login.live.com

Subject Issuer	Validity	Valid
msagfx.live.com Microsoft RSA TLS CA 01	`2021-10-28` - `2022-10-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html
Frame ID: 9A443BEFCDF10F5D95C115037ED4996E
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your Microsoft account

Page Statistics

10
Requests

30 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

545 kB
Transfer

564 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/login.srf%3fcontextid%3d796F05AD372B6B25%26bk%3d1527904891&id=38936&uiflavor=web&cobrandid=140703588335528&uaid=d9c1b58bf69145d98c0dddf2c55abe77&mkt=EN-US&lc=1033&bk=1527904891
Title: Forgot my password

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=EN-US&vv=1600
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&vv=1600
Title: Privacy & cookies

Search URL Search Domain Scan URL

URL: https://login.live.com/pp1600/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.html Show response dev.dmitrysorokin.ru/microsoft/microsoft/	33 KB 12 KB	182ms 64ms	Document text/html	46.254.20.159 EUROBYTE Eurobyte...
General Check archive.org Show headers Download Go to Full URL http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html Protocol HTTP/1.1 Server 46.254.20.159 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, RU), Reverse DNS hosted-by.ihc.ru Software nginx / Resource Hash `bbc9fa649436756546da76ebdc8715fb0764db7c8fbf2c29badf9a9c62d64a75` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Server nginx Date Fri, 11 Feb 2022 01:29:14 GMT Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive Last-Modified Thu, 10 Feb 2022 20:28:52 GMT ETag W/"62057584-850f" Content-Encoding gzip
GET H/1.1	200 OK	Converged_v21033.css dev.dmitrysorokin.ru/microsoft/microsoft/	92 KB 92 KB	62ms 61ms	Stylesheet text/css	46.254.20.159 EUROBYTE Eurobyte...
General Check archive.org Show headers Download Go to Full URL http://dev.dmitrysorokin.ru/microsoft/microsoft/Converged_v21033.css Requested by Host: dev.dmitrysorokin.ru URL: http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html Protocol HTTP/1.1 Server 46.254.20.159 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, RU), Reverse DNS hosted-by.ihc.ru Software nginx / Resource Hash `4e9e7c1c2df9e91cf271a7afe529360d199cdff23a721473062ee1ebabd6821f` Request headers Accept-Language de-DE,de;q=0.9 Referer http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Fri, 11 Feb 2022 01:29:14 GMT Last-Modified Thu, 10 Feb 2022 20:28:52 GMT Server nginx ETag "62057584-16e63" Content-Type text/css Cache-Control max-age=2592000, public Connection keep-alive Accept-Ranges bytes Content-Length 93795 Expires Sun, 13 Mar 2022 01:29:14 GMT
GET H/1.1	200 OK	ConvergedLoginPaginatedStrings.EN.js Show response dev.dmitrysorokin.ru/microsoft/microsoft/	16 KB 16 KB	132ms 68ms	Script application/javascript	46.254.20.159 EUROBYTE Eurobyte...
General Check archive.org Show headers Download Go to Full URL http://dev.dmitrysorokin.ru/microsoft/microsoft/ConvergedLoginPaginatedStrings.EN.js Requested by Host: dev.dmitrysorokin.ru URL: http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html Protocol HTTP/1.1 Server 46.254.20.159 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, RU), Reverse DNS hosted-by.ihc.ru Software nginx / Resource Hash `9ed7ca26da41a6314db0efd4c26badf3346991b6b7cdf9eec315fa6730ee688a` Request headers Accept-Language de-DE,de;q=0.9 Referer http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Fri, 11 Feb 2022 01:29:14 GMT Last-Modified Thu, 10 Feb 2022 20:28:52 GMT Server nginx ETag "62057584-4014" Content-Type application/javascript; charset=utf-8 Cache-Control max-age=2592000, public Connection keep-alive Accept-Ranges bytes Content-Length 16404 Expires Sun, 13 Mar 2022 01:29:14 GMT
GET H/1.1	200 OK	ConvergedLogin_PCore.js Show response dev.dmitrysorokin.ru/microsoft/microsoft/	418 KB 419 KB	131ms 67ms	Script application/javascript	46.254.20.159 EUROBYTE Eurobyte...
General Check archive.org Show headers Download Go to Full URL http://dev.dmitrysorokin.ru/microsoft/microsoft/ConvergedLogin_PCore.js Requested by Host: dev.dmitrysorokin.ru URL: http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html Protocol HTTP/1.1 Server 46.254.20.159 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, RU), Reverse DNS hosted-by.ihc.ru Software nginx / Resource Hash `db255a3725ebe9511b9f4bc95d906b8ea2d1bc8d37ed799efa8cadb5ca6b6206` Request headers Accept-Language de-DE,de;q=0.9 Referer http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Fri, 11 Feb 2022 01:29:14 GMT Last-Modified Thu, 10 Feb 2022 20:28:52 GMT Server nginx ETag "62057584-688ac" Content-Type application/javascript; charset=utf-8 Cache-Control max-age=2592000, public Connection keep-alive Accept-Ranges bytes Content-Length 428204 Expires Sun, 13 Mar 2022 01:29:14 GMT
GET H/1.1	200 OK	microsoft_logo.svg dev.dmitrysorokin.ru/microsoft/microsoft/	4 KB 4 KB	68ms 68ms	Image image/svg+xml	46.254.20.159 EUROBYTE Eurobyte...
General Check archive.org Show headers Download Go to Show image Full URL http://dev.dmitrysorokin.ru/microsoft/microsoft/microsoft_logo.svg Requested by Host: dev.dmitrysorokin.ru URL: http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html Protocol HTTP/1.1 Server 46.254.20.159 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, RU), Reverse DNS hosted-by.ihc.ru Software nginx / Resource Hash `04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a` Request headers Accept-Language de-DE,de;q=0.9 Referer http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Fri, 11 Feb 2022 01:29:15 GMT Last-Modified Thu, 10 Feb 2022 20:28:52 GMT Server nginx ETag "62057584-e43" Content-Type image/svg+xml Cache-Control max-age=2592000, public Connection keep-alive Accept-Ranges bytes Content-Length 3651 Expires Sun, 13 Mar 2022 01:29:15 GMT
GET H/1.1	200 OK	ellipsis_white.svg dev.dmitrysorokin.ru/microsoft/microsoft/	915 B 1 KB	67ms 67ms	Image image/svg+xml	46.254.20.159 EUROBYTE Eurobyte...
General Check archive.org Show headers Download Go to Show image Full URL http://dev.dmitrysorokin.ru/microsoft/microsoft/ellipsis_white.svg Requested by Host: dev.dmitrysorokin.ru URL: http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html Protocol HTTP/1.1 Server 46.254.20.159 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, RU), Reverse DNS hosted-by.ihc.ru Software nginx / Resource Hash `6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea` Request headers Accept-Language de-DE,de;q=0.9 Referer http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Fri, 11 Feb 2022 01:29:15 GMT Last-Modified Thu, 10 Feb 2022 20:28:52 GMT Server nginx ETag "62057584-393" Content-Type image/svg+xml Cache-Control max-age=2592000, public Connection keep-alive Accept-Ranges bytes Content-Length 915 Expires Sun, 13 Mar 2022 01:29:15 GMT
GET H/1.1	200 OK	ellipsis_grey.svg dev.dmitrysorokin.ru/microsoft/microsoft/	915 B 1 KB	70ms 68ms	Image image/svg+xml	46.254.20.159 EUROBYTE Eurobyte...
General Check archive.org Show headers Download Go to Show image Full URL http://dev.dmitrysorokin.ru/microsoft/microsoft/ellipsis_grey.svg Requested by Host: dev.dmitrysorokin.ru URL: http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html Protocol HTTP/1.1 Server 46.254.20.159 , Russian Federation, ASN210079 (EUROBYTE Eurobyte LLC, RU), Reverse DNS hosted-by.ihc.ru Software nginx / Resource Hash `16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6` Request headers Accept-Language de-DE,de;q=0.9 Referer http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Date Fri, 11 Feb 2022 01:29:15 GMT Last-Modified Thu, 10 Feb 2022 20:28:52 GMT Server nginx ETag "62057584-393" Content-Type image/svg+xml Cache-Control max-age=2592000, public Connection keep-alive Accept-Ranges bytes Content-Length 915 Expires Sun, 13 Mar 2022 01:29:15 GMT
GET H/1.1	404 Not Found	ConvergedLogin_PCore.js msagfx.live.com/16.000.27773.2/	0 0	1209ms 782ms	Script text/plain	2a02:26f0:6c00:283::34ef AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://msagfx.live.com/16.000.27773.2/ConvergedLogin_PCore.js Requested by Host: dev.dmitrysorokin.ru URL: http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:283::34ef Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash Request headers Referer http://dev.dmitrysorokin.ru/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers Access-Control-Allow-Origin * Date Fri, 11 Feb 2022 01:29:16 GMT PPServer PPV: 30 H: BY1PEPF0000008D V: 0 Connection keep-alive Content-Length 0 Server Microsoft-IIS/10.0
GET H/1.1	404 Not Found	0-small.jpg auth.gfx.ms/16.000.27773.2/images/Backgrounds/	0 209 B	432ms 213ms	Image text/plain	2a02:26f0:6c00:29f::34ef AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d Requested by Host: dev.dmitrysorokin.ru URL: http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:29f::34ef Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer http://dev.dmitrysorokin.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Fri, 11 Feb 2022 01:29:16 GMT PPServer PPV: 30 H: BY1PEPF0000008D V: 0 Connection keep-alive Content-Length 0 Server Microsoft-IIS/10.0
GET H/1.1	404 Not Found	0.jpg auth.gfx.ms/16.000.27773.2/images/Backgrounds/	0 209 B	924ms 702ms	Image text/plain	2a02:26f0:6c00:29f::34ef AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0 Requested by Host: dev.dmitrysorokin.ru URL: http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00:29f::34ef Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer http://dev.dmitrysorokin.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Fri, 11 Feb 2022 01:29:17 GMT PPServer PPV: 30 H: BY1PEPF0000008C V: 0 Connection keep-alive Content-Length 0 Server Microsoft-IIS/10.0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://msagfx.live.com/16.000.27773.2/ConvergedLogin_PCore.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://dev.dmitrysorokin.ru/microsoft/microsoft/login.html(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://msagfx.live.com/16.000.27773.2/ConvergedLogin_PCore.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://msagfx.live.com/16.000.27773.2/ConvergedLogin_PCore.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://auth.gfx.ms/16.000.27773.2/images/Backgrounds/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.gfx.ms
dev.dmitrysorokin.ru
msagfx.live.com
2a02:26f0:6c00:283::34ef
2a02:26f0:6c00:29f::34ef
46.254.20.159
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
4e9e7c1c2df9e91cf271a7afe529360d199cdff23a721473062ee1ebabd6821f
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
9ed7ca26da41a6314db0efd4c26badf3346991b6b7cdf9eec315fa6730ee688a
bbc9fa649436756546da76ebdc8715fb0764db7c8fbf2c29badf9a9c62d64a75
db255a3725ebe9511b9f4bc95d906b8ea2d1bc8d37ed799efa8cadb5ca6b6206
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

dev.dmitrysorokin.ru Open in urlscan Pro 46.254.20.159 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

10 Requests

30 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

545 kBTransfer

564 kBSize

0 Cookies

4 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

dev.dmitrysorokin.ru Open in urlscan Pro
46.254.20.159 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

30 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

545 kB
Transfer

564 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!