deck-list.com Open in urlscan Pro
185.86.210.191 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.pstmrk.it/2/email.schoolcloudsystems.co.uk%2Ft%3Fentity_type%3D2%26entity_id%3D34691%26email_pref_id%3D553...
Effective URL:
https://deck-list.com/MzLAQ/18544deafe599e4/
Submission: On November 10 via manual (November 10th 2021, 11:20:24 pm UTC) from US — Scanned from IT

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 13 HTTP transactions. The main IP is 185.86.210.191, located in Spain and belongs to COMVIVE-AS Seville - Spain, ES. The main domain is deck-list.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 21st 2021. Valid for: 3 months.

This is the only time deck-list.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.194.108.46 54.194.108.46	16509 (AMAZON-02) (AMAZON-02)
1	13.224.194.172 13.224.194.172	16509 (AMAZON-02) (AMAZON-02)
1	13.225.84.124 13.225.84.124	16509 (AMAZON-02) (AMAZON-02)
1	52.50.30.100 52.50.30.100	16509 (AMAZON-02) (AMAZON-02)
1 10	185.86.210.191 185.86.210.191	39020 (COMVIVE-A...) (COMVIVE-AS Seville - Spain)
13	5

1 54.194.108.46 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-108-46.eu-west-1.compute.amazonaws.com

click.pstmrk.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.194.172 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-172.fra2.r.cloudfront.net

email.schoolcloudsystems.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.84.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-84-124.fra2.r.cloudfront.net

d2bcmzumnful8.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.50.30.100 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-30-100.eu-west-1.compute.amazonaws.com

px.pepo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.86.210.191 (Spain) 1 redirects

ASN39020 (COMVIVE-AS Seville - Spain, ES)

deck-list.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	deck-list.com 1 redirects deck-list.com	77 KB
1	pepo.com px.pepo.com	262 B
1	cloudfront.net d2bcmzumnful8.cloudfront.net	15 KB
1	schoolcloudsystems.co.uk email.schoolcloudsystems.co.uk	3 KB
1	pstmrk.it 1 redirects click.pstmrk.it	194 B
13	5

	Domain	Requested by
10	deck-list.com	1 redirects email.schoolcloudsystems.co.uk deck-list.com
1	px.pepo.com
1	d2bcmzumnful8.cloudfront.net	email.schoolcloudsystems.co.uk
1	email.schoolcloudsystems.co.uk
1	click.pstmrk.it	1 redirects
13	5

This site contains no links.

Subject Issuer	Validity	Valid
deck-list.com cPanel, Inc. Certification Authority	`2021-09-21` - `2021-12-20`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://deck-list.com/MzLAQ/18544deafe599e4/
Frame ID: 5A0E46A33C504804A50E043C81794001
Requests: 12 HTTP requests in this frame

Frame: https://deck-list.com/MzLAQ/assets/prefetch.html
Frame ID: AB21CF8635723D0DE029714F571C8065
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to your account

Page URL History Show full URLs

https://click.pstmrk.it/2/email.schoolcloudsystems.co.uk%2Ft%3Fentity_type%3D2%26entity_id%3D34691%2... HTTP 302
http://email.schoolcloudsystems.co.uk/t?entity_type=2&entity_id=34691&email_pref_id=55363566&sent_id=1608273193&se... Page URL
https://deck-list.com/MzLAQ/ HTTP 302
https://deck-list.com/MzLAQ/18544deafe599e4/ Page URL

Page Statistics

13
Requests

69 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

95 kB
Transfer

273 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.pstmrk.it/2/email.schoolcloudsystems.co.uk%2Ft%3Fentity_type%3D2%26entity_id%3D34691%26email_pref_id%3D55363566%26sent_id%3D1608273193%26service_id%3D22014%26redirect_url%3Dhttps%3A%2F%2Fdeck-list.com%2FMzLAQ%2F/1Fz3qCYN/0J9S/KBj3zKQiiJ HTTP 302
http://email.schoolcloudsystems.co.uk/t?entity_type=2&entity_id=34691&email_pref_id=55363566&sent_id=1608273193&service_id=22014&redirect_url=https://deck-list.com/MzLAQ/ Page URL
https://deck-list.com/MzLAQ/ HTTP 302
https://deck-list.com/MzLAQ/18544deafe599e4/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://click.pstmrk.it/2/email.schoolcloudsystems.co.uk%2Ft%3Fentity_type%3D2%26entity_id%3D34691%26email_pref_id%3D55363566%26sent_id%3D1608273193%26service_id%3D22014%26redirect_url%3Dhttps%3A%2F%2Fdeck-list.com%2FMzLAQ%2F/1Fz3qCYN/0J9S/KBj3zKQiiJ HTTP 302
http://email.schoolcloudsystems.co.uk/t?entity_type=2&entity_id=34691&email_pref_id=55363566&sent_id=1608273193&service_id=22014&redirect_url=https://deck-list.com/MzLAQ/

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

t Show response
email.schoolcloudsystems.co.uk/
Redirect Chain

https://click.pstmrk.it/2/email.schoolcloudsystems.co.uk%2Ft%3Fentity_type%3D2%26entity_id%3D34691%26email_pref_id%3D55363566%26sent_id%3D1608273193%26service_id%3D22014%26redirect_url%3Dhttps%3A%2...
http://email.schoolcloudsystems.co.uk/t?entity_type=2&entity_id=34691&email_pref_id=55363566&sent_id=1608273193&service_id=22014&redirect_url=https://deck-list.com/MzLAQ/

16 KB
3 KB

100ms
42ms

Document
text/html

13.224.194.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://email.schoolcloudsystems.co.uk/t?entity_type=2&entity_id=34691&email_pref_id=55363566&sent_id=1608273193&service_id=22014&redirect_url=https://deck-list.com/MzLAQ/
Protocol: HTTP/1.1
Server: 13.224.194.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-172.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 522c315d2963de73d0bbf1ab5431bd77c2a5aaf6ec207124cad3f760da26bf10

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: it-IT,it;q=0.9

Response headers

Content-Type: text/html
Content-Length: 2538
Connection: keep-alive
Date: Thu, 28 Oct 2021 05:56:38 GMT
Last-Modified: Thu, 28 Oct 2021 05:46:43 GMT
ETag: "0c98124e59a8a2de7d478ffd232d9d7c"
x-amz-meta-s3cmd-attrs: md5:0c98124e59a8a2de7d478ffd232d9d7c
Cache-Control: public, max-age=2592000
Content-Encoding: gzip
Expires: Thu, 11 Nov 2021 06:46:42 GMT
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 8002c303d4f2295f77566a349deba122.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C1
X-Amz-Cf-Id: MLxSzF1zn38oZf6nVSbd7RGEeGZ2f65bCVjUXntQadyfbg1FL0ZY2Q==
Age: 1185822

Redirect headers

server: awselb/2.0
date: Wed, 10 Nov 2021 23:20:19 GMT
content-type: application/octet-stream
content-length: 0
location: http://email.schoolcloudsystems.co.uk/t?entity_type=2&entity_id=34691&email_pref_id=55363566&sent_id=1608273193&service_id=22014&redirect_url=https://deck-list.com/MzLAQ/

GET
H/1.1 200
OK tracker.js Show response
d2bcmzumnful8.cloudfront.net/ 47 KB
15 KB 79ms
41ms Script
application/x-javascript 13.225.84.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://d2bcmzumnful8.cloudfront.net/tracker.js
Requested by: Host: email.schoolcloudsystems.co.uk
URL: http://email.schoolcloudsystems.co.uk/t?entity_type=2&entity_id=34691&email_pref_id=55363566&sent_id=1608273193&service_id=22014&redirect_url=https://deck-list.com/MzLAQ/
Protocol: HTTP/1.1
Server: 13.225.84.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-84-124.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3f546c7b6aaa8cadc2bcf52cac8d16c2b2646ceb5ed32620d8ccc9cf07693d8e

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: http://email.schoolcloudsystems.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Wed, 10 Nov 2021 23:20:19 GMT
Content-Encoding: gzip
X-Amz-Cf-Pop: FRA2-C2
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14822
Last-Modified: Tue, 10 Nov 2020 09:42:22 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:1001/gname:pepodevs/uname:pepodevs/gid:1002/mode:33204/mtime:1605000366/atime:1605001260/md5:5a7f13ccf37a80563da23747bcb89774/ctime:1605001260
ETag: "5a7f13ccf37a80563da23747bcb89774"
Content-Type: application/x-javascript
Via: 1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
Cache-Control: public, max-age=7200
Accept-Ranges: bytes
X-Amz-Cf-Id: MSZJ5Re6xHDJEOfTDqtF1EJpaqQwJcb0BN5iwpJhvPsCSylvIae74g==
Expires: Tue, 10 Nov 2020 11:42:20 GMT

GET
H/1.1 200
OK p1003_pixel.png
px.pepo.com/ 43 B
262 B 111ms
84ms Image
image/gif 52.50.30.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://px.pepo.com/p1003_pixel.png?ee=page&ea=view&ugid=0&pt=email_click_tracking&pn=55363566&v=1.0&serid=22014&dl=en-US&tz=0&rurl=&bw=1600&bh=1200&ce=1&dw=1600&dh=1200&dr=1600X1200&ir=0&tid=6fded1a07bc6c854721362a765819be7&sesid=6fded1a07bc6c854721362a765819be71636586420225&ts=1636586420225&entity_type=2&entity_id=34691&email_pref_id=55363566&sent_id=1608273193&service_id=22014&redirect_url=https%3A%2F%2Fdeck-list.com%2FMzLAQ%2F
Protocol: HTTP/1.1
Server: 52.50.30.100 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-30-100.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: http://email.schoolcloudsystems.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Wed, 10 Nov 2021 23:20:20 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

200
OK

Primary Request / Show response
deck-list.com/MzLAQ/18544deafe599e4/
Redirect Chain

https://deck-list.com/MzLAQ/
https://deck-list.com/MzLAQ/18544deafe599e4/

203 KB
52 KB

2491ms
2491ms

Document
text/html

185.86.210.191
Spain

General

Check archive.org

Show headers Download Go to

Full URL

https://deck-list.com/MzLAQ/18544deafe599e4/

Requested by

Host: email.schoolcloudsystems.co.uk
URL: http://email.schoolcloudsystems.co.uk/t?entity_type=2&entity_id=34691&email_pref_id=55363566&sent_id=1608273193&service_id=22014&redirect_url=https://deck-list.com/MzLAQ/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

185.86.210.191 , Spain, ASN39020 (COMVIVE-AS Seville - Spain, ES),

Reverse DNS

Software

Apache / PHP/5.4.45

Resource Hash

f68d1762e067c25b07eceed2203661ea4998bd3867ab50e0be054a1ce12633df

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: http://email.schoolcloudsystems.co.uk/

Response headers

Date: Wed, 10 Nov 2021 23:20:26 GMT
Server: Apache
X-Powered-By: PHP/5.4.45
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-Content-Type: nosniff
X_FORWARDED_FOR: 104.16.77.187
REMOTE_ADDR: 104.16.77.187
Connection: keep-alive, Keep-Alive
Host: www.fbi.gov
Origin: https://www.fbi.gov
Referer: https://www.fbi.gov
X-Forwarded-Host: www.fbi.gov
X-Forwarded-Proto: https
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=99
Transfer-Encoding: chunked
Content-Type: text/html

Redirect headers

Date: Wed, 10 Nov 2021 23:20:25 GMT
Server: Apache
X-Powered-By: PHP/5.4.45
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
location: 18544deafe599e4/
Vary: User-Agent
X-Content-Type: nosniff
X_FORWARDED_FOR: 104.16.77.187
REMOTE_ADDR: 104.16.77.187
Connection: keep-alive, Keep-Alive
Host: www.fbi.gov
Origin: https://www.fbi.gov
Referer: https://www.fbi.gov
X-Forwarded-Host: www.fbi.gov
X-Forwarded-Proto: https
X-XSS-Protection: 1; mode=block
Content-Length: 4
Keep-Alive: timeout=5, max=100
Content-Type: text/html

GET /
deck-list.com/MzLAQ/18544deafe599e4/ 0
0

GET
H/1.1 404
Not Found ConvergedLogin_PCore_FZ20atAlhirHa_737xNftg2.js.download
deck-list.com/MzLAQ/assets/ 0
0 79ms
56ms Script
text/html 185.86.210.191
Spain

General

Check archive.org

Show headers Download Go to

Full URL: https://deck-list.com/MzLAQ/assets/ConvergedLogin_PCore_FZ20atAlhirHa_737xNftg2.js.download
Requested by: Host: deck-list.com
URL: https://deck-list.com/MzLAQ/18544deafe599e4/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.86.210.191 , Spain, ASN39020 (COMVIVE-AS Seville - Spain, ES),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://deck-list.com/MzLAQ/18544deafe599e4/
Origin: https://deck-list.com
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Wed, 10 Nov 2021 23:20:28 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 109

GET
H/1.1 200
OK logos.svg
deck-list.com/MzLAQ/assets/img/ 4 KB
2 KB 123ms
122ms Image
image/svg+xml 185.86.210.191
Spain

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://deck-list.com/MzLAQ/assets/img/logos.svg

Requested by

Host: deck-list.com
URL: https://deck-list.com/MzLAQ/18544deafe599e4/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

185.86.210.191 , Spain, ASN39020 (COMVIVE-AS Seville - Spain, ES),

Reverse DNS

Software

Apache /

Resource Hash

04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://deck-list.com/MzLAQ/18544deafe599e4/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Wed, 10 Nov 2021 23:20:28 GMT
Content-Encoding: gzip
Origin: https://www.fbi.gov
Connection: keep-alive, Keep-Alive
X_FORWARDED_FOR: 104.16.77.187
X-Forwarded-Proto: https
Content-Length: 1435
X-XSS-Protection: 1; mode=block
Server: Apache
X-Content-Type: nosniff
REMOTE_ADDR: 104.16.77.187
Last-Modified: Mon, 08 Mar 2021 21:33:34 GMT
X-Forwarded-Host: www.fbi.gov
Host: www.fbi.gov
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Referer: https://www.fbi.gov
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK sec.svg
deck-list.com/MzLAQ/assets/img/ 2 KB
1 KB 131ms
129ms Image
image/svg+xml 185.86.210.191
Spain

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://deck-list.com/MzLAQ/assets/img/sec.svg

Requested by

Host: deck-list.com
URL: https://deck-list.com/MzLAQ/18544deafe599e4/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

185.86.210.191 , Spain, ASN39020 (COMVIVE-AS Seville - Spain, ES),

Reverse DNS

Software

Apache /

Resource Hash

8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://deck-list.com/MzLAQ/18544deafe599e4/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Wed, 10 Nov 2021 23:20:28 GMT
Content-Encoding: gzip
Origin: https://www.fbi.gov
Connection: keep-alive, Keep-Alive
X_FORWARDED_FOR: 104.16.77.187
X-Forwarded-Proto: https
Content-Length: 621
X-XSS-Protection: 1; mode=block
Server: Apache
X-Content-Type: nosniff
REMOTE_ADDR: 104.16.77.187
Last-Modified: Mon, 08 Mar 2021 23:30:42 GMT
X-Forwarded-Host: www.fbi.gov
Host: www.fbi.gov
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Referer: https://www.fbi.gov
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H/1.1 404
Not Found ConvergedLogin_PCore_FZ20atAlhirHa_737xNftg2.js.download
deck-list.com/MzLAQ/assets/ 0
0 252ms
163ms Script
text/html 185.86.210.191
Spain

General

Check archive.org

Show headers Download Go to

Full URL: https://deck-list.com/MzLAQ/assets/ConvergedLogin_PCore_FZ20atAlhirHa_737xNftg2.js.download
Requested by: Host: deck-list.com
URL: https://deck-list.com/MzLAQ/18544deafe599e4/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.86.210.191 , Spain, ASN39020 (COMVIVE-AS Seville - Spain, ES),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://deck-list.com/MzLAQ/18544deafe599e4/
Origin: https://deck-list.com
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Wed, 10 Nov 2021 23:20:28 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 109

GET
H/1.1 200
OK css.css
deck-list.com/MzLAQ/assets/css/ 0
20 KB 165ms
53ms Other
text/css 185.86.210.191
Spain

General

Check archive.org

Show headers Download Go to

Full URL

https://deck-list.com/MzLAQ/assets/css/css.css

Requested by

Host: deck-list.com
URL: https://deck-list.com/MzLAQ/18544deafe599e4/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

185.86.210.191 , Spain, ASN39020 (COMVIVE-AS Seville - Spain, ES),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://deck-list.com/MzLAQ/18544deafe599e4/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Wed, 10 Nov 2021 23:20:29 GMT
Content-Encoding: gzip
Origin: https://www.fbi.gov
Connection: keep-alive, Keep-Alive
X_FORWARDED_FOR: 104.16.77.187
X-Forwarded-Proto: https
Content-Length: 19617
X-XSS-Protection: 1; mode=block
Server: Apache
X-Content-Type: nosniff
REMOTE_ADDR: 104.16.77.187
Last-Modified: Mon, 08 Mar 2021 21:33:32 GMT
X-Forwarded-Host: www.fbi.gov
Host: www.fbi.gov
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Referer: https://www.fbi.gov
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99

GET
H/1.1 404
Not Found prefetch.html Show response
deck-list.com/MzLAQ/assets/ Frame AB21 91 B
370 B 129ms
49ms Document
text/html 185.86.210.191
Spain

General

Check archive.org

Show headers Download Go to

Full URL: https://deck-list.com/MzLAQ/assets/prefetch.html
Requested by: Host: deck-list.com
URL: https://deck-list.com/MzLAQ/18544deafe599e4/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.86.210.191 , Spain, ASN39020 (COMVIVE-AS Seville - Spain, ES),
Reverse DNS
Software: Apache /
Resource Hash: 37615b6b7480737a974e32ba14efe1b242ee0d91c46707f8f962d0ec441143cc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://deck-list.com/MzLAQ/18544deafe599e4/

Response headers

Date: Wed, 10 Nov 2021 23:20:28 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 109
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

GET
H/1.1 200
OK bk.svg
deck-list.com/MzLAQ/assets/img/ 2 KB
1 KB 250ms
165ms Image
image/svg+xml 185.86.210.191
Spain

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://deck-list.com/MzLAQ/assets/img/bk.svg

Requested by

Host: deck-list.com
URL: https://deck-list.com/MzLAQ/18544deafe599e4/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

185.86.210.191 , Spain, ASN39020 (COMVIVE-AS Seville - Spain, ES),

Reverse DNS

Software

Apache /

Resource Hash

0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://deck-list.com/MzLAQ/18544deafe599e4/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Wed, 10 Nov 2021 23:20:29 GMT
Content-Encoding: gzip
Origin: https://www.fbi.gov
Connection: keep-alive, Keep-Alive
X_FORWARDED_FOR: 104.16.77.187
X-Forwarded-Proto: https
Content-Length: 673
X-XSS-Protection: 1; mode=block
Server: Apache
X-Content-Type: nosniff
REMOTE_ADDR: 104.16.77.187
Last-Modified: Mon, 08 Mar 2021 22:50:00 GMT
X-Forwarded-Host: www.fbi.gov
Host: www.fbi.gov
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Referer: https://www.fbi.gov
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100

GET
H/1.1 404
Not Found ConvergedLogin_PCore_FZ20atAlhirHa_737xNftg2.js.download
deck-list.com/MzLAQ/assets/ 0
0 56ms
55ms Script
text/html 185.86.210.191
Spain

General

Check archive.org

Show headers Download Go to

Full URL: https://deck-list.com/MzLAQ/assets/ConvergedLogin_PCore_FZ20atAlhirHa_737xNftg2.js.download
Requested by: Host: deck-list.com
URL: https://deck-list.com/MzLAQ/18544deafe599e4/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.86.210.191 , Spain, ASN39020 (COMVIVE-AS Seville - Spain, ES),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://deck-list.com/MzLAQ/18544deafe599e4/
Origin: https://deck-list.com
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Wed, 10 Nov 2021 23:20:29 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 109

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: deck-list.com
URL: https://deck-list.com/MzLAQ/18544deafe599e4/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
email.schoolcloudsystems.co.uk/	1969-12-31 23:59:59	Name: pepo_tid Value: 6fded1a07bc6c854721362a765819be7
email.schoolcloudsystems.co.uk/	1969-12-31 23:59:59	Name: pepo_tsid Value: 6fded1a07bc6c854721362a765819be71636586420225
email.schoolcloudsystems.co.uk/	1969-12-31 23:59:59	Name: pepo_tsid_exp Value: 1636586420225
deck-list.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 2cea012124d780d48ecd18ad8920550d

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://deck-list.com/MzLAQ/assets/ConvergedLogin_PCore_FZ20atAlhirHa_737xNftg2.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://deck-list.com/MzLAQ/assets/ConvergedLogin_PCore_FZ20atAlhirHa_737xNftg2.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://deck-list.com/MzLAQ/assets/prefetch.html Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://deck-list.com/MzLAQ/assets/ConvergedLogin_PCore_FZ20atAlhirHa_737xNftg2.js.download Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

click.pstmrk.it
d2bcmzumnful8.cloudfront.net
deck-list.com
email.schoolcloudsystems.co.uk
px.pepo.com
deck-list.com
13.224.194.172
13.225.84.124
185.86.210.191
52.50.30.100
54.194.108.46
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
37615b6b7480737a974e32ba14efe1b242ee0d91c46707f8f962d0ec441143cc
3f546c7b6aaa8cadc2bcf52cac8d16c2b2646ceb5ed32620d8ccc9cf07693d8e
522c315d2963de73d0bbf1ab5431bd77c2a5aaf6ec207124cad3f760da26bf10
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f68d1762e067c25b07eceed2203661ea4998bd3867ab50e0be054a1ce12633df

deck-list.com Open in urlscan Pro 185.86.210.191 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

13 Requests

69 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

5 IPs

3 Countries

95 kBTransfer

273 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

4 Cookies

4 Console Messages

Indicators

deck-list.com Open in urlscan Pro
185.86.210.191 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

69 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

95 kB
Transfer

273 kB
Size

4
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!