deck-list.com
Open in
urlscan Pro
185.86.210.191
Malicious Activity!
Public Scan
Effective URL: https://deck-list.com/MzLAQ/18544deafe599e4/
Submission: On November 10 via manual from US — Scanned from IT
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 21st 2021. Valid for: 3 months.
This is the only time deck-list.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.194.108.46 54.194.108.46 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 13.224.194.172 13.224.194.172 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 13.225.84.124 13.225.84.124 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 52.50.30.100 52.50.30.100 | 16509 (AMAZON-02) (AMAZON-02) | |
1 10 | 185.86.210.191 185.86.210.191 | 39020 (COMVIVE-A...) (COMVIVE-AS Seville - Spain) | |
13 | 5 |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-108-46.eu-west-1.compute.amazonaws.com
click.pstmrk.it |
ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-172.fra2.r.cloudfront.net
email.schoolcloudsystems.co.uk |
ASN16509 (AMAZON-02, US)
PTR: server-13-225-84-124.fra2.r.cloudfront.net
d2bcmzumnful8.cloudfront.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-30-100.eu-west-1.compute.amazonaws.com
px.pepo.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
deck-list.com
1 redirects
deck-list.com |
77 KB |
1 |
pepo.com
px.pepo.com |
262 B |
1 |
cloudfront.net
d2bcmzumnful8.cloudfront.net |
15 KB |
1 |
schoolcloudsystems.co.uk
email.schoolcloudsystems.co.uk |
3 KB |
1 |
pstmrk.it
1 redirects
click.pstmrk.it |
194 B |
13 | 5 |
Domain | Requested by | |
---|---|---|
10 | deck-list.com |
1 redirects
email.schoolcloudsystems.co.uk
deck-list.com |
1 | px.pepo.com | |
1 | d2bcmzumnful8.cloudfront.net |
email.schoolcloudsystems.co.uk
|
1 | email.schoolcloudsystems.co.uk | |
1 | click.pstmrk.it | 1 redirects |
13 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
deck-list.com cPanel, Inc. Certification Authority |
2021-09-21 - 2021-12-20 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://deck-list.com/MzLAQ/18544deafe599e4/
Frame ID: 5A0E46A33C504804A50E043C81794001
Requests: 12 HTTP requests in this frame
Frame:
https://deck-list.com/MzLAQ/assets/prefetch.html
Frame ID: AB21CF8635723D0DE029714F571C8065
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign in to your accountPage URL History Show full URLs
-
https://click.pstmrk.it/2/email.schoolcloudsystems.co.uk%2Ft%3Fentity_type%3D2%26entity_id%3D34691%2...
HTTP 302
http://email.schoolcloudsystems.co.uk/t?entity_type=2&entity_id=34691&email_pref_id=55363566&sent_id=1608273193&se... Page URL
-
https://deck-list.com/MzLAQ/
HTTP 302
https://deck-list.com/MzLAQ/18544deafe599e4/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://click.pstmrk.it/2/email.schoolcloudsystems.co.uk%2Ft%3Fentity_type%3D2%26entity_id%3D34691%26email_pref_id%3D55363566%26sent_id%3D1608273193%26service_id%3D22014%26redirect_url%3Dhttps%3A%2F%2Fdeck-list.com%2FMzLAQ%2F/1Fz3qCYN/0J9S/KBj3zKQiiJ
HTTP 302
http://email.schoolcloudsystems.co.uk/t?entity_type=2&entity_id=34691&email_pref_id=55363566&sent_id=1608273193&service_id=22014&redirect_url=https://deck-list.com/MzLAQ/ Page URL
-
https://deck-list.com/MzLAQ/
HTTP 302
https://deck-list.com/MzLAQ/18544deafe599e4/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://click.pstmrk.it/2/email.schoolcloudsystems.co.uk%2Ft%3Fentity_type%3D2%26entity_id%3D34691%26email_pref_id%3D55363566%26sent_id%3D1608273193%26service_id%3D22014%26redirect_url%3Dhttps%3A%2F%2Fdeck-list.com%2FMzLAQ%2F/1Fz3qCYN/0J9S/KBj3zKQiiJ HTTP 302
- http://email.schoolcloudsystems.co.uk/t?entity_type=2&entity_id=34691&email_pref_id=55363566&sent_id=1608273193&service_id=22014&redirect_url=https://deck-list.com/MzLAQ/
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
t
email.schoolcloudsystems.co.uk/ Redirect Chain
|
16 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tracker.js
d2bcmzumnful8.cloudfront.net/ |
47 KB 15 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
p1003_pixel.png
px.pepo.com/ |
43 B 262 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
deck-list.com/MzLAQ/18544deafe599e4/ Redirect Chain
|
203 KB 52 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
deck-list.com/MzLAQ/18544deafe599e4/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ConvergedLogin_PCore_FZ20atAlhirHa_737xNftg2.js.download
deck-list.com/MzLAQ/assets/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logos.svg
deck-list.com/MzLAQ/assets/img/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sec.svg
deck-list.com/MzLAQ/assets/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ConvergedLogin_PCore_FZ20atAlhirHa_737xNftg2.js.download
deck-list.com/MzLAQ/assets/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
deck-list.com/MzLAQ/assets/css/ |
0 20 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prefetch.html
deck-list.com/MzLAQ/assets/ Frame AB21 |
91 B 370 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bk.svg
deck-list.com/MzLAQ/assets/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ConvergedLogin_PCore_FZ20atAlhirHa_737xNftg2.js.download
deck-list.com/MzLAQ/assets/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- deck-list.com
- URL
- https://deck-list.com/MzLAQ/18544deafe599e4/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| $Debug object| $Do function| $Loader function| GetString function| GetErrorString function| GetUrl object| $B object| StringRepository object| PROOF boolean| __4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
email.schoolcloudsystems.co.uk/ | Name: pepo_tid Value: 6fded1a07bc6c854721362a765819be7 |
|
email.schoolcloudsystems.co.uk/ | Name: pepo_tsid Value: 6fded1a07bc6c854721362a765819be71636586420225 |
|
email.schoolcloudsystems.co.uk/ | Name: pepo_tsid_exp Value: 1636586420225 |
|
deck-list.com/ | Name: PHPSESSID Value: 2cea012124d780d48ecd18ad8920550d |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
click.pstmrk.it
d2bcmzumnful8.cloudfront.net
deck-list.com
email.schoolcloudsystems.co.uk
px.pepo.com
deck-list.com
13.224.194.172
13.225.84.124
185.86.210.191
52.50.30.100
54.194.108.46
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
37615b6b7480737a974e32ba14efe1b242ee0d91c46707f8f962d0ec441143cc
3f546c7b6aaa8cadc2bcf52cac8d16c2b2646ceb5ed32620d8ccc9cf07693d8e
522c315d2963de73d0bbf1ab5431bd77c2a5aaf6ec207124cad3f760da26bf10
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f68d1762e067c25b07eceed2203661ea4998bd3867ab50e0be054a1ce12633df