mail.dmgsk9.com Open in urlscan Pro
207.55.240.21 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://mail.dmgsk9.com/login.html
Submission Tags: falconsandbox
Submission: On February 14 via api (February 14th 2023, 11:25:28 am UTC) from US — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 207.55.240.21, located in United States and belongs to WEBINT, US. The main domain is mail.dmgsk9.com.

This is the only time mail.dmgsk9.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: JCB (Financial)

Domain & IP information

	IP Address		AS Autonomous System
11	207.55.240.21 207.55.240.21		11989 (WEBINT) (WEBINT)
11	1

11 207.55.240.21 (United States)

ASN11989 (WEBINT, US)
PTR: cp16.deluxehosting.com

mail.dmgsk9.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	dmgsk9.com mail.dmgsk9.com	112 KB
11	1

	Domain	Requested by
11	mail.dmgsk9.com	mail.dmgsk9.com
11	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://mail.dmgsk9.com/login.html
Frame ID: 9244E41B7A5C74CAB4C7DF208D91EF36
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

JCBの会員専用WEBサービス「MyJCB（マイジェーシービー）」

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

112 kB
Transfer

109 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.html Show response mail.dmgsk9.com/	9 KB 9 KB	299ms 103ms	Document text/html	207.55.240.21 WEBINT
General Check archive.org Show headers Download Go to Full URL http://mail.dmgsk9.com/login.html Protocol HTTP/1.1 Server 207.55.240.21 , United States, ASN11989 (WEBINT, US), Reverse DNS cp16.deluxehosting.com Software Apache / Resource Hash `95fec276f27acc641323b1fb54ce584ec697fc0be64403c7365954ac34a15c1c` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 9477 Content-Type text/html Date Tue, 14 Feb 2023 11:25:23 GMT Keep-Alive timeout=5, max=100 Last-Modified Sat, 10 Sep 2022 19:58:06 GMT Server Apache
GET H/1.1	200 OK	login.css mail.dmgsk9.com/MyJCB/	11 KB 12 KB	102ms 101ms	Stylesheet text/css	207.55.240.21 WEBINT
General Check archive.org Show headers Download Go to Full URL http://mail.dmgsk9.com/MyJCB/login.css Requested by Host: mail.dmgsk9.com URL: http://mail.dmgsk9.com/login.html Protocol HTTP/1.1 Server 207.55.240.21 , United States, ASN11989 (WEBINT, US), Reverse DNS cp16.deluxehosting.com Software Apache / Resource Hash `c9201d468dddf3a23a57bb912500032ee22b6bdc69c5d59eb8cee9ff46083c6b` Request headers accept-language de-DE,de;q=0.9 Referer http://mail.dmgsk9.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Tue, 14 Feb 2023 11:25:23 GMT Last-Modified Sat, 10 Sep 2022 01:53:30 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 11556
GET H/1.1	200 OK	frame.css mail.dmgsk9.com/MyJCB/	33 KB 33 KB	205ms 103ms	Stylesheet text/css	207.55.240.21 WEBINT
General Check archive.org Show headers Download Go to Full URL http://mail.dmgsk9.com/MyJCB/frame.css Requested by Host: mail.dmgsk9.com URL: http://mail.dmgsk9.com/login.html Protocol HTTP/1.1 Server 207.55.240.21 , United States, ASN11989 (WEBINT, US), Reverse DNS cp16.deluxehosting.com Software Apache / Resource Hash `c83cd93e3355eb5ed9889c41585612ddf25a1eb8d98aaddb177298dfa9d81365` Request headers accept-language de-DE,de;q=0.9 Referer http://mail.dmgsk9.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Tue, 14 Feb 2023 11:25:24 GMT Last-Modified Sat, 10 Sep 2022 01:53:30 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 33331
GET H/1.1	200 OK	logo.png mail.dmgsk9.com/MyJCB/	3 KB 3 KB	203ms 102ms	Image image/png	207.55.240.21 WEBINT
General Check archive.org Show headers Download Go to Show image Full URL http://mail.dmgsk9.com/MyJCB/logo.png Requested by Host: mail.dmgsk9.com URL: http://mail.dmgsk9.com/login.html Protocol HTTP/1.1 Server 207.55.240.21 , United States, ASN11989 (WEBINT, US), Reverse DNS cp16.deluxehosting.com Software Apache / Resource Hash `dd8e7c6375bd6ccc23582eec91b4f1417b6f582dfc48e40b7ae3a63d7b0ae949` Request headers accept-language de-DE,de;q=0.9 Referer http://mail.dmgsk9.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Tue, 14 Feb 2023 11:25:24 GMT Last-Modified Sat, 10 Sep 2022 01:53:30 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3180
GET H/1.1	200 OK	icon_blank.png mail.dmgsk9.com/MyJCB/	1 KB 1 KB	202ms 102ms	Image image/png	207.55.240.21 WEBINT
General Check archive.org Show headers Download Go to Show image Full URL http://mail.dmgsk9.com/MyJCB/icon_blank.png Requested by Host: mail.dmgsk9.com URL: http://mail.dmgsk9.com/login.html Protocol HTTP/1.1 Server 207.55.240.21 , United States, ASN11989 (WEBINT, US), Reverse DNS cp16.deluxehosting.com Software Apache / Resource Hash `6034aa1a5202485c861be5b8b5664b920a6ba8e02f65bea1ba7419ad736145c1` Request headers accept-language de-DE,de;q=0.9 Referer http://mail.dmgsk9.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Tue, 14 Feb 2023 11:25:24 GMT Last-Modified Sat, 10 Sep 2022 01:53:30 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1065
GET H/1.1	200 OK	faq-btn.png mail.dmgsk9.com/MyJCB/	6 KB 6 KB	121ms 102ms	Image image/png	207.55.240.21 WEBINT
General Check archive.org Show headers Download Go to Show image Full URL http://mail.dmgsk9.com/MyJCB/faq-btn.png Requested by Host: mail.dmgsk9.com URL: http://mail.dmgsk9.com/login.html Protocol HTTP/1.1 Server 207.55.240.21 , United States, ASN11989 (WEBINT, US), Reverse DNS cp16.deluxehosting.com Software Apache / Resource Hash `ded913d8bb8cd42a34881a7fc5169f3faf295cfb7b582c9293c5b223d3568be1` Request headers accept-language de-DE,de;q=0.9 Referer http://mail.dmgsk9.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Tue, 14 Feb 2023 11:25:24 GMT Last-Modified Sat, 10 Sep 2022 01:53:30 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 6161
GET H/1.1	200 OK	error-icon.png mail.dmgsk9.com/MyJCB/	350 B 591 B	102ms 102ms	Image image/png	207.55.240.21 WEBINT
General Check archive.org Show headers Download Go to Show image Full URL http://mail.dmgsk9.com/MyJCB/error-icon.png Requested by Host: mail.dmgsk9.com URL: http://mail.dmgsk9.com/login.html Protocol HTTP/1.1 Server 207.55.240.21 , United States, ASN11989 (WEBINT, US), Reverse DNS cp16.deluxehosting.com Software Apache / Resource Hash `80adebc84b57ccb10f21a41231e22b5b051bbe66a81385536650b42e1fd2b50a` Request headers accept-language de-DE,de;q=0.9 Referer http://mail.dmgsk9.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Tue, 14 Feb 2023 11:25:24 GMT Last-Modified Sat, 10 Sep 2022 01:53:30 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 350
GET H/1.1	200 OK	logo_footer.png mail.dmgsk9.com/MyJCB/	2 KB 2 KB	102ms 101ms	Image image/png	207.55.240.21 WEBINT
General Check archive.org Show headers Download Go to Show image Full URL http://mail.dmgsk9.com/MyJCB/logo_footer.png Requested by Host: mail.dmgsk9.com URL: http://mail.dmgsk9.com/login.html Protocol HTTP/1.1 Server 207.55.240.21 , United States, ASN11989 (WEBINT, US), Reverse DNS cp16.deluxehosting.com Software Apache / Resource Hash `93b334e1a1d3b1f7ad60a247c93d72e8d3c03db8b81bc4c4184ad3a3d7ce5b62` Request headers accept-language de-DE,de;q=0.9 Referer http://mail.dmgsk9.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Tue, 14 Feb 2023 11:25:24 GMT Last-Modified Sat, 10 Sep 2022 01:53:30 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1765
GET H/1.1	200 OK	jquery.cookie.js Show response mail.dmgsk9.com/MyJCB/	3 KB 3 KB	185ms 102ms	Script application/javascript	207.55.240.21 WEBINT
General Check archive.org Show headers Download Go to Full URL http://mail.dmgsk9.com/MyJCB/jquery.cookie.js Requested by Host: mail.dmgsk9.com URL: http://mail.dmgsk9.com/login.html Protocol HTTP/1.1 Server 207.55.240.21 , United States, ASN11989 (WEBINT, US), Reverse DNS cp16.deluxehosting.com Software Apache / Resource Hash `8c0301b3dba5061632d7321cd8bb7bd527f48288d5cb15ff614ea0c1dcc1ad69` Request headers accept-language de-DE,de;q=0.9 Referer http://mail.dmgsk9.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Tue, 14 Feb 2023 11:25:24 GMT Last-Modified Sat, 10 Sep 2022 01:53:30 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 3140
GET H/1.1	200 OK	frame.js Show response mail.dmgsk9.com/MyJCB/	31 KB 32 KB	203ms 103ms	Script application/javascript	207.55.240.21 WEBINT
General Check archive.org Show headers Download Go to Full URL http://mail.dmgsk9.com/MyJCB/frame.js Requested by Host: mail.dmgsk9.com URL: http://mail.dmgsk9.com/login.html Protocol HTTP/1.1 Server 207.55.240.21 , United States, ASN11989 (WEBINT, US), Reverse DNS cp16.deluxehosting.com Software Apache / Resource Hash `eb8fa3b5341548ac9394dd9382be48403455b59ba2f23ef347bb3a004fbceea2` Request headers accept-language de-DE,de;q=0.9 Referer http://mail.dmgsk9.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Tue, 14 Feb 2023 11:25:24 GMT Last-Modified Sat, 10 Sep 2022 01:53:30 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 32021
GET H/1.1	200 OK	login.html Show response mail.dmgsk9.com/	9 KB 9 KB	103ms 103ms	Script text/html	207.55.240.21 WEBINT
General Check archive.org Show headers Download Go to Full URL http://mail.dmgsk9.com/login.html Requested by Host: mail.dmgsk9.com URL: http://mail.dmgsk9.com/login.html Protocol HTTP/1.1 Server 207.55.240.21 , United States, ASN11989 (WEBINT, US), Reverse DNS cp16.deluxehosting.com Software Apache / Resource Hash `95fec276f27acc641323b1fb54ce584ec697fc0be64403c7365954ac34a15c1c` Request headers accept-language de-DE,de;q=0.9 Referer http://mail.dmgsk9.com/login.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Tue, 14 Feb 2023 11:25:24 GMT Last-Modified Sat, 10 Sep 2022 19:58:06 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 9477

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: JCB (Financial)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mail.dmgsk9.com
207.55.240.21
6034aa1a5202485c861be5b8b5664b920a6ba8e02f65bea1ba7419ad736145c1
80adebc84b57ccb10f21a41231e22b5b051bbe66a81385536650b42e1fd2b50a
8c0301b3dba5061632d7321cd8bb7bd527f48288d5cb15ff614ea0c1dcc1ad69
93b334e1a1d3b1f7ad60a247c93d72e8d3c03db8b81bc4c4184ad3a3d7ce5b62
95fec276f27acc641323b1fb54ce584ec697fc0be64403c7365954ac34a15c1c
c83cd93e3355eb5ed9889c41585612ddf25a1eb8d98aaddb177298dfa9d81365
c9201d468dddf3a23a57bb912500032ee22b6bdc69c5d59eb8cee9ff46083c6b
dd8e7c6375bd6ccc23582eec91b4f1417b6f582dfc48e40b7ae3a63d7b0ae949
ded913d8bb8cd42a34881a7fc5169f3faf295cfb7b582c9293c5b223d3568be1
eb8fa3b5341548ac9394dd9382be48403455b59ba2f23ef347bb3a004fbceea2

mail.dmgsk9.com Open in urlscan Pro 207.55.240.21 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

112 kBTransfer

109 kBSize

0 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

mail.dmgsk9.com Open in urlscan Pro
207.55.240.21 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

112 kB
Transfer

109 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!