emergencyknow.com
Open in
urlscan Pro
107.180.50.190
Malicious Activity!
Public Scan
URL:
http://emergencyknow.com/dtug/
Submission: On March 02 via automatic, source phishtank
Submission: On March 02 via automatic, source phishtank
Summary
This website contacted 3 IPs
in 2 countries
across 2 domains to perform 29 HTTP transactions.
The main IP is 107.180.50.190, located in
Scottsdale, United States and
belongs to AS-26496-GO-DADDY-COM-LLC, US.
The main domain is emergencyknow.com.
This is the only time emergencyknow.com was scanned on urlscan.io!
This is the only time emergencyknow.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Chunghwa Telecom (Telecommunication)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 24 | 107.180.50.190 107.180.50.190 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
| 2 | 2001:b000:1a0... 2001:b000:1a0:2:61:220:15:61 | 3462 (HINET Dat...) (HINET Data Communication Business Group) | |
| 3 | 203.75.214.200 203.75.214.200 | 3462 (HINET Dat...) (HINET Data Communication Business Group) | |
| 29 | 3 |
24
107.180.50.190
(Scottsdale, United States)
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-107-180-50-190.ip.secureserver.net
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-107-180-50-190.ip.secureserver.net
| emergencyknow.com |
2
2001:b000:1a0:2:61:220:15:61
(Taiwan)
ASN3462 (HINET Data Communication Business Group, TW)
ASN3462 (HINET Data Communication Business Group, TW)
| webmail.hinet.net |
3
203.75.214.200
(Taoyuan District, Taiwan)
ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-200.HINET-IP.hinet.net
ASN3462 (HINET Data Communication Business Group, TW)
PTR: 203-75-214-200.HINET-IP.hinet.net
| ssp.hinet.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 24 |
emergencyknow.com
emergencyknow.com |
127 KB |
| 5 |
hinet.net
webmail.hinet.net ssp.hinet.net |
7 KB |
| 29 | 2 |
| Domain | Requested by | |
|---|---|---|
| 24 | emergencyknow.com |
emergencyknow.com
|
| 3 | ssp.hinet.net |
emergencyknow.com
ssp.hinet.net |
| 2 | webmail.hinet.net |
emergencyknow.com
|
| 29 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| lib.webmail.hinet.net |
| www.umail.hinet.net |
| www.himail.hinet.net |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.webmail.hinet.net |
2018-04-02 - 2020-04-02 |
2 years | crt.sh |
| *.ssp.hinet.net |
2017-11-29 - 2020-11-29 |
3 years | crt.sh |
This page contains 6 frames:
Primary Page:
http://emergencyknow.com/dtug/
Frame ID: 13B4BCC67D09E07469A5AEA5DF3D8F80
Requests: 18 HTTP requests in this frame
Frame:
http://emergencyknow.com/dtug/top.html
Frame ID: 06A3E2609152727EAE0AA601173EE90E
Requests: 5 HTTP requests in this frame
Frame:
https://webmail.hinet.net/notify.html
Frame ID: 85C9BC7CE8BF871B0F055D5396B38AC8
Requests: 1 HTTP requests in this frame
Frame:
http://emergencyknow.com/dtug/bottom.html
Frame ID: F953834FE8EE8E95AC191E89DDA7FAE5
Requests: 3 HTTP requests in this frame
Frame:
https://ssp.hinet.net/api/web/request/?c=2017007&s=201702000023
Frame ID: D988DD53372275F393A655D07891B1B0
Requests: 1 HTTP requests in this frame
Frame:
http://ssp.hinet.net/api/web/request?c=2017007&s=201702000062&u=5fc6b1c5-f611-525f-cb07-7726fc1d7016&ad=5fc6b1c5-f611-525f-cb07-7726fc1d7016&t=1583167126430&oi=9tGKe&site=http%3A%2F%2Femergencyknow.com%2Fdtug%2F&o=IYFFv
Frame ID: 0F76EBFA9836C9B817064FFEEBCA9A9C
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
- script /jquery-ui[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery-ui.*\.js/i
jQuery UI
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery-ui[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery-ui.*\.js/i
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
URL: https://lib.webmail.hinet.net/statement/setup_descriptions.html
Title: 設定說明
Title: 設定說明
Search URL Search Domain Scan URL
URL: https://lib.webmail.hinet.net/statement/terms.htm
Title: HTML 版
Title: HTML 版
Search URL Search Domain Scan URL
URL: https://lib.webmail.hinet.net/flash-terms/index.html
Title: Flash 版
Title: Flash 版
Search URL Search Domain Scan URL
URL: https://lib.webmail.hinet.net/statement/M-help-e.htm
Title: English Help
Title: English Help
Search URL Search Domain Scan URL
URL: http://www.umail.hinet.net/
Title: UMail
Title: UMail
Search URL Search Domain Scan URL
URL: https://lib.webmail.hinet.net/statement/pwd_info.htm
Title: 《忘記密碼》
Title: 《忘記密碼》
Search URL Search Domain Scan URL
URL: https://lib.webmail.hinet.net/statement/login_info.htm
Title: 《登入說明》
Title: 《登入說明》
Search URL Search Domain Scan URL
URL: https://lib.webmail.hinet.net/statement/notify.htm
Title: 《系統公告》
Title: 《系統公告》
Search URL Search Domain Scan URL
URL: https://lib.webmail.hinet.net/statement/termsvs.htm
Title: 《使用規則》
Title: 《使用規則》
Search URL Search Domain Scan URL
URL: https://www.himail.hinet.net/
Title: 此處。
Title: 此處。
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
29 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
emergencyknow.com/dtug/ |
20 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
index.css
emergencyknow.com/dtug/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
keyboardstyle.css
emergencyknow.com/dtug/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login.css
emergencyknow.com/dtug/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
emergencyknow.com/dtug/Scripts/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-ui-1.10.3.custom.min.js
emergencyknow.com/dtug/Scripts/ |
223 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-fieldselection.js
emergencyknow.com/dtug/Scripts/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
vkeyboard.js
emergencyknow.com/dtug/Scripts/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login.js
emergencyknow.com/dtug/Scripts/ |
18 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
index.js
emergencyknow.com/dtug/Scripts/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
replace_ad.js
emergencyknow.com/dtug/Scripts/ |
444 B 641 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
w_line.gif
emergencyknow.com/dtug/images/ |
52 B 318 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
keyboard.png
emergencyknow.com/dtug/images/ |
345 B 613 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
maillogin_07-1.gif
emergencyknow.com/dtug/images/ |
535 B 803 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dot_arr2_t.gif
emergencyknow.com/dtug/images/ |
59 B 325 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
himail_logo.gif
emergencyknow.com/dtug/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
close.jpg
webmail.hinet.net/images/ |
923 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
top.html
emergencyknow.com/dtug/ Frame 06A3 |
2 KB 956 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
notify.html
webmail.hinet.net/ Frame 85C9 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bottom.html
emergencyknow.com/dtug/ Frame F953 |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
app.js
ssp.hinet.net/api/ |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
ssp.hinet.net/api/web/request/ Frame D988 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wm2k-style.css
emergencyknow.com/dtug/css/ Frame 06A3 |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hinet-logo.gif
emergencyknow.com/dtug/images/ Frame 06A3 |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hinet-hd-t01.gif
emergencyknow.com/dtug/images/ Frame 06A3 |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hinet-hd-t02.gif
emergencyknow.com/dtug/images/ Frame 06A3 |
245 B 512 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wm2k-style.css
emergencyknow.com/dtug/css/ Frame F953 |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hinet-logo-small.gif
emergencyknow.com/dtug/images/ Frame F953 |
500 B 794 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
request
ssp.hinet.net/api/web/ Frame 0F76 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Chunghwa Telecom (Telecommunication)78 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| url function| $ function| jQuery function| shuffleRow function| shuffleKeyboard function| resetRow function| resetKeyboard function| onShift function| showKeyboard function| CloseModelPopup function| MM_preloadImages function| MM_swapImgRestore function| MM_findObj function| MM_swapImage boolean| onlyOne object| today object| expiry function| myTrim function| Trim function| checkCookieEnable function| validateEmail function| validateAccount function| resetTab function| checkTheSame function| checkMailID function| checkInput function| compile function| uncompile function| setCookie function| getCookie function| deleteCookie function| register function| changeTab function| checkCookie function| personalflashit function| businessflashit function| getErrMessage function| showMessageAndGetCookie function| switchSavePasswd function| switchSaveAccount number| tabName boolean| savePasswdFlag function| isChrome function| isIE function| getScrollXY function| getMyWidth function| myResize function| setScrollBar string| notflickdate object| writtenEndFlickDate object| endFlickDate number| maxid number| interval function| flicker function| getMaxAnnouncementID function| getEndFlickDate function| isWeakBrowser function| getBrowserVersion function| isIOS function| isMac function| isCipherWeakBrowser object| jQuery111009100912005215109 string| door string| key number| spaces number| myWidth number| myHeight number| targetLeft number| scollPos object| endFilckDate function| ssp boolean| hinetworkpop boolean| sspreview function| noAd object| tags object| attr3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .ssp.hinet.net/ | Name: uuid Value: b3fbef53-0e9e-4e5b-bd3d-0dbe984f0958 |
|
| .hinet.net/ | Name: adid Value: b3fbef53-0e9e-4e5b-bd3d-0dbe984f0958 |
|
| .hinet.net/ | Name: _huid Value: b3fbef53-0e9e-4e5b-bd3d-0dbe984f0958 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
emergencyknow.com
ssp.hinet.net
webmail.hinet.net
107.180.50.190
2001:b000:1a0:2:61:220:15:61
203.75.214.200
08c016f9519475930d00d9a63249ead7d8f574a7ff7543fd0357ed34f695f41a
10eecf80122ad437a3daa21d7f8deff99af7dd47964655b7e4ac0996362ee4cc
156b810a7a41eaf929200786d5a6d124558079ff8e06f68cd6bab90bbb18e283
2bd5a31739bd5677c7947dc0fcd9f5258d1a3a5d186a759f6a758e245091168b
2dc23f806c32257cb286b51ae41f75bdeeaaab6cee8682ab03a565d64af463ec
36c4bb08df2e7a6e3238fa19fcb8eb1f9ed9eaf02b46f467e6f59c02c2b22f43
60e5ac333b1ee5bfc1df9d9240d31b7be24882e50137e9b681d96999708427a0
74f121ff2216e067fd48254f3ec090bd3858185ebe57c5e08fdf1f46ee9b2378
775b1ab216005f574a2394fb317d725134e77567bea3c0d61915b5bab47f362f
78b268505e93b556a1f9956245b9bf3034ad3e247884254895f1ce8c77a3a84c
80358ff9be39687d4022346716126defa959bf259dc279e4fa79c5a9e5d6266b
82cc1448d53752d24bb4d5cf39374ef114daf14c7e11bcd0c765708da9a2326f
ac0ac943017702ca0934831adffa93cd3e0a21d253f607a0c4ddc570b679828e
afb1ef623fb7cc98d5848f53cb0affeb7822e26c8ff4fe979d1f2491bfffdcc3
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
bd6845710f8b65925fdb00a1e448f0f7f8ac194cffd391946eb4ee561787eac4
c1d0040c0948759305880d5fcc3990d4ea25e38bb131679b2927034beea27188
c5cd3ae960d492688c750ca358bc69b3872e599f7ad8f505258a2f5ec4f6ae82
c7615d473078bcc779a9829ef9439094a50683e13bb242affa91852adcb528d3
c77cc65ae84b8566912d38b5669fdfe431d40a9894a7171131fb65c80e72cbe8
d09a4f2a61f63ab0012dceac0ae76a0718363bbd1439eaea4dd37d13f1df02ce
db3d351ec3db69ac6c039d94ee05a2fecb641468759f2a6e45e00b2c1bcd8f9f
e00c72fe29f3860f66607a3c7a2e9b63ae5ae35c740690f626fea8b05b1e67e5
f181238f262b5cc5c4b78eb41510fb8102feac7dbcb6513b109ebe5d594c901d
feae5d62e73c1d89cb7506a4c2c47066e2e564b1c3927a06ec7e5a7c3b0d8fa9