![](/screenshots/f6287600-46d6-4c9e-b8fd-7813c053df98.png)
hitglobal.com.tr
Open in
urlscan Pro
185.111.232.21
Malicious Activity!
Public Scan
Effective URL: http://hitglobal.com.tr/ui/wwwAmazonUS/signInAmazonUS/Login.php?sslchannel=true&sessionid=D1WC2kH1cUfdiorjTPrDAQzC7Hwac5...
Submission: On March 29 via automatic, source phishtank
Summary
This is the only time hitglobal.com.tr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 41.185.12.80 41.185.12.80 | 36943 (webafrica) (webafrica) | |
4 | 185.111.232.21 185.111.232.21 | 51557 (TR-FBS) (TR-FBS) | |
1 | 52.222.166.250 52.222.166.250 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 185.225.208.133 185.225.208.133 | 13213 (UK2NET-AS) (UK2NET-AS) | |
1 | 69.4.231.30 69.4.231.30 | 36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.) | |
1 | 67.202.94.94 67.202.94.94 | 32748 (STEADFAST) (STEADFAST - Steadfast) | |
1 | 104.16.87.26 104.16.87.26 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 208.100.17.187 208.100.17.187 | 32748 (STEADFAST) (STEADFAST - Steadfast) | |
1 | 208.100.17.181 208.100.17.181 | 32748 (STEADFAST) (STEADFAST - Steadfast) | |
2 2 | 37.252.172.39 37.252.172.39 | 29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus) | |
1 | 54.72.152.28 54.72.152.28 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 2 | 34.228.95.180 34.228.95.180 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
2 3 | 35.157.92.151 35.157.92.151 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 2 | 216.58.214.98 216.58.214.98 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 2 | 216.52.1.12 216.52.1.12 | 30282 (AS-INAPCD...) (AS-INAPCDN-OCY - Internap Network Services Corporation) | |
1 | 52.28.202.155 52.28.202.155 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
16 | 14 |
ASN36943 (webafrica, ZA)
PTR: win28.wadns.net
coredrillrigpartsafrica.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-166-250.fra54.r.cloudfront.net
images-na.ssl-images-amazon.com |
ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: no-rdns.ord02.hostingservicesinc.net
t.dtscout.com |
ASN32748 (STEADFAST - Steadfast, US)
PTR: amung.us
whos.amung.us |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.tynt.com |
ASN32748 (STEADFAST - Steadfast, US)
PTR: ip187.208-100-17.static.steadfastdns.net
ic.tynt.com |
ASN32748 (STEADFAST - Steadfast, US)
PTR: ip181.208-100-17.static.steadfastdns.net
de.tynt.com |
ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 246.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-72-152-28.eu-west-1.compute.amazonaws.com
s.cpx.to |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-228-95-180.compute-1.amazonaws.com
idsync.rlcdn.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-92-151.eu-central-1.compute.amazonaws.com
ps.eyeota.net |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s05-in-f98.1e100.net
cm.g.doubleclick.net |
ASN30282 (AS-INAPCDN-OCY - Internap Network Services Corporation, US)
loadus.exelator.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-28-202-155.eu-central-1.compute.amazonaws.com
sync.sharethis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
hitglobal.com.tr
hitglobal.com.tr |
36 KB |
3 |
eyeota.net
2 redirects
ps.eyeota.net |
765 B |
3 |
tynt.com
cdn.tynt.com ic.tynt.com de.tynt.com |
9 KB |
2 |
exelator.com
2 redirects
loadus.exelator.com |
2 KB |
2 |
doubleclick.net
2 redirects
cm.g.doubleclick.net |
1 KB |
2 |
rlcdn.com
1 redirects
idsync.rlcdn.com |
959 B |
2 |
adnxs.com
2 redirects
ib.adnxs.com |
2 KB |
2 |
amung.us
widgets.amung.us whos.amung.us |
3 KB |
2 |
coredrillrigpartsafrica.com
1 redirects
coredrillrigpartsafrica.com |
715 B |
1 |
sharethis.com
sync.sharethis.com |
420 B |
1 |
cpx.to
s.cpx.to |
499 B |
1 |
dtscout.com
t.dtscout.com |
6 KB |
1 |
ssl-images-amazon.com
images-na.ssl-images-amazon.com |
21 KB |
16 | 13 |
Domain | Requested by | |
---|---|---|
4 | hitglobal.com.tr |
hitglobal.com.tr
|
3 | ps.eyeota.net |
2 redirects
hitglobal.com.tr
|
2 | loadus.exelator.com | 2 redirects |
2 | cm.g.doubleclick.net | 2 redirects |
2 | idsync.rlcdn.com |
1 redirects
hitglobal.com.tr
|
2 | ib.adnxs.com | 2 redirects |
2 | coredrillrigpartsafrica.com | 1 redirects |
1 | sync.sharethis.com |
hitglobal.com.tr
|
1 | s.cpx.to |
hitglobal.com.tr
|
1 | de.tynt.com |
cdn.tynt.com
|
1 | ic.tynt.com |
hitglobal.com.tr
|
1 | cdn.tynt.com |
widgets.amung.us
|
1 | whos.amung.us |
widgets.amung.us
|
1 | t.dtscout.com |
widgets.amung.us
|
1 | widgets.amung.us |
hitglobal.com.tr
|
1 | images-na.ssl-images-amazon.com |
hitglobal.com.tr
|
16 | 16 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://hitglobal.com.tr/ui/wwwAmazonUS/signInAmazonUS/Login.php?sslchannel=true&sessionid=D1WC2kH1cUfdiorjTPrDAQzC7Hwac5261729kQC4dnG7leJIkZuLF57mEh4roqygt11PnkovZ2LkO08m
Frame ID: FF9BDCF4124391B180574FA6C3760423
Requests: 17 HTTP requests in this frame
Screenshot
![](/screenshots/f6287600-46d6-4c9e-b8fd-7813c053df98.png)
Page URL History Show full URLs
-
http://coredrillrigpartsafrica.com/usp/cavb
HTTP 301
http://coredrillrigpartsafrica.com/usp/cavb/ Page URL
- http://hitglobal.com.tr/ui/wwwAmazonUS/signInAmazonUS/ Page URL
- http://hitglobal.com.tr/ui/wwwAmazonUS/signInAmazonUS/Login.php?sslchannel=true&sessionid=D1WC2kH1cU... Page URL
Detected technologies
![](/vendor/wappa/icons/WindowsServer.png)
Detected patterns
- headers server /IIS(?:\/([\d.]+))?/i
![](/vendor/wappa/icons/IIS.png)
Detected patterns
- headers server /IIS(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://coredrillrigpartsafrica.com/usp/cavb
HTTP 301
http://coredrillrigpartsafrica.com/usp/cavb/ Page URL
- http://hitglobal.com.tr/ui/wwwAmazonUS/signInAmazonUS/ Page URL
- http://hitglobal.com.tr/ui/wwwAmazonUS/signInAmazonUS/Login.php?sslchannel=true&sessionid=D1WC2kH1cUfdiorjTPrDAQzC7Hwac5261729kQC4dnG7leJIkZuLF57mEh4roqygt11PnkovZ2LkO08m Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://coredrillrigpartsafrica.com/usp/cavb HTTP 301
- http://coredrillrigpartsafrica.com/usp/cavb/
- http://ib.adnxs.com/getuid?http%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttp%253A%252F%252Fhitglobal.com.tr%252Fui%252FwwwAmazonUS%252FsignInAmazonUS%252F%26pid%3D11254%26adnxs_uid%3D%24UID HTTP 302
- http://ib.adnxs.com/bounce?%2Fgetuid%3Fhttp%253A%252F%252Fs.cpx.to%252Fca.png%253Fref%253Dhttp%25253A%25252F%25252Fhitglobal.com.tr%25252Fui%25252FwwwAmazonUS%25252FsignInAmazonUS%25252F%2526pid%253D11254%2526adnxs_uid%253D%2524UID HTTP 302
- http://s.cpx.to/ca.png?ref=http%3A%2F%2Fhitglobal.com.tr%2Fui%2FwwwAmazonUS%2FsignInAmazonUS%2F&pid=11254&adnxs_uid=5408053440360922486
- http://idsync.rlcdn.com/405716.gif?partner_uid=CmUMKlq8SecO5gRwvGTfAg%3D%3D HTTP 302
- http://idsync.rlcdn.com/405716.gif?partner_uid=CmUMKlq8SecO5gRwvGTfAg%3D%3D&redirect=1
- http://ps.eyeota.net/pixel?pid=gdomg51&t=gif&cat=&random=1522289128013 HTTP 302
- http://ps.eyeota.net/pixel/bounce/?pid=gdomg51&t=gif&cat=&random=1522289128013 HTTP 302
- http://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1 HTTP 302
- http://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc= HTTP 302
- http://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEN8AIcvwOY1JYcvFcAi9js8&google_cver=1
- http://loadus.exelator.com/load/?j=0&p=409&g=600&buid2=CmUMKlq8SecO5gRwvGTfAg%3D%3D&random=1522289128013 HTTP 302
- http://loadus.exelator.com/load/?j=0&p=409&g=600&buid2=CmUMKlq8SecO5gRwvGTfAg%3D%3D&random=1522289128013&xl8blockcheck=1 HTTP 302
- http://sync.sharethis.com/nlsn?uid=b66b490945967a251118e097d562d525
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
coredrillrigpartsafrica.com/usp/cavb/ Redirect Chain
|
101 B 492 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
![]() hitglobal.com.tr/ui/wwwAmazonUS/signInAmazonUS/ |
204 B 607 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Login.php
hitglobal.com.tr/ui/wwwAmazonUS/signInAmazonUS/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
001.css
hitglobal.com.tr/ui/wwwAmazonUS/signInAmazonUS/assets/css/ |
158 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
002.css
hitglobal.com.tr/ui/wwwAmazonUS/signInAmazonUS/assets/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
aui_sprite_0029-1x._V1_.png
images-na.ssl-images-amazon.com/images/G/01/amazonui/sprites/ |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
small.js
widgets.amung.us/ |
6 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
t.dtscout.com/i/ |
4 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
whos.amung.us/pingjs/ |
30 B 233 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tc.js
cdn.tynt.com/ |
15 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
439 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
p
ic.tynt.com/b/ |
35 B 626 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
v2
de.tynt.com/deb/ |
971 B 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ca.png
s.cpx.to/ Redirect Chain
|
95 B 499 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
405716.gif
idsync.rlcdn.com/ Redirect Chain
|
43 B 533 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
match
ps.eyeota.net/ Redirect Chain
|
70 B 171 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nlsn
sync.sharethis.com/ Redirect Chain
|
42 B 420 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| validateForm object| _wau object| WAU_ren function| WAU_small function| WAU_r_s function| WAU_insert function| WAU_legacy_b function| WAU_la function| WAU_addCommas function| WAU_cps function| docReady object| a object| cv object| x string| x1 string| x2 object| Tynt object| _33Across12 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.dtscout.com/ | Name: df Value: 1522289128 |
|
.bluekai.com/ | Name: bku Value: 4tL99mCJFaGTVV5W |
|
.dtscout.com/ | Name: st Value: 1 |
|
.dtscout.com/ | Name: pi Value: 1 |
|
.dtscout.com/ | Name: es Value: 1 |
|
.dtscout.com/ | Name: l Value: RQTnHlq8SehBY2v2pcVOAg== |
|
.bluekai.com/ | Name: bkdc Value: iad |
|
.dtscout.com/ | Name: ah Value: 1 |
|
.dtscout.com/ | Name: ey Value: 1 |
|
.dtscout.com/ | Name: m Value: 1 |
|
.dtscout.com/ | Name: b Value: 1 |
|
hitglobal.com.tr/ | Name: PHPSESSID Value: 5e7f19af12de5ca147e2d5788646a5fc |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.tynt.com
cm.g.doubleclick.net
coredrillrigpartsafrica.com
de.tynt.com
hitglobal.com.tr
ib.adnxs.com
ic.tynt.com
idsync.rlcdn.com
images-na.ssl-images-amazon.com
loadus.exelator.com
ps.eyeota.net
s.cpx.to
sync.sharethis.com
t.dtscout.com
whos.amung.us
widgets.amung.us
104.16.87.26
185.111.232.21
185.225.208.133
208.100.17.181
208.100.17.187
216.52.1.12
216.58.214.98
34.228.95.180
35.157.92.151
37.252.172.39
41.185.12.80
52.222.166.250
52.28.202.155
54.72.152.28
67.202.94.94
69.4.231.30
11b2083cdc7b8f40bb37f550418ab53b58f37716c343a53b37904427dd2d779e
4ce1b2cf7ca8079968036304a82db60fb203089f5264fcfcb6825e64aa46dd19
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
89a9bb21f01e36c5282c9a084c2a915150c15289eb34a94e74f87ecd34021d81
8fdf315acd492d219fa5878134b780145d76a8eb73fe2bf32c024ebb4b145380
9b04780aae5dbc8eab481e256cde423c8585d2ce5502d70ed2048dad7f805de9
a7da7cfcd2832e7f2e5b550cd59f875023bc689174b1c6d714d0a1432e646049
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b8560a81404cc764bb7b99b88c2276284051b242c5c2206249ed3b8d1706eef1
bf038e0a2b50d8f918e6548561a023cd495f1bc598802df276f846c07cd174d1
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
ca7f32fc532762fca506c7a016be6b21a558275cd3f4189f646287cc22b213b6
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
e9e46381be104155e8a3933f84480d16c02d379ff0c958262894394cfaad283f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac