traveljp-dev.s3-ap-northeast-1.amazonaws.com Open in urlscan Pro
52.219.68.131 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sagawa.didaishizhicat.website/sagawa-wqp/
Effective URL:
http://traveljp-dev.s3-ap-northeast-1.amazonaws.com/sagawa.apk
Submission: On August 20 via manual (August 20th 2019, 2:33:40 am UTC) from JP

Summary HTTP 88 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 88 HTTP transactions. The main IP is 52.219.68.131, located in Tokyo, Japan and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is traveljp-dev.s3-ap-northeast-1.amazonaws.com.

This is the only time traveljp-dev.s3-ap-northeast-1.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sagawa (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
33	202.182.119.124 202.182.119.124	20473 (AS-CHOOPA) (AS-CHOOPA - Choopa)
2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	52.219.68.131 52.219.68.131	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:400c:c04::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
88	5

33 202.182.119.124 (Heiwajima, Japan)

ASN20473 (AS-CHOOPA - Choopa, LLC, US)
PTR: 202.182.119.124.vultr.com

sagawa.didaishizhicat.website	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.219.68.131 (Tokyo, Japan)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-ap-northeast-1-r-w.amazonaws.com

traveljp-dev.s3-ap-northeast-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9a (Brussels, Belgium)

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	didaishizhicat.website sagawa.didaishizhicat.website	353 KB
2	google-analytics.com www.google-analytics.com	18 KB
1	doubleclick.net stats.g.doubleclick.net	303 B
1	amazonaws.com traveljp-dev.s3-ap-northeast-1.amazonaws.com	520 B
88	4

	Domain	Requested by
33	sagawa.didaishizhicat.website	sagawa.didaishizhicat.website
2	www.google-analytics.com	sagawa.didaishizhicat.website
1	stats.g.doubleclick.net
1	traveljp-dev.s3-ap-northeast-1.amazonaws.com	sagawa.didaishizhicat.website
88	4

This site contains no links.

Subject Issuer	Validity	Valid
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-07-29` - `2019-10-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-07-29` - `2019-10-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://traveljp-dev.s3-ap-northeast-1.amazonaws.com/sagawa.apk
Frame ID: 724BF2D56F882395A1F0EE9CBF969066
Requests: 89 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://sagawa.didaishizhicat.website/sagawa-wqp/ Page URL
http://traveljp-dev.s3-ap-northeast-1.amazonaws.com/sagawa.apk Page URL

Page Statistics

88
Requests

3 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

372 kB
Transfer

392 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sagawa.didaishizhicat.website/sagawa-wqp/ Page URL
http://traveljp-dev.s3-ap-northeast-1.amazonaws.com/sagawa.apk Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 67

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 85

http://www.google-analytics.com/collect?v=1&_v=j78&a=1524483641&t=pageview&_s=1&dl=http%3A%2F%2Fsagawa.didaishizhicat.website%2Fsagawa-wqp%2F&ul=en-us&de=UTF-8&dt=%E4%BD%90%E5%B7%9D%E6%80%A5%E4%BE%BF%E6%A0%AA%E5%BC%8F%E4%BC%9A%E7%A4%BE%EF%BC%9C%EF%BC%B3%EF%BC%A7%E3%83%9B%E3%83%BC%E3%83%AB%E3%83%87%E3%82%A3%E3%83%B3%E3%82%B0%E3%82%B9%E3%82%B0%E3%83%AB%E3%83%BC%E3%83%97%EF%BC%9E&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IGBAiEABB~&jid=1561952162&gjid=1420438694&cid=533360133.1566268393&tid=UA-28971784-2&_gid=1477685266.1566268393&z=1540657419 HTTP 307
https://www.google-analytics.com/collect?v=1&_v=j78&a=1524483641&t=pageview&_s=1&dl=http%3A%2F%2Fsagawa.didaishizhicat.website%2Fsagawa-wqp%2F&ul=en-us&de=UTF-8&dt=%E4%BD%90%E5%B7%9D%E6%80%A5%E4%BE%BF%E6%A0%AA%E5%BC%8F%E4%BC%9A%E7%A4%BE%EF%BC%9C%EF%BC%B3%EF%BC%A7%E3%83%9B%E3%83%BC%E3%83%AB%E3%83%87%E3%82%A3%E3%83%B3%E3%82%B0%E3%82%B9%E3%82%B0%E3%83%AB%E3%83%BC%E3%83%97%EF%BC%9E&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IGBAiEABB~&jid=1561952162&gjid=1420438694&cid=533360133.1566268393&tid=UA-28971784-2&_gid=1477685266.1566268393&z=1540657419

88 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
sagawa.didaishizhicat.website/sagawa-wqp/ 30 KB
30 KB 3685ms
246ms Document
text/html 202.182.119.124
Choopa

General

traveljp-dev.s3-ap-northeast-1.amazonaws.com Open in urlscan Pro 52.219.68.131 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

88 Requests

3 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

5 IPs

3 Countries

372 kBTransfer

392 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

88 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

traveljp-dev.s3-ap-northeast-1.amazonaws.com Open in urlscan Pro
52.219.68.131 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

88
Requests

3 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

372 kB
Transfer

392 kB
Size

0
Cookies

88 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!