blogs.jpcert.or.jp Open in urlscan Pro
52.199.127.131 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html
Effective URL:
https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
Submission: On July 30 via api (July 30th 2020, 6:18:27 pm UTC) from US

Summary HTTP 59 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 9 domains to perform 59 HTTP transactions. The main IP is 52.199.127.131, located in Tokyo, Japan and belongs to AMAZON-02, US. The main domain is blogs.jpcert.or.jp.
TLS certificate: Issued by Cybertrust Japan SureServer EV CA G3 on December 19th 2019. Valid for: a year.

This is the only time blogs.jpcert.or.jp was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2600:9000:215... 2600:9000:2156:5400:1f:5f0f:a140:93a1	16509 (AMAZON-02) (AMAZON-02)
1 25	52.199.127.131 52.199.127.131	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:84e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
13	13.113.68.94 13.113.68.94	16509 (AMAZON-02) (AMAZON-02)
6	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
1	13.225.87.2 13.225.87.2	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:81d::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE)
1	52.196.227.230 52.196.227.230	16509 (AMAZON-02) (AMAZON-02)
1 1	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
59	11

1 2600:9000:2156:5400:1f:5f0f:a140:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

blog.jpcert.or.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 52.199.127.131 (Tokyo, Japan) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

blogs.jpcert.or.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:84e5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 13.113.68.94 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-113-68-94.ap-northeast-1.compute.amazonaws.com

movabletype.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.87.2 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-2.fra2.r.cloudfront.net

tracker.iws.vc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.196.227.230 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-196-227-230.ap-northeast-1.compute.amazonaws.com

ws.jpcert.or.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.136 (United States) 1 redirects

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	jpcert.or.jp 2 redirects blog.jpcert.or.jp blogs.jpcert.or.jp ws.jpcert.or.jp	822 KB
13	movabletype.net movabletype.net	1 MB
9	google.com cse.google.com www.google.com clients1.google.com	188 KB
7	twitter.com 1 redirects platform.twitter.com syndication.twitter.com	31 KB
2	google-analytics.com www.google-analytics.com	18 KB
1	googleapis.com www.googleapis.com	39 B
1	iws.vc tracker.iws.vc	1 KB
1	googletagmanager.com www.googletagmanager.com	33 KB
1	cloudflare.com cdnjs.cloudflare.com	7 KB
59	9

	Domain	Requested by
25	blogs.jpcert.or.jp	1 redirects blogs.jpcert.or.jp
13	movabletype.net	blogs.jpcert.or.jp
6	www.google.com	cse.google.com www.google.com
6	platform.twitter.com	blogs.jpcert.or.jp platform.twitter.com
2	cse.google.com	blogs.jpcert.or.jp www.google.com
2	www.google-analytics.com	www.googletagmanager.com blogs.jpcert.or.jp
1	syndication.twitter.com	1 redirects
1	ws.jpcert.or.jp	blogs.jpcert.or.jp
1	clients1.google.com	blogs.jpcert.or.jp
1	www.googleapis.com	blogs.jpcert.or.jp
1	tracker.iws.vc	blogs.jpcert.or.jp
1	www.googletagmanager.com	blogs.jpcert.or.jp
1	cdnjs.cloudflare.com	blogs.jpcert.or.jp
1	blog.jpcert.or.jp	1 redirects
59	14

This site contains links to these domains. Also see Links.

Domain
www.jpcert.or.jp
technet.microsoft.com

Subject Issuer	Validity	Valid
blogs.jpcert.or.jp Cybertrust Japan SureServer EV CA G3	`2019-12-19` - `2021-01-31`	a year	crt.sh
cloudflare.com Cloudflare Inc ECC CA-3	`2020-07-04` - `2021-07-04`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
movabletype.net Amazon	`2020-06-10` - `2021-07-10`	a year	crt.sh
platform.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-28` - `2020-09-01`	a year	crt.sh
widget.ranklet.com Amazon	`2020-04-15` - `2021-05-15`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
ws.jpcert.or.jp Cybertrust Japan SureServer EV CA G3	`2019-12-19` - `2021-01-31`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
Frame ID: 0C96221ACB4E26DC16545CCCDA2D1F94
Requests: 55 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.c4b33f07650267db9f8a72eaac551cac.html?origin=https%3A%2F%2Fblogs.jpcert.or.jp
Frame ID: A47D3BF2FF38072E032BADB6196099A8
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.c4b33f07650267db9f8a72eaac551cac.en.html
Frame ID: 55D9150B9845A0E7ABA5F374FE1A03D5
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.c4b33f07650267db9f8a72eaac551cac.en.html
Frame ID: 1A9B1A6705F58A3FA6DA621BFF5DB824
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: DD30A817621E778E777B00F9FFF18875
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html HTTP 301
http://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html HTTP 301
https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

59
Requests

100 %
HTTPS

54 %
IPv6

9
Domains

14
Subdomains

11
IPs

3
Countries

2502 kB
Transfer

3205 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.jpcert.or.jp/english/
Title:

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/dd759117.aspx
Title: https://technet.microsoft.com/en-us/library/dd759117.aspx

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/dd723693%28v=ws.10%29.aspx
Title: https://technet.microsoft.com/en-us/library/dd723693%28v=ws.10%29.aspx

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html HTTP 301
http://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html HTTP 301
https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 57

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

59 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request windows-commands-abused-by-attackers.html Show response
blogs.jpcert.or.jp/en/2016/01/
Redirect Chain

http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html
http://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

57 KB
13 KB

1824ms
265ms

Document
text/html

52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

b0dc62f6c8d4829804e3824b9f0984a2aa54241b4b4b909010cf639d73748ca1

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

:method: GET
:authority: blogs.jpcert.or.jp
:scheme: https
:path: /en/2016/01/windows-commands-abused-by-attackers.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
server: nginx
date: Thu, 30 Jul 2020 18:18:07 GMT
content-type: text/html; charset=utf-8
content-length: 12849
x-runtime: 0.836916
x-content-type-options: nosniff
x-xss-protection: 1
content-encoding: gzip
accept-ranges: bytes
age: 216409
x-cache: HIT
x-cache-hits: 163
strict-transport-security: max-age=3600;

Redirect headers

Server: nginx
Date: Thu, 30 Jul 2020 18:18:05 GMT
Content-Type: text/html
Content-Length: 356
Connection: keep-alive
Location: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
X-Runtime: 0.011146
ETag: 3ce54dd33a217c43c9837730eb5a0318247a8625
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Accept-Ranges: bytes
Age: 0
X-Cache: MISS

GET
H2 200 styles.css
blogs.jpcert.or.jp/en/common/css/ 37 KB
8 KB 266ms
266ms Stylesheet
text/css 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.jpcert.or.jp/en/common/css/styles.css

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

6f7505af235b3dec440dedfbc35698ffd35372032e9c0122afc003636ea894b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-runtime: 0.314218
date: Thu, 30 Jul 2020 18:18:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
age: 219964
strict-transport-security: max-age=3600;
x-cache: HIT
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 8161
x-xss-protection: 1
x-cache-hits: 605

GET
H2 200 font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 37 KB
7 KB 20ms
19ms Stylesheet
text/css 2606:4700::6810:84e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
Origin: https://blogs.jpcert.or.jp

Response headers

date: Thu, 30 Jul 2020 18:18:07 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 10095027
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 04428b324700000eaf2ea97200000001
served-in-seconds: 0.001
timing-allow-origin: *
last-modified: Thu, 17 May 2018 09:19:53 GMT
server: cloudflare
etag: W/"5afd4939-9226"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5bb11496d9250eaf-FRA
expires: Tue, 20 Jul 2021 18:18:07 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 85 KB
33 KB 45ms
44ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-124034031-1

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d8adcfd60d2851e5b38f2cca66023cdd69b3036eaee1c570237f141eacade6b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:07 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34145
x-xss-protection: 0
last-modified: Thu, 30 Jul 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 30 Jul 2020 18:18:07 GMT

GET
H2 200 logo.svg
blogs.jpcert.or.jp/en/common/images/ 13 KB
4 KB 392ms
391ms Image
image/svg+xml 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/common/images/logo.svg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

8d042ab8b735d4ba2c20cea1328ca07a411cc9b65a7f3da94060f67c89964bb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225396
x-cache: HIT
status: 200
content-length: 4101
x-xss-protection: 1
x-runtime: 0.043994
last-modified: Mon, 15 Oct 2018 07:44:13 GMT
server: nginx
etag: W/"39b1c4fe52911f43f8cd4437eb48a747"
strict-transport-security: max-age=3600;
x-amz-version-id: 161q4VywPHF6Nrxk7hdJrL2R3vuo2.IO
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 318

GET
H2 200 ENCORE_400x400.jpg
movabletype.net/users/shu_tom/ 64 KB
65 KB 1214ms
707ms Image
image/jpeg 13.113.68.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://movabletype.net/users/shu_tom/ENCORE_400x400.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.113.68.94 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-113-68-94.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

7fe1a58ea8b8fdfaca777d67aab3b8c3162591f5370294c693fbf6713b563bee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
last-modified: Wed, 03 Oct 2018 05:27:14 GMT
server: nginx
etag: "e6e4162bb599969e44d37cb379a6db54"
x-frame-options: sameorigin
x-amz-version-id: ZSziZ7mhrWfa6SnVIF9Z5BQnQABGuZ_s
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-type: image/jpeg
content-length: 65659
x-xss-protection: 1

GET
H2 200 figure1-371583e3.png
blogs.jpcert.or.jp/en/.assets/ 18 KB
18 KB 704ms
700ms Image
image/png 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/.assets/figure1-371583e3.png

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dec56511070ffe1c91fde9e9b357d6d60333c1652d13101675e7852ee20558c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
age: 153175
x-cache: HIT
status: 200
content-length: 18265
x-xss-protection: 1
x-runtime: 0.037470
last-modified: Mon, 11 Jun 2018 07:40:01 GMT
server: nginx
etag: "371583e36807536df869ca69033e79e9"
strict-transport-security: max-age=3600;
x-amz-version-id: qq52xBMRLP32L3V16YXt5thoPT8JDlV5
accept-ranges: bytes
content-type: image/png
x-cache-hits: 65

GET
H2 200 figure2-a7ba2ee2.png
blogs.jpcert.or.jp/en/.assets/ 37 KB
38 KB 705ms
701ms Image
image/png 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/.assets/figure2-a7ba2ee2.png

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

44afbf1a81476d9a3f79014c79d172cc1f64f739a2fae8adad7caea959060c2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
age: 153175
x-cache: HIT
status: 200
content-length: 38027
x-xss-protection: 1
x-runtime: 0.040018
last-modified: Mon, 11 Jun 2018 07:40:01 GMT
server: nginx
etag: "a7ba2ee293e26c6c2a21049ae0986c88"
strict-transport-security: max-age=3600;
x-amz-version-id: wVZ.jPZ6tZqStSwCPh6KbmsunF4MUyM8
accept-ranges: bytes
content-type: image/png
x-cache-hits: 63

GET
H2 200 fb_loader.gif
blogs.jpcert.or.jp/en/common/images/ 889 B
1 KB 705ms
701ms Image
image/gif 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/common/images/fb_loader.gif

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

2ec9087635398a0a4f08808b2d5bd3af37542c290314c060303ee3a41e7af6bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
age: 219962
x-cache: HIT
status: 200
content-length: 889
x-xss-protection: 1
x-runtime: 0.035387
last-modified: Wed, 10 Oct 2018 02:47:45 GMT
server: nginx
etag: "86ca4d6e0539b88294cdf7e757b79455"
strict-transport-security: max-age=3600;
x-amz-version-id: XFIFOiobQAYRBYicwI6lIiSou4fs1ZpV
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 269

GET
H2 200 ie_0day-fig1-320wi.png
blogs.jpcert.or.jp/en/.assets/thumbnail/ 23 KB
23 KB 706ms
702ms Image
image/png 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/.assets/thumbnail/ie_0day-fig1-320wi.png

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

882306b79108a31a4a7a446dcb0976c4bba321dbae02b26f3478c8f0ad0e2724

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-runtime: 0.330956
date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
server: nginx
age: 214794
etag: 2f7189880257902ed51c7c496e4c2a08287fd75a
strict-transport-security: max-age=3600;
x-cache: HIT
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 23505
x-xss-protection: 1
x-cache-hits: 242

GET
H2 200 preview-320wi.png
blogs.jpcert.or.jp/en/.assets/thumbnail/ 30 KB
30 KB 705ms
701ms Image
image/png 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/.assets/thumbnail/preview-320wi.png

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

ca4d6ff2400eeb7201d5478c3a41fbfab047940e851a24e311e116c9f94747d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-runtime: 0.239555
date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
server: nginx
age: 153175
etag: 8d7502e3597d63c5d0c1aca90840bfc345bc71d5
strict-transport-security: max-age=3600;
x-cache: HIT
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 30886
x-xss-protection: 1
x-cache-hits: 88

GET
H2 200 fig6-e34f842d-320wi.png
blogs.jpcert.or.jp/en/.assets/thumbnail/ 40 KB
40 KB 706ms
703ms Image
image/png 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/.assets/thumbnail/fig6-e34f842d-320wi.png

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d35bc0c3f0a59b6f0b7a737bc2f8b2ae01bd6ee606394e2e7284d8c621cf0b4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-runtime: 0.385693
date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
server: nginx
age: 153175
etag: 10be55de5420ff8b779275a23ab0224d5d7a286a
strict-transport-security: max-age=3600;
x-cache: HIT
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 40810
x-xss-protection: 1
x-cache-hits: 78

GET
H2 200 fig1_rev-320wi.png
blogs.jpcert.or.jp/en/.assets/thumbnail/ 36 KB
36 KB 706ms
702ms Image
image/png 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/.assets/thumbnail/fig1_rev-320wi.png

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

32d7d6421c163cd08593ccbc8c5791a1871cbc0e6648fcb5ca8530302830e904

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-runtime: 0.221202
date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
server: nginx
age: 153175
etag: 47f5e717e14046a4d6b8120d5f650b76173274e6
strict-transport-security: max-age=3600;
x-cache: HIT
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 36708
x-xss-protection: 1
x-cache-hits: 92

GET
H2 200 06-320wi.jpg
blogs.jpcert.or.jp/en/.assets/thumbnail/ 35 KB
36 KB 706ms
702ms Image
image/jpeg 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/.assets/thumbnail/06-320wi.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

771ea0cf0545b0aad576e6276803112a5586325f6608129379e6789e87509324

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-runtime: 0.232517
date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
server: nginx
age: 190628
etag: 87b9f3037a334fbbfd13d5c827507199af1a5bb4
strict-transport-security: max-age=3600;
x-cache: HIT
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 36171
x-xss-protection: 1
x-cache-hits: 122

GET
H2 200 matsu.png
movabletype.net/users/SHIKAPON/ 579 KB
580 KB 1212ms
706ms Image
image/png 13.113.68.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://movabletype.net/users/SHIKAPON/matsu.png

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.113.68.94 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-113-68-94.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d0777e2e2c6a47608109aa789d1f8769aa6b972da30e0ffaf631a1fefbf31fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Sep 2018 07:36:08 GMT
server: nginx
etag: "f042b8ca8c2df4e375d83530eea4d1b2"
x-frame-options: sameorigin
x-amz-version-id: 4CqEq9yloEXP.7_Aa3yLht9hpURhskiF
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-type: image/png
content-length: 593069
x-xss-protection: 1

GET
H2 200 default-userpic-90.jpg
blogs.jpcert.or.jp/en/common/images/ 634 B
952 B 707ms
704ms Image
image/jpeg 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/common/images/default-userpic-90.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

bff0831e53ffe4da0fc58d076aafffae2e6f46b7210f7f2d08c2b88c53304fe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
age: 225396
x-cache: HIT
status: 200
content-length: 634
x-xss-protection: 1
x-runtime: 0.043522
last-modified: Wed, 10 Oct 2018 02:47:45 GMT
server: nginx
etag: "5a94d27506940168f6de59eb32f920dc"
strict-transport-security: max-age=3600;
x-amz-version-id: cvKxzH1sRPCcLQGoOxVYQ0b022LdZENQ
accept-ranges: bytes
content-type: image/jpeg
x-cache-hits: 316

GET
H2 200 %E5%9B%B33.jpg
movabletype.net/users/t-tani/ 40 KB
40 KB 1212ms
706ms Image
image/jpeg 13.113.68.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://movabletype.net/users/t-tani/%E5%9B%B33.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.113.68.94 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-113-68-94.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

64cec13428539367c4faec8822cbf9862bdbb9a08ba572988556da37ddd3485e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 04 Oct 2018 00:15:34 GMT
server: nginx
etag: "0eba04c0f36f76f6bd6e417debc2326d"
x-frame-options: sameorigin
x-amz-version-id: 11u5GVyILSsbudv9.pBE_6Ng6N10n53F
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-type: image/jpeg
content-length: 40958
x-xss-protection: 1

GET
H2 200 Q6VN1jSR_400x400.jpg
movabletype.net/users/reto/ 61 KB
62 KB 771ms
266ms Image
image/jpeg 13.113.68.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://movabletype.net/users/reto/Q6VN1jSR_400x400.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.113.68.94 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-113-68-94.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

23fd61c6a9f5a2c1d58d42eebce6f72a1e0838eafcd8adb349ee85b1024db128

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
last-modified: Wed, 25 Mar 2020 01:50:50 GMT
server: nginx
etag: "0280c12bed1fc39e5dd1ace0986264ab"
x-frame-options: sameorigin
x-amz-version-id: 5CyHQUgE0cDtK5ZBTTH8nuPiZLj4rNoJ
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-type: image/jpeg
content-length: 62701
x-xss-protection: 1

GET
H2 200 profile_icon.png
movabletype.net/users/ikuya/ 209 KB
210 KB 1211ms
705ms Image
image/png 13.113.68.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://movabletype.net/users/ikuya/profile_icon.png

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.113.68.94 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-113-68-94.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

10de10394a37304a0c94242badee67380313edf5d99f963126c0660f7115315f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 04 Apr 2019 03:31:39 GMT
server: nginx
etag: "0ff73c7fe128b36457b0d8d582689949"
x-frame-options: sameorigin
x-amz-version-id: 6aNgdxXWGy8r9Je1nvYiwKC3aPMq0TOL
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-type: image/png
content-length: 214306
x-xss-protection: 1

GET
H2 200 ike_img.jpg
movabletype.net/users/ikegami/ 46 KB
46 KB 1212ms
706ms Image
image/jpeg 13.113.68.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://movabletype.net/users/ikegami/ike_img.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.113.68.94 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-113-68-94.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

5d0d69aee7386eb452aca4aa8288de99b0abbc608dccf9b7e197e438cd3d929f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
last-modified: Wed, 04 Mar 2020 05:57:32 GMT
server: nginx
etag: "91733a2370c76f58a1db7ff3cd839530"
x-frame-options: sameorigin
x-amz-version-id: Qnp9v4iP7gVIjFG41Zaqu9FXD04YxBDU
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-type: image/jpeg
content-length: 46968
x-xss-protection: 1

GET
H2 200 %E6%A3%AE%E5%85%8B%E5%AE%8F01.jpg
movabletype.net/users/Moris/ 47 KB
47 KB 378ms
375ms Image
image/jpeg 13.113.68.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://movabletype.net/users/Moris/%E6%A3%AE%E5%85%8B%E5%AE%8F01.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.113.68.94 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-113-68-94.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

804afe127417cbc717f1a0952947d3b90c6b69d50562b7a70eeb846f9607c843

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:09 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Dec 2018 00:01:12 GMT
server: nginx
etag: "c9528b4d6adcbac6ab4abe79ff7c50d6"
x-frame-options: sameorigin
x-amz-version-id: ZIuh5TWM0x4Y0J8PhEJOh2nSC7N1C03u
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-type: image/jpeg
content-length: 47869
x-xss-protection: 1

GET
H2 200 photo_sparky_small.jpg
movabletype.net/users/kkomiyama/ 94 KB
95 KB 566ms
563ms Image
image/jpeg 13.113.68.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://movabletype.net/users/kkomiyama/photo_sparky_small.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.113.68.94 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-113-68-94.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

90bfb0ff383c74405328fce0fcfa8544f0a8549f9d3d18c3245dd8fb54f6a65e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:09 GMT
x-content-type-options: nosniff
last-modified: Wed, 03 Oct 2018 05:08:05 GMT
server: nginx
etag: "b97364fc77ea6e5b13cb43a6a4be63bf"
x-frame-options: sameorigin
x-amz-version-id: OEfSIkB0RGovJcaXq6G39aw4RboYWtHl
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-type: image/jpeg
content-length: 96469
x-xss-protection: 1

GET
H2 200 image-992ce083-832a-45c5-a3d8-5922b68506a7.jpg
movabletype.net/users/kino/ 81 KB
82 KB 377ms
374ms Image
image/jpeg 13.113.68.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://movabletype.net/users/kino/image-992ce083-832a-45c5-a3d8-5922b68506a7.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.113.68.94 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-113-68-94.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d025d624352f8a6ceec63d1be3f7513b4874d370d224a3011620d20c03276e2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:09 GMT
x-content-type-options: nosniff
last-modified: Wed, 19 Feb 2020 02:36:54 GMT
server: nginx
etag: "e1c0b0f3e14981fa62431e8e3dee6b24"
x-frame-options: sameorigin
x-amz-version-id: rm7cfsZ5Ce6oLWec3yfNemazc91RQBCq
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-type: image/jpeg
content-length: 83292
x-xss-protection: 1

GET
H2 200 14190908.jpg
movabletype.net/users/uchida/ 56 KB
56 KB 376ms
374ms Image
image/jpeg 13.113.68.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://movabletype.net/users/uchida/14190908.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.113.68.94 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-113-68-94.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

23e6d93452a4c0db3f01dfcdcef099dfe3e9861eb3b03ea07ae1878d63b7d412

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:09 GMT
x-content-type-options: nosniff
last-modified: Wed, 14 Nov 2018 02:44:17 GMT
server: nginx
etag: "27bdb7b931ee101c812d31c210c562ee"
x-frame-options: sameorigin
x-amz-version-id: xSjrABhuC5_UsXL2kH2LUKWQ_9rQM.jm
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-type: image/jpeg
content-length: 57308
x-xss-protection: 1

GET
H2 200 Sajo0191031.jpg
movabletype.net/users/sajo/ 42 KB
42 KB 376ms
373ms Image
image/jpeg 13.113.68.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://movabletype.net/users/sajo/Sajo0191031.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.113.68.94 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-113-68-94.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

830ae81a7374748dc123821adcb7c0548ba35d4f16b74c234aa8a0dba1729960

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:09 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Dec 2019 04:26:56 GMT
server: nginx
etag: "46a715f26415fd287dd8d636e655227a"
x-frame-options: sameorigin
x-amz-version-id: nK1wfC4U_YAKdNPjnfFNOz6hYlZz6Hwo
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-type: image/jpeg
content-length: 42964
x-xss-protection: 1

GET
H2 200 tapioka_square.jpg
movabletype.net/users/tnakano/ 46 KB
46 KB 377ms
374ms Image
image/jpeg 13.113.68.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://movabletype.net/users/tnakano/tapioka_square.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.113.68.94 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-113-68-94.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

752698671cfdeb9627f1da8483f81409478f57acead2d3e095bf143c45f52824

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:09 GMT
x-content-type-options: nosniff
last-modified: Thu, 21 Nov 2019 02:53:11 GMT
server: nginx
etag: "433c1d826d8291862f7481d745373779"
x-frame-options: sameorigin
x-amz-version-id: kiQ0d_vSYhSEBbSovY_qd02f4n3BVUqq
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-type: image/jpeg
content-length: 46837
x-xss-protection: 1

GET
H2 200 j_icon72_400x400.jpg
movabletype.net/users/retiree_blog/ 29 KB
30 KB 377ms
375ms Image
image/jpeg 13.113.68.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://movabletype.net/users/retiree_blog/j_icon72_400x400.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.113.68.94 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-113-68-94.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

92f1bc2e6be6094ffa0bd7ba2538fb71e6aadfd481c2b762c35a4b5559380a6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:09 GMT
x-content-type-options: nosniff
last-modified: Thu, 04 Oct 2018 05:28:49 GMT
server: nginx
etag: "0678b8fce84b34cf896501f2e5bd184a"
x-frame-options: sameorigin
x-amz-version-id: fP9rPqYkUqVXLZFK4aYyKZ4lsm.JbgHp
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ranges: bytes
content-type: image/jpeg
content-length: 29768
x-xss-protection: 1

GET
H2 200 widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 99ms
34ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 99ab6fd805e3873aa0a5adedd4b27e9c74becff9cd70b5ae1e96d420379736b0

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 28903
x-served-by: cache-bwi5130-BWI, cache-hhn4049-HHN
last-modified: Tue, 30 Jun 2020 18:28:19 GMT
etag: "39da0b876a64ee1b6bc99d214750b9f3+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1800
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 prototype.js Show response
blogs.jpcert.or.jp/en/common/js/ 168 KB
49 KB 266ms
265ms Script
application/javascript 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.jpcert.or.jp/en/common/js/prototype.js

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d0496587eb0e1b42d3614c76d3e0a76290f7a5139940cc2cd8c195cbcab39b37

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208722
x-cache: HIT
status: 200
content-length: 49352
x-xss-protection: 1
x-runtime: 0.039978
last-modified: Wed, 10 Oct 2018 02:47:45 GMT
server: nginx
etag: W/"c052d39fe57096c11105495ae5eaa363"
strict-transport-security: max-age=3600;
x-amz-version-id: HVNtZJ3lYxtUPF6zIk7.q6Oi51V47gPA
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 404

GET
H2 200 script.js Show response
blogs.jpcert.or.jp/en/common/feedback/ 6 KB
3 KB 704ms
700ms Script
application/javascript 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.jpcert.or.jp/en/common/feedback/script.js

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

64871e8b15628e5023849cfadc90ec6482233a8260fb39d32458e94ebfbc5de5

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208722
x-cache: HIT
status: 200
content-length: 2556
x-xss-protection: 1
x-runtime: 0.048470
last-modified: Wed, 10 Oct 2018 02:47:44 GMT
server: nginx
etag: W/"95fc36ba90d76fcaacd9b49a254fd6a5"
strict-transport-security: max-age=3600;
x-amz-version-id: wwPZM_6pJmGDfm9m3_nzyXbFFQs9Gko5
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
x-cache-hits: 402

GET
H2 200 widget.js Show response
tracker.iws.vc/v1/ranklet/s3/widgets/10936/ 5 KB
1 KB 850ms
611ms Script
application/javascript 13.225.87.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracker.iws.vc/v1/ranklet/s3/widgets/10936/widget.js
Requested by: Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.2 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-2.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 157300b4275b011b44359e6dfb18f8e3ee623c7a7c9b7d94f07e03904599b197

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:09 GMT
content-encoding: gzip
x-amz-expiration: expiry-date="Sun, 30 Aug 2020 00:00:00 GMT", rule-id="DeleteAtExpired"
last-modified: Thu, 30 Jul 2020 15:01:31 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: max-age=600
x-amz-cf-id: jE9K2JYad3iaEkWdfkabFKOgawfWDrM0nB11KP0qUwNskMtyeYd9Ig==
via: 1.1 04ce5a607a98db6d08257633417b84d7.cloudfront.net (CloudFront)

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-124034031-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 6267
date: Thu, 30 Jul 2020 16:33:41 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Thu, 30 Jul 2020 18:33:41 GMT

GET
H2 200 bg_header.jpg
blogs.jpcert.or.jp/en/common/images/ 79 KB
80 KB 703ms
703ms Image
image/jpeg 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/common/images/bg_header.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

261c7d35b8070f9e07d90aec18fe37b29b78e49cbbdb13c279efda50dc92cbfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/common/css/styles.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
age: 219963
x-cache: HIT
status: 200
content-length: 81378
x-xss-protection: 1
x-runtime: 0.064467
last-modified: Wed, 10 Oct 2018 02:47:45 GMT
server: nginx
etag: "36b8b54cd6c4d3cedb6f1fab7973bd13"
strict-transport-security: max-age=3600;
x-amz-version-id: 2MAhv9pnOt1N_1mR3KZ98uG9P9SVLunY
accept-ranges: bytes
content-type: image/jpeg
x-cache-hits: 317

GET
H2 200 icon-mail.svg
blogs.jpcert.or.jp/en/common/images/ 334 B
601 B 703ms
703ms Image
image/svg+xml 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/common/images/icon-mail.svg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

eba8d7f3703d70c73f3403a2754b3b41c92e4aeaaabdbdd417585bfefd49eec3

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/common/css/styles.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208722
x-cache: HIT
status: 200
content-length: 263
x-xss-protection: 1
x-runtime: 0.037319
last-modified: Wed, 10 Oct 2018 02:47:45 GMT
server: nginx
etag: W/"cdfcff7746225765d03d1b1fe8135ca9"
strict-transport-security: max-age=3600;
x-amz-version-id: 6Ma0LQpNgcZ2mlDFVSH83o_OxRI4qAps
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 254

GET
H2 200 quote.svg
blogs.jpcert.or.jp/en/common/images/ 381 B
601 B 702ms
702ms Image
image/svg+xml 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/common/images/quote.svg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

241cc0f0b866984fd1c6874a6db607503ba7b8204bb8c167a7336730874f8e57

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/common/css/styles.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 169600
x-cache: HIT
status: 200
content-length: 264
x-xss-protection: 1
x-runtime: 0.054368
last-modified: Wed, 10 Oct 2018 02:47:45 GMT
server: nginx
etag: W/"d2daa3ace552a153de2654560d7c2924"
strict-transport-security: max-age=3600;
x-amz-version-id: A8mkIHs1Mx0RacX6k6P0jO4bip1ldDKR
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 90

GET
H2 200 quote_end.svg
blogs.jpcert.or.jp/en/common/images/ 387 B
588 B 702ms
702ms Image
image/svg+xml 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/common/images/quote_end.svg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

b5deb1e73fd57c9fd08b798106fbbfcc1d9c7a7d536cc3237e02f46f4a4e55bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/common/css/styles.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187579
x-cache: HIT
status: 200
content-length: 250
x-xss-protection: 1
x-runtime: 0.051271
last-modified: Wed, 10 Oct 2018 02:47:45 GMT
server: nginx
etag: W/"73ab44f3aaa29d9ca5b2cd49d51fe068"
strict-transport-security: max-age=3600;
x-amz-version-id: z63kfknrDCAaFJv5oLpCCXSTQnrQuvl0
accept-ranges: bytes
content-type: image/svg+xml
x-cache-hits: 99

GET
H2 200 cse.js Show response
cse.google.com/ 7 KB
4 KB 66ms
44ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=004990004422359256493:nnhwqqlx864

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

b5ee79236895260cbe2854ec99ba50d09b45fce98f4dc6f15b522f3491a521c1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:08 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2929
x-xss-protection: 0
expires: Thu, 30 Jul 2020 18:18:08 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
108 B 13ms
13ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=1220505496&t=pageview&_s=1&dl=https%3A%2F%2Fblogs.jpcert.or.jp%2Fen%2F2016%2F01%2Fwindows-commands-abused-by-attackers.html&ul=en-us&de=UTF-8&dt=Windows%20Commands%20Abused%20by%20Attackers%20-%20JPCERT%2FCC%20Eyes%20%7C%20JPCERT%20Coordination%20Center%20official%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1323116134&gjid=65037&cid=1065935951.1596133088&tid=UA-124034031-1&_gid=997313584.1596133088&_r=1&gtm=2ou7m1&z=459036197

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Jul 2020 18:18:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cse_element__ja.js Show response
www.google.com/cse/static/element/26b8d00a7c7a0812/ 261 KB
87 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/26b8d00a7c7a0812/cse_element__ja.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=004990004422359256493:nnhwqqlx864

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

228ed068552f34bfc9b9f3a498503f47e6e9f2ae9d1d3489aaa334738a460fcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 21 Jul 2020 16:04:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 Jul 2020 13:27:13 GMT
server: sffe
age: 785591
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88770
x-xss-protection: 0
expires: Wed, 21 Jul 2021 16:04:57 GMT

GET
H2 200 default+ja.css
www.google.com/cse/static/element/26b8d00a7c7a0812/ 40 KB
9 KB 8ms
7ms Stylesheet
text/css 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/26b8d00a7c7a0812/default+ja.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=004990004422359256493:nnhwqqlx864

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8b2484fa9a9b136b9eb56c1d2b3bfdacd1c8970acf325585235aa35b16fc010a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 28 Jul 2020 23:18:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 Jul 2020 13:27:13 GMT
server: sffe
age: 154789
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8947
x-xss-protection: 0
expires: Wed, 28 Jul 2021 23:18:19 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=004990004422359256493:nnhwqqlx864

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 17:30:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
age: 2855
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
expires: Thu, 30 Jul 2020 18:20:33 GMT

GET
H2 200 widget_iframe.c4b33f07650267db9f8a72eaac551cac.html
platform.twitter.com/widgets/ Frame A47D 0
0 34ms
33ms Document
text/html 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.c4b33f07650267db9f8a72eaac551cac.html?origin=https%3A%2F%2Fblogs.jpcert.or.jp
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /widgets/widget_iframe.c4b33f07650267db9f8a72eaac551cac.html?origin=https%3A%2F%2Fblogs.jpcert.or.jp
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Response headers

status: 200
last-modified: Tue, 30 Jun 2020 18:26:55 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "9fa476ae827f556d5b037fe43632370d+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Thu, 30 Jul 2020 18:18:09 GMT
x-served-by: cache-bwi5121-BWI, cache-hhn4049-HHN
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 5825

GET
H2 200 fb_loader.gif
blogs.jpcert.or.jp/common/feedback/images/ 4 KB
4 KB 266ms
265ms Image
image/gif 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/common/feedback/images/fb_loader.gif

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

684476872d3b64b3fbb972c14b1d21d4bde8b6c8074a644f93e234764f542ffd

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:09 GMT
x-content-type-options: nosniff
age: 228076
x-cache: HIT
status: 200
content-length: 3917
x-xss-protection: 1
x-runtime: 0.036998
last-modified: Thu, 11 Oct 2018 01:29:26 GMT
server: nginx
etag: "2acb729ed298b6a3f2455e651bb5d876"
strict-transport-security: max-age=3600;
x-amz-version-id: I6a0fWcIOaBep_qp4E5lMpDcNpj1Cinh
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 4216

GET
H2 200 async-ads.js Show response
cse.google.com/adsense/search/ 180 KB
62 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/26b8d00a7c7a0812/cse_element__ja.js?usqp=CAI%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e3b74c0e2d72e840efd9c6455209139ef247d3a6b7f590fe762c1e27150e37a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "10066133874600773772"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Thu, 30 Jul 2020 18:18:09 GMT

GET
H2 200 clear.png
www.google.com/cse/static/css/v2/ 1018 B
1 KB 6ms
6ms Image
image/png 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/css/v2/clear.png

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/26b8d00a7c7a0812/cse_element__ja.js?usqp=CAI%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/cse/static/element/26b8d00a7c7a0812/default+ja.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 16 Jul 2020 20:57:01 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 1200068
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1018
x-xss-protection: 0
expires: Fri, 16 Jul 2021 20:57:01 GMT

GET
H2 200 branding.png
www.google.com/cse/static/images/1x/ja/ 1 KB
1 KB 6ms
6ms Image
image/png 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/ja/branding.png

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/26b8d00a7c7a0812/cse_element__ja.js?usqp=CAI%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 15 Jul 2020 20:18:10 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 1288799
content-type: image/png
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1372
x-xss-protection: 0
expires: Thu, 15 Jul 2021 20:18:10 GMT

GET
H2 200 nav_logo114.png
www.google.com/images/ 22 KB
23 KB 6ms
6ms Image
image/png 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/nav_logo114.png

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/26b8d00a7c7a0812/cse_element__ja.js?usqp=CAI%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b280b516f629c540111e06cfbb9767dd4f257e143583ee31868a1503f9836c24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/cse/static/element/26b8d00a7c7a0812/default+ja.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 27 Jul 2020 00:38:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
age: 322800
content-type: image/png
status: 200
cache-control: public, max-age=691200
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23010
x-xss-protection: 0
expires: Tue, 04 Aug 2020 00:38:09 GMT

GET
H2 204 generate_204
www.googleapis.com/ 0
39 B 8ms
5ms Image
text/plain 2a00:1450:4001:820::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googleapis.com/generate_204
Requested by: Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Thu, 30 Jul 2020 18:18:09 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 204 generate_204
clients1.google.com/ 0
39 B 8ms
5ms Image
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Thu, 30 Jul 2020 18:18:09 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 fig1-ffd31573-800wi.png
blogs.jpcert.or.jp/en/.assets/thumbnail/ 20 KB
21 KB 267ms
266ms Image
image/png 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/.assets/thumbnail/fig1-ffd31573-800wi.png

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

90faf065fbf1b2385da4f673533c37b5e0160f1e09f261625b87e250de51bfb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-runtime: 0.174471
date: Thu, 30 Jul 2020 18:18:09 GMT
x-content-type-options: nosniff
server: nginx
age: 225395
etag: 6be6c328a83004eb30266be8bc27e86fba520e42
strict-transport-security: max-age=3600;
x-cache: HIT
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 20827
x-xss-protection: 1
x-cache-hits: 396

GET
H2 200 03-800wi.jpg
blogs.jpcert.or.jp/en/.assets/thumbnail/ 28 KB
29 KB 269ms
269ms Image
image/jpeg 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/.assets/thumbnail/03-800wi.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

36c7a9847ef0e54761e232315626f6a2aa459a6c90e2432b48d85c25a7a05da4

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-runtime: 0.256551
date: Thu, 30 Jul 2020 18:18:09 GMT
x-content-type-options: nosniff
server: nginx
age: 225395
etag: 1d09860ed340872317e4cc436b0a154addc3875e
strict-transport-security: max-age=3600;
x-cache: HIT
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 28895
x-xss-protection: 1
x-cache-hits: 392

GET
H2 200 07-800wi.jpg
blogs.jpcert.or.jp/en/.assets/thumbnail/ 160 KB
161 KB 270ms
270ms Image
image/jpeg 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/.assets/thumbnail/07-800wi.jpg

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e4b7b2f9d33361a7dfa00d0a4f0732fe98318822001c0326c2bec4d10575a765

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-runtime: 0.565935
date: Thu, 30 Jul 2020 18:18:09 GMT
x-content-type-options: nosniff
server: nginx
age: 49337
etag: 0c2308b37f21b1671f597a9f20fca4c7732b1367
strict-transport-security: max-age=3600;
x-cache: HIT
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 164266
x-xss-protection: 1
x-cache-hits: 134

GET
H2 200 lodeinfo_version-800wi.png
blogs.jpcert.or.jp/en/.assets/thumbnail/ 5 KB
6 KB 516ms
515ms Image
image/png 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/.assets/thumbnail/lodeinfo_version-800wi.png

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

546eeca960c52f5bc938b2919cfe06fbb416624cf5aa6c9fe4dc4736843eb31b

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-runtime: 0.109437
date: Thu, 30 Jul 2020 18:18:09 GMT
x-content-type-options: nosniff
server: nginx
age: 216214
etag: d147e376f42c77080da49f6ea4e3faaf62ef32cb
strict-transport-security: max-age=3600;
x-cache: HIT
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 5589
x-xss-protection: 1
x-cache-hits: 247

GET
H2 200 04-800wi.png
blogs.jpcert.or.jp/en/.assets/thumbnail/ 218 KB
219 KB 515ms
515ms Image
image/png 52.199.127.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.jpcert.or.jp/en/.assets/thumbnail/04-800wi.png

Requested by

Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.199.127.131 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-199-127-131.ap-northeast-1.compute.amazonaws.com

Software

nginx /

Resource Hash

0a4e735cb2140940669acc7732e14a2b3533bbbfdf9c345f884b7d2b0851faa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-runtime: 0.461057
date: Thu, 30 Jul 2020 18:18:09 GMT
x-content-type-options: nosniff
server: nginx
age: 35766
etag: cfa1eabdf3a20badeb4f0bb0643c4d7ad45a48a0
strict-transport-security: max-age=3600;
x-cache: HIT
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 223060
x-xss-protection: 1
x-cache-hits: 127

GET
H/1.1 200
OK get_feedback_jsonp.cgi Show response
ws.jpcert.or.jp/cgi-bin/ 156 B
387 B 1698ms
277ms Script
application/javascript 52.196.227.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.jpcert.or.jp/cgi-bin/get_feedback_jsonp.cgi?uri=/en/2016/01/windows-commands-abused-by-attackers.html&_d=1596133089137
Requested by: Host: blogs.jpcert.or.jp
URL: https://blogs.jpcert.or.jp/en/common/feedback/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.196.227.230 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-196-227-230.ap-northeast-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 57a0e994f4da956df8cc6d88a799c664a3bcd6db3a6499d491fb267a1953af7d

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Upgrade: h2,h2c
Date: Thu, 30 Jul 2020 18:18:10 GMT
Server: Apache
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: application/javascript

GET
H2 200 button.1378e6a69a23712ca26755ee3c4084b4.js Show response
platform.twitter.com/js/ 7 KB
2 KB 32ms
31ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.1378e6a69a23712ca26755ee3c4084b4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 01066facadb03ef32ef7506b3dcc6144c8e9da7896c3af0bac25f4b853022b9a

Request headers

Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 30 Jul 2020 18:18:09 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 2297
x-served-by: cache-bwi5121-BWI, cache-hhn4049-HHN
last-modified: Tue, 30 Jun 2020 18:26:44 GMT
etag: "16a79eba6d08d31b4b3b907d174f7f97+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 tweet_button.c4b33f07650267db9f8a72eaac551cac.en.html
platform.twitter.com/widgets/ Frame 55D9 0
0 32ms
32ms Document
text/html 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.c4b33f07650267db9f8a72eaac551cac.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /widgets/tweet_button.c4b33f07650267db9f8a72eaac551cac.en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Response headers

status: 200
last-modified: Tue, 30 Jun 2020 18:26:52 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "b3b326d9f663b84a8f3c6ca3e30a769a+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Thu, 30 Jul 2020 18:18:09 GMT
x-served-by: cache-bwi5141-BWI, cache-hhn4049-HHN
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 12297

GET
H2 200 tweet_button.c4b33f07650267db9f8a72eaac551cac.en.html
platform.twitter.com/widgets/ Frame 1A9B 0
0 36ms
36ms Document
text/html 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.c4b33f07650267db9f8a72eaac551cac.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /widgets/tweet_button.c4b33f07650267db9f8a72eaac551cac.en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blogs.jpcert.or.jp/en/2016/01/windows-commands-abused-by-attackers.html

Response headers

status: 200
last-modified: Tue, 30 Jun 2020 18:26:52 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "b3b326d9f663b84a8f3c6ca3e30a769a+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Thu, 30 Jul 2020 18:18:09 GMT
x-served-by: cache-bwi5141-BWI, cache-hhn4049-HHN
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 12297

GET
H2

200

jot.html
platform.twitter.com/ Frame DD30
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

0
0

33ms
32ms

Document
text/html

151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /jot.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://blogs.jpcert.or.jp
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
last-modified: Tue, 30 Jun 2020 18:28:19 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "d9592a6c704736fa4da218d4357976dd+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Thu, 30 Jul 2020 18:18:09 GMT
x-served-by: cache-bwi5120-BWI, cache-hhn4049-HHN
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 95

Redirect headers

status: 302 302 Found
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 0
content-type: text/html;charset=utf-8
date: Thu, 30 Jul 2020 18:18:09 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Thu, 30 Jul 2020 18:18:09 GMT
location: https://platform.twitter.com/jot.html
pragma: no-cache
server: tsa_f
strict-transport-security: max-age=631138519
x-connection-hash: f0b1e48f1f7393392fc9c5289d849813
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 115
x-transaction: 00a9f9b400cc1292
x-tsa-request-body-time: 0
x-twitter-response-tags: BouncerCompliant
x-xss-protection: 0

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=3600;
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.jpcert.or.jp
blogs.jpcert.or.jp
cdnjs.cloudflare.com
clients1.google.com
cse.google.com
movabletype.net
platform.twitter.com
syndication.twitter.com
tracker.iws.vc
ws.jpcert.or.jp
www.google-analytics.com
www.google.com
www.googleapis.com
www.googletagmanager.com
104.244.42.136
13.113.68.94
13.225.87.2
151.101.112.157
2600:9000:2156:5400:1f:5f0f:a140:93a1
2606:4700::6810:84e5
2a00:1450:4001:802::200e
2a00:1450:4001:808::200e
2a00:1450:4001:80b::2008
2a00:1450:4001:81d::2004
2a00:1450:4001:820::200a
52.196.227.230
52.199.127.131
01066facadb03ef32ef7506b3dcc6144c8e9da7896c3af0bac25f4b853022b9a
0a4e735cb2140940669acc7732e14a2b3533bbbfdf9c345f884b7d2b0851faa4
10de10394a37304a0c94242badee67380313edf5d99f963126c0660f7115315f
157300b4275b011b44359e6dfb18f8e3ee623c7a7c9b7d94f07e03904599b197
228ed068552f34bfc9b9f3a498503f47e6e9f2ae9d1d3489aaa334738a460fcd
23e6d93452a4c0db3f01dfcdcef099dfe3e9861eb3b03ea07ae1878d63b7d412
23fd61c6a9f5a2c1d58d42eebce6f72a1e0838eafcd8adb349ee85b1024db128
241cc0f0b866984fd1c6874a6db607503ba7b8204bb8c167a7336730874f8e57
261c7d35b8070f9e07d90aec18fe37b29b78e49cbbdb13c279efda50dc92cbfe
2ec9087635398a0a4f08808b2d5bd3af37542c290314c060303ee3a41e7af6bd
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
32d7d6421c163cd08593ccbc8c5791a1871cbc0e6648fcb5ca8530302830e904
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
36c7a9847ef0e54761e232315626f6a2aa459a6c90e2432b48d85c25a7a05da4
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
44afbf1a81476d9a3f79014c79d172cc1f64f739a2fae8adad7caea959060c2e
546eeca960c52f5bc938b2919cfe06fbb416624cf5aa6c9fe4dc4736843eb31b
57a0e994f4da956df8cc6d88a799c664a3bcd6db3a6499d491fb267a1953af7d
5d0d69aee7386eb452aca4aa8288de99b0abbc608dccf9b7e197e438cd3d929f
64871e8b15628e5023849cfadc90ec6482233a8260fb39d32458e94ebfbc5de5
64cec13428539367c4faec8822cbf9862bdbb9a08ba572988556da37ddd3485e
684476872d3b64b3fbb972c14b1d21d4bde8b6c8074a644f93e234764f542ffd
6f7505af235b3dec440dedfbc35698ffd35372032e9c0122afc003636ea894b4
752698671cfdeb9627f1da8483f81409478f57acead2d3e095bf143c45f52824
771ea0cf0545b0aad576e6276803112a5586325f6608129379e6789e87509324
7fe1a58ea8b8fdfaca777d67aab3b8c3162591f5370294c693fbf6713b563bee
804afe127417cbc717f1a0952947d3b90c6b69d50562b7a70eeb846f9607c843
830ae81a7374748dc123821adcb7c0548ba35d4f16b74c234aa8a0dba1729960
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
882306b79108a31a4a7a446dcb0976c4bba321dbae02b26f3478c8f0ad0e2724
8b2484fa9a9b136b9eb56c1d2b3bfdacd1c8970acf325585235aa35b16fc010a
8d042ab8b735d4ba2c20cea1328ca07a411cc9b65a7f3da94060f67c89964bb1
90bfb0ff383c74405328fce0fcfa8544f0a8549f9d3d18c3245dd8fb54f6a65e
90faf065fbf1b2385da4f673533c37b5e0160f1e09f261625b87e250de51bfb8
92f1bc2e6be6094ffa0bd7ba2538fb71e6aadfd481c2b762c35a4b5559380a6d
99ab6fd805e3873aa0a5adedd4b27e9c74becff9cd70b5ae1e96d420379736b0
9e3b74c0e2d72e840efd9c6455209139ef247d3a6b7f590fe762c1e27150e37a
b0dc62f6c8d4829804e3824b9f0984a2aa54241b4b4b909010cf639d73748ca1
b280b516f629c540111e06cfbb9767dd4f257e143583ee31868a1503f9836c24
b5deb1e73fd57c9fd08b798106fbbfcc1d9c7a7d536cc3237e02f46f4a4e55bd
b5ee79236895260cbe2854ec99ba50d09b45fce98f4dc6f15b522f3491a521c1
bff0831e53ffe4da0fc58d076aafffae2e6f46b7210f7f2d08c2b88c53304fe8
ca4d6ff2400eeb7201d5478c3a41fbfab047940e851a24e311e116c9f94747d1
d025d624352f8a6ceec63d1be3f7513b4874d370d224a3011620d20c03276e2e
d0496587eb0e1b42d3614c76d3e0a76290f7a5139940cc2cd8c195cbcab39b37
d0777e2e2c6a47608109aa789d1f8769aa6b972da30e0ffaf631a1fefbf31fd4
d35bc0c3f0a59b6f0b7a737bc2f8b2ae01bd6ee606394e2e7284d8c621cf0b4d
d8adcfd60d2851e5b38f2cca66023cdd69b3036eaee1c570237f141eacade6b7
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
dec56511070ffe1c91fde9e9b357d6d60333c1652d13101675e7852ee20558c7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b7b2f9d33361a7dfa00d0a4f0732fe98318822001c0326c2bec4d10575a765
eba8d7f3703d70c73f3403a2754b3b41c92e4aeaaabdbdd417585bfefd49eec3
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

blogs.jpcert.or.jp Open in urlscan Pro 52.199.127.131 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

59 Requests

100 %HTTPS

54 %IPv6

9 Domains

14 Subdomains

11 IPs

3 Countries

2502 kBTransfer

3205 kBSize

0 Cookies

3 Outgoing links

Page URL History

Redirected requests

59 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blogs.jpcert.or.jp Open in urlscan Pro
52.199.127.131 Public Scan

Screenshot
Live screenshot

Full Image

59
Requests

100 %
HTTPS

54 %
IPv6

9
Domains

14
Subdomains

11
IPs

3
Countries

2502 kB
Transfer

3205 kB
Size

0
Cookies

59 HTTP transactions
0 data transactions