urlscan.io logo urlscan.io
SecurityTrails logo

insight-jp.nttsecurity.com Open in urlscan Pro
52.211.110.78  Public Scan

Go To Rescan Add Verdict Report
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Submission: On December 30 via api from US — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 17 IPs in 5 countries across 13 domains to perform 64 HTTP transactions. The main IP is 52.211.110.78, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is insight-jp.nttsecurity.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on December 20th 2021. Valid for: a year.
This is the only time insight-jp.nttsecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

3    52.211.110.78 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-110-78.eu-west-1.compute.amazonaws.com
insight-jp.nttsecurity.com
clientapi.passle.net
18    13.225.163.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-163-40.nrt12.r.cloudfront.net
dukb55syzud3u.cloudfront.net
10    52.217.38.100 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
passle-net.s3.amazonaws.com
9    2600:9000:2066:800:12:c58f:700:93a1 (United States)

ASN16509 (AMAZON-02, US)
images.passle.net
2    13.249.171.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-171-53.nrt12.r.cloudfront.net
sdk.passle.net
1    2404:6800:4004:824::2008 (Australia)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2404:6800:4004:818::200a (Australia)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    13.251.181.147 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-251-181-147.ap-southeast-1.compute.amazonaws.com
seal.digicert.com
1    2404:6800:4004:812::2003 (Australia)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
6    18.213.28.190 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-213-28-190.compute-1.amazonaws.com
www.passle.net
2    2606:2800:248:2f:1d8a:787:dc7:17df (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
3    65.9.29.149 (Altamonte Springs, United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-29-149.nrt12.r.cloudfront.net
d14tqcyg1o920w.cloudfront.net
1    104.244.42.136 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
2    2404:6800:4004:81e::200e (Australia)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2404:6800:4008:c15::9a (Taipei, Taiwan)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2404:6800:4004:824::2004 (Australia)

ASN15169 (GOOGLE, US)
www.google.com
1    2404:6800:4004:81c::2003 (Australia)

ASN15169 (GOOGLE, US)
www.google.co.jp
Domain Requested by
18 dukb55syzud3u.cloudfront.net insight-jp.nttsecurity.com
dukb55syzud3u.cloudfront.net
10 passle-net.s3.amazonaws.com insight-jp.nttsecurity.com
dukb55syzud3u.cloudfront.net
9 images.passle.net insight-jp.nttsecurity.com
6 www.passle.net insight-jp.nttsecurity.com
dukb55syzud3u.cloudfront.net
3 d14tqcyg1o920w.cloudfront.net www.passle.net
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 platform.twitter.com dukb55syzud3u.cloudfront.net
platform.twitter.com
2 seal.digicert.com insight-jp.nttsecurity.com
2 sdk.passle.net insight-jp.nttsecurity.com
dukb55syzud3u.cloudfront.net
2 insight-jp.nttsecurity.com dukb55syzud3u.cloudfront.net
1 www.google.co.jp
1 www.google.com
1 stats.g.doubleclick.net www.google-analytics.com
1 syndication.twitter.com platform.twitter.com
1 clientapi.passle.net dukb55syzud3u.cloudfront.net
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com dukb55syzud3u.cloudfront.net
1 www.googletagmanager.com insight-jp.nttsecurity.com
64 18

This site contains links to these domains. Also see Links.

Domain
www.nttsecurity.com
www.passle.net
www.digicert.com
twitter.com
home.passle.net
Subject Issuer Validity Valid
insight-jp.nttsecurity.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-12-20 -
2022-12-20		 a year crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
*.s3.amazonaws.com
DigiCert Baltimore CA-2 G2		 2021-01-11 -
2022-02-11		 a year crt.sh
*.passle.net
Amazon		 2021-08-15 -
2022-09-13		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
seal.digicert.com
DigiCert SHA2 Secure Server CA		 2020-03-30 -
2022-06-03		 2 years crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-20 -
2022-10-19		 a year crt.sh
www.passle.net
Amazon		 2021-05-17 -
2022-06-15		 a year crt.sh
syndication.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-24 -
2022-02-22		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.google.co.jp
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh

This page contains 5 frames:

Primary Page: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Frame ID: 64AC3C48EFD4389B5E3973A8E8EAA553
Requests: 56 HTTP requests in this frame

Frame: https://www.passle.net/ClientWebAPIStatistics/LogPageRequestAndPostViews?c=Passle&a=PostView&passleId=102f18u&userId=&wallPostIds=102hf3q&userAgent=Mozilla%2f5.0+(Windows+NT+10.0%3b+Win64%3b+x64)+AppleWebKit%2f537.36+(KHTML%2c+like+Gecko)+Chrome%2f96.0.4664.93+Safari%2f537.36&referrer=&ipAddress=45.87.213.61&parameterString=passleShortcode%3d102f18u%2cuserShortcode%3d%2cpostShortcodes%3dSystem.String%5b%5d%2cpostViewType%3dSinglePost%2caction%3d_LogPageRequestAndPostViews%2ccontroller%3dStatistics%2cparameterString%3d%2cipAddress%3d%2creferrer%3d%2cuserAgent%3d%2curl%3d%2cpageRequestId%3d&url=http%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech&type=SinglePost&pageRequestId=
Frame ID: 5AE7170691C68B3F40921AF042EC93E8
Requests: 2 HTTP requests in this frame

Frame: https://www.passle.net/Porthole/ClientWebMessageReceiver
Frame ID: E1B87E5BC1B79904B6CF6507DA60D9EE
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Finsight-jp.nttsecurity.com
Frame ID: 40B03EF63CD6E7B60E7DB44146210A08
Requests: 2 HTTP requests in this frame

Frame: https://www.passle.net/ClientWebAPIStatistics/LogPageRequestAndPostViews?c=Passle&a=PostView&passleId=102f18u&userId=&wallPostIds=102hez7%2c102heu4%2c102heu3%2c102hes5%2c102hes6%2c102heu1%2c102hekj%2c102h7t6%2c102h5av%2c102gm2e&userAgent=Mozilla%2f5.0+(Windows+NT+10.0%3b+Win64%3b+x64)+AppleWebKit%2f537.36+(KHTML%2c+like+Gecko)+Chrome%2f96.0.4664.93+Safari%2f537.36&referrer=https%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech&ipAddress=45.87.213.61&parameterString=passleShortcode%3d102f18u%2cuserShortcode%3d%2cpostShortcodes%3dSystem.String%5b%5d%2cpostViewType%3dPostViewRecommendedPosts%2caction%3d_LogPageRequestAndPostViews%2ccontroller%3dStatistics%2cparameterString%3d%2cipAddress%3d%2creferrer%3d%2cuserAgent%3d%2curl%3dhttps%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech%2cpageRequestId%3d144682854&url=https%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech&type=PostViewRecommendedPosts&pageRequestId=144682854
Frame ID: 5268B5F4C4BFA1E9519A24F0E6AAC6FC
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Flagpro: The new malware used by BlackTech, Hiroki Hada

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googleapis\.com/.+webfont
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

64
Requests

100 %
HTTPS

53 %
IPv6

13
Domains

18
Subdomains

17
IPs

5
Countries

1435 kB
Transfer

2927 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

64 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request flagpro-the-new-malware-used-by-blacktech
insight-jp.nttsecurity.com/post/102hf3q/ 		53 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.211.110.78 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-211-110-78.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
22b7ed168b771a18b11e2960be5c86e1a509869cb640c6468e8348b35145b7cb
Security Headers
Name Value
Content-Security-Policy default-src blob: 'self' *; connect-src 'self' *; script-src blob: * 'unsafe-inline'; style-src * 'unsafe-inline'; font-src data: *; img-src data: *; media-src blob: *; frame-src *; object-src data: *; frame-ancestors 'self' *
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9

Response headers

date
Thu, 30 Dec 2021 22:21:08 GMT
content-type
text/html; charset=utf-8
content-length
13357
cache-control
private
content-encoding
gzip
vary
Content-Encoding
strict-transport-security
max-age=31536000
x-frame-options
SAMEORIGIN
content-security-policy
default-src blob: 'self' *; connect-src 'self' *; script-src blob: * 'unsafe-inline'; style-src * 'unsafe-inline'; font-src data: *; img-src data: *; media-src blob: *; frame-src *; object-src data: *; frame-ancestors 'self' *
referrer-policy
no-referrer-when-downgrade
permissions-policy
x-content-type-options
nosniff
all.min.css
dukb55syzud3u.cloudfront.net/Content/googlefonts/ 		3 KB
981 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/Content/googlefonts/all.min.css?v=0.0.2
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
99ef9e4e3d66f23351f1f60d746ce04595f1d5f994f9d24a7ba5a5cabb4b4604
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 11 Nov 2021 07:32:56 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 05 Nov 2021 09:08:28 GMT
Age
4286893
ETag
W/"0ce22b224d2d71:0"
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Content-Type
text/css
Via
1.1 cc51b76e040548605afe90d69fcf6602.cloudfront.net (CloudFront)
Cache-Control
public,max-age=31536000
X-Amz-Cf-Pop
NRT12-C4
Vary
Accept-Encoding
X-Amz-Cf-Id
yaMc-KpF874vkZnHWdDXxqv5UXd7rRzaez3WErWa0ECo8kEtCpA9tA==
Connection
keep-alive
all.min.css
dukb55syzud3u.cloudfront.net/Content/fontawesome/ 		170 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/Content/fontawesome/all.min.css?v=5.14.0
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
e7de3b4b49089f8cdd8267eda652f35806cb2b70f7c5cec0351f6d129263e52b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 18 Nov 2021 20:43:30 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 05 Nov 2021 09:08:28 GMT
Age
3634659
ETag
W/"0ce22b224d2d71:0"
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Content-Type
text/css
Via
1.1 4c5332af98543bf36ccd9fdd37457b55.cloudfront.net (CloudFront)
Cache-Control
public,max-age=31536000
X-Amz-Cf-Pop
NRT12-C4
Vary
Accept-Encoding
X-Amz-Cf-Id
hu1hDGge0b5mt5aANODKaL4ItBCvoc6PeyxJ2wkiJl3Nd28XRLMxgQ==
Connection
keep-alive
PostBundle
dukb55syzud3u.cloudfront.net/ 		100 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/PostBundle?v=J4LM28QKeCFuZYeqRuNMPv6bwJz_rWtT-SWiK5Q8vQg1
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
681e0e85af42892423a5d48285751090998485f185231bfa18049bea988649b7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 03 Dec 2021 08:19:12 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 03 Dec 2021 08:19:12 GMT
Age
2383317
X-Cache
Hit from cloudfront
Content-Type
text/css; charset=utf-8
Via
1.1 0c2ca767ecc2f5a180d1781f16f1e2f3.cloudfront.net (CloudFront)
Expires
Sat, 03 Dec 2022 08:19:12 GMT
Cache-Control
public, no-cache="Set-Cookie"
X-Amz-Cf-Pop
NRT12-C4
Content-Length
14765
X-Amz-Cf-Id
8y_0S_jmC2nZR63nOKPFJ_MbFzNecZAdHa-NGJK5-3W8ED6aPWgifA==
Connection
keep-alive
CustomPassleCSS
dukb55syzud3u.cloudfront.net/CustomCSS/ 		15 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/CustomCSS/CustomPassleCSS?passleShortcode=102f18u&version=6
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
4a0a7b8482af5b81807d70c0fa32ac734e559d6617e2b451881400fe7ae9e5e0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:09 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Amz-Cf-Pop
NRT12-C4
Transfer-Encoding
chunked
X-Cache
Miss from cloudfront
Connection
keep-alive
Referrer-Policy
no-referrer-when-downgrade
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Via
1.1 3f51d1d2797ea1f0c9e6fe6c5804e982.cloudfront.net (CloudFront)
Cache-Control
private
Permissions-Policy
Content-Security-Policy
frame-ancestors 'none'
X-Amz-Cf-Id
NxWl_iYw0OSpyApEMYD_qsG2R8z0UIf51qVhg6pPKDmESFC7p62XWw==
CustomDesignCSS
dukb55syzud3u.cloudfront.net/CustomCSS/ 		45 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/CustomCSS/CustomDesignCSS?passleShortcode=102f18u&version=6
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
0b925c0eb6211bc3bced23ab2531a505c9a36c43b727a7d572c9b67fee3d1d92
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:09 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Amz-Cf-Pop
NRT12-C4
Transfer-Encoding
chunked
X-Cache
Miss from cloudfront
Connection
keep-alive
Referrer-Policy
no-referrer-when-downgrade
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Via
1.1 c05dec9a527cd8a0ac0f0f7dcb230ae9.cloudfront.net (CloudFront)
Cache-Control
private
Permissions-Policy
Content-Security-Policy
frame-ancestors 'none'
X-Amz-Cf-Id
P2uEWCz9QlZaUd-a1AUrNocZC507aZa8lsVorEgo-H8Exc2YGmiMhg==
2018-09-07-09-02-21-540-5b923e9df86dd60bc4adb06c.gif
passle-net.s3.amazonaws.com/CustomDesign/5b867b1c2a1ea202080db5cc/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://passle-net.s3.amazonaws.com/CustomDesign/5b867b1c2a1ea202080db5cc/2018-09-07-09-02-21-540-5b923e9df86dd60bc4adb06c.gif?sfvrsn=7a65e211_0
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.38.100 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4e4081affc9cb302bd2ca517491ff764a7030017bf7bde06b7ee04a7b9b81a90

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:10 GMT
Content-Encoding
Last-Modified
Fri, 07 Sep 2018 09:02:22 GMT
Server
AmazonS3
x-amz-request-id
QA5EADYRHTBPG25C
ETag
"5d27dae2a468acda03642844a5c69ba6"
Content-Type
image/gif
x-amz-meta-passelfileid
5b923e9df86dd60bc4adb06c
x-amz-meta-uploadedbypersonid
55daf3ad3d94740a50a52b3b
Accept-Ranges
bytes
Content-Length
10031
x-amz-id-2
GMfvMZaTlrijI6r+b8g/EksRZx1O002UTYIkYHSPs+2yNxho2WZNdQbWxF9iV5xzFi/jB3yhx5g=
2019-05-16-01-21-05-319-5cdcbb01989b6e0cdca73965.jpg
images.passle.net/35x35/Person/5bdc3aab98fcca089453eaa7/Avatar/ 		652 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.passle.net/35x35/Person/5bdc3aab98fcca089453eaa7/Avatar/2019-05-16-01-21-05-319-5cdcbb01989b6e0cdca73965.jpg
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2066:800:12:c58f:700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
072d42efdd705d88b2e0f6934416234f8e7492869bd9839f6e1b8a622a1a74aa

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 00:26:03 GMT
via
1.1 ec0f8a7531f2716a7da4d0d445da3deb.cloudfront.net (CloudFront)
age
78906
x-amzn-requestid
63aa4dd9-98f6-4286-bb17-21e51fc5373f
x-cache
Hit from cloudfront
x-amz-apigw-id
LIxoUFTSIAMFeSw=
content-length
652
x-amzn-trace-id
Root=1-61ccfc9b-6c9e27731ef9857911477d6c;Sampled=0
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=604800
access-control-allow-credentials
true
x-amz-cf-pop
NRT12-C5
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
-9lUSfkaDao3_Clw-HuUTqV2yP_m46wxU9OJNGu0UBlR9magslwvAA==
no_avatar.png
images.passle.net/35x35/assets/images/ 		300 B
807 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.passle.net/35x35/assets/images/no_avatar.png
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2066:800:12:c58f:700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
833b4eddfde8ca98dfd74d3dad7173df3b5597dd2f52eec622f513b86d5e5183

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 23:01:32 GMT
via
1.1 ec0f8a7531f2716a7da4d0d445da3deb.cloudfront.net (CloudFront)
age
602376
x-amzn-requestid
aca93936-79c1-4f13-81a4-962ef64dfc14
x-cache
Hit from cloudfront
x-amz-apigw-id
K0zoCG-dIAMF9Ew=
content-length
300
x-amzn-trace-id
Root=1-61c4ffcc-622d44b2710c8df821628268;Sampled=0
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=604800
access-control-allow-credentials
true
x-amz-cf-pop
NRT12-C5
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
M3S1yYZYcibvlcOy1jhH7S-QepqhD7Z2YVZlDkw8oD_ZXFzJ9VfVEA==
2018-11-02-11-59-47-035-5bdc3c3344de890fdcfd4daa.jpeg
images.passle.net/35x35/Person/5bdc3a9144de890fdcfd4b24/Avatar/ 		494 B
1000 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.passle.net/35x35/Person/5bdc3a9144de890fdcfd4b24/Avatar/2018-11-02-11-59-47-035-5bdc3c3344de890fdcfd4daa.jpeg
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2066:800:12:c58f:700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
b59f25735b6ca320176b328543ea72bcd0180c6d37c7754d893ffbeff76db864

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 25 Dec 2021 08:03:21 GMT
via
1.1 ec0f8a7531f2716a7da4d0d445da3deb.cloudfront.net (CloudFront)
age
483468
x-amzn-requestid
52e2d885-d56b-4c32-908d-4f81fe3ebe1e
x-cache
Hit from cloudfront
x-amz-apigw-id
K5V7kHTlIAMF-YA=
content-length
494
x-amzn-trace-id
Root=1-61c6d049-4cbad2cd4d581d420b23fa96;Sampled=0
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=604800
access-control-allow-credentials
true
x-amz-cf-pop
NRT12-C5
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
9n15DV2wZgQxHw0ybjIe-Uquv_GP5Ev03pe-Rlb3UM6gstFcmN09MQ==
2019-06-14-06-20-38-320-5d033cb6989b6e07a836d881.jpg
images.passle.net/35x35/Person/5d0231fcabdfe90398cefe49/Avatar/ 		446 B
952 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.passle.net/35x35/Person/5d0231fcabdfe90398cefe49/Avatar/2019-06-14-06-20-38-320-5d033cb6989b6e07a836d881.jpg
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2066:800:12:c58f:700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
de892d3a73e5bef595bef59b704b1f2f4ad6ed1b8f1090772e4f16a5109ae489

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 25 Dec 2021 08:03:22 GMT
via
1.1 ec0f8a7531f2716a7da4d0d445da3deb.cloudfront.net (CloudFront)
age
483467
x-amzn-requestid
e3b10e66-86c9-419f-9f6b-c40150d18682
x-cache
Hit from cloudfront
x-amz-apigw-id
K5V7kFasIAMFicQ=
content-length
446
x-amzn-trace-id
Root=1-61c6d049-2c343c0146f41c3a2480960a;Sampled=0
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=604800
access-control-allow-credentials
true
x-amz-cf-pop
NRT12-C5
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
79TbuHogauSkqfux22wLx-SUTdNNUiUrJz3zCXCmawh_jTBTJmW0sw==
2019-12-17-07-49-34-140-5df8888eabdfeb128c2ac279.png
images.passle.net/35x35/Person/5b7d05e92a1ea204e0ef3834/Avatar/ 		496 B
1002 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.passle.net/35x35/Person/5b7d05e92a1ea204e0ef3834/Avatar/2019-12-17-07-49-34-140-5df8888eabdfeb128c2ac279.png
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2066:800:12:c58f:700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
ee05256d7a3ca866c7225cf43ac303c2743735399e4b5d45b6d448351fe5a95c

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 25 Dec 2021 08:03:21 GMT
via
1.1 ec0f8a7531f2716a7da4d0d445da3deb.cloudfront.net (CloudFront)
age
483467
x-amzn-requestid
95d33ca2-dab9-4382-97fa-e4884790241e
x-cache
Hit from cloudfront
x-amz-apigw-id
K5V7kF3pIAMF-Mw=
content-length
496
x-amzn-trace-id
Root=1-61c6d049-68b0364c2705210b5f0b62f5;Sampled=0
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=604800
access-control-allow-credentials
true
x-amz-cf-pop
NRT12-C5
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
5r8fWgqoloe83tvaqDk1InfuFxFf9LmLdaNC7lZZmj069mcoPT-4oQ==
2019-05-16-01-21-05-319-5cdcbb01989b6e0cdca73965.jpg
images.passle.net/200x200/Person/5bdc3aab98fcca089453eaa7/Avatar/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.passle.net/200x200/Person/5bdc3aab98fcca089453eaa7/Avatar/2019-05-16-01-21-05-319-5cdcbb01989b6e0cdca73965.jpg
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2066:800:12:c58f:700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c76ecde882683257c04a78b15be4ef216466392016834bfbcbb651d739827a25

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 24 Dec 2021 22:01:03 GMT
via
1.1 ec0f8a7531f2716a7da4d0d445da3deb.cloudfront.net (CloudFront)
age
519606
x-amzn-requestid
c8d20348-e66c-45e9-ade5-b9b1a771afc3
x-cache
Hit from cloudfront
x-amz-apigw-id
K39s_HJ1IAMFXTA=
content-length
5604
x-amzn-trace-id
Root=1-61c6431f-11d736b4319a11e4004bb2a0;Sampled=0
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=604800
access-control-allow-credentials
true
x-amz-cf-pop
NRT12-C5
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
euq6Fg067Ooxc9l0yZk-C5Bgelj0SjwneGwBB777jDNUM7jT-L0eNw==
2021-12-28-01-36-48-612-61ca6a308cb5d30b749c7c39.png
passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/ 		31 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/2021-12-28-01-36-48-612-61ca6a308cb5d30b749c7c39.png
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.38.100 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
b27939df76b26df455c3805f3f9ef124175e28623b01648b1f2603c29d27d304

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:10 GMT
Last-Modified
Tue, 28 Dec 2021 01:36:49 GMT
Server
AmazonS3
x-amz-request-id
QA5BKZRV17FVDGKS
ETag
"0d64ab3c1acd7839990c25b6901108a9"
Content-Type
image/png
x-amz-meta-passelfileid
61ca6a308cb5d30b749c7c39
x-amz-meta-uploadedbypersonid
5bdc3aab98fcca089453eaa7
Accept-Ranges
bytes
Content-Length
31882
x-amz-id-2
JuJn6AEVVBGOojdOq3QSr1YDL2Cddbvw0AGXnfcUOoSm/ErR0wi15syZLISh/UkTUoXDMzLJR3k=
2021-12-27-08-40-20-872-61c97bf48cb5d300ac7f4732.png
passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/2021-12-27-08-40-20-872-61c97bf48cb5d300ac7f4732.png
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.38.100 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
bfad9dead401944b519644e72fdc8dbc4af9fce91597809ca5e6982b65d8becb

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:10 GMT
Last-Modified
Mon, 27 Dec 2021 08:40:21 GMT
Server
AmazonS3
x-amz-request-id
QA54FB77CJCCF3FK
ETag
"dafe94e1d325a1ddc79443251e7831f6"
Content-Type
image/png
x-amz-meta-passelfileid
61c97bf48cb5d300ac7f4732
x-amz-meta-uploadedbypersonid
5bdc3aab98fcca089453eaa7
Accept-Ranges
bytes
Content-Length
42284
x-amz-id-2
Zu6ogbsC7va7PD/yPq97kpSUOSIwvLxdGDlLIejjZuwL6mAKZmNqbd6+1YKVQQXXAnNxxrql6lo=
2021-12-27-08-40-33-276-61c97c0149b2040960a81ede.png
passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/2021-12-27-08-40-33-276-61c97c0149b2040960a81ede.png
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.38.100 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
b130bfa30348b13d24787fc419c69dc7a5dc6593da4615290892469572e52d7c

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:10 GMT
Last-Modified
Mon, 27 Dec 2021 08:40:34 GMT
Server
AmazonS3
x-amz-request-id
QA5F7TP04BR896JK
ETag
"df91bb177f121a3703c1d833695c662b"
Content-Type
image/png
x-amz-meta-passelfileid
61c97c0149b2040960a81ede
x-amz-meta-uploadedbypersonid
5bdc3aab98fcca089453eaa7
Accept-Ranges
bytes
Content-Length
2592
x-amz-id-2
MvraUfu1Ugth2bLPjmaFZtfsMqB9xv8Lsq425Sm90QJQga+vxlm7srvl6WnfCEoh4TCUsmD27pw=
2021-12-27-08-40-53-838-61c97c158cb5d300ac7f4762.png
passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/2021-12-27-08-40-53-838-61c97c158cb5d300ac7f4762.png
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.38.100 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
df71b16d79e88753e490a36cc39cc78e0459a4bc7abe8a75c845f783217bb10c

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:10 GMT
Last-Modified
Mon, 27 Dec 2021 08:40:54 GMT
Server
AmazonS3
x-amz-request-id
QA52KKQ3K4B2C1DK
ETag
"27f27f72358b3bf5a65f708038a36ad3"
Content-Type
image/png
x-amz-meta-passelfileid
61c97c158cb5d300ac7f4762
x-amz-meta-uploadedbypersonid
5bdc3aab98fcca089453eaa7
Accept-Ranges
bytes
Content-Length
10551
x-amz-id-2
3gzk5MAiruMMwbAfKPOlLvOit1q38ARiTOhKRE62mRswtlEBWRv0Y9w3tyLs1WMNtFuRPvE1KZ8=
2021-12-27-08-41-02-936-61c97c1e8cb5d300ac7f476f.png
passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/2021-12-27-08-41-02-936-61c97c1e8cb5d300ac7f476f.png
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.38.100 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
85e4abed1b55b740c3185df7dfe4022596baed39d7a17d3694ccd6debeac90b1

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:10 GMT
Last-Modified
Mon, 27 Dec 2021 08:41:03 GMT
Server
AmazonS3
x-amz-request-id
QA52DNNH66B5KMMH
ETag
"789714e8e33fb8cb607e4538ecd341cf"
Content-Type
image/png
x-amz-meta-passelfileid
61c97c1e8cb5d300ac7f476f
x-amz-meta-uploadedbypersonid
5bdc3aab98fcca089453eaa7
Accept-Ranges
bytes
Content-Length
18555
x-amz-id-2
Td0pKLcQC3mN/amZcKBxQTmQ0Ug11vyQuptleD5xlBw0VyrL/7Z8QNtPadvjSGohpGbEMTfWxlA=
2021-12-27-08-41-30-977-61c97c3a53548906acf8a18e.png
passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/ 		101 KB
102 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/2021-12-27-08-41-30-977-61c97c3a53548906acf8a18e.png
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.38.100 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
202cb74abdd5d8d5e34734130053df492aeb3d7b3d7d35acdaf611e68c929ad9

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:10 GMT
Last-Modified
Mon, 27 Dec 2021 08:41:32 GMT
Server
AmazonS3
x-amz-request-id
QA5B71TPZ9YNEWCE
ETag
"c3eeea9b5101c8fce01c79ccbd384fbe"
Content-Type
image/png
x-amz-meta-passelfileid
61c97c3a53548906acf8a18e
x-amz-meta-uploadedbypersonid
5bdc3aab98fcca089453eaa7
Accept-Ranges
bytes
Content-Length
103705
x-amz-id-2
0dxKgT0yLmUYtY23TBqbpCldlip/q4kVKE1WXeoSyElcDuI4fg0ywI3UBuBIhVUMoBjE8tIaHQ4=
2021-12-27-08-41-39-636-61c97c438cb5d300ac7f479e.png
passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/2021-12-27-08-41-39-636-61c97c438cb5d300ac7f479e.png
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.38.100 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
ef04a65e11621f44d93776c460c557168f7f084b51381488a883566f95ddfc98

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:10 GMT
Last-Modified
Mon, 27 Dec 2021 08:41:40 GMT
Server
AmazonS3
x-amz-request-id
QA51Z075HZ3QKQ87
ETag
"e2b39d22e37d89188e72196f7de7c4c1"
Content-Type
image/png
x-amz-meta-passelfileid
61c97c438cb5d300ac7f479e
x-amz-meta-uploadedbypersonid
5bdc3aab98fcca089453eaa7
Accept-Ranges
bytes
Content-Length
4941
x-amz-id-2
alVU6e3FrTlGOpsZ4cppZLO5kABEPt+zqKJbmAE4wczQHqmkzVcqLg0kp25Y5YNtSQsih0KGQSA=
2021-12-27-08-41-57-184-61c97c5553548906acf8a19d.png
passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://passle-net.s3.amazonaws.com/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3aab98fcca089453eaa7/2021-12-27-08-41-57-184-61c97c5553548906acf8a19d.png
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.38.100 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
5938920f0969ad865aab7212d9b4e1a645d2cd894a406d1ae1dcf09f10033175

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:10 GMT
Last-Modified
Mon, 27 Dec 2021 08:41:58 GMT
Server
AmazonS3
x-amz-request-id
QA58Z25TTM8P8WPC
ETag
"17da83beeb9ba04d5283c0a4acb0a69d"
Content-Type
image/png
x-amz-meta-passelfileid
61c97c5553548906acf8a19d
x-amz-meta-uploadedbypersonid
5bdc3aab98fcca089453eaa7
Accept-Ranges
bytes
Content-Length
30002
x-amz-id-2
sexZpQnJ3YOjV6WXosvYNN/ZsfG74G491jNpEmksFvwyZZWBvBNd6SGxvkb0liF9jXAxKeNLCRM=
2019-04-03-08-22-16-083-5ca46d38abdfe80d80d5df50.png
images.passle.net/178x100/Passle/5b867b1c2a1ea202080db5cc/DefaultShareImages/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.passle.net/178x100/Passle/5b867b1c2a1ea202080db5cc/DefaultShareImages/2019-04-03-08-22-16-083-5ca46d38abdfe80d80d5df50.png
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2066:800:12:c58f:700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
4f15834b91142a2935fb69ac95c80cbb12f5c8ed5617ee2bd77a0e03170b3255

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 25 Dec 2021 09:43:07 GMT
via
1.1 ec0f8a7531f2716a7da4d0d445da3deb.cloudfront.net (CloudFront)
age
477482
x-amzn-requestid
ffbc9aab-1cac-4ad9-96b6-647eafb0466d
x-cache
Hit from cloudfront
x-amz-apigw-id
K5ki1GRBoAMFtwA=
content-length
1782
x-amzn-trace-id
Root=1-61c6e7ab-7de522bf1739fdb94d8151f6;Sampled=0
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=604800
access-control-allow-credentials
true
x-amz-cf-pop
NRT12-C5
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
C7mbS-F9fZQYl8b_0F_e-9dnJWiTnWG3H_Kkv_t19eKl3tXWLgDgPg==
2021-11-05-15-18-30-643-61854b46e5411b05a8a29a2d.png
images.passle.net/178x100/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3a9144de890fdcfd4b24/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.passle.net/178x100/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3a9144de890fdcfd4b24/2021-11-05-15-18-30-643-61854b46e5411b05a8a29a2d.png
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2066:800:12:c58f:700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
fa754664154e14f720b3d37b0a79a2c405a7d963477efdc520918db27a9b79ae

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Sat, 25 Dec 2021 05:33:34 GMT
via
1.1 ec0f8a7531f2716a7da4d0d445da3deb.cloudfront.net (CloudFront)
age
492455
x-amzn-requestid
e5c1cf6d-7a75-429b-a917-5bae57da2df5
x-cache
Hit from cloudfront
x-amz-apigw-id
K4__OHyroAMF3_g=
content-length
3484
x-amzn-trace-id
Root=1-61c6ad2e-734ab5833e2118d80eabd30c;Sampled=0
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=604800
access-control-allow-credentials
true
x-amz-cf-pop
NRT12-C5
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
wO5R3T3mmLl1eMKQyY4Q72U36u5A04AjRld2LUJ7TV0cqZCKGGjHcA==
2020-12-16-15-43-14-411-5fda2b128cb62a0758a3d434.png
images.passle.net/178x100/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3a9144de890fdcfd4b24/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.passle.net/178x100/Passle/5b867b1c2a1ea202080db5cc/MediaLibrary/Images/5bdc3a9144de890fdcfd4b24/2020-12-16-15-43-14-411-5fda2b128cb62a0758a3d434.png
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2066:800:12:c58f:700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
68f9507178bd65e092cfd216932ccf329ae7bc562fe98c486670c0cb95481874

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 01:34:39 GMT
via
1.1 ec0f8a7531f2716a7da4d0d445da3deb.cloudfront.net (CloudFront)
age
74790
x-amzn-requestid
46df3ea2-b5a4-4746-8801-c93fcfbd149d
x-cache
Hit from cloudfront
x-amz-apigw-id
LI7rdHQroAMF7Mg=
content-length
3892
x-amzn-trace-id
Root=1-61cd0caf-6e41d9c8786d9a4a1b2b27b7;Sampled=0
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31536000, s-maxage=604800
access-control-allow-credentials
true
x-amz-cf-pop
NRT12-C5
access-control-allow-headers
Content-Type, Authorization
x-amz-cf-id
fBhktKXkU4HvUGff-EZi4SyWB0bwLkFCoHBd860aOWk3r-Ke3KhgMw==
jquery-3.6.0.min.js
dukb55syzud3u.cloudfront.net/Scripts/Plugins/ 		105 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/Scripts/Plugins/jquery-3.6.0.min.js
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
878796facbcbeadeddda79c14175bb3967519b61d1db46ae49a36b5dc84e5dd9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 11 Nov 2021 03:00:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 05 Nov 2021 09:08:28 GMT
Age
4303242
ETag
W/"0ce22b224d2d71:0"
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 3bf59695cdf76e2abbc29f739085ab12.cloudfront.net (CloudFront)
Cache-Control
public,max-age=31536000
X-Amz-Cf-Pop
NRT12-C4
Vary
Accept-Encoding
X-Amz-Cf-Id
JHxVUiv3G-B9virtG5V1OemxN-yYGivH2tSRLmmA8tYygZux-okSdg==
Connection
keep-alive
CustomDesignJavascript
dukb55syzud3u.cloudfront.net//CustomCSS/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net//CustomCSS/CustomDesignJavascript?version=6&passleShortcode=102f18u
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
017c13e601ae3312e9454deff02d167778a104ab88562b7c81546b7ef452314b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:09 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Amz-Cf-Pop
NRT12-C4
Transfer-Encoding
chunked
X-Cache
Miss from cloudfront
Connection
keep-alive
Referrer-Policy
no-referrer-when-downgrade
X-Frame-Options
DENY
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Via
1.1 4c5332af98543bf36ccd9fdd37457b55.cloudfront.net (CloudFront)
Cache-Control
private
Permissions-Policy
Content-Security-Policy
frame-ancestors 'none'
X-Amz-Cf-Id
nCRM-HDrxizBjtIvOe2prf6BguDz13i6oJWe24Q3ahzlb2pxz-APAA==
PostView
dukb55syzud3u.cloudfront.net/ 		718 KB
175 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/PostView?v=sWQ5BI_XbjVT_ZURPDwGL7MgSCjFNYfoXRHfrRlNvUQ1
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
0033ae4c865a58c9c7acdca2552b7f86f916e823e136b2886acff7fe1ed04ead
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 09 Dec 2021 11:18:43 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 Dec 2021 11:18:43 GMT
Age
1854146
X-Cache
Hit from cloudfront
Content-Type
text/javascript; charset=utf-8
Via
1.1 0c2ca767ecc2f5a180d1781f16f1e2f3.cloudfront.net (CloudFront)
Expires
Fri, 09 Dec 2022 11:18:43 GMT
Cache-Control
public, no-cache="Set-Cookie"
X-Amz-Cf-Pop
NRT12-C4
Content-Length
178497
X-Amz-Cf-Id
hMVeoa_gUbX9n4Cm5R9vkCAksCcIEzXlWmXk7q2zMZU_yrA7Tkl1MA==
Connection
keep-alive
jquery.passlecookiecontrol.min.js
sdk.passle.net/CookieControl/v1/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.passle.net/CookieControl/v1/jquery.passlecookiecontrol.min.js
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.249.171.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-171-53.nrt12.r.cloudfront.net
Software
/
Resource Hash
7fa269bb987d8f356aa1206199e8b9890caa5c50d49cdfe939d282671a312988
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 15:30:38 GMT
Via
1.1 5517f212e7a3d40e88d0074e711509ad.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Last-Modified
Wed, 13 Oct 2021 08:13:52 GMT
Age
6591031
ETag
"0a0fc41ac0d71:0"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Cache-Control
public,max-age=31536000
X-Amz-Cf-Pop
NRT12-C3
Accept-Ranges
bytes
Content-Length
1042
X-Amz-Cf-Id
hfGtUz9iZFR4vbS7HM48y6ldXoeIB7sp53oUGCfEjZ2_2CA68MFXxw==
Connection
keep-alive
gtm.js
www.googletagmanager.com/ 		98 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M5DDHT6
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:824::2008 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9acd54935c93cde0ccf421dc8ccd162a7611e9dfac47153d175269ff9a4c962e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 22:21:09 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38465
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 30 Dec 2021 22:21:09 GMT
css
fonts.googleapis.com/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/CustomCSS/CustomDesignCSS?passleShortcode=102f18u&version=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:818::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
423218df078af4e98bf4e548cb0b155c6301475dadb00e7baec851cde01a05e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://dukb55syzud3u.cloudfront.net/CustomCSS/CustomDesignCSS?passleShortcode=102f18u&version=6
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 30 Dec 2021 20:38:19 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 30 Dec 2021 22:21:10 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 30 Dec 2021 22:21:10 GMT
seal.min.js
seal.digicert.com/seals/cascade/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://seal.digicert.com/seals/cascade/seal.min.js
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.251.181.147 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-251-181-147.ap-southeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
277b0281ce8610bb77c2a8332c8544d26fa6ae6c6a29dd9418a3805d92a6ac14
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 22 Dec 2021 20:35:45 GMT
Server
nginx
ETag
W/"1df4-5d3c210f28a40"
Transfer-Encoding
chunked
Content-Type
application/javascript
Connection
keep-alive
Strict-Transport-Security
max-age=31536000
X-XSS-Protection
1; mode=block, 1; mode=block
fa-solid-900.woff2
dukb55syzud3u.cloudfront.net/Content/webfonts/ 		137 KB
138 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/Content/webfonts/fa-solid-900.woff2
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/Content/fontawesome/all.min.css?v=5.14.0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
2a2399d510fe0bb91bf136a84c8f186c5bd3a57a2aac94a39bf167850588717f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://dukb55syzud3u.cloudfront.net/Content/fontawesome/all.min.css?v=5.14.0
Origin
https://insight-jp.nttsecurity.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 11 Nov 2021 07:49:18 GMT
Via
1.1 a1d8364db7c309ed2893b4b3eb6b4ebc.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Last-Modified
Fri, 05 Nov 2021 09:08:28 GMT
Age
4285912
ETag
"0ce22b224d2d71:0"
X-Cache
Hit from cloudfront
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=31536000
X-Amz-Cf-Pop
NRT12-C4
Accept-Ranges
bytes
Content-Length
140704
X-Amz-Cf-Id
0_XJm94FIxXwGOl1qkls2ZupxL7D6nvkQPoOq6ndd8Ho5tsqI6I_5Q==
Connection
keep-alive
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:812::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://insight-jp.nttsecurity.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Wed, 29 Dec 2021 15:32:15 GMT
x-content-type-options
nosniff
age
110935
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44656
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:30:43 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 29 Dec 2022 15:32:15 GMT
fa-brands-400.woff2
dukb55syzud3u.cloudfront.net/Content/webfonts/ 		76 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/Content/webfonts/fa-brands-400.woff2
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/Content/fontawesome/all.min.css?v=5.14.0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
485ef94c52a4c62277533950ca70e9c4b13f97eed65cc868b22bd8c37e3ada11
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://dukb55syzud3u.cloudfront.net/Content/fontawesome/all.min.css?v=5.14.0
Origin
https://insight-jp.nttsecurity.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 10 Nov 2021 22:39:15 GMT
Via
1.1 3f51d1d2797ea1f0c9e6fe6c5804e982.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Last-Modified
Fri, 05 Nov 2021 09:08:28 GMT
Age
4318915
ETag
"0ce22b224d2d71:0"
X-Cache
Hit from cloudfront
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=31536000
X-Amz-Cf-Pop
NRT12-C4
Accept-Ranges
bytes
Content-Length
77376
X-Amz-Cf-Id
EFvQyC3cWrZkZrLCDIwaLSeFGkL2n5fZCBp_lKh1gYbApS1dILQp7g==
Connection
keep-alive
open-sans-v15-latin-700.woff2
dukb55syzud3u.cloudfront.net/Content/webfonts/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/Content/webfonts/open-sans-v15-latin-700.woff2
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/Content/googlefonts/all.min.css?v=0.0.2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
482994b911cc3e869aa8ace6d9932d67b68de83ea2885207ce165ff04c38d7bc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://dukb55syzud3u.cloudfront.net/Content/googlefonts/all.min.css?v=0.0.2
Origin
https://insight-jp.nttsecurity.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Tue, 22 Jun 2021 02:23:39 GMT
Via
1.1 22b516133f101c17e4dd7b2beb8e0044.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Last-Modified
Mon, 21 Jun 2021 08:16:00 GMT
Age
16574251
ETag
"06030ab7566d71:0"
X-Cache
Hit from cloudfront
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=31536000
X-Amz-Cf-Pop
NRT12-C4
Accept-Ranges
bytes
Content-Length
14720
X-Amz-Cf-Id
PporYYYc1tGfTHYCTDXROln5afWUYgQH74XbJ_IJbImmx3eZTWBlpg==
Connection
keep-alive
open-sans-v15-latin-regular.woff2
dukb55syzud3u.cloudfront.net/Content/webfonts/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/Content/webfonts/open-sans-v15-latin-regular.woff2
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/Content/googlefonts/all.min.css?v=0.0.2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
3b98b0dc3bed9d40f43e64adba5de47c76895338a96f0a5a314676cd6287eca9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://dukb55syzud3u.cloudfront.net/Content/googlefonts/all.min.css?v=0.0.2
Origin
https://insight-jp.nttsecurity.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 11 Nov 2021 12:40:13 GMT
Via
1.1 a1d8364db7c309ed2893b4b3eb6b4ebc.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Last-Modified
Fri, 05 Nov 2021 09:08:28 GMT
Age
4268456
ETag
"0ce22b224d2d71:0"
X-Cache
Hit from cloudfront
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=31536000
X-Amz-Cf-Pop
NRT12-C4
Accept-Ranges
bytes
Content-Length
14048
X-Amz-Cf-Id
EH2ua_kM_sYqrE9f262hM4hQYGWfxqAtvZW9aHoAYrDGLnNxxjcH4w==
Connection
keep-alive
open-sans-v15-latin-300.woff2
dukb55syzud3u.cloudfront.net/Content/webfonts/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/Content/webfonts/open-sans-v15-latin-300.woff2
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/Content/googlefonts/all.min.css?v=0.0.2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
5278c0f6063ca9ad85653b18a2ddf1aa57e3ab40b7973a69b09acf859db8264d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://dukb55syzud3u.cloudfront.net/Content/googlefonts/all.min.css?v=0.0.2
Origin
https://insight-jp.nttsecurity.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Fri, 22 Oct 2021 01:50:11 GMT
Via
1.1 a1d8364db7c309ed2893b4b3eb6b4ebc.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Last-Modified
Thu, 21 Oct 2021 08:12:30 GMT
Age
6035459
ETag
"06b6a6453c6d71:0"
X-Cache
Hit from cloudfront
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=31536000
X-Amz-Cf-Pop
NRT12-C4
Accept-Ranges
bytes
Content-Length
14564
X-Amz-Cf-Id
EVinxgtH-wYaN8R5_IsYJZGOvgmdP-WtaUEoZcL_RAIYV-P7r2pZgQ==
Connection
keep-alive
LogPageRequestAndPostViews
www.passle.net/ClientWebAPIStatistics/ Frame 5AE7 		680 B
980 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.passle.net/ClientWebAPIStatistics/LogPageRequestAndPostViews?c=Passle&a=PostView&passleId=102f18u&userId=&wallPostIds=102hf3q&userAgent=Mozilla%2f5.0+(Windows+NT+10.0%3b+Win64%3b+x64)+AppleWebKit%2f537.36+(KHTML%2c+like+Gecko)+Chrome%2f96.0.4664.93+Safari%2f537.36&referrer=&ipAddress=45.87.213.61&parameterString=passleShortcode%3d102f18u%2cuserShortcode%3d%2cpostShortcodes%3dSystem.String%5b%5d%2cpostViewType%3dSinglePost%2caction%3d_LogPageRequestAndPostViews%2ccontroller%3dStatistics%2cparameterString%3d%2cipAddress%3d%2creferrer%3d%2cuserAgent%3d%2curl%3d%2cpageRequestId%3d&url=http%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech&type=SinglePost&pageRequestId=
Requested by
Host: insight-jp.nttsecurity.com
URL: https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.28.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-28-190.compute-1.amazonaws.com
Software
/
Resource Hash
d06ce0aef18604713baacff3445a8488e00375aa59520ad9946f31110159a47a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech

Response headers

date
Thu, 30 Dec 2021 22:21:11 GMT
content-type
text/html; charset=utf-8
content-length
423
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-encoding
gzip
expires
-1
vary
Content-Encoding
strict-transport-security
max-age=31536000
referrer-policy
no-referrer-when-downgrade
permissions-policy
x-content-type-options
nosniff
CookieControl
sdk.passle.net/PluginBundles/v1.2/js/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.passle.net/PluginBundles/v1.2/js/CookieControl?16409028
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/Scripts/Plugins/jquery-3.6.0.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.249.171.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-171-53.nrt12.r.cloudfront.net
Software
/
Resource Hash
b0662a7cc0f20e7e7fc7549ba19773d5ef42514dd2540ab2c64aab62fb447c32
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:11 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 30 Dec 2021 22:21:11 GMT
X-Amz-Cf-Pop
NRT12-C3
X-Cache
Miss from cloudfront
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, no-cache="Set-Cookie"
Connection
keep-alive
Content-Length
4485
Via
1.1 5517f212e7a3d40e88d0074e711509ad.cloudfront.net (CloudFront)
X-Amz-Cf-Id
DaUrP4m4hn9PcO7z7uLFKLm3Ijc1cx_mruj9nUzDPmzswBVySaRxjA==
Expires
Fri, 30 Dec 2022 22:21:11 GMT
2017-09-13-11-00-51-779-59b90fe33d94760e449cc453.woff2
passle-net.s3.amazonaws.com/CustomDesign/585a639fb00e810748563fbf/ 		63 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://passle-net.s3.amazonaws.com/CustomDesign/585a639fb00e810748563fbf/2017-09-13-11-00-51-779-59b90fe33d94760e449cc453.woff2?v=4.4.0
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/CustomCSS/CustomDesignCSS?passleShortcode=102f18u&version=6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.38.100 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019

Request headers

Referer
https://dukb55syzud3u.cloudfront.net/CustomCSS/CustomDesignCSS?passleShortcode=102f18u&version=6
Origin
https://insight-jp.nttsecurity.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:12 GMT
Content-Encoding
Last-Modified
Wed, 13 Sep 2017 11:00:52 GMT
Server
AmazonS3
x-amz-request-id
Y75FWPBKK5S6XKXX
ETag
"4b5a84aaf1c9485e060c503a0ff8cadb"
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Access-Control-Allow-Methods
GET
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
x-amz-meta-passelfileid
59b90fe33d94760e449cc453
x-amz-meta-uploadedbypersonid
55daf3ad3d94740a50a52b3b
Accept-Ranges
bytes
Content-Length
64464
x-amz-id-2
+WX9wC37V1ry6w22QfsMamY0O7JkyPV+DwMGSAtOnqY/BDyjpvVXZxgwmzeyj2wbsjg2UJRMfHE=
ClientWebMessageReceiver
www.passle.net/Porthole/ Frame E1B8 		225 B
949 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.passle.net/Porthole/ClientWebMessageReceiver
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/Scripts/Plugins/jquery-3.6.0.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.28.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-28-190.compute-1.amazonaws.com
Software
/
Resource Hash
4a25c639e50c20616ec5456d8a1177567f58602632a73e2bdca94bee8f0c5ded
Security Headers
Name Value
Content-Security-Policy default-src blob: 'self' https://*.passle.net/; connect-src 'self' *; script-src blob: * 'unsafe-inline'; style-src * 'unsafe-inline'; font-src data: *; img-src data: *; media-src blob: *; frame-src *; object-src data: *; frame-ancestors 'self' *
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech

Response headers

date
Thu, 30 Dec 2021 22:21:10 GMT
content-type
text/html; charset=utf-8
content-length
210
cache-control
private
content-encoding
gzip
vary
Content-Encoding
strict-transport-security
max-age=31536000
x-frame-options
SAMEORIGIN
content-security-policy
default-src blob: 'self' https://*.passle.net/; connect-src 'self' *; script-src blob: * 'unsafe-inline'; style-src * 'unsafe-inline'; font-src data: *; img-src data: *; media-src blob: *; frame-src *; object-src data: *; frame-ancestors 'self' *
referrer-policy
no-referrer-when-downgrade
permissions-policy
x-content-type-options
nosniff
UserAuthJsonp
www.passle.net/CrossDomainAuthentication/ 		134 B
617 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.passle.net/CrossDomainAuthentication/UserAuthJsonp?passleShortcode=102f18u&personShortcode=&postShortcode=102hf3q&callback=jQuery360008312850586709986_1640902870421&_=1640902870422
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/Scripts/Plugins/jquery-3.6.0.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.28.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-28-190.compute-1.amazonaws.com
Software
/
Resource Hash
1e29ee59956954132ccacb278a8def1efee13a101180e037d19166b09e099823
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 22:21:11 GMT
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
cache-control
private
permissions-policy
content-length
134
x-content-type-options
nosniff
widgets.js
platform.twitter.com/ 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/PostView?v=sWQ5BI_XbjVT_ZURPDwGL7MgSCjFNYfoXRHfrRlNvUQ1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:248:2f:1d8a:787:dc7:17df , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nwa/E790) /
Resource Hash
97719c71e44494e537beba8d51c6bb268a34dcd867fdefc431229225ca734b46

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:11 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Age
1418
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length
29126
x-tw-cdn
VZ
Last-Modified
Thu, 02 Dec 2021 21:35:27 GMT
Server
ECS (nwa/E790)
Etag
"50ec7e701ed018305368886c39cac301+gzip"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
ClientWebAPI_Receiver
d14tqcyg1o920w.cloudfront.net/bundles/ Frame E1B8 		94 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d14tqcyg1o920w.cloudfront.net/bundles/ClientWebAPI_Receiver?v=WwERXVAhgoeVU0NrvMOgatrBiERKHeUYB3BY17Qs6N01
Requested by
Host: www.passle.net
URL: https://www.passle.net/Porthole/ClientWebMessageReceiver
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
65.9.29.149 Altamonte Springs, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-29-149.nrt12.r.cloudfront.net
Software
/
Resource Hash
c89d53eb98a161f0cf584271f7e8de53eec5f06464b9682798c83f63e66807db
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.passle.net/Porthole/ClientWebMessageReceiver
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Sat, 18 Dec 2021 11:13:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sat, 18 Dec 2021 11:13:42 GMT
Age
1076849
X-Cache
Hit from cloudfront
Content-Type
text/javascript; charset=utf-8
Via
1.1 a018f45f18ec9558f7e1e2440b769071.cloudfront.net (CloudFront)
Expires
Sun, 18 Dec 2022 11:13:42 GMT
Cache-Control
public, no-cache="Set-Cookie"
X-Amz-Cf-Pop
NRT12-C5
Content-Length
33823
X-Amz-Cf-Id
eSInpeHQ_mIPGJl5WddV-k6NgOVCTJ4YCOAskZXPEYMx44-lxlO2Ng==
Connection
keep-alive
RegisterClientSideEvent
www.passle.net/EventTrackingAjax/ 		44 B
459 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.passle.net/EventTrackingAjax/RegisterClientSideEvent
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/PostView?v=sWQ5BI_XbjVT_ZURPDwGL7MgSCjFNYfoXRHfrRlNvUQ1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.28.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-28-190.compute-1.amazonaws.com
Software
/
Resource Hash
29db8e7ba7a6504d43d59479cdd532a33c9b7b23ddba46d8ed6df7b8a3e3ac1b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundary8Gwau7WB7edXJOlc

Response headers

date
Thu, 30 Dec 2021 22:21:11 GMT
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
private
permissions-policy
content-length
44
x-content-type-options
nosniff
istatoy-icon-white.svg
dukb55syzud3u.cloudfront.net/Content/Images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dukb55syzud3u.cloudfront.net/Content/Images/istatoy-icon-white.svg
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/PostBundle?v=J4LM28QKeCFuZYeqRuNMPv6bwJz_rWtT-SWiK5Q8vQg1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
4c4bbc02e81d127c9627070a89a7cc6b8566a43ba3bf49045c9fbd98ce683e37
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://dukb55syzud3u.cloudfront.net/PostBundle?v=J4LM28QKeCFuZYeqRuNMPv6bwJz_rWtT-SWiK5Q8vQg1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 11 Nov 2021 07:49:20 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Fri, 05 Nov 2021 09:08:28 GMT
Age
4285911
ETag
W/"0ce22b224d2d71:0"
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Content-Type
image/svg+xml
Via
1.1 c05dec9a527cd8a0ac0f0f7dcb230ae9.cloudfront.net (CloudFront)
Cache-Control
public,max-age=31536000
X-Amz-Cf-Pop
NRT12-C4
Vary
Accept-Encoding
X-Amz-Cf-Id
-MPJCQ8VuX6uAoSXeUT-O0R7pCFv86LEelmdLZsJkbKN4z6Np1TvRw==
Connection
keep-alive
fa-regular-400.woff2
dukb55syzud3u.cloudfront.net/Content/webfonts/ 		169 KB
170 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/Content/webfonts/fa-regular-400.woff2
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/Content/fontawesome/all.min.css?v=5.14.0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
58f76b0b684536fbea8ae9ae7177607e81a261407916e9a86e063b02948e9adc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://dukb55syzud3u.cloudfront.net/Content/fontawesome/all.min.css?v=5.14.0
Origin
https://insight-jp.nttsecurity.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 11 Nov 2021 03:17:42 GMT
Via
1.1 a1d8364db7c309ed2893b4b3eb6b4ebc.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Last-Modified
Fri, 05 Nov 2021 09:08:28 GMT
Age
4302209
ETag
"0ce22b224d2d71:0"
X-Cache
Hit from cloudfront
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=31536000
X-Amz-Cf-Pop
NRT12-C4
Accept-Ranges
bytes
Content-Length
173220
X-Amz-Cf-Id
DIEg4Hu88yWDFXL9LiyoDfRFuf8Ew87Npn5HUZYAdrMEKG2Hy_6YBw==
Connection
keep-alive
ClientWebAPI_Message
d14tqcyg1o920w.cloudfront.net/bundles/ Frame 5AE7 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d14tqcyg1o920w.cloudfront.net/bundles/ClientWebAPI_Message?v=FXz7vj-zB0bwXbN5ax8dz98T-0FH0bWW01vxaoeC0441
Requested by
Host: www.passle.net
URL: https://www.passle.net/ClientWebAPIStatistics/LogPageRequestAndPostViews?c=Passle&a=PostView&passleId=102f18u&userId=&wallPostIds=102hf3q&userAgent=Mozilla%2f5.0+(Windows+NT+10.0%3b+Win64%3b+x64)+AppleWebKit%2f537.36+(KHTML%2c+like+Gecko)+Chrome%2f96.0.4664.93+Safari%2f537.36&referrer=&ipAddress=45.87.213.61&parameterString=passleShortcode%3d102f18u%2cuserShortcode%3d%2cpostShortcodes%3dSystem.String%5b%5d%2cpostViewType%3dSinglePost%2caction%3d_LogPageRequestAndPostViews%2ccontroller%3dStatistics%2cparameterString%3d%2cipAddress%3d%2creferrer%3d%2cuserAgent%3d%2curl%3d%2cpageRequestId%3d&url=http%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech&type=SinglePost&pageRequestId=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
65.9.29.149 Altamonte Springs, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-29-149.nrt12.r.cloudfront.net
Software
/
Resource Hash
3f83be1935a777e601319c48a117546e2f073a9ab4233b465446e2069d6469bb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.passle.net/ClientWebAPIStatistics/LogPageRequestAndPostViews?c=Passle&a=PostView&passleId=102f18u&userId=&wallPostIds=102hf3q&userAgent=Mozilla%2f5.0+(Windows+NT+10.0%3b+Win64%3b+x64)+AppleWebKit%2f537.36+(KHTML%2c+like+Gecko)+Chrome%2f96.0.4664.93+Safari%2f537.36&referrer=&ipAddress=45.87.213.61&parameterString=passleShortcode%3d102f18u%2cuserShortcode%3d%2cpostShortcodes%3dSystem.String%5b%5d%2cpostViewType%3dSinglePost%2caction%3d_LogPageRequestAndPostViews%2ccontroller%3dStatistics%2cparameterString%3d%2cipAddress%3d%2creferrer%3d%2cuserAgent%3d%2curl%3d%2cpageRequestId%3d&url=http%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech&type=SinglePost&pageRequestId=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Sat, 18 Dec 2021 11:13:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sat, 18 Dec 2021 11:13:42 GMT
Age
1076849
X-Cache
Hit from cloudfront
Content-Type
text/javascript; charset=utf-8
Via
1.1 a018f45f18ec9558f7e1e2440b769071.cloudfront.net (CloudFront)
Expires
Sun, 18 Dec 2022 11:13:42 GMT
Cache-Control
public, no-cache="Set-Cookie"
X-Amz-Cf-Pop
NRT12-C5
Content-Length
33642
X-Amz-Cf-Id
F4-EvXa103Dnp_3iZ7w33nDhQNkRXbsLdBos82Cb8oGNcvQZL9efeA==
Connection
keep-alive
_LogPageRequestAndPostViews
insight-jp.nttsecurity.com/Statistics/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://insight-jp.nttsecurity.com/Statistics/_LogPageRequestAndPostViews?passleShortcode=102f18u&postShortcodes=102hez7&postShortcodes=102heu4&postShortcodes=102heu3&postShortcodes=102hes5&postShortcodes=102hes6&postShortcodes=102heu1&postShortcodes=102hekj&postShortcodes=102h7t6&postShortcodes=102h5av&postShortcodes=102gm2e&postViewType=18&c=Passle&a=PostView&url=https%3A%2F%2Finsight-jp.nttsecurity.com%2Fpost%2F102hf3q%2Fflagpro-the-new-malware-used-by-blacktech&pageRequestId=144682854&_=1640902870423
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/Scripts/Plugins/jquery-3.6.0.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.211.110.78 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-211-110-78.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
5ba822854d2f114b152606a4987391d7e001096f6f31d3bd44f4d75106e9a3f1
Security Headers
Name Value
Content-Security-Policy default-src blob: 'self' *; connect-src 'self' *; script-src blob: * 'unsafe-inline'; style-src * 'unsafe-inline'; font-src data: *; img-src data: *; media-src blob: *; frame-src *; object-src data: *; frame-ancestors 'self' *
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
X-Requested-With
XMLHttpRequest
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 22:21:11 GMT
referrer-policy
no-referrer-when-downgrade
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
cache-control
private
permissions-policy
content-security-policy
default-src blob: 'self' *; connect-src 'self' *; script-src blob: * 'unsafe-inline'; style-src * 'unsafe-inline'; font-src data: *; img-src data: *; media-src blob: *; frame-src *; object-src data: *; frame-ancestors 'self' *
strict-transport-security
max-age=31536000
content-length
1180
x-content-type-options
nosniff
widget_iframe.21f942bb866c2823339b839747a0c50c.html
platform.twitter.com/widgets/ Frame 40B0 		319 KB
103 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Finsight-jp.nttsecurity.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:248:2f:1d8a:787:dc7:17df , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nwa/E788) /
Resource Hash
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
1821283
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Thu, 30 Dec 2021 22:21:11 GMT
Etag
"8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified
Thu, 02 Dec 2021 21:34:18 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (nwa/E788)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
105433
CookieControl
clientapi.passle.net/CookieControlPlugin/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://clientapi.passle.net/CookieControlPlugin/CookieControl
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/Scripts/Plugins/jquery-3.6.0.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.211.110.78 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-211-110-78.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
3525057c689a6f2086e394d52fb0c8aedc93fd312590f137227b2816312c7903
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 22:21:11 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
x-frame-options
DENY
vary
Content-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
private
permissions-policy
content-security-policy
frame-ancestors 'none'
content-length
1091
x-content-type-options
nosniff
LogPageRequestAndPostViews
www.passle.net/ClientWebAPIStatistics/ Frame 5268 		680 B
702 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.passle.net/ClientWebAPIStatistics/LogPageRequestAndPostViews?c=Passle&a=PostView&passleId=102f18u&userId=&wallPostIds=102hez7%2c102heu4%2c102heu3%2c102hes5%2c102hes6%2c102heu1%2c102hekj%2c102h7t6%2c102h5av%2c102gm2e&userAgent=Mozilla%2f5.0+(Windows+NT+10.0%3b+Win64%3b+x64)+AppleWebKit%2f537.36+(KHTML%2c+like+Gecko)+Chrome%2f96.0.4664.93+Safari%2f537.36&referrer=https%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech&ipAddress=45.87.213.61&parameterString=passleShortcode%3d102f18u%2cuserShortcode%3d%2cpostShortcodes%3dSystem.String%5b%5d%2cpostViewType%3dPostViewRecommendedPosts%2caction%3d_LogPageRequestAndPostViews%2ccontroller%3dStatistics%2cparameterString%3d%2cipAddress%3d%2creferrer%3d%2cuserAgent%3d%2curl%3dhttps%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech%2cpageRequestId%3d144682854&url=https%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech&type=PostViewRecommendedPosts&pageRequestId=144682854
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/Scripts/Plugins/jquery-3.6.0.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.28.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-28-190.compute-1.amazonaws.com
Software
/
Resource Hash
d06ce0aef18604713baacff3445a8488e00375aa59520ad9946f31110159a47a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech

Response headers

date
Thu, 30 Dec 2021 22:21:11 GMT
content-type
text/html; charset=utf-8
content-length
423
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-encoding
gzip
expires
-1
vary
Content-Encoding
strict-transport-security
max-age=31536000
referrer-policy
no-referrer-when-downgrade
permissions-policy
x-content-type-options
nosniff
settings
syndication.twitter.com/ Frame 40B0 		233 B
448 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=463e093ee98e5686ee8682cd5a5236df58747029
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Finsight-jp.nttsecurity.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.136 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_m /
Resource Hash
2816082c025f64540b613fde3096d814ae21ac75279461ec1d6bcb5c07099fdd
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-response-time
99
date
Thu, 30 Dec 2021 22:21:11 GMT
content-encoding
gzip
last-modified
Thu, 30 Dec 2021 22:21:11 GMT
server
tsa_m
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
c1b9bf33460c1b71b37e0168edff44dd27bd85eed930c58eac03315eca4952bb
content-length
167
ClientWebAPI_Message
d14tqcyg1o920w.cloudfront.net/bundles/ Frame 5268 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d14tqcyg1o920w.cloudfront.net/bundles/ClientWebAPI_Message?v=FXz7vj-zB0bwXbN5ax8dz98T-0FH0bWW01vxaoeC0441
Requested by
Host: www.passle.net
URL: https://www.passle.net/ClientWebAPIStatistics/LogPageRequestAndPostViews?c=Passle&a=PostView&passleId=102f18u&userId=&wallPostIds=102hez7%2c102heu4%2c102heu3%2c102hes5%2c102hes6%2c102heu1%2c102hekj%2c102h7t6%2c102h5av%2c102gm2e&userAgent=Mozilla%2f5.0+(Windows+NT+10.0%3b+Win64%3b+x64)+AppleWebKit%2f537.36+(KHTML%2c+like+Gecko)+Chrome%2f96.0.4664.93+Safari%2f537.36&referrer=https%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech&ipAddress=45.87.213.61&parameterString=passleShortcode%3d102f18u%2cuserShortcode%3d%2cpostShortcodes%3dSystem.String%5b%5d%2cpostViewType%3dPostViewRecommendedPosts%2caction%3d_LogPageRequestAndPostViews%2ccontroller%3dStatistics%2cparameterString%3d%2cipAddress%3d%2creferrer%3d%2cuserAgent%3d%2curl%3dhttps%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech%2cpageRequestId%3d144682854&url=https%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech&type=PostViewRecommendedPosts&pageRequestId=144682854
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
65.9.29.149 Altamonte Springs, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-29-149.nrt12.r.cloudfront.net
Software
/
Resource Hash
3f83be1935a777e601319c48a117546e2f073a9ab4233b465446e2069d6469bb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.passle.net/ClientWebAPIStatistics/LogPageRequestAndPostViews?c=Passle&a=PostView&passleId=102f18u&userId=&wallPostIds=102hez7%2c102heu4%2c102heu3%2c102hes5%2c102hes6%2c102heu1%2c102hekj%2c102h7t6%2c102h5av%2c102gm2e&userAgent=Mozilla%2f5.0+(Windows+NT+10.0%3b+Win64%3b+x64)+AppleWebKit%2f537.36+(KHTML%2c+like+Gecko)+Chrome%2f96.0.4664.93+Safari%2f537.36&referrer=https%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech&ipAddress=45.87.213.61&parameterString=passleShortcode%3d102f18u%2cuserShortcode%3d%2cpostShortcodes%3dSystem.String%5b%5d%2cpostViewType%3dPostViewRecommendedPosts%2caction%3d_LogPageRequestAndPostViews%2ccontroller%3dStatistics%2cparameterString%3d%2cipAddress%3d%2creferrer%3d%2cuserAgent%3d%2curl%3dhttps%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech%2cpageRequestId%3d144682854&url=https%3a%2f%2finsight-jp.nttsecurity.com%2fpost%2f102hf3q%2fflagpro-the-new-malware-used-by-blacktech&type=PostViewRecommendedPosts&pageRequestId=144682854
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Sat, 18 Dec 2021 11:13:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sat, 18 Dec 2021 11:13:42 GMT
Age
1076849
X-Cache
Hit from cloudfront
Content-Type
text/javascript; charset=utf-8
Via
1.1 a018f45f18ec9558f7e1e2440b769071.cloudfront.net (CloudFront)
Expires
Sun, 18 Dec 2022 11:13:42 GMT
Cache-Control
public, no-cache="Set-Cookie"
X-Amz-Cf-Pop
NRT12-C5
Content-Length
33642
X-Amz-Cf-Id
YGoRbGCDsWI3juZp7ICqCuD6Y1rlU-sC3xsE1-YYfkbs5TL8d6IntA==
Connection
keep-alive
/
seal.digicert.com/seals/cascade/ 		156 B
559 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://seal.digicert.com/seals/cascade/?tag=b5hUwoL8&referer=insight-jp.nttsecurity.com&format=png&lang=en&seal_number=10&seal_size=m&an=min
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.251.181.147 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-251-181-147.ap-southeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b59e7157ff0b8386571755f6679701a319ce834970a33fcf9e2cfcd6484b356b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 30 Dec 2021 22:21:12 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 30 Dec 2021 22:21:11 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Cache-Control
max-age=7776000
Connection
keep-alive
Content-Length
156
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Wed, 30 Mar 2022 22:21:12 GMT
CookieControlCSS
dukb55syzud3u.cloudfront.net/PluginBundles/v1.2/css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/PluginBundles/v1.2/css/CookieControlCSS?v=9bvUxe7zl9tPWjH1gNIJ4o1-6dSExRJxYbcgO0VgM4M1
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/Scripts/Plugins/jquery-3.6.0.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
b983d8ef123afb6e666f0db61eb3d39291cc29ea0f68ef37b19bb3846ee8bc02
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Wed, 10 Nov 2021 22:39:18 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 10 Nov 2021 22:39:18 GMT
Age
4318914
X-Cache
Hit from cloudfront
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
*
Expires
Thu, 10 Nov 2022 22:39:18 GMT
Cache-Control
public, no-cache="Set-Cookie"
X-Amz-Cf-Pop
NRT12-C4
Content-Length
1172
Via
1.1 c05dec9a527cd8a0ac0f0f7dcb230ae9.cloudfront.net (CloudFront)
X-Amz-Cf-Id
g0EClhI6Jwo7uEzyE63CKXuJRJRwHB7TSpiLVQKrWgkFyby3VD17qg==
Connection
keep-alive
GetCookieOptionExpiryDays
www.passle.net/ClientWebAPIAccount/ 		4 B
499 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.passle.net/ClientWebAPIAccount/GetCookieOptionExpiryDays?passleId=102f18u&_=1640902870424
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/Scripts/Plugins/jquery-3.6.0.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.213.28.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-213-28-190.compute-1.amazonaws.com
Software
/
Resource Hash
40510175845988f13f6162ed8526f0b09f73384467fa855e1e79b44a56562a58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 30 Dec 2021 22:21:12 GMT
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
private
permissions-policy
content-length
4
x-content-type-options
nosniff
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M5DDHT6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:81e::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
1626
date
Thu, 30 Dec 2021 21:54:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 30 Dec 2021 23:54:06 GMT
open-sans-v15-latin-600.woff2
dukb55syzud3u.cloudfront.net/Content/webfonts/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/Content/webfonts/open-sans-v15-latin-600.woff2
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/PluginBundles/v1.2/css/CookieControlCSS?v=9bvUxe7zl9tPWjH1gNIJ4o1-6dSExRJxYbcgO0VgM4M1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
d61b45b8b3cded238a65ee0aac4043b989f11cee56acfe5c889777f961f241a2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://dukb55syzud3u.cloudfront.net/PluginBundles/v1.2/css/CookieControlCSS?v=9bvUxe7zl9tPWjH1gNIJ4o1-6dSExRJxYbcgO0VgM4M1
Origin
https://insight-jp.nttsecurity.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 11 Nov 2021 21:12:47 GMT
Via
1.1 a1d8364db7c309ed2893b4b3eb6b4ebc.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Last-Modified
Fri, 05 Nov 2021 09:08:28 GMT
Age
4237704
ETag
"0ce22b224d2d71:0"
X-Cache
Hit from cloudfront
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=31536000
X-Amz-Cf-Pop
NRT12-C4
Accept-Ranges
bytes
Content-Length
14544
X-Amz-Cf-Id
McBBAtAmUQnEo8dVhJgi1sRWSwQhYmhUUVQysa0IMgqfun129Hp5Zw==
Connection
keep-alive
open-sans-v15-latin-regular.woff2
dukb55syzud3u.cloudfront.net/Content/webfonts/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://dukb55syzud3u.cloudfront.net/Content/webfonts/open-sans-v15-latin-regular.woff2
Requested by
Host: dukb55syzud3u.cloudfront.net
URL: https://dukb55syzud3u.cloudfront.net/PluginBundles/v1.2/css/CookieControlCSS?v=9bvUxe7zl9tPWjH1gNIJ4o1-6dSExRJxYbcgO0VgM4M1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.163.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-163-40.nrt12.r.cloudfront.net
Software
/
Resource Hash
3b98b0dc3bed9d40f43e64adba5de47c76895338a96f0a5a314676cd6287eca9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://dukb55syzud3u.cloudfront.net/PluginBundles/v1.2/css/CookieControlCSS?v=9bvUxe7zl9tPWjH1gNIJ4o1-6dSExRJxYbcgO0VgM4M1
Origin
https://insight-jp.nttsecurity.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 11 Nov 2021 12:40:13 GMT
Via
1.1 3f51d1d2797ea1f0c9e6fe6c5804e982.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Last-Modified
Fri, 05 Nov 2021 09:08:28 GMT
Age
4268458
ETag
"0ce22b224d2d71:0"
X-Cache
Hit from cloudfront
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=31536000
X-Amz-Cf-Pop
NRT12-C4
Accept-Ranges
bytes
Content-Length
14048
X-Amz-Cf-Id
OzLLW5vn-FaLUygOBpJ0RSK5AYeaCB_fgcSVhrrpOgPLDLS3itTWuA==
Connection
keep-alive
collect
www.google-analytics.com/j/ 		2 B
214 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1615207470&t=pageview&_s=1&dl=https%3A%2F%2Finsight-jp.nttsecurity.com%2Fpost%2F102hf3q%2Fflagpro-the-new-malware-used-by-blacktech&ul=en-us&de=UTF-8&dt=Flagpro%3A%20The%20new%20malware%20used%20by%20BlackTech%2C%20Hiroki%20Hada&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=518545594&gjid=212789988&cid=1525576276.1640902872&tid=UA-35515402-1&_gid=768814406.1640902872&_r=1&gtm=2wgc10M5DDHT6&z=687674658
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:81e::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 22:21:12 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://insight-jp.nttsecurity.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		7 B
452 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-35515402-1&cid=1525576276.1640902872&jid=518545594&gjid=212789988&_gid=768814406.1640902872&_u=YEBAAEAAAAAAAC~&z=515048474
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4008:c15::9a Taipei, Taiwan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2bd7a2c113455cb6a015b33188207c2f7f5b5e7c584ce1ea4f8b0a1e990da133
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 30 Dec 2021 22:21:12 GMT
content-type
text/plain
access-control-allow-origin
https://insight-jp.nttsecurity.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35515402-1&cid=1525576276.1640902872&jid=518545594&_u=YEBAAEAAAAAAAC~&z=478352413
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:824::2004 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 22:21:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.co.jp/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.co.jp/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-35515402-1&cid=1525576276.1640902872&jid=518545594&_u=YEBAAEAAAAAAAC~&z=478352413
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:81c::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 30 Dec 2021 22:21:12 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| dataLayer object| google_tag_manager object| __dcid function| $ function| jQuery object| PassleCookieControlPlugin number| d function| pcMinHeight object| Environment object| PassleEnvironmentConfig object| Passel object| ClientSideEventAction object| ClientSideEventCategory object| PassleFunctions object| ClientWebFunctions object| AjaxFunctions object| CWAjaxFunctions object| SessionStorage function| Page function| Component object| PassleEvents object| PassleGlobalEvents function| __extends object| EventTracking object| ClientWebEvents object| MediaPlayer function| CurrentUser function| UserPassle function| PostViewType object| PassleWebFunctions object| GlobalEvents object| GlobalDeferred function| ModalComponent object| EmbeddedViewModalType function| EmbeddedViewModalComponent function| ISTATOYModalComponent function| LikeModalComponent object| MessageModalType function| MessageModalComponent function| ActionResultMessageModalComponent function| ShareButtons function| ISTATOYButton function| FragmentAction function| ProcessUrlFragment object| SuggestionType function| AutosuggestComponent function| PassleHeader function| FollowButton function| LikeButton function| RepostButton function| PrintButton function| PreviewBar function| OverlayMessage function| PostFooter function| ShareURLs function| FetchShareCounts function| TwitterWidgets function| PostView object| postView function| PortholeClass object| Porthole function| _ function| Spinner function| autosize object| core object| __core-js_shared__ function| setImmediate function| clearImmediate object| rmpGlobals function| RadiantMP function| FuckAdBlock object| fuckAdBlock object| Penpal object| twttr object| __twttrll object| __twttr object| CookieControlMode object| CookieControlStatus function| ControlCookie function| PassleCookieControl object| passleCookieControl function| Cookies object| __Cascade string| prop object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData

6 Cookies

Domain/Path Name / Value
.passle.net/ Name: .PassleASPXANONYMOUS
Value: Slgefm472gEkAAAAYTk2NDlkNjktYWQ3My00MWZlLThkMGUtM2QzZTUzNzgwZjNkg9uU3HaDuO_DBGK7TTP6mtklCtItl2BvJ-vu0I0RqI41
.passle.net/ Name: PassleSessionCookie.2
Value: beyr2lllgvdnwgvo2rrz4kqv
.nttsecurity.com/ Name: _ga
Value: GA1.2.1525576276.1640902872
.nttsecurity.com/ Name: _gid
Value: GA1.2.768814406.1640902872
.nttsecurity.com/ Name: _gat_UA-35515402-1
Value: 1
insight-jp.nttsecurity.com/ Name: passleCookieControl
Value: {}

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src blob: 'self' *; connect-src 'self' *; script-src blob: * 'unsafe-inline'; style-src * 'unsafe-inline'; font-src data: *; img-src data: *; media-src blob: *; frame-src *; object-src data: *; frame-ancestors 'self' *
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

clientapi.passle.net
d14tqcyg1o920w.cloudfront.net
dukb55syzud3u.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
images.passle.net
insight-jp.nttsecurity.com
passle-net.s3.amazonaws.com
platform.twitter.com
sdk.passle.net
seal.digicert.com
stats.g.doubleclick.net
syndication.twitter.com
www.google-analytics.com
www.google.co.jp
www.google.com
www.googletagmanager.com
www.passle.net
104.244.42.136
13.225.163.40
13.249.171.53
13.251.181.147
18.213.28.190
2404:6800:4004:812::2003
2404:6800:4004:818::200a
2404:6800:4004:81c::2003
2404:6800:4004:81e::200e
2404:6800:4004:824::2004
2404:6800:4004:824::2008
2404:6800:4008:c15::9a
2600:9000:2066:800:12:c58f:700:93a1
2606:2800:248:2f:1d8a:787:dc7:17df
52.211.110.78
52.217.38.100
65.9.29.149
0033ae4c865a58c9c7acdca2552b7f86f916e823e136b2886acff7fe1ed04ead
017c13e601ae3312e9454deff02d167778a104ab88562b7c81546b7ef452314b
072d42efdd705d88b2e0f6934416234f8e7492869bd9839f6e1b8a622a1a74aa
0b925c0eb6211bc3bced23ab2531a505c9a36c43b727a7d572c9b67fee3d1d92
1e29ee59956954132ccacb278a8def1efee13a101180e037d19166b09e099823
202cb74abdd5d8d5e34734130053df492aeb3d7b3d7d35acdaf611e68c929ad9
22b7ed168b771a18b11e2960be5c86e1a509869cb640c6468e8348b35145b7cb
277b0281ce8610bb77c2a8332c8544d26fa6ae6c6a29dd9418a3805d92a6ac14
2816082c025f64540b613fde3096d814ae21ac75279461ec1d6bcb5c07099fdd
29db8e7ba7a6504d43d59479cdd532a33c9b7b23ddba46d8ed6df7b8a3e3ac1b
2a2399d510fe0bb91bf136a84c8f186c5bd3a57a2aac94a39bf167850588717f
2bd7a2c113455cb6a015b33188207c2f7f5b5e7c584ce1ea4f8b0a1e990da133
3525057c689a6f2086e394d52fb0c8aedc93fd312590f137227b2816312c7903
3b98b0dc3bed9d40f43e64adba5de47c76895338a96f0a5a314676cd6287eca9
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
3f83be1935a777e601319c48a117546e2f073a9ab4233b465446e2069d6469bb
40510175845988f13f6162ed8526f0b09f73384467fa855e1e79b44a56562a58
423218df078af4e98bf4e548cb0b155c6301475dadb00e7baec851cde01a05e5
482994b911cc3e869aa8ace6d9932d67b68de83ea2885207ce165ff04c38d7bc
485ef94c52a4c62277533950ca70e9c4b13f97eed65cc868b22bd8c37e3ada11
4a0a7b8482af5b81807d70c0fa32ac734e559d6617e2b451881400fe7ae9e5e0
4a25c639e50c20616ec5456d8a1177567f58602632a73e2bdca94bee8f0c5ded
4c4bbc02e81d127c9627070a89a7cc6b8566a43ba3bf49045c9fbd98ce683e37
4e4081affc9cb302bd2ca517491ff764a7030017bf7bde06b7ee04a7b9b81a90
4f15834b91142a2935fb69ac95c80cbb12f5c8ed5617ee2bd77a0e03170b3255
5278c0f6063ca9ad85653b18a2ddf1aa57e3ab40b7973a69b09acf859db8264d
58f76b0b684536fbea8ae9ae7177607e81a261407916e9a86e063b02948e9adc
5938920f0969ad865aab7212d9b4e1a645d2cd894a406d1ae1dcf09f10033175
5ba822854d2f114b152606a4987391d7e001096f6f31d3bd44f4d75106e9a3f1
681e0e85af42892423a5d48285751090998485f185231bfa18049bea988649b7
68f9507178bd65e092cfd216932ccf329ae7bc562fe98c486670c0cb95481874
7fa269bb987d8f356aa1206199e8b9890caa5c50d49cdfe939d282671a312988
833b4eddfde8ca98dfd74d3dad7173df3b5597dd2f52eec622f513b86d5e5183
85e4abed1b55b740c3185df7dfe4022596baed39d7a17d3694ccd6debeac90b1
878796facbcbeadeddda79c14175bb3967519b61d1db46ae49a36b5dc84e5dd9
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
97719c71e44494e537beba8d51c6bb268a34dcd867fdefc431229225ca734b46
99ef9e4e3d66f23351f1f60d746ce04595f1d5f994f9d24a7ba5a5cabb4b4604
9acd54935c93cde0ccf421dc8ccd162a7611e9dfac47153d175269ff9a4c962e
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
b0662a7cc0f20e7e7fc7549ba19773d5ef42514dd2540ab2c64aab62fb447c32
b130bfa30348b13d24787fc419c69dc7a5dc6593da4615290892469572e52d7c
b27939df76b26df455c3805f3f9ef124175e28623b01648b1f2603c29d27d304
b59e7157ff0b8386571755f6679701a319ce834970a33fcf9e2cfcd6484b356b
b59f25735b6ca320176b328543ea72bcd0180c6d37c7754d893ffbeff76db864
b983d8ef123afb6e666f0db61eb3d39291cc29ea0f68ef37b19bb3846ee8bc02
bfad9dead401944b519644e72fdc8dbc4af9fce91597809ca5e6982b65d8becb
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c76ecde882683257c04a78b15be4ef216466392016834bfbcbb651d739827a25
c89d53eb98a161f0cf584271f7e8de53eec5f06464b9682798c83f63e66807db
d06ce0aef18604713baacff3445a8488e00375aa59520ad9946f31110159a47a
d61b45b8b3cded238a65ee0aac4043b989f11cee56acfe5c889777f961f241a2
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de892d3a73e5bef595bef59b704b1f2f4ad6ed1b8f1090772e4f16a5109ae489
df71b16d79e88753e490a36cc39cc78e0459a4bc7abe8a75c845f783217bb10c
e7de3b4b49089f8cdd8267eda652f35806cb2b70f7c5cec0351f6d129263e52b
ee05256d7a3ca866c7225cf43ac303c2743735399e4b5d45b6d448351fe5a95c
ef04a65e11621f44d93776c460c557168f7f084b51381488a883566f95ddfc98
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fa754664154e14f720b3d37b0a79a2c405a7d963477efdc520918db27a9b79ae