krebsonsecurity.com
Open in
urlscan Pro
130.211.45.45
Public Scan
Effective URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medi...
Submission: On September 29 via api from SA — Scanned from DE
Summary
TLS certificate: Issued by WR3 on August 16th 2024. Valid for: 3 months.
This is the only time krebsonsecurity.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 205.162.42.171 205.162.42.171 | 53866 (QTS-AS) (QTS-AS) | |
28 | 130.211.45.45 130.211.45.45 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 | 2a00:1450:400... 2a00:1450:4001:806::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 2a00:1450:400... 2a00:1450:4001:82b::2003 | 15169 (GOOGLE) (GOOGLE) | |
32 | 3 |
ASN53866 (QTS-AS, US)
PTR: omeclk.com
packt.omeclk.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 45.45.211.130.bc.googleusercontent.com
krebsonsecurity.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
28 |
krebsonsecurity.com
krebsonsecurity.com — Cisco Umbrella Rank: 130106 |
869 KB |
3 |
gstatic.com
fonts.gstatic.com |
56 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46 |
1 KB |
1 |
omeclk.com
1 redirects
packt.omeclk.com |
445 B |
32 | 4 |
Domain | Requested by | |
---|---|---|
28 | krebsonsecurity.com |
krebsonsecurity.com
|
3 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
krebsonsecurity.com
|
1 | packt.omeclk.com | 1 redirects |
32 | 4 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
krebsonsecurity.com WR3 |
2024-08-16 - 2024-11-14 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-08-26 - 2024-11-18 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-08-26 - 2024-11-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Frame ID: 8D331C925844EA75F238564361357F87
Requests: 32 HTTP requests in this frame
Screenshot
Page Title
This Windows PowerShell Phish Has Scary Potential – Krebs on SecurityPage URL History Show full URLs
-
https://packt.omeclk.com/portal/wts/ug%5EcnN2c7qecEaE%7Cm%7Cs8zAa8eE8zmq4rhkrt7yCrCka
HTTP 302
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro... Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
- /wp-(?:content|includes)/
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery Migrate (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Page Statistics
15 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: an analysis
Search URL Search Domain Scan URL
Title: Hausudj
Search URL Search Domain Scan URL
Title: https://youtu.be/lSa_wHW1pgQ
Search URL Search Domain Scan URL
Title: Catwhisperer
Search URL Search Domain Scan URL
Title: https://www.windowscentral.com/how-disable-powershell-windows-10
Search URL Search Domain Scan URL
Title: https://github.com/hardentools/hardentools
Search URL Search Domain Scan URL
Title: https://www.vmray.com/analyses/_mb/91f03b0ae9dc/report/overview.html
Search URL Search Domain Scan URL
Title: https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
Search URL Search Domain Scan URL
Title: Mark Berry
Search URL Search Domain Scan URL
Title: Ray
Search URL Search Domain Scan URL
Title: Mastodon
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://packt.omeclk.com/portal/wts/ug%5EcnN2c7qecEaE%7Cm%7Cs8zAa8eE8zmq4rhkrt7yCrCka
HTTP 302
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
32 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/ Redirect Chain
|
115 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
colorbox.css
krebsonsecurity.com/wp-content/plugins/jquery-lightbox-for-native-galleries/colorbox/theme1/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.min.css
krebsonsecurity.com/wp-includes/css/dist/block-library/ |
95 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
classic-themes.min.css
krebsonsecurity.com/wp-includes/css/ |
291 B 331 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
krebsonsecurity.com/wp-content/plugins/contact-form-7/includes/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
krebsonsecurity.com/wp-content/themes/kos-mar2021/ |
50 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.css
krebsonsecurity.com/wp-content/themes/kos-mar2021/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
krebsonsecurity.com/wp-content/themes/kos-mar2021/fonts/ |
28 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
6 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
krebsonsecurity.com/wp-includes/js/jquery/ |
88 KB 30 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-migrate.min.js
krebsonsecurity.com/wp-includes/js/jquery/ |
13 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.colorbox-min.js
krebsonsecurity.com/wp-content/plugins/jquery-lightbox-for-native-galleries/colorbox/ |
9 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jspullquotes-core.css
krebsonsecurity.com/wp-content/plugins/jspullquotes/resources/ |
1 KB 563 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jspullquotes-default.css
krebsonsecurity.com/wp-content/plugins/jspullquotes/resources/ |
690 B 436 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jspullquotes.js
krebsonsecurity.com/wp-content/plugins/jspullquotes/resources/ |
6 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.jpg
krebsonsecurity.com/b-enzoic/ |
34 KB 34 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
22.jpg
krebsonsecurity.com/b-mandiant/ |
141 KB 141 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
kos-27-03-2021.jpg
krebsonsecurity.com/wp-content/uploads/2021/03/ |
82 KB 82 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
powerphish.png
krebsonsecurity.com/wp-content/uploads/2024/09/ |
54 KB 54 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2.jpg
krebsonsecurity.com/b-enzoic/ |
28 KB 28 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
comment-reply.min.js
krebsonsecurity.com/wp-includes/js/ |
3 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
slicknav.js
krebsonsecurity.com/wp-content/themes/kos-mar2021/js/ |
17 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
akismet-frontend.js
krebsonsecurity.com/wp-content/plugins/akismet/_inc/ |
11 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
wp-emoji-release.min.js
krebsonsecurity.com/wp-includes/js/ |
18 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v32/ |
20 KB 20 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fontawesome-webfont.woff2
krebsonsecurity.com/wp-content/themes/kos-mar2021/fonts/ |
70 KB 70 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
verifyhuman.png
krebsonsecurity.com/wp-content/uploads/2024/09/ |
32 KB 32 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
githubscanner.png
krebsonsecurity.com/wp-content/uploads/2024/09/ |
51 KB 51 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
computered-580x389.png
krebsonsecurity.com/wp-content/uploads/2017/06/ |
262 KB 262 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
krebsonsecurity.com/ |
318 B 337 B |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| _wpemojiSettings function| jQuery object| pullquote function| pullQuoteOpts object| arrOptions object| addComment object| twemoji object| wp0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
krebsonsecurity.com
packt.omeclk.com
130.211.45.45
205.162.42.171
2a00:1450:4001:806::200a
2a00:1450:4001:82b::2003
1405863ed52d1ca5470d58d5291fe3c0bd4d074695f3cb13df28f849c64cfcc6
2c54169774031a3d5a8f8dde4ca21ea6c03663ff49fe4fe71bec3a908a7c5a4a
36c0d84358f7ed972ad8193537a327f2f1520e47167c8f5d0905842ef87b46c7
380898d885217510b4ed6a45cf0cf6aea3eeb80a8109b7b7e7af4ec903444c48
3e3262f2512450ef6a111056c651119fa8bc19ee11e600e020e3411bc97847a6
43047bd4f6ab610ff9055e3dd29d2cf70d3fd54bc7987f52d9a6c52fffc011f1
47d217e2b7354090c7bcdc5fa1984e8174d3556c04f421483a15bbd63a4129fe
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
54f294873f35180bb43c2d86bfff562195e700d181e3deecacc3232f3cf9b1e2
5bcedb4abbae46e964eb48939f52352eb8dae2b066927ccd42de4642f65b92c8
616b37bc7bd1b2514f27a81cd2703a053cdf81d6ac098ee3298e963bc822de23
6bc5622bfab1a16855ad49b99a3f9ed8eb24f49da469a113f9000b866f109e2e
6f005368978df37b680de2dc8a22007a600378ba5568a573432a3fdeb8bdb674
7230962e2d5ebb19ff26bf245571be5a3084297a21595996fdce01a51dfee6ae
77f4202b0dd725b625864c4325ed26291ad5eb1adea7bc11b9c3d1c9f5da7511
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
88f329c4d378aae40c4cdaef09eaf43f1a01d356da427e9acb0c2527b03c8574
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
8a7d024a35f5ef90cc5b7d1ae106dfb5d7202aa7ff27fbee01569747e87ba25f
8e94465ec4b80a65c45b05ff54e25ad24aa5fac2790df9eee050e5d8a1e58c61
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
a6760631fecfe59ed152aeb2c51fdcb515ac00cd4755449016b5b34813735d00
ab21762c3f447aa08cbefd5ea3866165f925bd5058a9ae19e23721462de6fb60
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
d3ed930bffbc2adbc25f5563f1592629e94dc740cc64244676a18412bbd26f68
d50a136550930c635fc6cd8492c2775b994e63ad39583425a6c865a8740030cd
d813f437bbfbafef2652feda67788f6e5b48aebb6f60ca976d89a506a9156534
da482890b20fb4687125256abaa522d0a4641b158bb3b9ca566566e8865aba1c
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789