urlscan.io logo urlscan.io
SecurityTrails logo

krebsonsecurity.com Open in urlscan Pro
130.211.45.45  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://packt.omeclk.com/portal/wts/ug^cnN2c7qecEaE|m|s8zAa8eE8zmq4rhkrt7yCrCka
Effective URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medi...
Submission: On September 29 via api from SA — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 32 HTTP transactions. The main IP is 130.211.45.45, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is krebsonsecurity.com. The Cisco Umbrella rank of the primary domain is 130106.
TLS certificate: Issued by WR3 on August 16th 2024. Valid for: 3 months.
This is the only time krebsonsecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 205.162.42.171 53866 (QTS-AS)
28 130.211.45.45 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
32 3
Apex Domain
Subdomains		 Transfer
28 krebsonsecurity.com
krebsonsecurity.com — Cisco Umbrella Rank: 130106
869 KB
3 gstatic.com
fonts.gstatic.com
56 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
1 KB
1 omeclk.com
packt.omeclk.com
445 B
32 4
Domain Requested by
28 krebsonsecurity.com krebsonsecurity.com
3 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com krebsonsecurity.com
1 packt.omeclk.com 1 redirects
32 4
Subject Issuer Validity Valid
krebsonsecurity.com
WR3		 2024-08-16 -
2024-11-14		 3 months crt.sh
upload.video.google.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.gstatic.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Frame ID: 8D331C925844EA75F238564361357F87
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

This Windows PowerShell Phish Has Scary Potential – Krebs on Security

Page URL History Show full URLs

  1. https://packt.omeclk.com/portal/wts/ug%5EcnN2c7qecEaE%7Cm%7Cs8zAa8eE8zmq4rhkrt7yCrCka HTTP 302
    https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

32
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

926 kB
Transfer

1286 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://packt.omeclk.com/portal/wts/ug%5EcnN2c7qecEaE%7Cm%7Cs8zAa8eE8zmq4rhkrt7yCrCka HTTP 302
    https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

32 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/
Redirect Chain
  • https://packt.omeclk.com/portal/wts/ug%5EcnN2c7qecEaE%7Cm%7Cs8zAa8eE8zmq4rhkrt7yCrCka
  • https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A...
115 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
380898d885217510b4ed6a45cf0cf6aea3eeb80a8109b7b7e7af4ec903444c48

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
max-age=301,public
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 29 Sep 2024 10:42:47 GMT
last-modified
Sun, 29 Sep 2024 10:42:47 GMT
link
<https://krebsonsecurity.com/wp-json/>; rel="https://api.w.org/", <https://krebsonsecurity.com/wp-json/wp/v2/posts/68849>; rel="alternate"; type="application/json", <https://krebsonsecurity.com/?p=68849>; rel=shortlink
pragma
public
referrer-policy
no-referrer-when-downgrade
server
nginx
vary
Accept-Encoding
via
1.1 google
x-cache-status
MISS

Redirect headers

Connection
close
Content-Length
0
Date
Sun, 29 Sep 2024 10:42:46 GMT
Keep-Alive
timeout=5
Location
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Server
Apache
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
colorbox.css
krebsonsecurity.com/wp-content/plugins/jquery-lightbox-for-native-galleries/colorbox/theme1/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-content/plugins/jquery-lightbox-for-native-galleries/colorbox/theme1/colorbox.css?ver=1.3.14
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
8a7d024a35f5ef90cc5b7d1ae106dfb5d7202aa7ff27fbee01569747e87ba25f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=864000,public,public
content-encoding
gzip
pragma
public
age
243813
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1292
date
Thu, 26 Sep 2024 14:59:14 GMT
content-type
text/css
server
nginx
style.min.css
krebsonsecurity.com/wp-includes/css/dist/block-library/ 		95 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-includes/css/dist/block-library/style.min.css?ver=6.2.2
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=10000,public
content-encoding
gzip
pragma
public
age
8057
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12736
date
Sun, 29 Sep 2024 08:28:30 GMT
last-modified
Sun, 02 Apr 2023 15:56:57 GMT
content-type
text/css
server
nginx
vary
Accept-Encoding
classic-themes.min.css
krebsonsecurity.com/wp-includes/css/ 		291 B
331 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-includes/css/classic-themes.min.css?ver=6.2.2
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=10000,public
content-encoding
gzip
pragma
public
age
8057
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
210
date
Sun, 29 Sep 2024 08:28:30 GMT
last-modified
Sun, 02 Apr 2023 15:56:57 GMT
content-type
text/css
server
nginx
vary
Accept-Encoding
styles.css
krebsonsecurity.com/wp-content/plugins/contact-form-7/includes/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8.2
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
ab21762c3f447aa08cbefd5ea3866165f925bd5058a9ae19e23721462de6fb60

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=864000,public,public
content-encoding
gzip
pragma
public
age
243812
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1004
date
Thu, 26 Sep 2024 14:59:15 GMT
content-type
text/css
server
nginx
style.css
krebsonsecurity.com/wp-content/themes/kos-mar2021/ 		50 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-content/themes/kos-mar2021/style.css?subver=1.2&ver=6.2.2
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
36c0d84358f7ed972ad8193537a327f2f1520e47167c8f5d0905842ef87b46c7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=864000,public,public
content-encoding
gzip
pragma
public
age
243812
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11054
date
Thu, 26 Sep 2024 14:59:15 GMT
content-type
text/css
server
nginx
custom.css
krebsonsecurity.com/wp-content/themes/kos-mar2021/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-content/themes/kos-mar2021/custom.css?subver=1.2&ver=6.2.2
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
47d217e2b7354090c7bcdc5fa1984e8174d3556c04f421483a15bbd63a4129fe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=864000,public,public
content-encoding
gzip
pragma
public
age
243680
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1106
date
Thu, 26 Sep 2024 15:01:27 GMT
content-type
text/css
server
nginx
font-awesome.min.css
krebsonsecurity.com/wp-content/themes/kos-mar2021/fonts/ 		28 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-content/themes/kos-mar2021/fonts/font-awesome.min.css?ver=6.2.2
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
6f005368978df37b680de2dc8a22007a600378ba5568a573432a3fdeb8bdb674

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=864000,public,public
content-encoding
gzip
pragma
public
age
243680
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6666
date
Thu, 26 Sep 2024 15:01:27 GMT
content-type
text/css
server
nginx
css
fonts.googleapis.com/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3Aregular%2Citalic%2C500%26subset%3Dlatin%2C
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8e94465ec4b80a65c45b05ff54e25ad24aa5fac2790df9eee050e5d8a1e58c61
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 29 Sep 2024 10:42:47 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 29 Sep 2024 10:42:47 GMT
content-type
text/css; charset=utf-8
last-modified
Sun, 29 Sep 2024 10:42:47 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
jquery.min.js
krebsonsecurity.com/wp-includes/js/jquery/ 		88 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=10000,public
content-encoding
gzip
pragma
public
age
7238
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31049
date
Sun, 29 Sep 2024 08:42:09 GMT
last-modified
Sun, 02 Apr 2023 15:56:57 GMT
content-type
application/x-javascript
server
nginx
vary
Accept-Encoding
jquery-migrate.min.js
krebsonsecurity.com/wp-includes/js/jquery/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=10000,public
content-encoding
gzip
pragma
public
age
7238
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4795
date
Sun, 29 Sep 2024 08:42:09 GMT
last-modified
Sun, 02 Apr 2023 15:56:57 GMT
content-type
application/x-javascript
server
nginx
vary
Accept-Encoding
jquery.colorbox-min.js
krebsonsecurity.com/wp-content/plugins/jquery-lightbox-for-native-galleries/colorbox/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-content/plugins/jquery-lightbox-for-native-galleries/colorbox/jquery.colorbox-min.js?ver=1.3.14
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
616b37bc7bd1b2514f27a81cd2703a053cdf81d6ac098ee3298e963bc822de23

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=864000,public,public
content-encoding
gzip
pragma
public
age
243680
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4060
date
Thu, 26 Sep 2024 15:01:27 GMT
content-type
application/x-javascript
server
nginx
jspullquotes-core.css
krebsonsecurity.com/wp-content/plugins/jspullquotes/resources/ 		1 KB
563 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-content/plugins/jspullquotes/resources/jspullquotes-core.css
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
d3ed930bffbc2adbc25f5563f1592629e94dc740cc64244676a18412bbd26f68

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=864000,public,public
content-encoding
gzip
pragma
public
age
243680
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
503
date
Thu, 26 Sep 2024 15:01:27 GMT
content-type
text/css
server
nginx
jspullquotes-default.css
krebsonsecurity.com/wp-content/plugins/jspullquotes/resources/ 		690 B
436 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-content/plugins/jspullquotes/resources/jspullquotes-default.css
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
54f294873f35180bb43c2d86bfff562195e700d181e3deecacc3232f3cf9b1e2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=864000,public,public
content-encoding
gzip
pragma
public
age
243680
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
376
date
Thu, 26 Sep 2024 15:01:27 GMT
content-type
text/css
server
nginx
jspullquotes.js
krebsonsecurity.com/wp-content/plugins/jspullquotes/resources/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-content/plugins/jspullquotes/resources/jspullquotes.js
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
d813f437bbfbafef2652feda67788f6e5b48aebb6f60ca976d89a506a9156534

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=864000,public,public
content-encoding
gzip
pragma
public
age
243680
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2232
date
Thu, 26 Sep 2024 15:01:27 GMT
content-type
application/x-javascript
server
nginx
1.jpg
krebsonsecurity.com/b-enzoic/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://krebsonsecurity.com/b-enzoic/1.jpg
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
7230962e2d5ebb19ff26bf245571be5a3084297a21595996fdce01a51dfee6ae

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
MISS
cache-control
private
referrer-policy
no-referrer-when-downgrade
via
1.1 google
expires
Sun, 29 Sep 2024 10:47:47 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
34755
date
Sun, 29 Sep 2024 10:42:47 GMT
content-type
image/jpeg
server
nginx
22.jpg
krebsonsecurity.com/b-mandiant/ 		141 KB
141 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://krebsonsecurity.com/b-mandiant/22.jpg
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
43047bd4f6ab610ff9055e3dd29d2cf70d3fd54bc7987f52d9a6c52fffc011f1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
MISS
cache-control
private
referrer-policy
no-referrer-when-downgrade
via
1.1 google
expires
Sun, 29 Sep 2024 10:47:47 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
144278
date
Sun, 29 Sep 2024 10:42:47 GMT
content-type
image/jpeg
server
nginx
kos-27-03-2021.jpg
krebsonsecurity.com/wp-content/uploads/2021/03/ 		82 KB
82 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://krebsonsecurity.com/wp-content/uploads/2021/03/kos-27-03-2021.jpg
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
77f4202b0dd725b625864c4325ed26291ad5eb1adea7bc11b9c3d1c9f5da7511

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

cache-control
public,max-age=8640000
etag
"6064ca32-14826"
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
84006
date
Sun, 29 Sep 2024 10:42:47 GMT
content-type
image/jpeg
last-modified
Wed, 31 Mar 2021 19:14:58 GMT
server
nginx
vary
Referer
powerphish.png
krebsonsecurity.com/wp-content/uploads/2024/09/ 		54 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://krebsonsecurity.com/wp-content/uploads/2024/09/powerphish.png
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
d50a136550930c635fc6cd8492c2775b994e63ad39583425a6c865a8740030cd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

cache-control
public,max-age=8640000
etag
"66ec4f55-d960"
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
55648
date
Sun, 29 Sep 2024 10:42:47 GMT
content-type
image/png
last-modified
Thu, 19 Sep 2024 16:20:37 GMT
server
nginx
vary
Referer
2.jpg
krebsonsecurity.com/b-enzoic/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://krebsonsecurity.com/b-enzoic/2.jpg
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
5bcedb4abbae46e964eb48939f52352eb8dae2b066927ccd42de4642f65b92c8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
MISS
cache-control
private
referrer-policy
no-referrer-when-downgrade
via
1.1 google
expires
Sun, 29 Sep 2024 10:47:47 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28804
date
Sun, 29 Sep 2024 10:42:47 GMT
content-type
image/jpeg
server
nginx
comment-reply.min.js
krebsonsecurity.com/wp-includes/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-includes/js/comment-reply.min.js?ver=6.2.2
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=10000,public
content-encoding
gzip
pragma
public
age
2793
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1351
date
Sun, 29 Sep 2024 09:56:14 GMT
last-modified
Thu, 20 Oct 2022 07:15:50 GMT
content-type
application/x-javascript
server
nginx
vary
Accept-Encoding
slicknav.js
krebsonsecurity.com/wp-content/themes/kos-mar2021/js/ 		17 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-content/themes/kos-mar2021/js/slicknav.js?ver=6.2.2
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
da482890b20fb4687125256abaa522d0a4641b158bb3b9ca566566e8865aba1c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=864000,public,public
content-encoding
gzip
pragma
public
age
243812
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4084
date
Thu, 26 Sep 2024 14:59:15 GMT
content-type
application/x-javascript
server
nginx
akismet-frontend.js
krebsonsecurity.com/wp-content/plugins/akismet/_inc/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1720677597
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
6bc5622bfab1a16855ad49b99a3f9ed8eb24f49da469a113f9000b866f109e2e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=864000,public,public
content-encoding
gzip
pragma
public
age
243811
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3293
date
Thu, 26 Sep 2024 14:59:16 GMT
content-type
application/x-javascript
server
nginx
wp-emoji-release.min.js
krebsonsecurity.com/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
max-age=10000,public
content-encoding
gzip
pragma
public
age
5456
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5039
date
Sun, 29 Sep 2024 09:11:51 GMT
last-modified
Sun, 02 Apr 2023 15:56:57 GMT
content-type
application/x-javascript
server
nginx
vary
Accept-Encoding
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3Aregular%2Citalic%2C500%26subset%3Dlatin%2C
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://krebsonsecurity.com
Referer
https://fonts.googleapis.com/

Response headers

age
301736
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Thu, 25 Sep 2025 22:53:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 25 Sep 2024 22:53:51 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18536
x-xss-protection
0
server
sffe
KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v32/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOkCnqEu92Fr1Mu51xIIzI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3Aregular%2Citalic%2C500%26subset%3Dlatin%2C
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6760631fecfe59ed152aeb2c51fdcb515ac00cd4755449016b5b34813735d00
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://krebsonsecurity.com
Referer
https://fonts.googleapis.com/

Response headers

age
259203
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Fri, 26 Sep 2025 10:42:44 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 26 Sep 2024 10:42:44 GMT
last-modified
Thu, 01 Aug 2024 20:41:23 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
20144
x-xss-protection
0
server
sffe
fontawesome-webfont.woff2
krebsonsecurity.com/wp-content/themes/kos-mar2021/fonts/ 		70 KB
70 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/wp-content/themes/kos-mar2021/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/wp-content/themes/kos-mar2021/fonts/font-awesome.min.css?ver=6.2.2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://krebsonsecurity.com
Referer
https://krebsonsecurity.com/wp-content/themes/kos-mar2021/fonts/font-awesome.min.css?ver=6.2.2

Response headers

x-cache-status
HIT
cache-control
max-age=864000,public
age
243811
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
71896
date
Thu, 26 Sep 2024 14:59:16 GMT
server
nginx
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3Aregular%2Citalic%2C500%26subset%3Dlatin%2C
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://krebsonsecurity.com
Referer
https://fonts.googleapis.com/

Response headers

age
271242
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Fri, 26 Sep 2025 07:22:05 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 26 Sep 2024 07:22:05 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18588
x-xss-protection
0
server
sffe
verifyhuman.png
krebsonsecurity.com/wp-content/uploads/2024/09/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://krebsonsecurity.com/wp-content/uploads/2024/09/verifyhuman.png
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
88f329c4d378aae40c4cdaef09eaf43f1a01d356da427e9acb0c2527b03c8574

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

cache-control
public,max-age=8640000
etag
"66ec4f49-8199"
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33177
date
Sun, 29 Sep 2024 10:42:47 GMT
content-type
image/png
last-modified
Thu, 19 Sep 2024 16:20:25 GMT
server
nginx
vary
Referer
githubscanner.png
krebsonsecurity.com/wp-content/uploads/2024/09/ 		51 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://krebsonsecurity.com/wp-content/uploads/2024/09/githubscanner.png
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
3e3262f2512450ef6a111056c651119fa8bc19ee11e600e020e3411bc97847a6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

cache-control
public,max-age=8640000
etag
"66ec4ed0-cb94"
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52116
date
Sun, 29 Sep 2024 10:42:47 GMT
content-type
image/png
last-modified
Thu, 19 Sep 2024 16:18:24 GMT
server
nginx
vary
Referer
computered-580x389.png
krebsonsecurity.com/wp-content/uploads/2017/06/ 		262 KB
262 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://krebsonsecurity.com/wp-content/uploads/2017/06/computered-580x389.png
Requested by
Host: krebsonsecurity.com
URL: https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
2c54169774031a3d5a8f8dde4ca21ea6c03663ff49fe4fe71bec3a908a7c5a4a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

cache-control
public,max-age=8640000
etag
"594bb8eb-4199b"
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
268699
date
Sun, 29 Sep 2024 10:42:47 GMT
content-type
image/png
last-modified
Thu, 22 Jun 2017 12:32:43 GMT
server
nginx
vary
Referer
favicon.ico
krebsonsecurity.com/ 		318 B
337 B 		Other
General
Check archive.org
Download Go to
Full URL
https://krebsonsecurity.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
130.211.45.45 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
45.45.211.130.bc.googleusercontent.com
Software
nginx /
Resource Hash
1405863ed52d1ca5470d58d5291fe3c0bd4d074695f3cb13df28f849c64cfcc6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/?utm_source=SecPro+Newsletter&utm_medium=email&utm_campaign=20240920&utm_content=1101878820-24&oly_enc_id=6800A3427478H8A

Response headers

x-cache-status
HIT
cache-control
public,max-age=31536000
age
243757
referrer-policy
no-referrer-when-downgrade
via
1.1 google
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
318
date
Thu, 26 Sep 2024 15:00:10 GMT
content-type
image/vnd.microsoft.icon
server
nginx

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _wpemojiSettings function| jQuery object| pullquote function| pullQuoteOpts object| arrOptions object| addComment object| twemoji object| wp

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
krebsonsecurity.com
packt.omeclk.com
130.211.45.45
205.162.42.171
2a00:1450:4001:806::200a
2a00:1450:4001:82b::2003
1405863ed52d1ca5470d58d5291fe3c0bd4d074695f3cb13df28f849c64cfcc6
2c54169774031a3d5a8f8dde4ca21ea6c03663ff49fe4fe71bec3a908a7c5a4a
36c0d84358f7ed972ad8193537a327f2f1520e47167c8f5d0905842ef87b46c7
380898d885217510b4ed6a45cf0cf6aea3eeb80a8109b7b7e7af4ec903444c48
3e3262f2512450ef6a111056c651119fa8bc19ee11e600e020e3411bc97847a6
43047bd4f6ab610ff9055e3dd29d2cf70d3fd54bc7987f52d9a6c52fffc011f1
47d217e2b7354090c7bcdc5fa1984e8174d3556c04f421483a15bbd63a4129fe
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
54f294873f35180bb43c2d86bfff562195e700d181e3deecacc3232f3cf9b1e2
5bcedb4abbae46e964eb48939f52352eb8dae2b066927ccd42de4642f65b92c8
616b37bc7bd1b2514f27a81cd2703a053cdf81d6ac098ee3298e963bc822de23
6bc5622bfab1a16855ad49b99a3f9ed8eb24f49da469a113f9000b866f109e2e
6f005368978df37b680de2dc8a22007a600378ba5568a573432a3fdeb8bdb674
7230962e2d5ebb19ff26bf245571be5a3084297a21595996fdce01a51dfee6ae
77f4202b0dd725b625864c4325ed26291ad5eb1adea7bc11b9c3d1c9f5da7511
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
88f329c4d378aae40c4cdaef09eaf43f1a01d356da427e9acb0c2527b03c8574
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
8a7d024a35f5ef90cc5b7d1ae106dfb5d7202aa7ff27fbee01569747e87ba25f
8e94465ec4b80a65c45b05ff54e25ad24aa5fac2790df9eee050e5d8a1e58c61
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
a6760631fecfe59ed152aeb2c51fdcb515ac00cd4755449016b5b34813735d00
ab21762c3f447aa08cbefd5ea3866165f925bd5058a9ae19e23721462de6fb60
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
d3ed930bffbc2adbc25f5563f1592629e94dc740cc64244676a18412bbd26f68
d50a136550930c635fc6cd8492c2775b994e63ad39583425a6c865a8740030cd
d813f437bbfbafef2652feda67788f6e5b48aebb6f60ca976d89a506a9156534
da482890b20fb4687125256abaa522d0a4641b158bb3b9ca566566e8865aba1c
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789