urlscan.io logo urlscan.io
SecurityTrails logo

powershellmagazine.com Open in urlscan Pro
185.199.109.153  Public Scan

Go To Rescan Add Verdict Report
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Submission: On October 04 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 2 countries across 12 domains to perform 38 HTTP transactions. The main IP is 185.199.109.153, located in San Francisco, United States and belongs to FASTLY, US. The main domain is powershellmagazine.com.
TLS certificate: Issued by R3 on August 21st 2023. Valid for: 3 months.
This is the only time powershellmagazine.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

5    185.199.109.153 (San Francisco, United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-109-153.github.com
powershellmagazine.com
2    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
19    76.223.126.88 (United States)

ASN16509 (AMAZON-02, US)
giscus.app
1    2a05:d014:58f:6201::64 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
gc.zgo.at
1    2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
2    199.232.196.134 (United States)

ASN54113 (FASTLY, US)
powershellmagazine.disqus.com
1    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a01:7e01::f03c:92ff:fe8f:edc6 (Frankfurt am Main, Germany)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
powershellmag.goatcounter.com
1    2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    185.199.109.154 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-109-154.github.com
github.githubassets.com
Apex Domain
Subdomains		 Transfer
19 giscus.app
giscus.app — Cisco Umbrella Rank: 276393
94 KB
5 powershellmagazine.com
powershellmagazine.com
602 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 96
region1.google-analytics.com — Cisco Umbrella Rank: 1878
21 KB
2 gstatic.com
fonts.gstatic.com
45 KB
2 disqus.com
powershellmagazine.disqus.com
2 KB
1 githubassets.com
github.githubassets.com — Cisco Umbrella Rank: 13211
18 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 111
81 KB
1 goatcounter.com
powershellmag.goatcounter.com
867 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 113
1 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 410
355 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 558
6 KB
1 zgo.at
gc.zgo.at — Cisco Umbrella Rank: 395450
3 KB
38 12
Domain Requested by
19 giscus.app powershellmagazine.com
giscus.app
5 powershellmagazine.com powershellmagazine.com
2 fonts.gstatic.com fonts.googleapis.com
2 powershellmagazine.disqus.com powershellmagazine.com
powershellmagazine.disqus.com
2 www.google-analytics.com powershellmagazine.com
www.google-analytics.com
1 github.githubassets.com giscus.app
1 region1.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com www.google-analytics.com
1 powershellmag.goatcounter.com gc.zgo.at
1 fonts.googleapis.com cdn.jsdelivr.net
1 cdnjs.cloudflare.com powershellmagazine.com
1 cdn.jsdelivr.net powershellmagazine.com
1 gc.zgo.at powershellmagazine.com
38 13

This site contains links to these domains. Also see Links.

Domain
www.blackhat.com
defcon.org
www.microsoft.com
www.facebook.com
twitter.com
github.com
www.youtube.com
Subject Issuer Validity Valid
powershellmagazine.com
R3		 2023-08-21 -
2023-11-19		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
giscus.app
R3		 2023-08-27 -
2023-11-25		 3 months crt.sh
gc.zgo.at
R3		 2023-09-10 -
2023-12-09		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
*.disqus.com
Sectigo RSA Domain Validation Secure Server CA		 2023-04-13 -
2024-04-20		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
*.goatcounter.com
R3		 2023-07-19 -
2023-10-17		 3 months crt.sh
*.githubassets.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-28 -
2024-09-27		 a year crt.sh

This page contains 2 frames:

Primary Page: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Frame ID: 9F276272E46C54E9C43BE7C4AE5D69F9
Requests: 20 HTTP requests in this frame

Frame: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Frame ID: 47F0FF11B410B66C2478621B24611474
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Investigating PowerShell Attacks

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

38
Requests

100 %
HTTPS

69 %
IPv6

12
Domains

13
Subdomains

13
IPs

2
Countries

1230 kB
Transfer

2733 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

38 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
powershellmagazine.com/2014/07/16/investigating-powershell-attacks/ 		424 KB
105 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-153.github.com
Software
GitHub.com /
Resource Hash
f5ad96ac2ba2b94eb0b812a28dd7af84cc6b3ec3acf7c400e20084a27489174a
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
0
cache-control
max-age=600
content-encoding
gzip
content-length
107483
content-type
text/html; charset=utf-8
date
Wed, 04 Oct 2023 13:48:51 GMT
etag
W/"63c6bde5-69f4d"
expires
Wed, 04 Oct 2023 13:58:51 GMT
last-modified
Tue, 17 Jan 2023 15:25:25 GMT
server
GitHub.com
strict-transport-security
max-age=31556952
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-fastly-request-id
b2c1d1d9dd30cddd5cb5bb3d4e259cda1cdcd7f1
x-github-request-id
8E1A:B73D:2708B0:27CB50:651D6D43
x-proxy-cache
MISS
x-served-by
cache-fra-eddf8230079-FRA
x-timer
S1696427332.823072,VS0,VE103
syntax.css
powershellmagazine.com/css/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://powershellmagazine.com/css/syntax.css
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-153.github.com
Software
GitHub.com /
Resource Hash
34d729229eee218af73ecf2cd2ca6de72afad08003d1016f65001cf831d22c72
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-fastly-request-id
8203b78fdb575608274482c3a955ed4ec7cac1b2
strict-transport-security
max-age=31556952
content-encoding
gzip
via
1.1 varnish
date
Wed, 04 Oct 2023 13:48:51 GMT
age
96
x-cache
HIT
x-cache-hits
1
x-proxy-cache
MISS
content-length
1417
x-served-by
cache-fra-eddf8230079-FRA
last-modified
Tue, 17 Jan 2023 15:25:10 GMT
server
GitHub.com
x-github-request-id
2854:DA97:4CB20C:4F4AEC:651B94C8
x-timer
S1696427332.955425,VS0,VE1
etag
W/"63c6bdd6-2764"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-origin-cache
HIT
expires
Tue, 03 Oct 2023 04:22:57 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Oct 2023 11:49:43 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
7148
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 04 Oct 2023 13:49:43 GMT
client.js
giscus.app/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/client.js
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
515f4abaa2766ee799fc599df471f9d5a9e2bf2c88aef25a96ba5c10c66d98e5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://powershellmagazine.com/
Origin
https://powershellmagazine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
br
x-content-type-options
nosniff
date
Wed, 04 Oct 2023 13:48:52 GMT
strict-transport-security
max-age=63072000
age
313271
x-dns-prefetch-control
on
content-disposition
inline; filename="client.js"
x-xss-protection
1; mode=block
referrer-policy
strict-origin
server
Vercel
x-vercel-id
fra1::tl6p9-1696427332048-8ec969e52212
x-matched-path
/client.js
etag
W/"fb36d577c8e4b935676d8f79e6ddca40"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, stale-while-revalidate=604800
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()
count.js
gc.zgo.at/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gc.zgo.at/count.js
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d014:58f:6201::64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Netlify /
Resource Hash
4eedb82899890c61f99272893a7765d80dbdfc3334dad1df747eebbff1db6e61
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-nf-request-id
01HBXF5MFAQF7F48Y68B765P05
date
Wed, 04 Oct 2023 13:48:52 GMT
content-encoding
br
strict-transport-security
max-age=31536000
server
Netlify
age
91430
etag
"756dae8ef2e9df8c63becd88b4489944-ssl-df"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public,max-age=7776000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
3066
webfontloader.js
cdn.jsdelivr.net/gh/theprojectsomething/webfontloader@feature/google-fonts-v2/ 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/theprojectsomething/webfontloader@feature/google-fonts-v2/webfontloader.js
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd5158a29f458f82d6d01aa20ea24adae231490f6bd746fed7eafd4ee3f0d04e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
18426
x-jsd-version
feature
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230126-FRA, cache-yyz4538-YYZ
x-jsd-version-type
branch
server
cloudflare
etag
W/"31f9-gZkPe5HoO43rvzplEky79msDwAY"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ti4GyrPjnBs7pNI8IiF%2B8MK%2Bk24Rdb4kZLnxGFO01VlM1DAj%2BsM%2B%2FA1%2FcxPhL3XlvbvXuSGN4FDZgoZprO4%2B85%2F6ZYfGw8UeWVNRZ%2Fg7JTiciivUtu8MqdniVTDJXF3DC62WJsxjedDqU1uXZ88%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
810de288f8dd9b6a-FRA
count.js
powershellmagazine.disqus.com/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://powershellmagazine.disqus.com/count.js
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date
Wed, 04 Oct 2023 13:48:52 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=300; includeSubdomains
X-Amz-Cf-Pop
DFW3-C1
Age
31
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
871
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 03 Oct 2023 19:27:01 GMT
Server
nginx
ETag
"651c6b05-367"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, max-age=300
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id
lDAfM06nDdQtxOjDRf4UZCh2eAItL8B_g3Yn7GC3buDVzTB8T-KuFg==
all.min.js
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/js/ 		1 MB
355 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/js/all.min.js
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e45a1d7590bda6cb0af56a347e979215b8854ac49d54b7091ef1e64d1aa578a6
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://powershellmagazine.com/
Origin
https://powershellmagazine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1199172
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
362531
last-modified
Wed, 13 Jan 2021 22:29:05 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5fff7431-12393b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YxpZqknrwtx%2F3SQEBrsVnj%2Bb02JeKGttjDaUAc0z%2BIG0E5K1bYnOPjPA2ejn6tsW%2Bpg8ic9YIjCLSi0ExwrC91r3K8P9TUC%2FMsMdvTa6%2F7t4d2f9RAFzYyhCtC%2B6KxLkciqZ98QIrZOO0EM04jDvfs9w"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
810de289389790d6-FRA
expires
Mon, 23 Sep 2024 13:48:52 GMT
footer-bg.svg
powershellmagazine.com/2014/07/16/images/backgrounds/ 		461 KB
461 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://powershellmagazine.com/2014/07/16/images/backgrounds/footer-bg.svg
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-153.github.com
Software
GitHub.com /
Resource Hash
54d720b35e4615f5cf3123cfc8309c5bf72473cb2325f53c4b5d9bdf7af1df10
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-fastly-request-id
99e437ab19f82dc49f655f968358ef6609e40e78
strict-transport-security
max-age=31556952
content-encoding
gzip
via
1.1 varnish
date
Wed, 04 Oct 2023 13:48:52 GMT
age
0
x-cache
MISS
x-cache-hits
0
content-length
139377
x-served-by
cache-fra-eddf8230079-FRA
server
GitHub.com
x-github-request-id
C9EC:B73D:2708D6:27CB75:651D6D43
x-timer
S1696427332.006333,VS0,VE111
etag
W/"63c6bdfa-7346a"
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
*
accept-ranges
bytes
x-proxy-cache
MISS
logo.png
powershellmagazine.com/images/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://powershellmagazine.com/images/logo.png
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-153.github.com
Software
GitHub.com /
Resource Hash
912867e20ea9b209848c43aa7b6cef1509264483534d41f83b60b98c4b37707a
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-fastly-request-id
0838fc137a10f8adb70a9eb87319ee56682575c2
strict-transport-security
max-age=31556952
date
Wed, 04 Oct 2023 13:48:52 GMT
via
1.1 varnish
x-cache-hits
1
age
96
x-cache
HIT
x-proxy-cache
MISS
content-length
8460
x-served-by
cache-fra-eddf8230079-FRA
last-modified
Tue, 17 Jan 2023 15:25:10 GMT
server
GitHub.com
x-github-request-id
45CC:5B63:10FEF76:1178CE3:651CEF79
x-timer
S1696427332.054935,VS0,VE2
etag
"63c6bdd6-210c"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
expires
Wed, 04 Oct 2023 05:02:09 GMT
matt-hastings.jpg
powershellmagazine.com/images/author/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://powershellmagazine.com/images/author/matt-hastings.jpg
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-153.github.com
Software
GitHub.com /
Resource Hash
ff747ba94bf09920cf0e00acfc2fffff04f373d13584fd4fee52457ad65bc5a7
Security Headers
Name Value
Strict-Transport-Security max-age=31556952

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-fastly-request-id
ce88abe3d66f215339919711fc9ccce491753637
strict-transport-security
max-age=31556952
date
Wed, 04 Oct 2023 13:48:52 GMT
via
1.1 varnish
x-cache-hits
0
age
0
x-cache
MISS
x-proxy-cache
MISS
content-length
25489
x-served-by
cache-fra-eddf8230079-FRA
last-modified
Tue, 17 Jan 2023 15:25:10 GMT
server
GitHub.com
x-github-request-id
6DA8:BCD2:1E0F60:1EA27C:651D6D43
x-timer
S1696427332.054262,VS0,VE110
etag
"63c6bdd6-6391"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
expires
Wed, 04 Oct 2023 13:58:52 GMT
css2
fonts.googleapis.com/ 		11 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,400;0,600;0,700;0,800;1,800&display=swap
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/theprojectsomething/webfontloader@feature/google-fonts-v2/webfontloader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a280bae65c0ea3b17723e449f96a62b78013cc76d11d3ea1143e3aa62bd84298
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 04 Oct 2023 13:48:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 04 Oct 2023 13:48:52 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 04 Oct 2023 13:48:52 GMT
collect
www.google-analytics.com/j/ 		15 B
226 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=664669127&t=pageview&_s=1&dl=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&ul=en-us&de=UTF-8&dt=Investigating%20PowerShell%20Attacks&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1161659633&gjid=663965322&cid=1590588386.1696427332&tid=UA-3619442-3&_gid=448943006.1696427332&_r=1&_slc=1&z=1216889217
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
ffd2cae66737bdddee18dbc6dc83eb86636268054550eb7dd4b995737512ff91
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://powershellmagazine.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 04 Oct 2023 13:48:52 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://powershellmagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
default.css
giscus.app/ 		167 B
631 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://giscus.app/default.css
Requested by
Host: giscus.app
URL: https://giscus.app/client.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
5bb2bf782368f14b713a7db2ad175e9aa46aedd92b1d22c89247ee15aaf748d9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Wed, 04 Oct 2023 13:48:52 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
age
264153
x-dns-prefetch-control
on
content-disposition
inline; filename="default.css"
content-length
167
x-xss-protection
1; mode=block
referrer-policy
strict-origin
server
Vercel
x-vercel-id
fra1::xc2m7-1696427332143-9aa0f28efa15
x-matched-path
/default.css
etag
"32f1ebcfdc7031e5e36e7ecce39c2aee"
x-vercel-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()
accept-ranges
bytes
count-data.js
powershellmagazine.disqus.com/ 		289 B
870 B 		Script
General
Check archive.org
Download Go to
Full URL
https://powershellmagazine.disqus.com/count-data.js?2=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Requested by
Host: powershellmagazine.disqus.com
URL: https://powershellmagazine.disqus.com/count.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
be41e7ecc3a74775359a9f34285872ef4bb5a63d4d119a97995205104dcfb5be
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date
Wed, 04 Oct 2023 13:48:52 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=600
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
289
X-XSS-Protection
1; mode=block
pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
fonts.gstatic.com/s/nunitosans/v15/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunitosans/v15/pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,400;0,600;0,700;0,800;1,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://powershellmagazine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Thu, 28 Sep 2023 04:08:41 GMT
x-content-type-options
nosniff
age
553211
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31052
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 00:27:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Sep 2024 04:08:41 GMT
pe1kMImSLYBIv1o4X1M8cce4OdVisMz5nZRqy6cmmmU3t2FQWEAEOvV9wNvrwlNstMKW3Y6K5WMwXeVy3GboJ0kTHmoP8GUnK_I.woff2
fonts.gstatic.com/s/nunitosans/v15/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunitosans/v15/pe1kMImSLYBIv1o4X1M8cce4OdVisMz5nZRqy6cmmmU3t2FQWEAEOvV9wNvrwlNstMKW3Y6K5WMwXeVy3GboJ0kTHmoP8GUnK_I.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,400;0,600;0,700;0,800;1,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f44fe2cf98b9d3d2773425dacf13d6500e1f984af59770e994157346e4ba2133
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://powershellmagazine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Sat, 30 Sep 2023 05:13:03 GMT
x-content-type-options
nosniff
age
376549
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14712
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 01:12:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 29 Sep 2024 05:13:03 GMT
widget
giscus.app/en/ Frame 47F0 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Requested by
Host: powershellmagazine.com
URL: https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel / Next.js
Resource Hash
2255d36954f0323cd0a22e12c760e14ef385fdd0ef4e8280f8e4e28afd458a8f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://powershellmagazine.com;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://powershellmagazine.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
cache-control
private, no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-security-policy
frame-ancestors 'self' https://powershellmagazine.com;
content-type
text/html; charset=utf-8
date
Wed, 04 Oct 2023 13:48:52 GMT
etag
W/"als9eir26i5lo"
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()
referrer-policy
strict-origin
server
Vercel
strict-transport-security
max-age=63072000
x-content-type-options
nosniff
x-dns-prefetch-control
on
x-matched-path
/en/widget
x-powered-by
Next.js
x-vercel-cache
MISS
x-vercel-id
fra1::iad1::wk5mc-1696427332149-defd2dfa4b2f
x-xss-protection
1; mode=block
count
powershellmag.goatcounter.com/ 		43 B
867 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://powershellmag.goatcounter.com/count?p=%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&t=Investigating%20PowerShell%20Attacks&s=1600%2C1200%2C1&b=0&rnd=n1g07
Requested by
Host: gc.zgo.at
URL: https://gc.zgo.at/count.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a01:7e01::f03c:92ff:fe8f:edc6 Frankfurt am Main, Germany, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
Software
/
Resource Hash
42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; img-src 'self' https://gc.zgo.at static.zgo.at 'unsafe-inline'; script-src 'self' https://gc.zgo.at static.zgo.at; font-src 'self' https://gc.zgo.at static.zgo.at; form-action 'self'; connect-src 'self' wss:; frame-ancestors 'none'; default-src 'none'; style-src 'self' https://gc.zgo.at static.zgo.at 'unsafe-inline'; manifest-src 'self' https://gc.zgo.at static.zgo.at
Strict-Transport-Security max-age=7776000
X-Content-Type-Options nosniff
X-Frame-Options deny

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy
frame-src 'self'; img-src 'self' https://gc.zgo.at static.zgo.at 'unsafe-inline'; script-src 'self' https://gc.zgo.at static.zgo.at; font-src 'self' https://gc.zgo.at static.zgo.at; form-action 'self'; connect-src 'self' wss:; frame-ancestors 'none'; default-src 'none'; style-src 'self' https://gc.zgo.at static.zgo.at 'unsafe-inline'; manifest-src 'self' https://gc.zgo.at static.zgo.at
strict-transport-security
max-age=7776000
x-content-type-options
nosniff
x-rate-limit-limit
4
content-encoding
gzip
x-rate-limit-remaining
4
date
Wed, 04 Oct 2023 13:48:52 GMT
age
0
via
1.1 frontend-de.goatcounter.com (Varnish/7.3)
cross-origin-resource-policy
cross-origin
content-length
56
x-frame-options
deny
vary
Accept-Encoding
content-type
image/gif
access-control-allow-origin
*
x-varnish
12609160149
cache-control
no-store,no-cache
x-rate-limit-reset
1
js
www.googletagmanager.com/gtag/ 		225 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-HGMTM9PQ01&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2e85b4d09de0ffeb266a173f795b11d63c1505c09281d75300d2d5c2bfcc61f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
82543
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 04 Oct 2023 13:48:52 GMT
collect
region1.google-analytics.com/g/ 		0
259 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-HGMTM9PQ01&gtm=45je3a20&_p=664669127&ul=en-us&sr=1600x1200&cid=1590588386.1696427332&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABAI&_s=1&dl=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&dt=Investigating%20PowerShell%20Attacks&sid=1696427332&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HGMTM9PQ01&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://powershellmagazine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Oct 2023 13:48:52 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://powershellmagazine.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
light.css
giscus.app/themes/ Frame 47F0 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://giscus.app/themes/light.css
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
8521b391fa52cad1420ba4d595bb6c86a655d844a97c6ceb02901ebaa2ee2a6f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://giscus.app/
Origin
https://giscus.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
br
x-content-type-options
nosniff
date
Wed, 04 Oct 2023 13:48:52 GMT
strict-transport-security
max-age=63072000
age
301302
x-dns-prefetch-control
on
content-disposition
inline; filename="light.css"
x-xss-protection
1; mode=block
referrer-policy
strict-origin
server
Vercel
x-vercel-id
fra1::jt75s-1696427332588-19b7d686a5cf
x-matched-path
/themes/light.css
etag
W/"a406327a8b24dcaac9b2275a66502a24"
x-vercel-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, stale-while-revalidate=604800
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()
c2bfd7412ba64bbc.css
giscus.app/_next/static/css/ Frame 47F0 		35 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/css/c2bfd7412ba64bbc.css
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
e04a331205efc6e9f27ed6c169492fcecac0382397fd6ee2c60c54fe10f31d74
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::csbnq-1696427332589-a77f483bbdb7
age
298864
x-matched-path
/_next/static/css/c2bfd7412ba64bbc.css
etag
W/"a5e46a223e7d700f2641749249f0bca5"
x-vercel-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="c2bfd7412ba64bbc.css"
webpack-337039be344b0ae8.js
giscus.app/_next/static/chunks/ Frame 47F0 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/webpack-337039be344b0ae8.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
a1bffb035691feb5e329dca618d66ff8e119d81667f7633bd8e928b44ccd95ad
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::jt75s-1696427332591-e06f93b8918e
age
294027
x-matched-path
/_next/static/chunks/webpack-337039be344b0ae8.js
etag
W/"908d6dcbcf9f52e67e20fe5ed049ff1d"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="webpack-337039be344b0ae8.js"
framework-51d110d2521ed4ca.js
giscus.app/_next/static/chunks/ Frame 47F0 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/framework-51d110d2521ed4ca.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
d2f4cbcb2c17d221a8bf613a46e8107ab40f5aed8cec1e04602317650dfc745c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::9cxxg-1696427332593-c64dca4a8421
age
305683
x-matched-path
/_next/static/chunks/framework-51d110d2521ed4ca.js
etag
W/"de5609c135c47c21034a6ecb6734a6a1"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="framework-51d110d2521ed4ca.js"
main-97d11f839af662f2.js
giscus.app/_next/static/chunks/ Frame 47F0 		83 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/main-97d11f839af662f2.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
87014b802f1a78e39fa44fde5d778f25594c4aaa9326a4a613c8d4c11e3335f9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::z8dfr-1696427332592-fe95d4010014
age
299983
x-matched-path
/_next/static/chunks/main-97d11f839af662f2.js
etag
W/"8e3300e2eefaf0460d4bec84eb9bb1f2"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="main-97d11f839af662f2.js"
_app-f10089143ff669cd.js
giscus.app/_next/static/chunks/pages/ Frame 47F0 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/pages/_app-f10089143ff669cd.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
7a270ce2610f1d8ef6c991d068cd070f74bab11cc1fb99c8ee1acbcf4e56d23b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::8szfp-1696427332592-5bda3c87f8ea
age
310557
x-matched-path
/_next/static/chunks/pages/_app-f10089143ff669cd.js
etag
W/"4738d3989d12848ec8193cbdc6a9b2f4"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="_app-f10089143ff669cd.js"
0e226fb0-0b39233462695f7b.js
giscus.app/_next/static/chunks/ Frame 47F0 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/0e226fb0-0b39233462695f7b.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
a264d7d2c41379d956970a44b2f015d0593a52759a3fd1b8e32e07ff607bf647
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::lvzkx-1696427332594-ae0d361d7a25
age
295919
x-matched-path
/_next/static/chunks/0e226fb0-0b39233462695f7b.js
etag
W/"d6df14e5d1ab0a433abc6ba13e459ba1"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="0e226fb0-0b39233462695f7b.js"
7883-09ddbf33c0503dab.js
giscus.app/_next/static/chunks/ Frame 47F0 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/7883-09ddbf33c0503dab.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
299ee8a70dcf937d03b525385dac69064fe0fafab9da9f808f0a65d1ae8ba6ab
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::xc2m7-1696427332592-8078c25ff3a2
age
261483
x-matched-path
/_next/static/chunks/7883-09ddbf33c0503dab.js
etag
W/"7c2689440905c40af5ccee21f8ddb444"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="7883-09ddbf33c0503dab.js"
4947-b366bc4f72834e15.js
giscus.app/_next/static/chunks/ Frame 47F0 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/4947-b366bc4f72834e15.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
e629f54da6a75a33bbefa5eb4e935d36c637d503c8104bd614d83ade92f9b952
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::9swkw-1696427332592-362f27df8db5
age
311114
x-matched-path
/_next/static/chunks/4947-b366bc4f72834e15.js
etag
W/"be04b1f753a77c79288d05a0d7157ab2"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="4947-b366bc4f72834e15.js"
widget-9ee56c79274b8533.js
giscus.app/_next/static/chunks/pages/ Frame 47F0 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/pages/widget-9ee56c79274b8533.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
1f9d69cde0320a28068158b6d5c6f932f4eff7dd54dea59c09a5b425c7d64e91
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::lflgz-1696427332592-e6b0012eb4df
age
312658
x-matched-path
/_next/static/chunks/pages/widget-9ee56c79274b8533.js
etag
W/"29dcce873f05eb5ed752f8240e705178"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="widget-9ee56c79274b8533.js"
_buildManifest.js
giscus.app/_next/static/GecFnV4VKC5vxz-gNMLRi/ Frame 47F0 		510 B
716 B 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/GecFnV4VKC5vxz-gNMLRi/_buildManifest.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
7b4e7f0d49ea071c2a6f0980448a3ce269f69081f4032845f47a1cc7c915027f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::wk5mc-1696427332594-027ff86e873d
age
292219
x-matched-path
/_next/static/GecFnV4VKC5vxz-gNMLRi/_buildManifest.js
etag
"b123eb9d4bbd7080923e140d9fae5eb6"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="_buildManifest.js"
accept-ranges
bytes
content-length
510
_ssgManifest.js
giscus.app/_next/static/GecFnV4VKC5vxz-gNMLRi/ Frame 47F0 		88 B
314 B 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/GecFnV4VKC5vxz-gNMLRi/_ssgManifest.js
Requested by
Host: giscus.app
URL: https://giscus.app/en/widget?origin=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&session=&theme=light&reactionsEnabled=1&emitMetadata=0&inputPosition=top&repo=PowerShell-Magazine%2Fsite&repoId=MDEwOlJlcG9zaXRvcnkzNTI2MTE1NDQ%3D&category=Announcements&categoryId=DIC_kwDOFQRs2M4CTpUi&strict=1&description=For+the+most+powerful+community&backLink=https%3A%2F%2Fpowershellmagazine.com%2F2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
a66383b381b46cccc8f600e19dedea91beedf07e06bb49f011fa7f7073ead591
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::hhrrn-1696427332594-0c5271ce6799
age
312995
x-matched-path
/_next/static/GecFnV4VKC5vxz-gNMLRi/_ssgManifest.js
etag
"bee22ea531beed3eeff60fb48f41c658"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="_ssgManifest.js"
accept-ranges
bytes
content-length
88
mona-loading-default.gif
github.githubassets.com/images/ Frame 47F0 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://github.githubassets.com/images/mona-loading-default.gif
Requested by
Host: giscus.app
URL: https://giscus.app/themes/light.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-154.github.com
Software
AmazonS3 /
Resource Hash
39fa568a092fdebfdbd1f074bf936bbe0dc6e7b7b470b267ec459622552a24a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-fastly-request-id
a9fd3eb586d7ee5a4b3bcc2a1316f996df0c5746
date
Wed, 04 Oct 2023 13:48:52 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=31536000
age
2197
x-cache
MISS, HIT
cross-origin-resource-policy
cross-origin
content-length
18278
x-served-by
cache-iad-kiad7000067-IAD, cache-fra-eddf8230033-FRA
last-modified
Thu, 23 Sep 2021 16:38:06 GMT
server
AmazonS3
etag
"c502cd01c910b4f53d86603d6bd078ff"
content-type
image/gif
access-control-allow-origin
*
accept-ranges
bytes
x-cache-hits
0, 16
discussions
giscus.app/api/ Frame 47F0 		32 B
112 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://giscus.app/api/discussions?repo=PowerShell-Magazine%2Fsite&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&category=Announcements&number=0&strict=true&last=15
Requested by
Host: giscus.app
URL: https://giscus.app/_next/static/chunks/pages/widget-9ee56c79274b8533.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
5bbe611e6b3fd3b25d7dc9b7bf4ac81468da805191033f8e0147c39dd8318b2e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Wed, 04 Oct 2023 13:48:53 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
age
0
x-dns-prefetch-control
on
content-length
32
x-xss-protection
1; mode=block
referrer-policy
strict-origin
server
Vercel
x-vercel-id
fra1::iad1::p9mxh-1696427332687-527c97bc6124
x-matched-path
/api/discussions
etag
"hac8x51afpw"
x-vercel-cache
MISS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://giscus.app
cache-control
public, max-age=0, must-revalidate
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()
discussions
giscus.app/api/ Frame 47F0 		32 B
234 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://giscus.app/api/discussions?repo=PowerShell-Magazine%2Fsite&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&category=Announcements&number=0&strict=true&first=15
Requested by
Host: giscus.app
URL: https://giscus.app/_next/static/chunks/pages/widget-9ee56c79274b8533.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
5bbe611e6b3fd3b25d7dc9b7bf4ac81468da805191033f8e0147c39dd8318b2e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Wed, 04 Oct 2023 13:48:53 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
age
0
x-dns-prefetch-control
on
content-length
32
x-xss-protection
1; mode=block
referrer-policy
strict-origin
server
Vercel
x-vercel-id
fra1::iad1::pn2b2-1696427332688-730d6d590759
x-matched-path
/api/discussions
etag
"hac8x51afpw"
x-vercel-cache
MISS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://giscus.app
cache-control
public, max-age=0, must-revalidate
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()
1907.a6d7078dd08b50d9.js
giscus.app/_next/static/chunks/ Frame 47F0 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://giscus.app/_next/static/chunks/1907.a6d7078dd08b50d9.js
Requested by
Host: giscus.app
URL: https://giscus.app/_next/static/chunks/webpack-337039be344b0ae8.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
1b878bb64c1087d82b4279119675c10c971e15ff269eb16e555c677db33275df
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://giscus.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 13:48:52 GMT
content-encoding
br
strict-transport-security
max-age=63072000
server
Vercel
x-vercel-id
fra1::dzdqv-1696427332784-3480989f6a2b
age
323385
x-matched-path
/_next/static/chunks/1907.a6d7078dd08b50d9.js
etag
W/"a77abd4b32593a8aa0a663d1f4ba3c16"
x-vercel-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
content-disposition
inline; filename="1907.a6d7078dd08b50d9.js"
light.css
giscus.app/themes/ Frame 47F0 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://giscus.app/themes/light.css
Requested by
Host: giscus.app
URL: https://giscus.app/_next/static/chunks/pages/_app-f10089143ff669cd.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.223.126.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
8521b391fa52cad1420ba4d595bb6c86a655d844a97c6ceb02901ebaa2ee2a6f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://giscus.app/
Origin
https://giscus.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
br
x-content-type-options
nosniff
date
Wed, 04 Oct 2023 13:48:52 GMT
strict-transport-security
max-age=63072000
age
300915
x-dns-prefetch-control
on
content-disposition
inline; filename="light.css"
x-xss-protection
1; mode=block
referrer-policy
strict-origin
server
Vercel
x-vercel-id
fra1::z8dfr-1696427332784-11a7d9b7f5d5
x-matched-path
/themes/light.css
etag
W/"a406327a8b24dcaac9b2275a66502a24"
x-vercel-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, stale-while-revalidate=604800
permissions-policy
camera=(), microphone=(), geolocation=(), interest-cohort=()

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture boolean| doNotTrack function| ga object| WebFont object| fuseOptions string| searchQuery function| executeSearch function| populateResults function| param function| render function| preloader function| $ function| jQuery object| bootstrap function| Instafeed function| Fuse function| Mark number| summaryInclude object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| DISQUSWIDGETS undefined| disqus_domain undefined| disqus_shortname object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome object| goatcounter object| dataLayer object| google_tag_manager

4 Cookies

Domain/Path Name / Value
.powershellmagazine.com/ Name: _ga
Value: GA1.2.1590588386.1696427332
.powershellmagazine.com/ Name: _gid
Value: GA1.2.448943006.1696427332
.powershellmagazine.com/ Name: _gat
Value: 1
.powershellmagazine.com/ Name: _ga_HGMTM9PQ01
Value: GS1.2.1696427332.1.0.1696427332.0.0.0

4 Console Messages

Source Level URL
Text
network error URL: https://powershellmagazine.com/2014/07/16/images/backgrounds/footer-bg.svg
Message:
Failed to load resource: the server responded with a status of 404 ()
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network error URL: https://giscus.app/api/discussions?repo=PowerShell-Magazine%2Fsite&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&category=Announcements&number=0&strict=true&first=15
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://giscus.app/api/discussions?repo=PowerShell-Magazine%2Fsite&term=2014%2F07%2F16%2Finvestigating-powershell-attacks%2F&category=Announcements&number=0&strict=true&last=15
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556952

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
gc.zgo.at
giscus.app
github.githubassets.com
powershellmag.goatcounter.com
powershellmagazine.com
powershellmagazine.disqus.com
region1.google-analytics.com
www.google-analytics.com
www.googletagmanager.com
185.199.109.153
185.199.109.154
199.232.196.134
2001:4860:4802:34::36
2606:4700::6810:5514
2606:4700::6811:180e
2a00:1450:4001:802::200a
2a00:1450:4001:808::200e
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::2008
2a01:7e01::f03c:92ff:fe8f:edc6
2a05:d014:58f:6201::64
76.223.126.88
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
1b878bb64c1087d82b4279119675c10c971e15ff269eb16e555c677db33275df
1f9d69cde0320a28068158b6d5c6f932f4eff7dd54dea59c09a5b425c7d64e91
2255d36954f0323cd0a22e12c760e14ef385fdd0ef4e8280f8e4e28afd458a8f
299ee8a70dcf937d03b525385dac69064fe0fafab9da9f808f0a65d1ae8ba6ab
2e85b4d09de0ffeb266a173f795b11d63c1505c09281d75300d2d5c2bfcc61f2
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
34d729229eee218af73ecf2cd2ca6de72afad08003d1016f65001cf831d22c72
39fa568a092fdebfdbd1f074bf936bbe0dc6e7b7b470b267ec459622552a24a7
42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb
4eedb82899890c61f99272893a7765d80dbdfc3334dad1df747eebbff1db6e61
515f4abaa2766ee799fc599df471f9d5a9e2bf2c88aef25a96ba5c10c66d98e5
54d720b35e4615f5cf3123cfc8309c5bf72473cb2325f53c4b5d9bdf7af1df10
5bb2bf782368f14b713a7db2ad175e9aa46aedd92b1d22c89247ee15aaf748d9
5bbe611e6b3fd3b25d7dc9b7bf4ac81468da805191033f8e0147c39dd8318b2e
7a270ce2610f1d8ef6c991d068cd070f74bab11cc1fb99c8ee1acbcf4e56d23b
7b4e7f0d49ea071c2a6f0980448a3ce269f69081f4032845f47a1cc7c915027f
8521b391fa52cad1420ba4d595bb6c86a655d844a97c6ceb02901ebaa2ee2a6f
87014b802f1a78e39fa44fde5d778f25594c4aaa9326a4a613c8d4c11e3335f9
912867e20ea9b209848c43aa7b6cef1509264483534d41f83b60b98c4b37707a
a1bffb035691feb5e329dca618d66ff8e119d81667f7633bd8e928b44ccd95ad
a264d7d2c41379d956970a44b2f015d0593a52759a3fd1b8e32e07ff607bf647
a280bae65c0ea3b17723e449f96a62b78013cc76d11d3ea1143e3aa62bd84298
a66383b381b46cccc8f600e19dedea91beedf07e06bb49f011fa7f7073ead591
be41e7ecc3a74775359a9f34285872ef4bb5a63d4d119a97995205104dcfb5be
cd5158a29f458f82d6d01aa20ea24adae231490f6bd746fed7eafd4ee3f0d04e
d2f4cbcb2c17d221a8bf613a46e8107ab40f5aed8cec1e04602317650dfc745c
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e04a331205efc6e9f27ed6c169492fcecac0382397fd6ee2c60c54fe10f31d74
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e45a1d7590bda6cb0af56a347e979215b8854ac49d54b7091ef1e64d1aa578a6
e629f54da6a75a33bbefa5eb4e935d36c637d503c8104bd614d83ade92f9b952
f44fe2cf98b9d3d2773425dacf13d6500e1f984af59770e994157346e4ba2133
f5ad96ac2ba2b94eb0b812a28dd7af84cc6b3ec3acf7c400e20084a27489174a
ff747ba94bf09920cf0e00acfc2fffff04f373d13584fd4fee52457ad65bc5a7
ffd2cae66737bdddee18dbc6dc83eb86636268054550eb7dd4b995737512ff91