| external help file | Module Name | online version | schema |
|---|---|---|---|
PSEmailRep-help.xml |
PSEmailRep |
2.0.0 |
Submit a new report to EmailRep.io
New-EmailRep [-Email] <String[]> -Tags <String[]> [-Description <String>] [-Timestamp <Int32>]
[-Expires <Int32>] [-ApiKey <String>] [-UserAgent <String>] [-Force] [-WhatIf] [-Confirm] [<CommonParameters>]
Reports an email address. Date of malicious activity defaults to the current time unless otherwise specified.
New-EmailRep -Email [email protected] -Description "Business email compromise" -Tags bec -Force
success
Email address being reported.
Type: String[]
Parameter Sets: (All)
Aliases: EmailAddress
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: FalseTags that should be applied.
account_takeover - Legitimate email has been taken over by a malicious actor bec - Business email compromise, whaling, contact impersonation/display name spoofing brand_impersonation - Impersonating a well-known brand (e.g. Paypal, Microsoft, Google, etc.) browser_exploit - The hosted website serves an exploit credential_phishing - Attempting to steal user credentials generic_phishing - Generic phishing, should only be used if others don't apply or a more specific determination can't be made or would be too difficult malware - Malicious documents and droppers. Can be direct attachments, indirect free file hosting sites or droppers from malicious websites scam - Catch-all for scams. Sextortion, payment scams, lottery scams, investment scams, fake bank scams, etc. spam - Unsolicited spam or spammy behavior (e.g. forum submissions, unwanted bulk email) spoofed - Forged sender email (e.g. the envelope from is different than the header from) task_request - Request that the recipient perform a task (e.g. gift card purchase, update payroll, send w-2s, etc.) threat_actor - Threat actor/owner of phishing kit
Type: String[]
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseAdditional information and context.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseWhen this activity occurred in UTC. Defaults to now().
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: [int][double]::Parse((Get-Date -UFormat %s))
Accept pipeline input: False
Accept wildcard characters: FalseParameter description
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 14
Accept pipeline input: False
Accept wildcard characters: FalseNumber of hours the email should be considered risky (suspicious=true and blacklisted=true in the QueryResponse). Defaults to no expiration unless account_takeover tag is specified, in which case the default is 14 days.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecify the user agent of the web request. Defaults to "PSEmailRep/..*"
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: $Script:DefaultUA
Accept pipeline input: False
Accept wildcard characters: FalseSubmit report without confirmation prompt.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: FalseShows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalsePrompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.