Report - federalreserve.zip

Report Overview

Submitted URL
federalreserve.zip
IP
216.239.34.21
ASN
#15169 GOOGLE
Submitted
2024-04-25 23:18:42
Access
public
Website Title
Google's .zip Top Level domain is already used in phishing attacks - gHacks Tech News
Final URL
www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
notix.io	14765	2020-08-20	2020-08-20	2024-04-22	888 B	146 kB	139.45.197.253
api.btloader.com	1320	2020-10-06	2020-10-14	2024-04-24	3.7 kB	1.8 kB	130.211.23.194
sdk.privacy-center.org	6220	2017-05-16	2019-02-05	2024-04-24	1.5 kB	472 kB	54.230.111.7
imasdk.googleapis.com	11661	2005-01-25	2014-10-30	2024-04-25	423 B	397 kB	142.250.74.74
www.datadoghq-browser-agent.com	3490	2019-03-26	2019-04-26	2024-04-25	424 B	154 kB	54.230.83.119
federalreserve.zip	unknown	unknown	No data	No data	473 B	608 B	216.239.38.21
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-04-25	429 B	182 kB	142.250.74.163
events.newsroom.bi	25286	2020-04-12	2020-08-13	2024-04-24	2.4 kB	2.9 kB	57.128.96.94
flowcards.mrf.io	35039	2014-12-29	2021-04-16	2024-04-25	710 B	479 B	172.67.159.162
www.ghacks.net	214331	2005-10-03	2012-05-22	2024-04-10	36 kB	4.5 MB	141.193.213.11
polyfill.io	102644	2013-03-18	2016-02-12	2024-04-24	420 B	568 B	104.18.51.3
sdk.mrf.io	34969	2014-12-29	2021-04-16	2024-04-25	443 B	43 kB	104.21.50.90
spn-v1.revampcdn.com	101813	2020-10-09	2021-02-18	2024-04-22	1.3 kB	394 kB	151.101.1.91
ad-delivery.net	1341	2017-05-03	2017-06-22	2024-04-25	863 B	2.6 kB	104.26.3.70
btloader.com	169057	2020-10-06	2020-10-22	2024-04-25	439 B	56 kB	172.67.41.60
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-25	842 B	291 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	notix.io/ent/current/enot.min.js	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (52)

	URL	Size	First Seen	Last Seen
	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	63 B	2023-03-10	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 10:36:30 Last Seen2024-04-28 22:29:15 Times Seen28 Hash f4f10a8b2bc8871f15898f6a072c5097 e997530a69ab7fded87b60be7e45fb85080a7d10 89b29eff84812867e0dcd6251754592769908565c33e4de1a27f454a60835a62 Loading...

	www.ghacks.net/wp-content/themes/new-ghacks-preview/scripts.js?ver=1.2.3.4.26	871 B	2023-11-10	2024-04-28
Pretty URL www.ghacks.net/wp-content/themes/new-ghacks-preview/scripts.js?ver=1.2.3.4.26 IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-10 16:56:08 Last Seen2024-04-28 22:29:15 Times Seen22 Hash 98f0af1defd2c9fa207a942387e31afe ec374ad0838614c8ca2eb5f2ebf490b4c443b6ec 6da90580b2156eeaf7cf80f242f5242f3d07f438b675fc24bae36a8b5af05907 Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	2.9 kB	2023-06-13	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-13 14:45:00 Last Seen2024-04-28 22:29:15 Times Seen30 Hash 71718fc47a90637a0e559eacb2bc0b72 a95769c6fa83a266252ad60d411f004bb7dec9d6 5fd21e60444b24b8fe6d4fd874cc78664d2034cabd36ff18b1cdac24875f8f9f Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	447 B	2023-09-27	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-27 11:36:09 Last Seen2024-04-28 22:29:15 Times Seen17 Hash 3d04202fdff21d1f9f66a6430103c486 737f9f4a75eb163a99d891a1a2770047d97c2eae 01fd68fca17d222c17d39f88a21a09e3e7d6abb0cd7285d3141a0a7a42856033 Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	1.4 kB	2023-06-13	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-13 14:45:00 Last Seen2024-04-28 22:29:15 Times Seen29 Hash bc245534a2ce722069d4ed60d96f9300 24135d3ec27096a8ff7343d53bb9b313834d17d0 4bb9b38d6909e9802cd356979364d04d48e1434470d0ae56c3955f3ccb0f6762 Loading...

	www.ghacks.net/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1711341113	11 kB	2024-01-21	2024-05-04
Pretty URL www.ghacks.net/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1711341113 IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-21 19:52:24 Last Seen2024-05-04 21:47:37 Times Seen326 Hash 91954b488a9bfcade528d6ff5c7ce83f edf589eb28247c73ccc04e5b34ad107b90bd1b2e 6bc5622bfab1a16855ad49b99a3f9ed8eb24f49da469a113f9000b866f109e2e Loading...

	www.googletagmanager.com/gtag/js?id=G-6DL3S186WS	243 kB	2024-04-26	2024-04-26
Pretty URL www.googletagmanager.com/gtag/js?id=G-6DL3S186WS IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:18:50 Last Seen2024-04-26 01:18:51 Times Seen2 Hash a3e4709be17831bc6d1b7aa2eb65549c f0ca0578e84d7b49a77721108dff63832ee86163 ed5f6d79375431e4c923c47a6311e9fcbd41bf3dd8462fc079f5c0abb76c6111 Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/sandbox%20eval%20code	136 B	2023-04-11	2024-05-05
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:23:25 Last Seen2024-05-05 20:36:34 Times Seen31741 Hash fb4eb094524daea58bf7f82331598541 f5ca39eb98fa1685f8647514a627d3d7f216f7ef 7cbf1e77bb9277bac7030ded2087246adf5c59564a5a1f28ce8c09be6ef48683 Loading...

	www.ghacks.net/wp-content/themes/new-ghacks-preview/revamp-infinite-leaderboard.js?ver=0.3	6.4 kB	2023-10-28	2024-04-28
Pretty URL www.ghacks.net/wp-content/themes/new-ghacks-preview/revamp-infinite-leaderboard.js?ver=0.3 IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-28 13:15:03 Last Seen2024-04-28 22:29:16 Times Seen24 Hash 64b2c0946873f197643e17b6083ece3f b8ffd1a228052b6269e356a404d5394491d9a6d3 69804f3fd93008b0ea1e4ff61873498daba6fe2d3202318aee7c86862c6e6eb0 Loading...

	sdk.privacy-center.org/a8ff32f4-78c7-4428-825d-0badb488b68b/loader.js?target=www.ghacks.net	58 kB	2024-04-26	2024-04-28
Pretty URL sdk.privacy-center.org/a8ff32f4-78c7-4428-825d-0badb488b68b/loader.js?target=www.ghacks.net IP 54.230.111.7 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:15:36 Last Seen2024-04-28 22:29:15 Times Seen6 Hash 1bb1873f37530e5e36cde01a73f818dd c13363e7c971040be2f2e85633d2813caf794443 c078bc76021fd2222ce18a3db819aff08ea72c481ab2b5b528a862fd2bc6fc96 Loading...

	sdk.privacy-center.org/sdk/6432b45dc598961221a51f31d27d31da884aa131/modern/sdk.6432b45dc598961221a51f31d27d31da884aa131.js	350 kB	2024-04-25	2024-04-28
Pretty URL sdk.privacy-center.org/sdk/6432b45dc598961221a51f31d27d31da884aa131/modern/sdk.6432b45dc598961221a51f31d27d31da884aa131.js IP 54.230.111.7 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 22:24:44 Last Seen2024-04-28 22:29:16 Times Seen13 Hash f9c5661171a4ac1a48607beb209e2823 5ee19fd635ec0f4450189b49214a56c61c288be1 3564b4a56c90905a9e336c94e0ea234199a05195938fb398026b1e1ada89563c Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	725 B	2023-06-13	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-13 14:45:00 Last Seen2024-04-28 22:29:15 Times Seen29 Hash 9635999b8edbfaa08b5569e29b3d7f96 551ceaacfdf1c6a228d2abffa6a068c09156f573 c7ae4639386b1d31c9370501679f6ce600ee77ef08b06e1c15189c7f9e1daf9e Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	592 B	2023-06-13	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-13 14:45:00 Last Seen2024-04-28 22:29:15 Times Seen29 Hash 76c9a717cb233df68b2a212c762a8a10 cd8bd1bc0b8e8ca9a64a846ef61b9921f65db6b1 1be50d905e6822f9e4f7ab77ff08177825643291b1248f0feb10b2eb679e577f Loading...

	sdk.privacy-center.org/sdk/6432b45dc598961221a51f31d27d31da884aa131/modern/ui-gdpr-en-web.6432b45dc598961221a51f31d27d31da884aa131.js	271 kB	2024-04-26	2024-04-28
Pretty URL sdk.privacy-center.org/sdk/6432b45dc598961221a51f31d27d31da884aa131/modern/ui-gdpr-en-web.6432b45dc598961221a51f31d27d31da884aa131.js IP 54.230.111.7 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:15:35 Last Seen2024-04-28 22:29:16 Times Seen8 Hash a44e1d5bf79594998aa228e7cf49e602 a184ed8b6215052da245285e11f3440063c8f784 ef20650560248405bf467e9a443f872ee805ae1a72874f5f5bcc3fc6e507cde8 Loading...

	unknown	230 B	2023-06-13	2024-04-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-13 14:45:01 Last Seen2024-04-28 22:29:15 Times Seen24 Hash f6686c45496c8115ad9d1138397d1598 d0418839a4b86e80e0ea4e3bf795392f17a34db2 e9b87a6ef2b35ca3b4d63ddf609d4961b6909a4e3d1a071f50d4dadce3b4877e Loading...

	sdk.mrf.io/statics/marfeel-sdk.js?id=2544	157 kB	2024-04-26	2024-04-28
Pretty URL sdk.mrf.io/statics/marfeel-sdk.js?id=2544 IP 104.21.50.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:15:36 Last Seen2024-04-28 22:29:15 Times Seen6 Hash 498b10fb0fe554f1d81cdb81de422bd5 d07c85278c6a212ef3a0a4dccbae7ef2723409e2 81eb4c49ff1c160d15f868b8cf6073b78b903c861d33e333554391cf9dc4bdcc Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	406 B	2023-03-08	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 06:53:06 Last Seen2024-04-28 22:29:15 Times Seen30 Hash 85d04eb63162ed532c7764afbdc725f7 c01b13ef44a611ec70a7966af8afb533ace2b432 2e03f0c0289aa525894ac2bee99b0f7aa0434596b5fcf0fd399be0cbfe9997d1 Loading...

	www.ghacks.net/wp-content/plugins/my-custom-functionality-master/assets/js/swiper.min.js?ver=9.9.0	136 kB	2023-03-07	2024-04-28
Pretty URL www.ghacks.net/wp-content/plugins/my-custom-functionality-master/assets/js/swiper.min.js?ver=9.9.0 IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:52:04 Last Seen2024-04-28 22:29:16 Times Seen254 Hash 109e655465f9d245b3a1e362a0191de1 0e0f00c77214ae421645005171d1c8721f917670 d36ac645d9f3443fe2b4ee6306a14b305bc3d93f3ed72e913d067d02200e889c Loading...

	spn-v1.revampcdn.com/prebid/ghacks/prebid-client.js	336 kB	2024-04-26	2024-04-28
Pretty URL spn-v1.revampcdn.com/prebid/ghacks/prebid-client.js IP 151.101.1.91 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:15:37 Last Seen2024-04-28 22:29:16 Times Seen12 Hash 800ee0a8091abc36b316b172573321cb 45f54af5e23eec352fb27ff4c76e8073ec515424 ff61dc78e659dd793eaa0e5ea0d6409da29d4faf94d22a505aae5a0f91925610 Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	377 B	2023-03-10	2024-04-26
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 10:36:30 Last Seen2024-04-26 01:18:50 Times Seen5 Hash 180b3a8f00b4a6974e9e46114c5054bd 9b47b32b62f2ef921fe6f6c09e1cd353b371d3bd f69972e68b8a81b6f72c38b445c2a17bbdfac68b2af0a33f8c9c12a746920b93 Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	357 B	2023-03-10	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 10:36:30 Last Seen2024-04-28 22:29:15 Times Seen29 Hash d8f2c4f4460d8f04b494b9ee56e669fc f7706adf0ec1e935a73147bf56885282dedb245e e037e17a5f13ca51b30c0032dafff2fd0bbdfa6a2e6f7d04932a9ee990d529e0 Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	175 B	2023-06-17	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-17 22:49:01 Last Seen2024-04-28 22:29:15 Times Seen28 Hash 9689c55bd40a4e79760d64150d12511b 6646aff62358bcc6d13bfdcc01d518eb342c07be 4894573ea86b2dde0b47765bcd09003b5b2f78a7b71038da35138169c9356cad Loading...

	www.gstatic.com/readaloud/player/web/api/js/api.js?ver=1	524 kB	2024-03-13	2024-04-28
Pretty URL www.gstatic.com/readaloud/player/web/api/js/api.js?ver=1 IP 142.250.74.163 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-13 11:51:00 Last Seen2024-04-28 22:29:16 Times Seen18 Hash 1f1319b651c980800276fe55eb86b8f5 0a1c600cfa3596686e6d564f5e38cbdc3b6d047a 8fdb846f4a09e6e57c84908277101c3878d9f3eec18f3c3408a68aedc16b8cb9 Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	87 B	2023-03-07	2024-05-05
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:06:26 Last Seen2024-05-05 17:33:22 Times Seen6080 Hash bd5f648f4fa75f28b17faffe66049687 c9c2791b295684a919a2bfd7b7e2ef5aab3c178a 1a4ba4a340b3f30596d32c1b272ddcfdbf3ccb8e89c2fa917ea60469017aeee4 Loading...

	btloader.com/tag?o=5633429348548608&domain=ghacks.net&upapi=true	55 kB	2024-04-26	2024-04-28
Pretty URL btloader.com/tag?o=5633429348548608&domain=ghacks.net&upapi=true IP 172.67.41.60 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:15:35 Last Seen2024-04-28 22:29:15 Times Seen11 Hash 15ce8b579881cb583e8d48d495bb9707 b2a222bcf05e9953da93f0bc6e80171381ebbb55 bba3a16748ae1653de65962e61a348311cc9e3512f1d88f06b8d6dc7e9116ce8 Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	974 B	2023-03-10	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 10:36:30 Last Seen2024-04-28 22:29:15 Times Seen27 Hash d3aa604f94afcf47193cc6fcdb5160cd c2c630a346fb9d298af9430f6a8f017ea9141c86 23a701408ef50615caa3f59c35b42c3be58fe4413162368c94792ad352c3c61a Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	1.4 kB	2023-03-10	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 10:36:30 Last Seen2024-04-28 22:29:15 Times Seen31 Hash 0f69414356e3b6d73c713f56b4c43b01 cf285a13b70fbedce279a84be43b46b4ba51f4cb eafb374cbe1e23ce018f85ee36b159c9fbb2fd22be724e6b1367bb0162cc25ed Loading...

	c.amazon-adsystem.com/aax2/apstag.js	1.6 kB	2023-05-05	2024-05-05
Pretty URL c.amazon-adsystem.com/aax2/apstag.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-05 22:57:25 Last Seen2024-05-05 20:29:49 Times Seen9938 Hash 7099d0c144c906961206e41b26b23c05 59a67da2d27d4e5fc0e183bb2baeebe39404f553 3f19f9cf504b435adb7e62aac1b420facfc0048d6a4950910fd6f126548cc69e Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	543 B	2023-03-10	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 10:36:30 Last Seen2024-04-28 22:29:15 Times Seen27 Hash 985d0d2f37943abffbf9573a4eb1feb9 f6d767683ddda76891a16383d4147a6415cbba08 7861c74a036a52d111b04163bc83c324dc1012b851e7e5cf05373197114b1104 Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	264 B	2023-03-10	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 10:36:30 Last Seen2024-04-28 22:29:15 Times Seen28 Hash 5716cce3e61c9b4856b162f54aa5c496 40221a8f65c7d15faaa7d2103db4431f768114b3 7b9024da9098e64263027ba16e04100d984563a387d5517c8a12498507f2500f Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	17 kB	2024-04-26	2024-04-26
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 01:15:36 Last Seen2024-04-26 01:18:50 Times Seen3 Hash 0bf64c2d45d9e5b9f85ce5a516bafc04 b788526a149c61dca454cd064ba5a1568db082a5 11cd0c3471cec6d2eb766c7c934e292ed6a21c92bc31320289e6b6473c6437a1 Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/sandbox%20eval%20code	148 B	2023-05-05	2024-05-05
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-05 22:57:25 Last Seen2024-05-05 20:29:49 Times Seen10051 Hash f019f144761e15f741f6ab1e4cf566a5 1c73bccb222e44ae4633750eda7c357460a81a03 4cacaf0fd3e370c4840c87c79f923f1ffb69ff7ce5d8172390783c8f83861d62 Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/sandbox%20eval%20code	147 B	2023-04-11	2024-05-05
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-05 21:09:06 Times Seen345044 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-05
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-05 21:09:06 Times Seen344537 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.ghacks.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1	88 kB	2023-11-03	2024-05-05
Pretty URL www.ghacks.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1 IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-03 09:26:43 Last Seen2024-05-05 21:02:05 Times Seen44245 Hash 826eb77e86b02ab7724fe3d0141ff87c 79cd3587d565afe290076a8d36c31c305a573d18 cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf Loading...

	www.googletagmanager.com/gtm.js?id=GTM-NHW6RDK	203 kB	2024-04-26	2024-04-26
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-NHW6RDK IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:18:50 Last Seen2024-04-26 01:18:51 Times Seen2 Hash a31b8127f180791c536f30b1ea7b37d7 516abeb8f37df4dde99fa541d39b3cfa467706e1 36c10acb70e8d989e5973366163a453fca3365be7b8f7e842182b0ba08e4fb4f Loading...

	imasdk.googleapis.com/js/sdkloader/ima3.js?ver=1	396 kB	2024-04-26	2024-05-02
Pretty URL imasdk.googleapis.com/js/sdkloader/ima3.js?ver=1 IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 00:02:47 Last Seen2024-05-02 17:12:14 Times Seen194 Hash 61eaa70d7948780d391ebb60170131b6 5eeb9408b943af3c7e670125b68158cba3a25196 b6a0dc033049e4e05526c0c761456ace62442066b3e162841e9e8187aa383a5c Loading...

	www.ghacks.net/wp-content/plugins/notix-web-push-notifications/public/js/notix-public.js?ver=1.2.4	838 B	2023-03-07	2024-05-05
Pretty URL www.ghacks.net/wp-content/plugins/notix-web-push-notifications/public/js/notix-public.js?ver=1.2.4 IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:06 Last Seen2024-05-05 08:19:25 Times Seen3829 Hash 49cea0a781874a962879c2caca9bc322 72c1650de2b93ef320d2db873fbb473fe360269c 57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37 Loading...

	www.ghacks.net/wp-content/plugins/all-in-one-schemaorg-rich-snippets/js/jquery.rating.min.js	30 kB	2023-03-07	2024-04-28
Pretty URL www.ghacks.net/wp-content/plugins/all-in-one-schemaorg-rich-snippets/js/jquery.rating.min.js IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:54 Last Seen2024-04-28 22:29:16 Times Seen266 Hash 136c745e6d222776ff48f5baf3568739 def0672c6e899debea85b4bb0b4bbe3f09c9c315 554f3ff96cba4f2f33ff2c37c48282006ab24a85cf9ca0ac8b22b0a06126c1d4 Loading...

	polyfill.io/v2/polyfill.min.js?features=fetch	103 B	2023-12-16	2024-05-05
Pretty URL polyfill.io/v2/polyfill.min.js?features=fetch IP 104.18.51.3 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-16 04:34:58 Last Seen2024-05-05 18:27:17 Times Seen503 Hash 2d0e8863b56f6989dc4652ec2626a656 6b24b46c3d5bf35454a727ecbb34e81af85d98e0 126c5f0c8c4cd0135b5e9ffb1c113a6f229de3f89bce9e099b3c85bea641bd7c Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	2.2 kB	2023-11-08	2024-05-05
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-08 10:55:29 Last Seen2024-05-05 20:40:53 Times Seen958 Hash d99616d3f03050d7eaf36dc01025b611 b17a22859fcde902d7234ac8d6305c904fa7f2a5 3ee6935e081fad06605e210f960c47cc21b06de5afce1a470395f15b91b3aecf Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	471 B	2024-04-03	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-03 02:32:05 Last Seen2024-04-28 22:29:15 Times Seen9 Hash ceaaafd10f7fdebf9e8a1f2796a0f92d ef942372a95ce59936b55687f4bd66f01190d754 2acdfaf79e1ba63fd91e66efff6466620bcba94fb4db7a1fe82550b13c375da3 Loading...

	www.datadoghq-browser-agent.com/datadog-rum-v4.js	153 kB	2023-10-11	2024-05-02
Pretty URL www.datadoghq-browser-agent.com/datadog-rum-v4.js IP 54.230.83.119 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-11 12:29:09 Last Seen2024-05-02 20:02:05 Times Seen767 Hash 2630b3d7ad4a41fac67742216e506d83 dda36227690cb7c9ec74de3667dd595d59fb8eec cd5eb76033d96219a0c4fe45fb0df10202e1febcb4d086fb1305f1b3304a6b1a Loading...

	www.ghacks.net/wp-content/plugins/responsive-menu/v4.0.0/assets/js/rmp-menu.min.js?ver=4.3.4	7.7 kB	2024-04-26	2024-04-28
Pretty URL www.ghacks.net/wp-content/plugins/responsive-menu/v4.0.0/assets/js/rmp-menu.min.js?ver=4.3.4 IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:15:35 Last Seen2024-04-28 22:29:16 Times Seen11 Hash f647b4eac81ac671319b059dd7923af4 51f5d10fdb6286075d6fbdcee8dc208dde1a3e6b 67ebe421d6af2f1115d6bf5105ce6ea473e28cfc904cef68d434db3c51da3b84 Loading...

	notix.io/ent/current/enot.min.js	145 kB	2024-03-06	2024-05-05
Pretty URL notix.io/ent/current/enot.min.js IP 139.45.197.253 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-06 08:52:05 Last Seen2024-05-05 00:59:28 Times Seen135 Hash 9a3ae56c31a58c28e606e1e069a21059 ea3cdfcda002044373d2090e1745f83a15b82d17 6ccf4be26c7c79133eaf94c9c64a2ace27574e72d4c40c3c2011479cadca1f55 Loading...

	securepubads.g.doubleclick.net/tag/js/gpt.js	13 kB	2023-04-05	2024-05-05
Pretty URL securepubads.g.doubleclick.net/tag/js/gpt.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 04:46:03 Last Seen2024-05-05 20:36:34 Times Seen31173 Hash 0c9ed134ae3d5ffe972da2a3e59dc428 620df222551395592e46e4c5f425cf23dcdad891 5f9efa604bfe2aee8c1a90376125a098306ba390530a6f9b2ecb0a67cdac178d Loading...

	www.ghacks.net/wp-includes/js/comment-reply.min.js?ver=6.4.3	3.0 kB	2023-03-07	2024-05-05
Pretty URL www.ghacks.net/wp-includes/js/comment-reply.min.js?ver=6.4.3 IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-05-05 21:06:48 Times Seen29714 Hash 492f2c1a7ea7eb83fe42e0ff7cb51aa2 db36a77f6aaa2063bfbec02c2c0e967438c5a245 e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789 Loading...

	www.ghacks.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1	14 kB	2023-05-09	2024-05-05
Pretty URL www.ghacks.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 19:21:05 Last Seen2024-05-05 20:58:05 Times Seen82655 Hash 9ffeb32e2d9efbf8f70caabded242267 3ad0c10e501ac2a9bfa18f9cd7e700219b378738 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89 Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	3.4 kB	2023-11-08	2024-05-05
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-08 10:55:29 Last Seen2024-05-05 20:40:53 Times Seen948 Hash 614e80cfcb8958d8f3ab6beafbbb9e48 5e406a7be52157a25b9b0a4c2cc645113591bcff 181a79c0aee45e874e4ecce90405258b38358c6ac633069d0369fe8f0b2a8bf3 Loading...

	www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/	65 B	2023-03-10	2024-04-28
Pretty URL www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 10:36:30 Last Seen2024-04-28 22:29:16 Times Seen31 Hash 8b2695328455b7f9bf75c6e6e93ea182 662d6ddc0a2e40bd7418b1a555b692527f979f95 fed3416dfb0648fd2f859365c7aa663d8df287423c4022090f3f463061ae1d98 Loading...

	spn-v1.revampcdn.com/publishers/ghacks.js?modern=1	257 kB	2024-04-26	2024-04-27
Pretty URL spn-v1.revampcdn.com/publishers/ghacks.js?modern=1 IP 151.101.1.91 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 01:15:35 Last Seen2024-04-27 13:45:16 Times Seen10 Hash 08744fedd69da7e5a93ee570031a3c7b e96d7e8fcdb12e00fe2b83ef4708428a7b75cf29 a0cabb56423061f953337f2fec955be2e1e1bc890857c496a581ba212db4c5ca Loading...

	www.ghacks.net/wp-content/plugins/geoip-detect/js/dist/frontend_full.js?ver=5.3.2	15 kB	2023-08-29	2024-04-29
Pretty URL www.ghacks.net/wp-content/plugins/geoip-detect/js/dist/frontend_full.js?ver=5.3.2 IP 141.193.213.11 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-29 17:24:07 Last Seen2024-04-29 17:19:27 Times Seen69 Hash 5e7f7ff3266816dcc5f6788fa83937cf 8db62c96b2f6b45549e7aadf0fac75252a5b2949 f45cd9b233359f93287b58c02c16915e1af7c540f778a85752997c75b825505b Loading...

HTTP Transactions (81)

URL IP Response Size

federalreserve.zip/

216.239.38.21

302 Found

297 B

URL User Request GET HTTP/2
federalreserve.zip/
IP
216.239.38.21:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subjectfederalreserve.zip
Fingerprint33:38:81:48:E7:78:4F:CF:00:60:7E:0A:4E:65:D6:E3:87:CE:09:D0
ValiditySat, 02 Mar 2024 12:35:41 GMT - Fri, 31 May 2024 13:23:51 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
297 B (297 bytes)
Hash
884608828ab10b236e1a586cecbfc996
5d07bfaa33dc2a4ee1a6ddc8b127b2d90496d2ea
b77ab7ee351de7c4e27ac35251291af8e27151a7b8a8828178d986634667c089

HTTP Headers

GET / HTTP/1.1
Host: federalreserve.zip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
location: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks//
date: Thu, 25 Apr 2024 23:18:11 GMT
content-type: text/html; charset=UTF-8
server: ghs
content-length: 297
x-xss-protection: 0
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks//

141.193.213.11

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks//
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks// HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 25 Apr 2024 23:18:11 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
x-powered-by: WP Engine
expires: Fri, 26 Apr 2024 00:09:20 GMT
x-redirect-by: WordPress
x-cacheable: non200
cache-control: max-age=600, must-revalidate
x-cache: HIT: 22
x-cache-group: normal
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA; path=/; expires=Thu, 25-Apr-24 23:48:11 GMT; domain=.www.ghacks.net; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87a20d01b9031c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.ghacks.net/wp-content/uploads/2020/11/ghack-logo-menu.png

141.193.213.11

200 OK

4.7 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2020/11/ghack-logo-menu.png
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
RIFF (little-endian) data, Web/P image
Size
4.7 kB (4678 bytes)
Hash
529ca77a46f1e149ce81fd1c5bd038c6
a66893d379545af6ddd3b7204c32a71e6a6c3199
5931a8cf7624e0f9b46d05b093fb5a2376c58a3eda52e74138c02180b527eb78

HTTP Headers

GET /wp-content/uploads/2020/11/ghack-logo-menu.png HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/webp
content-length: 4678
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=5352
content-disposition: inline; filename="ghack-logo-menu.webp"
etag: "654bd8e3-14e8"
last-modified: Wed, 08 Nov 2023 18:52:19 GMT
vary: Accept
cf-cache-status: HIT
age: 327305
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d059d40b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2023/05/google-amp_02.jpg

141.193.213.11

200 OK

78 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2023/05/google-amp_02.jpg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1200x751, components 3
Size
78 kB (77811 bytes)
Hash
07f3a4bfd7b3d79ddb7b4a3f251abf31
a07c4a3b9d1ce31149f7b4bced33030964d2e24c
afdf4a0f2eaa6f72fba670480c99fd8bd45632342e012abd8fe9f5ab4b5ac8c6

HTTP Headers

GET /wp-content/uploads/2023/05/google-amp_02.jpg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/jpeg
content-length: 77811
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=83942
etag: "654bd8b3-147e6"
last-modified: Wed, 08 Nov 2023 18:51:31 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 200
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d059d47b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2023/05/microsoft-phishing-zip.png

141.193.213.11

200 OK

148 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2023/05/microsoft-phishing-zip.png
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
RIFF (little-endian) data, Web/P image
Size
148 kB (147828 bytes)
Hash
7ea206f68208511fc3fade65652d5ae9
eaa378c5e9e569aea039d5cedc0aba64ea3bd9dc
9830cba07c321077a9707aee2c114925cb966283afc46ebd8dd2fb5bf7f95113

HTTP Headers

GET /wp-content/uploads/2023/05/microsoft-phishing-zip.png HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/webp
content-length: 147828
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=194628
content-disposition: inline; filename="microsoft-phishing-zip.webp"
etag: "654bd8b4-2f844"
last-modified: Wed, 08 Nov 2023 18:51:32 GMT
vary: Accept
cf-cache-status: HIT
age: 200
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d059d48b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2005/10/ghacks-technology-news.webp

141.193.213.11

200 OK

1.9 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2005/10/ghacks-technology-news.webp
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 235x51, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.9 kB (1948 bytes)
Hash
41926b99191b448707764362cd435e60
ddde62391af0241aec95ed172373bf3fa2d3c46a
b6bf4f0fc4ce6aec190d2a66ae9302b3bf67b116b44342972289b8cd04e3d2ff

HTTP Headers

GET /wp-content/uploads/2005/10/ghacks-technology-news.webp HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/webp
content-length: 1948
last-modified: Wed, 08 Nov 2023 18:58:28 GMT
etag: "654bda54-79c"
cache-control: public, max-age=31536000
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 325759
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d05ad4bb51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2024/04/slejven-djurakovic-0uXzoEzYZ4I-unsplash.jpg

141.193.213.11

200 OK

224 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2024/04/slejven-djurakovic-0uXzoEzYZ4I-unsplash.jpg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JPEG image data, progressive, precision 8, 1200x800, components 3
Size
224 kB (223752 bytes)
Hash
d0ecc959148dfc251676b1f3bb81473a
8377ee1f920694d25eb699616faac4b4e03caa4e
46ff9b2281e7ca80920ac790bee565f5665ea1b87b569181bb36882b6039cfb3

HTTP Headers

GET /wp-content/uploads/2024/04/slejven-djurakovic-0uXzoEzYZ4I-unsplash.jpg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/jpeg
content-length: 223752
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=252600
etag: "661cb922-3dab8"
last-modified: Mon, 15 Apr 2024 05:20:34 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 327305
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d05ad4eb51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2024/03/KeePassXC-adds-support-for-Passkeys-improves-database-import-from-Bitwarden-and-1Password.jpg

141.193.213.11

200 OK

81 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2024/03/KeePassXC-adds-support-for-Passkeys-improves-database-import-from-Bitwarden-and-1Password.jpg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1200x801, components 3
Size
81 kB (81182 bytes)
Hash
5ca9851d57d4a1b322d9c9c9dc09eac7
33c11808d28bb2e9fb20c853836d2d920daa04b7
fd6e88fcd78d2296406279adb65f4ec51220e788eee0ee5497f5312157b49997

HTTP Headers

GET /wp-content/uploads/2024/03/KeePassXC-adds-support-for-Passkeys-improves-database-import-from-Bitwarden-and-1Password.jpg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/jpeg
content-length: 81182
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=90301
etag: "65ee9f82-160bd"
last-modified: Mon, 11 Mar 2024 06:06:58 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 327257
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d05bd52b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2024/03/malwarebytes-5.png

141.193.213.11

200 OK

134 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2024/03/malwarebytes-5.png
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
RIFF (little-endian) data, Web/P image
Size
134 kB (133884 bytes)
Hash
81de53c4fe536e66f067773770264818
736e5b48335a4e0bcf66b9ce4efeb04135b06a23
fb07bd1905b07345d5a993ad01ab37812b34f4402d883959200cbd6ad38f8336

HTTP Headers

GET /wp-content/uploads/2024/03/malwarebytes-5.png HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/webp
content-length: 133884
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=181930
content-disposition: inline; filename="malwarebytes-5.webp"
etag: "65e6f562-2c6aa"
last-modified: Tue, 05 Mar 2024 10:35:14 GMT
vary: Accept
cf-cache-status: HIT
age: 327257
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d05bd56b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2024/02/RustDoor-malware-targets-macOS-users-by-posing-as-a-Visual-Studio-Update.jpg

141.193.213.11

200 OK

59 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2024/02/RustDoor-malware-targets-macOS-users-by-posing-as-a-Visual-Studio-Update.jpg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1200x828, components 3
Size
59 kB (59007 bytes)
Hash
b05213945a64f99030ed8dbaed5274d7
5f2c357ae61868aa529c940543ccee44a8838678
39c72f8478154a7eeaacdc5f2551b3d59bdc2c3809a0f6dfed182d0309800cfb

HTTP Headers

GET /wp-content/uploads/2024/02/RustDoor-malware-targets-macOS-users-by-posing-as-a-Visual-Studio-Update.jpg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/jpeg
content-length: 59007
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=69012
etag: "65c9a984-10d94"
last-modified: Mon, 12 Feb 2024 05:15:48 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 327257
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d060d77b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2024/02/samantha-lam-zFy6fOPZEu0-unsplash.jpg

141.193.213.11

200 OK

410 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2024/02/samantha-lam-zFy6fOPZEu0-unsplash.jpg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JPEG image data, progressive, precision 8, 1200x857, components 3
Size
410 kB (409787 bytes)
Hash
8acb5c60569d8386d579a7984ef23990
04fdae2255a42aaa3d0b872d105a48d880ebd29a
7623c1d41bf059d221f74630150427b0fedc8d4abbe07f9b997d0c5c239f9563

HTTP Headers

GET /wp-content/uploads/2024/02/samantha-lam-zFy6fOPZEu0-unsplash.jpg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/jpeg
content-length: 409787
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=456158
etag: "65c07f7a-6f5de"
last-modified: Mon, 05 Feb 2024 06:26:02 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 327257
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d060d78b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2024/01/70-million-account-credentials-were-leaked-in-a-massive-password-dump.jpg

141.193.213.11

200 OK

68 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2024/01/70-million-account-credentials-were-leaked-in-a-massive-password-dump.jpg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1200x800, components 3
Size
68 kB (67966 bytes)
Hash
56bd3ba4b2999f1a7564638f5f03529c
2229bdaa6917b6ba3293e89f90125d653678cccd
a93eb535d6d2a0be0c434a21d2d930afab75fc5f50fa3e880e40effeefe7627a

HTTP Headers

GET /wp-content/uploads/2024/01/70-million-account-credentials-were-leaked-in-a-massive-password-dump.jpg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/jpeg
content-length: 67966
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=75468
etag: "65a95084-126cc"
last-modified: Thu, 18 Jan 2024 16:23:32 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 327257
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d060d79b51d-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-6DL3S186WS

142.250.74.168

200 OK

87 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-6DL3S186WS
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
87 kB (86633 bytes)
Hash
a3e4709be17831bc6d1b7aa2eb65549c
f0ca0578e84d7b49a77721108dff63832ee86163
ed5f6d79375431e4c923c47a6311e9fcbd41bf3dd8462fc079f5c0abb76c6111

HTTP Headers

GET /gtag/js?id=G-6DL3S186WS HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 25 Apr 2024 23:18:12 GMT
expires: Thu, 25 Apr 2024 23:18:12 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86633
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.ghacks.net/wp-content/uploads/2023/10/clint-patterson-yGPxCYPS8H4-unsplash.jpg

141.193.213.11

200 OK

265 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2023/10/clint-patterson-yGPxCYPS8H4-unsplash.jpg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JPEG image data, progressive, precision 8, 1200x799, components 3
Size
265 kB (264740 bytes)
Hash
8cbfde1dabbf6353242204fb36efaea4
f2368204588944a6da3bb8d8339d9b03ad1a3989
e0383d956b4ba021221c00ceb187cd3a46b7095b2b0ee4a498881e4391b7ebfa

HTTP Headers

GET /wp-content/uploads/2023/10/clint-patterson-yGPxCYPS8H4-unsplash.jpg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/jpeg
content-length: 264740
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=289019
etag: "654bd8a6-468fb"
last-modified: Wed, 08 Nov 2023 18:51:18 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 327305
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d060d7bb51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2024/04/Ecosia-browser-released-for-Windows-and-macOS.jpg

141.193.213.11

200 OK

215 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2024/04/Ecosia-browser-released-for-Windows-and-macOS.jpg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1200x828, components 3
Size
215 kB (214750 bytes)
Hash
516950906fdeb9383252a8c263b5ca0b
7910e4e7a6c0e24e000d6e90ec350f9ac43e4260
70c02b96bf2fb64da5658faa29379f58eb5ace80efc16ebe0f802824c4fbbb06

HTTP Headers

GET /wp-content/uploads/2024/04/Ecosia-browser-released-for-Windows-and-macOS.jpg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/jpeg
content-length: 214750
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=227328
etag: "662753d1-37800"
last-modified: Tue, 23 Apr 2024 06:23:13 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 226087
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d060d7cb51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2024/04/mike-petrucci-c9FQyqIECds-unsplash.jpg

141.193.213.11

200 OK

246 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2024/04/mike-petrucci-c9FQyqIECds-unsplash.jpg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JPEG image data, progressive, precision 8, 1200x800, components 3
Size
246 kB (246065 bytes)
Hash
d840cd6998cfa2928ae3e7b81acc1dc4
7a40cbb702721b9cac375840f7fb07effe9ecef8
c11f87af868f757be514cbda7f0b5e99dc07a9556acf0661fefcc5ca763ba0ad

HTTP Headers

GET /wp-content/uploads/2024/04/mike-petrucci-c9FQyqIECds-unsplash.jpg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/jpeg
content-length: 246065
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=263508
etag: "66260c65-40554"
last-modified: Mon, 22 Apr 2024 07:06:13 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 316492
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d060d7db51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2024/04/jon-tyson-XzUMBNmQro0-unsplash.jpg

141.193.213.11

200 OK

153 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2024/04/jon-tyson-XzUMBNmQro0-unsplash.jpg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JPEG image data, progressive, precision 8, 1200x900, components 3
Size
153 kB (153005 bytes)
Hash
2b9c54d60720c2eb83f235265e058f90
a16a9443302ef2df51197cdea6f3d37162be9a9a
d6282d7808651a3a8a86885958df07702350ee738a249abe95fa4d1251272dc3

HTTP Headers

GET /wp-content/uploads/2024/04/jon-tyson-XzUMBNmQro0-unsplash.jpg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/jpeg
content-length: 153005
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=165934
etag: "66222569-2882e"
last-modified: Fri, 19 Apr 2024 08:03:53 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 327305
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d060d7fb51d-OSL
alt-svc: h3=":443"; ma=86400

spn-v1.revampcdn.com/publishers/ghacks.js?modern=1

151.101.1.91

200 OK

54 kB

URL HEAD HTTP/2
spn-v1.revampcdn.com/publishers/ghacks.js?modern=1
IP
151.101.1.91:443
ASN
#54113 FASTLY

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subject*.revampcdn.com
FingerprintE5:5F:0C:7F:47:E7:70:A7:CE:2A:3A:DA:BE:26:A1:A3:EB:22:F5:58
ValidityTue, 02 Apr 2024 09:59:54 GMT - Mon, 01 Jul 2024 09:59:53 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
54 kB (54042 bytes)
Hash
08744fedd69da7e5a93ee570031a3c7b
e96d7e8fcdb12e00fe2b83ef4708428a7b75cf29
a0cabb56423061f953337f2fec955be2e1e1bc890857c496a581ba212db4c5ca

HTTP Headers

GET /publishers/ghacks.js?modern=1 HTTP/1.1
Host: spn-v1.revampcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: istio-envoy
content-type: application/javascript; charset=utf-8
x-publisher-id: ghacks
etag: W/"ef32cb6607170b97e3fcdfce89dd5abc"
x-version: 1.1381.0
x-request-id: 62fb61c7-fb78-4ff4-a199-e6e5d40e88a5
content-encoding: br
x-envoy-upstream-service-time: 288
x-envoy-decorator-operation: svc-revamp-api-cms.revamp-api-v2.svc.cluster.local:80/*
via: 1.1 google, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 25 Apr 2024 23:18:12 GMT
age: 33920
x-served-by: cache-ams21024-AMS, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 44, 1
x-timer: S1714087092.416496,VS0,VE1
vary: Accept-Encoding,x-device-platform,x-platform-id
access-control-expose-headers: x-country-code, x-region, x-browser-name, x-browser-version, x-platform-id, x-platform-version, x-device-platform
access-control-allow-origin: *
x-country-code: NO
x-region: 03
x-device-platform: Desktop
x-browser-name: Firefox
x-browser-version: 96.0
x-platform-id: Linux
x-platform-version: 
cache-control: max-age=172500, private, stale-if-error=31536000, stale-while-revalidate=864000
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 54042
X-Firefox-Spdy: h2

www.ghacks.net/wp-content/uploads/2024/04/brave-search-answer-with-ai.png

141.193.213.11

200 OK

636 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2024/04/brave-search-answer-with-ai.png
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
RIFF (little-endian) data, Web/P image
Size
636 kB (635680 bytes)
Hash
9447613d5819f09411035b05009d764a
2c0572f32c8fcc9bb5503227bc9deffc81b3933a
7f90d491a7a2af6bda0e5ce269bebb1b5b56e54b73921792797057c92d6c40c5

HTTP Headers

GET /wp-content/uploads/2024/04/brave-search-answer-with-ai.png HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/webp
content-length: 635680
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=821728
content-disposition: inline; filename="brave-search-answer-with-ai.webp"
etag: "6620b0bb-c89e0"
last-modified: Thu, 18 Apr 2024 05:33:47 GMT
vary: Accept
cf-cache-status: HIT
age: 326124
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d065d94b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2024/04/Delta-emulator-is-now-available-on-the-iOS-App-Store-but-not-for-EU-users.jpg

141.193.213.11

200 OK

91 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2024/04/Delta-emulator-is-now-available-on-the-iOS-App-Store-but-not-for-EU-users.jpg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1200x800, components 3
Size
91 kB (91434 bytes)
Hash
4c9a7b2fb5e42b0daa9b3d4e261e47af
1fad98077c471b361e68ee27644c84ef621ac681
fe874a387810041328a72df62c42890597e6cd4cece35f2e7e88f604adb008a9

HTTP Headers

GET /wp-content/uploads/2024/04/Delta-emulator-is-now-available-on-the-iOS-App-Store-but-not-for-EU-users.jpg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/jpeg
content-length: 91434
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=94325
etag: "66209cd0-17075"
last-modified: Thu, 18 Apr 2024 04:08:48 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 326124
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d065d96b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2024/01/microsoft-edge-TcC5qr3dpgA-unsplash.jpg

141.193.213.11

200 OK

283 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2024/01/microsoft-edge-TcC5qr3dpgA-unsplash.jpg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JPEG image data, progressive, precision 8, 1200x800, components 3
Size
283 kB (283351 bytes)
Hash
ed3c9b7207420906ae33273a8ddcbe3f
6884948c2dbd858c3ea0f214ea2c4bd5676a62b2
35eaa364539cb55b67861801e0bd9b4bc691c7198b1be8d585f05e38a832a5cd

HTTP Headers

GET /wp-content/uploads/2024/01/microsoft-edge-TcC5qr3dpgA-unsplash.jpg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/jpeg
content-length: 283351
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=306779
etag: "65aa11db-4ae5b"
last-modified: Fri, 19 Jan 2024 06:08:27 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 326124
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d065d97b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2024/04/Mozilla-Firefox-125-brings-text-highlighting-in-PDFs-URL-Paste-Suggestion.jpg

141.193.213.11

200 OK

26 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2024/04/Mozilla-Firefox-125-brings-text-highlighting-in-PDFs-URL-Paste-Suggestion.jpg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1200x675, components 3
Size
26 kB (25524 bytes)
Hash
fa56fbf0f90b4e67f31da67fab67f849
094074474786c02ec09d61a2a0a3be94025d7669
4fa5fb28521342d00a510235305ad0934debab6775813f3af98bdb68003077f0

HTTP Headers

GET /wp-content/uploads/2024/04/Mozilla-Firefox-125-brings-text-highlighting-in-PDFs-URL-Paste-Suggestion.jpg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/jpeg
content-length: 25524
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=31987
etag: "661e4ca0-7cf3"
last-modified: Tue, 16 Apr 2024 10:02:08 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 326124
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d065d98b51d-OSL
alt-svc: h3=":443"; ma=86400

sdk.mrf.io/statics/marfeel-sdk.js?id=2544

104.21.50.90

200 OK

43 kB

URL GET HTTP/2
sdk.mrf.io/statics/marfeel-sdk.js?id=2544
IP
104.21.50.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectsdk.mrf.io
FingerprintE3:5F:E1:81:2C:18:A0:6B:1A:CF:FB:54:9E:3E:3F:A5:6C:31:E1:FE
ValidityWed, 27 Mar 2024 00:15:55 GMT - Tue, 25 Jun 2024 00:15:54 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (61847)
Size
43 kB (42610 bytes)
Hash
733b603322a399e0bba15a327b87e3ee
01619481b0478a029e7a743285ad296807e564b8
34129a55d34105adae0bfa8265d03ecf61dc0083a2915aecd1184de38fac4527

HTTP Headers

GET /statics/marfeel-sdk.js?id=2544 HTTP/1.1
Host: sdk.mrf.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 42610
cache-control: max-age=1800
access-control-allow-origin: *
x-response-time: 2ms
content-encoding: gzip
x-envoy-upstream-service-time: 13
cf-cache-status: HIT
age: 266
last-modified: Thu, 25 Apr 2024 23:13:46 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a20d09dece56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

spn-v1.revampcdn.com/publishers/ghacks.js?modern=1

151.101.1.91

200 OK

0 B

URL HEAD HTTP/2
spn-v1.revampcdn.com/publishers/ghacks.js?modern=1
IP
151.101.1.91:443
ASN
#54113 FASTLY

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subject*.revampcdn.com
FingerprintE5:5F:0C:7F:47:E7:70:A7:CE:2A:3A:DA:BE:26:A1:A3:EB:22:F5:58
ValidityTue, 02 Apr 2024 09:59:54 GMT - Mon, 01 Jul 2024 09:59:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /publishers/ghacks.js?modern=1 HTTP/1.1
Host: spn-v1.revampcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: istio-envoy
content-type: application/javascript; charset=utf-8
x-publisher-id: ghacks
etag: W/"ef32cb6607170b97e3fcdfce89dd5abc"
x-version: 1.1381.0
x-request-id: 62fb61c7-fb78-4ff4-a199-e6e5d40e88a5
content-encoding: br
x-envoy-upstream-service-time: 288
x-envoy-decorator-operation: svc-revamp-api-cms.revamp-api-v2.svc.cluster.local:80/*
via: 1.1 google, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 25 Apr 2024 23:18:12 GMT
age: 33920
x-served-by: cache-ams21024-AMS, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 44, 2
x-timer: S1714087093.807285,VS0,VE1
vary: Accept-Encoding,x-device-platform,x-platform-id
access-control-expose-headers: x-country-code, x-region, x-browser-name, x-browser-version, x-platform-id, x-platform-version, x-device-platform
access-control-allow-origin: *
x-country-code: NO
x-region: 03
x-device-platform: Desktop
x-browser-name: Firefox
x-browser-version: 96.0
x-platform-id: Linux
x-platform-version: 
cache-control: max-age=172500, private, stale-if-error=31536000, stale-while-revalidate=864000
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 54042
X-Firefox-Spdy: h2

www.ghacks.net/statics/px.gif

141.193.213.11

404 Not Found

96 kB

URL GET HTTP/3
www.ghacks.net/statics/px.gif
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
96 kB (95736 bytes)
Hash
370e16c3b7dba286cff055f93b9a94d8
65f3537c3c798f7da146c55aef536f7b5d0cb943
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

HTTP Headers

GET /statics/px.gif HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA; rv_prebid_position=836; rv_test_position=120; rv_fp_ad_session_id=b18614fb-e041-4b07-8dc7-7673b3f9e8fa; rv_fp_pv=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/html
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: br
cf-cache-status: HIT
age: 25
server: cloudflare
cf-ray: 87a20d09aec9b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/themes/new-ghacks-preview/images/search-icon.svg

141.193.213.11

200 OK

19 kB

URL GET HTTP/3
www.ghacks.net/wp-content/themes/new-ghacks-preview/images/search-icon.svg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
SVG Scalable Vector Graphics image
Size
19 kB (18954 bytes)
Hash
e25093cad47d0c68f92b37715f81ee1b
2cf2ec1c5931206f2c5afd0ca14afbcb0cbceb3e
c56ae0ce6a61669700b75187f654ea8b5fe23cb1377e463c7fc93d052eade027

HTTP Headers

GET /wp-content/themes/new-ghacks-preview/images/search-icon.svg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/wp-content/themes/new-ghacks-preview/css/single.css?ver=5.6.15
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA; rv_prebid_position=836; rv_test_position=120; rv_fp_ad_session_id=b18614fb-e041-4b07-8dc7-7673b3f9e8fa; rv_fp_pv=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 08 Nov 2023 18:58:28 GMT
etag: W/"654bda54-37e"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327305
server: cloudflare
cf-ray: 87a20d09aecab51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/plugins/geoip-detect/js/dist/frontend_full.js?ver=5.3.2

141.193.213.11

200 OK

79 kB

URL GET HTTP/3
www.ghacks.net/wp-content/plugins/geoip-detect/js/dist/frontend_full.js?ver=5.3.2
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JavaScript source, ASCII text, with very long lines (14916)
Size
79 kB (78982 bytes)
Hash
5e7f7ff3266816dcc5f6788fa83937cf
8db62c96b2f6b45549e7aadf0fac75252a5b2949
f45cd9b233359f93287b58c02c16915e1af7c540f778a85752997c75b825505b

HTTP Headers

GET /wp-content/plugins/geoip-detect/js/dist/frontend_full.js?ver=5.3.2 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 18 Dec 2023 04:14:18 GMT
etag: W/"657fc71a-3a6f"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d065d9bb51d-OSL
alt-svc: h3=":443"; ma=86400

notix.io/settings?appId=100463775616ecb625f0290cd8eaf73&ver=0.16.4

139.45.197.253

200 OK

108 B

URL GET HTTP/2
notix.io/settings?appId=100463775616ecb625f0290cd8eaf73&ver=0.16.4
IP
139.45.197.253:443
ASN
#9002 RETN Limited

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectnotix.io
Fingerprint3C:56:70:26:73:9D:43:E7:28:EF:40:FE:65:98:CD:7B:0A:56:D9:1B
ValiditySat, 17 Feb 2024 20:57:19 GMT - Fri, 17 May 2024 20:57:18 GMT

File type
JSON text data
Size
108 B (108 bytes)
Hash
c2e526b87becea70e84e59e6140c1667
d81024ed28402da62f33d0c87a0502edae040086
6bf0a4f3020094b5acbfbec37adcfe72560f05e78022b8d60c42bdf8160317d3

HTTP Headers

GET /settings?appId=100463775616ecb625f0290cd8eaf73&ver=0.16.4 HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:18:13 GMT
content-type: application/json; charset=utf-8
content-length: 108
access-control-allow-origin: https://www.ghacks.net
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ad-delivery.net/px.gif?ch=2

104.26.3.70

200 OK

43 B

URL GET HTTP/2
ad-delivery.net/px.gif?ch=2
IP
104.26.3.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerGoogle Trust Services LLC
Subjectad-delivery.net
Fingerprint03:56:A5:CD:68:65:E1:00:BD:87:3E:45:0C:B1:3B:C2:2C:8C:4E:18
ValidityTue, 19 Mar 2024 04:48:01 GMT - Mon, 17 Jun 2024 04:48:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /px.gif?ch=2 HTTP/1.1
Host: ad-delivery.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:18:13 GMT
content-type: image/gif
content-length: 43
x-guploader-uploadid: ABPtcPoR4JXLqkfpf-u09lS0JRH4wHiZk5pp3DpGwPYXSZHMyeJV_4xQVHswRg5LBcY1bjGFi2uKubkW3g
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
expires: Sat, 13 Apr 2024 07:11:32 GMT
cache-control: public, max-age=86400
age: 1098401
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ff8nzC%2FusDu8SnrG%2BOv5rYcnZRjOWpt7iJ9TJrbrsrO5dIyJJsoenfwxG4tm4sZRQMQHFQF1qbE65p5eQ3mKRcwRX4zWRkpfPgqdPLfMUq%2BWy9w36k%2BL%2F03G0TUPAitdYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a20d0c3a63b500-OSL
X-Firefox-Spdy: h2

ad-delivery.net/px.gif?ch=1&e=0.2358308921986838

104.26.3.70

200 OK

43 B

URL GET HTTP/2
ad-delivery.net/px.gif?ch=1&e=0.2358308921986838
IP
104.26.3.70:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerGoogle Trust Services LLC
Subjectad-delivery.net
Fingerprint03:56:A5:CD:68:65:E1:00:BD:87:3E:45:0C:B1:3B:C2:2C:8C:4E:18
ValidityTue, 19 Mar 2024 04:48:01 GMT - Mon, 17 Jun 2024 04:48:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /px.gif?ch=1&e=0.2358308921986838 HTTP/1.1
Host: ad-delivery.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:18:13 GMT
content-type: image/gif
content-length: 43
x-guploader-uploadid: ABPtcPoR4JXLqkfpf-u09lS0JRH4wHiZk5pp3DpGwPYXSZHMyeJV_4xQVHswRg5LBcY1bjGFi2uKubkW3g
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
expires: Sat, 13 Apr 2024 07:11:32 GMT
cache-control: public, max-age=86400
age: 1098401
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tG%2F6iUvKFlVrx7zLl8MhdIq2I3GECsnmuMnB8Ekq1MCvE3Gmz%2Fk1NrRbDNr3QcfY6pwdpf%2F0hh%2FpLDRtj0VhV643wQ8nhNlbZBd2N30f7hzTtWQgU%2BBYgKY9UKPudDMG4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a20d0c3a66b500-OSL
X-Firefox-Spdy: h2

api.btloader.com/log?tid=3FM3NBEFtI&cv=2.1.43&sid=lGCwjOVmxz&upapi=true

130.211.23.194

204 No Content

0 B

URL POST HTTP/2
api.btloader.com/log?tid=3FM3NBEFtI&cv=2.1.43&sid=lGCwjOVmxz&upapi=true
IP
130.211.23.194:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerGoogle Trust Services LLC
Subjectapi.btloader.com
Fingerprint91:D7:31:40:CA:23:84:1D:EC:B3:E5:18:FA:A1:67:B2:7E:BF:4D:3F
ValidityFri, 05 Apr 2024 16:07:23 GMT - Thu, 04 Jul 2024 17:00:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log?tid=3FM3NBEFtI&cv=2.1.43&sid=lGCwjOVmxz&upapi=true HTTP/1.1
Host: api.btloader.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 140
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
vary: Origin
date: Thu, 25 Apr 2024 23:18:13 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

api.btloader.com/log?tid=3FM3NBEFtI&cv=2.1.43&sid=lGCwjOVmxz&upapi=true

130.211.23.194

204 No Content

0 B

URL POST HTTP/2
api.btloader.com/log?tid=3FM3NBEFtI&cv=2.1.43&sid=lGCwjOVmxz&upapi=true
IP
130.211.23.194:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerGoogle Trust Services LLC
Subjectapi.btloader.com
Fingerprint91:D7:31:40:CA:23:84:1D:EC:B3:E5:18:FA:A1:67:B2:7E:BF:4D:3F
ValidityFri, 05 Apr 2024 16:07:23 GMT - Thu, 04 Jul 2024 17:00:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log?tid=3FM3NBEFtI&cv=2.1.43&sid=lGCwjOVmxz&upapi=true HTTP/1.1
Host: api.btloader.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 162
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
vary: Origin
date: Thu, 25 Apr 2024 23:18:13 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

api.btloader.com/mw/state?bt_env=prod

130.211.23.194

204 No Content

0 B

URL GET HTTP/2
api.btloader.com/mw/state?bt_env=prod
IP
130.211.23.194:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerGoogle Trust Services LLC
Subjectapi.btloader.com
Fingerprint91:D7:31:40:CA:23:84:1D:EC:B3:E5:18:FA:A1:67:B2:7E:BF:4D:3F
ValidityFri, 05 Apr 2024 16:07:23 GMT - Thu, 04 Jul 2024 17:00:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /mw/state?bt_env=prod HTTP/1.1
Host: api.btloader.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
access-control-allow-origin: *
vary: Origin
date: Thu, 25 Apr 2024 23:18:13 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

api.btloader.com/log?tid=3FM3NBEFtI&cv=2.1.43&sid=lGCwjOVmxz&upapi=true

130.211.23.194

204 No Content

0 B

URL POST HTTP/2
api.btloader.com/log?tid=3FM3NBEFtI&cv=2.1.43&sid=lGCwjOVmxz&upapi=true
IP
130.211.23.194:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerGoogle Trust Services LLC
Subjectapi.btloader.com
Fingerprint91:D7:31:40:CA:23:84:1D:EC:B3:E5:18:FA:A1:67:B2:7E:BF:4D:3F
ValidityFri, 05 Apr 2024 16:07:23 GMT - Thu, 04 Jul 2024 17:00:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log?tid=3FM3NBEFtI&cv=2.1.43&sid=lGCwjOVmxz&upapi=true HTTP/1.1
Host: api.btloader.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 173
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
vary: Origin
date: Thu, 25 Apr 2024 23:18:13 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.ghacks.net/favicon.ico

141.193.213.11

200 OK

0 B

URL GET HTTP/3
www.ghacks.net/favicon.ico
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA; rv_prebid_position=836; rv_test_position=120; rv_fp_ad_session_id=b18614fb-e041-4b07-8dc7-7673b3f9e8fa; rv_fp_pv=1; _ga_6DL3S186WS=GS1.1.1714087092.1.0.1714087092.0.0.0; _ga=GA1.1.1833855968.1714087093; _dd_s=rum=0&expire=1714087992940; didomi_token=eyJ1c2VyX2lkIjoiMThmMTc4ZDYtMzljMy02ZjA0LThkMWQtODZiODc5ZTVkZDk4IiwiY3JlYXRlZCI6IjIwMjQtMDQtMjVUMjM6MTg6MTMuMTQ4WiIsInVwZGF0ZWQiOiIyMDI0LTA0LTI1VDIzOjE4OjEzLjE0OVoiLCJ2ZXJzaW9uIjpudWxsfQ==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:13 GMT
content-type: image/x-icon
content-length: 0
last-modified: Fri, 19 Apr 2024 23:01:49 GMT
etag: "6622f7dd-0"
cache-control: public, max-age=31536000
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 327305
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d0e0898b51d-OSL
alt-svc: h3=":443"; ma=86400

sdk.privacy-center.org/sdk/6432b45dc598961221a51f31d27d31da884aa131/modern/ui-gdpr-en-web.6432b45dc598961221a51f31d27d31da884aa131.js

54.230.111.7

200 OK

63 kB

URL GET HTTP/3
sdk.privacy-center.org/sdk/6432b45dc598961221a51f31d27d31da884aa131/modern/ui-gdpr-en-web.6432b45dc598961221a51f31d27d31da884aa131.js
IP
54.230.111.7:443
ASN
#16509 AMAZON-02

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerAmazon
Subject*.privacy-center.org
Fingerprint1A:7E:F9:30:82:3B:8F:CF:86:98:3F:EC:6B:3C:10:21:07:6E:A0:8B
ValiditySun, 10 Mar 2024 00:00:00 GMT - Mon, 07 Apr 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65419)
Size
63 kB (62707 bytes)
Hash
a44e1d5bf79594998aa228e7cf49e602
a184ed8b6215052da245285e11f3440063c8f784
ef20650560248405bf467e9a443f872ee805ae1a72874f5f5bcc3fc6e507cde8

HTTP Headers

GET /sdk/6432b45dc598961221a51f31d27d31da884aa131/modern/ui-gdpr-en-web.6432b45dc598961221a51f31d27d31da884aa131.js HTTP/1.1
Host: sdk.privacy-center.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400
age: 31027
date: Thu, 25 Apr 2024 14:41:07 GMT
last-modified: Thu, 25 Apr 2024 14:39:52 GMT
etag: W/"8765146caccc91cbbae5375f58959e3d-1"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7-FkdYTlcaJvETMdfzzUkOfaukUQBke6XC02TcgpYNiv2HO2_uV8aQ==

www.ghacks.net/wp-content/themes/new-ghacks-preview/css/affiliate-link-shortcode.css?ver=5.6.13

141.193.213.11

200 OK

1.0 kB

URL GET HTTP/3
www.ghacks.net/wp-content/themes/new-ghacks-preview/css/affiliate-link-shortcode.css?ver=5.6.13
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
ASCII text
Size
1.0 kB (1000 bytes)
Hash
5e58c21f83c8b6ef2a6b1fd8bb532a64
d969a1283374733a8c93da6cfa249ef105a20b2f
edd64771968759d16472eccb1ca51c644cfaa4b8844ad64ee0bafc04cf73a1a0

HTTP Headers

GET /wp-content/themes/new-ghacks-preview/css/affiliate-link-shortcode.css?ver=5.6.13 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 08 Nov 2023 18:58:28 GMT
etag: W/"654bda54-7d8"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d065d99b51d-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/readaloud/player/web/api/js/api.js?ver=1

142.250.74.163

200 OK

181 kB

URL GET HTTP/2
www.gstatic.com/readaloud/player/web/api/js/api.js?ver=1
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT

File type
JavaScript source, ASCII text, with very long lines (5280)
Size
181 kB (180715 bytes)
Hash
1f1319b651c980800276fe55eb86b8f5
0a1c600cfa3596686e6d564f5e38cbdc3b6d047a
8fdb846f4a09e6e57c84908277101c3878d9f3eec18f3c3408a68aedc16b8cb9

HTTP Headers

GET /readaloud/player/web/api/js/api.js?ver=1 HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/speakr
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="speakr"
report-to: {"group":"speakr","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/speakr"}]}
content-length: 180715
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 23:14:41 GMT
expires: Fri, 26 Apr 2024 00:04:41 GMT
cache-control: public, max-age=3000
age: 212
last-modified: Sun, 10 Mar 2024 09:27:38 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

api.btloader.com/country?o=5633429348548608

130.211.23.194

200 OK

37 B

URL GET HTTP/2
api.btloader.com/country?o=5633429348548608
IP
130.211.23.194:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerGoogle Trust Services LLC
Subjectapi.btloader.com
Fingerprint91:D7:31:40:CA:23:84:1D:EC:B3:E5:18:FA:A1:67:B2:7E:BF:4D:3F
ValidityFri, 05 Apr 2024 16:07:23 GMT - Thu, 04 Jul 2024 17:00:56 GMT

File type
JSON text data
Size
37 B (37 bytes)
Hash
bdfe458835550c34f45fc9fdfeebb12a
0f08aa02e7bcbf4c5e991a5defb2fdbd03a86f3d
ad26ec64cc613fbfbd47faaf39f9921c2b19769bde1d3c5c2857a671e7863cf9

HTTP Headers

GET /country?o=5633429348548608 HTTP/1.1
Host: api.btloader.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
content-type: application/json
vary: Origin
date: Thu, 25 Apr 2024 23:18:13 GMT
content-length: 37
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

api.btloader.com/pv?tid=3FM3NBEFtI&w=5874461553721344&o=5633429348548608&cv=2.1.43&widget=false&r=false&vr=1280x1024&pageURL=https%3A%2F%2Fwww.ghacks.net%2F2023%2F05%2F15%2Fgoogles-zip-top-level-domain-is-already-used-in-phishing-attacks%2F&sid=lGCwjOVmxz&pm=true&upapi=true

130.211.23.194

204 No Content

0 B

URL GET HTTP/2
api.btloader.com/pv?tid=3FM3NBEFtI&w=5874461553721344&o=5633429348548608&cv=2.1.43&widget=false&r=false&vr=1280x1024&pageURL=https%3A%2F%2Fwww.ghacks.net%2F2023%2F05%2F15%2Fgoogles-zip-top-level-domain-is-already-used-in-phishing-attacks%2F&sid=lGCwjOVmxz&pm=true&upapi=true
IP
130.211.23.194:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerGoogle Trust Services LLC
Subjectapi.btloader.com
Fingerprint91:D7:31:40:CA:23:84:1D:EC:B3:E5:18:FA:A1:67:B2:7E:BF:4D:3F
ValidityFri, 05 Apr 2024 16:07:23 GMT - Thu, 04 Jul 2024 17:00:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pv?tid=3FM3NBEFtI&w=5874461553721344&o=5633429348548608&cv=2.1.43&widget=false&r=false&vr=1280x1024&pageURL=https%3A%2F%2Fwww.ghacks.net%2F2023%2F05%2F15%2Fgoogles-zip-top-level-domain-is-already-used-in-phishing-attacks%2F&sid=lGCwjOVmxz&pm=true&upapi=true HTTP/1.1
Host: api.btloader.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
vary: Origin
date: Thu, 25 Apr 2024 23:18:13 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

api.btloader.com/log?tid=3FM3NBEFtI&cv=2.1.43&sid=lGCwjOVmxz&upapi=true

130.211.23.194

204 No Content

0 B

URL POST HTTP/2
api.btloader.com/log?tid=3FM3NBEFtI&cv=2.1.43&sid=lGCwjOVmxz&upapi=true
IP
130.211.23.194:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerGoogle Trust Services LLC
Subjectapi.btloader.com
Fingerprint91:D7:31:40:CA:23:84:1D:EC:B3:E5:18:FA:A1:67:B2:7E:BF:4D:3F
ValidityFri, 05 Apr 2024 16:07:23 GMT - Thu, 04 Jul 2024 17:00:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log?tid=3FM3NBEFtI&cv=2.1.43&sid=lGCwjOVmxz&upapi=true HTTP/1.1
Host: api.btloader.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 178
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
vary: Origin
date: Thu, 25 Apr 2024 23:18:13 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

events.newsroom.bi/ingest.php

57.128.96.94

200 OK

86 B

URL POST HTTP/2
events.newsroom.bi/ingest.php
IP
57.128.96.94:443
ASN
#16276 OVH SAS

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectssl03.cert.cl11.k8s.mrf.io
Fingerprint5F:48:D7:AE:28:B3:B0:F7:9E:F7:1B:12:DE:26:49:86:0E:4C:22:C0
ValidityThu, 04 Apr 2024 06:11:16 GMT - Wed, 03 Jul 2024 06:11:15 GMT

File type
JSON text data
Size
86 B (86 bytes)
Hash
a11cb9e4896c278cd189ffb9789da066
465a668593ed60b4cee5d2ece09c5cd0b346008b
c4866c723c789cf04a4900008e83e9a923d0209e0ee11f32a679c3ece024e103

HTTP Headers

POST /ingest.php HTTP/1.1
Host: events.newsroom.bi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 843
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://www.ghacks.net
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
cache-control: private,no-store
content-type: application/json
date: Thu, 25 Apr 2024 23:18:18 GMT
content-length: 86
content-encoding: gzip
x-envoy-upstream-service-time: 0
server: istio-envoy
X-Firefox-Spdy: h2

events.newsroom.bi/ingest.php

57.128.96.94

200 OK

86 B

URL POST HTTP/2
events.newsroom.bi/ingest.php
IP
57.128.96.94:443
ASN
#16276 OVH SAS

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectssl03.cert.cl11.k8s.mrf.io
Fingerprint5F:48:D7:AE:28:B3:B0:F7:9E:F7:1B:12:DE:26:49:86:0E:4C:22:C0
ValidityThu, 04 Apr 2024 06:11:16 GMT - Wed, 03 Jul 2024 06:11:15 GMT

File type
JSON text data
Size
86 B (86 bytes)
Hash
a11cb9e4896c278cd189ffb9789da066
465a668593ed60b4cee5d2ece09c5cd0b346008b
c4866c723c789cf04a4900008e83e9a923d0209e0ee11f32a679c3ece024e103

HTTP Headers

POST /ingest.php HTTP/1.1
Host: events.newsroom.bi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 849
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://www.ghacks.net
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
cache-control: private,no-store
content-type: application/json
date: Thu, 25 Apr 2024 23:18:18 GMT
content-length: 86
content-encoding: gzip
x-envoy-upstream-service-time: 0
server: istio-envoy
X-Firefox-Spdy: h2

events.newsroom.bi/recirculation.php

57.128.96.94

200 OK

12 B

URL POST HTTP/2
events.newsroom.bi/recirculation.php
IP
57.128.96.94:443
ASN
#16276 OVH SAS

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectssl03.cert.cl11.k8s.mrf.io
Fingerprint5F:48:D7:AE:28:B3:B0:F7:9E:F7:1B:12:DE:26:49:86:0E:4C:22:C0
ValidityThu, 04 Apr 2024 06:11:16 GMT - Wed, 03 Jul 2024 06:11:15 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
af472541e2d2b40737f6e7e9b55de6c7
9c9e4af771378e62f91a9f74b3f5696228c4167b
a2702f6a67d243b8c2451ed8022b8fd0a6701cd104781ad922dc25fc6aa6fc3b

HTTP Headers

POST /recirculation.php HTTP/1.1
Host: events.newsroom.bi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2761
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://www.ghacks.net
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
cache-control: private,no-store
content-type: application/json
date: Thu, 25 Apr 2024 23:18:23 GMT
content-length: 12
x-envoy-upstream-service-time: 0
server: istio-envoy
X-Firefox-Spdy: h2

flowcards.mrf.io/json/experiences?url=https%3A%2F%2Fwww.ghacks.net%2F2023%2F05%2F15%2Fgoogles-zip-top-level-domain-is-already-used-in-phishing-attacks%2F&clid=9f8f7e23-dbc8-4e90-b815-7d2c25f93466&fvst=1714087093&geo=__INJECT_GEO__&ptch=0&pgv=1&pti=2023-05-15T11:53:31+00:00&sdu=10&sid=2544&useg=&utyp=0&vfrq=6

172.67.159.162

200 OK

75 B

URL GET HTTP/2
flowcards.mrf.io/json/experiences?url=https%3A%2F%2Fwww.ghacks.net%2F2023%2F05%2F15%2Fgoogles-zip-top-level-domain-is-already-used-in-phishing-attacks%2F&clid=9f8f7e23-dbc8-4e90-b815-7d2c25f93466&fvst=1714087093&geo=__INJECT_GEO__&ptch=0&pgv=1&pti=2023-05-15T11:53:31+00:00&sdu=10&sid=2544&useg=&utyp=0&vfrq=6
IP
172.67.159.162:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectflowcards.mrf.io
FingerprintCD:D3:F7:18:EC:9C:A7:C1:6D:05:F1:5C:54:84:BD:27:EE:08:49:3F
ValidityTue, 16 Apr 2024 05:29:37 GMT - Mon, 15 Jul 2024 05:29:36 GMT

File type
JSON text data
Size
75 B (75 bytes)
Hash
86fa40a699df8edead4fdc88e68ecf89
42c28cce3e35436cc7ad0486385ebe9ea944632f
4771b6e6d80480ff9d9ca116255b55e6a618fe445961840333b32a1315255e50

HTTP Headers

GET /json/experiences?url=https%3A%2F%2Fwww.ghacks.net%2F2023%2F05%2F15%2Fgoogles-zip-top-level-domain-is-already-used-in-phishing-attacks%2F&clid=9f8f7e23-dbc8-4e90-b815-7d2c25f93466&fvst=1714087093&geo=__INJECT_GEO__&ptch=0&pgv=1&pti=2023-05-15T11:53:31+00:00&sdu=10&sid=2544&useg=&utyp=0&vfrq=6 HTTP/1.1
Host: flowcards.mrf.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:18:23 GMT
content-type: application/json; charset=utf-8
content-length: 75
access-control-allow-origin: *
cache-control: private
content-encoding: gzip
x-envoy-upstream-service-time: 65
cf-cache-status: BYPASS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a20d4d4a0b5688-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

events.newsroom.bi/ingest.php

57.128.96.94

200 OK

2 B

URL POST HTTP/2
events.newsroom.bi/ingest.php
IP
57.128.96.94:443
ASN
#16276 OVH SAS

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectssl03.cert.cl11.k8s.mrf.io
Fingerprint5F:48:D7:AE:28:B3:B0:F7:9E:F7:1B:12:DE:26:49:86:0E:4C:22:C0
ValidityThu, 04 Apr 2024 06:11:16 GMT - Wed, 03 Jul 2024 06:11:15 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

POST /ingest.php HTTP/1.1
Host: events.newsroom.bi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 850
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://www.ghacks.net
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
cache-control: private,no-store
content-type: application/json
date: Thu, 25 Apr 2024 23:18:28 GMT
content-length: 2
x-envoy-upstream-service-time: 0
server: istio-envoy
X-Firefox-Spdy: h2

events.newsroom.bi/ingest.php

57.128.96.94

200 OK

2 B

URL POST HTTP/2
events.newsroom.bi/ingest.php
IP
57.128.96.94:443
ASN
#16276 OVH SAS

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectssl03.cert.cl11.k8s.mrf.io
Fingerprint5F:48:D7:AE:28:B3:B0:F7:9E:F7:1B:12:DE:26:49:86:0E:4C:22:C0
ValidityThu, 04 Apr 2024 06:11:16 GMT - Wed, 03 Jul 2024 06:11:15 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

POST /ingest.php HTTP/1.1
Host: events.newsroom.bi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 850
Origin: https://www.ghacks.net
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://www.ghacks.net
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
cache-control: private,no-store
content-type: application/json
date: Thu, 25 Apr 2024 23:18:33 GMT
content-length: 2
x-envoy-upstream-service-time: 1
server: istio-envoy
X-Firefox-Spdy: h2

www.ghacks.net/wp-content/plugins/ghacks-post-slider/assets/css/slick.css?ver=1.0.0

141.193.213.11

200 OK

1.6 kB

URL GET HTTP/3
www.ghacks.net/wp-content/plugins/ghacks-post-slider/assets/css/slick.css?ver=1.0.0
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
ASCII text, with very long lines (1599), with no line terminators
Size
1.6 kB (1579 bytes)
Hash
70f91a2b08190feff505484d662177a3
09a304715dd90ea73f87bd90eb429c97e4059405
5a6da8b217356a219a09169c66c162f2460915b6737c66b90b023285f3a12768

HTTP Headers

GET /wp-content/plugins/ghacks-post-slider/assets/css/slick.css?ver=1.0.0 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 08 Nov 2023 18:58:37 GMT
etag: W/"654bda5d-62b"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d055d24b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/themes/new-ghacks-preview/css/single.css?ver=5.6.15

141.193.213.11

200 OK

32 kB

URL GET HTTP/3
www.ghacks.net/wp-content/themes/new-ghacks-preview/css/single.css?ver=5.6.15
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type

Size
32 kB (31496 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/themes/new-ghacks-preview/css/single.css?ver=5.6.15 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 08 Nov 2023 18:58:28 GMT
etag: W/"654bda54-7b08"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 325760
server: cloudflare
cf-ray: 87a20d056d2bb51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/plugins/all-in-one-schemaorg-rich-snippets/css/jquery.rating.css?ver=1.0

141.193.213.11

200 OK

978 B

URL GET HTTP/3
www.ghacks.net/wp-content/plugins/all-in-one-schemaorg-rich-snippets/css/jquery.rating.css?ver=1.0
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
ASCII text, with very long lines (999), with no line terminators
Size
978 B (978 bytes)
Hash
cb8c054c5cd8cfb0cba355a6ab0267b7
ad24e21c1d4093056fe3b9ea7f529cbb05a5e718
13bb6de7dfea9458b5a590c92fdb80a727356c1f91c557b1d030a2888cdd7369

HTTP Headers

GET /wp-content/plugins/all-in-one-schemaorg-rich-snippets/css/jquery.rating.css?ver=1.0 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 08 Nov 2023 18:58:40 GMT
etag: W/"654bda60-3d2"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d056d32b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/statics/dfp.js

141.193.213.11

404 Not Found

548 B

URL GET HTTP/3
www.ghacks.net/statics/dfp.js
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
HTML document, ASCII text, with very long lines (574), with no line terminators
Size
548 B (548 bytes)
Hash
5b3bd9705af8e4446f589e073b64d64c
e25d724de194a431213080e10392963efc18ad75
ad8ec7fd0face5bd866b2a915cd34853cf60f18229acc156dfa99f5dd5d3c775

HTTP Headers

GET /statics/dfp.js HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA; rv_prebid_position=836; rv_test_position=120; rv_fp_ad_session_id=b18614fb-e041-4b07-8dc7-7673b3f9e8fa; rv_fp_pv=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/html
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: br
cf-cache-status: HIT
age: 25
server: cloudflare
cf-ray: 87a20d09aec8b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/themes/new-ghacks-preview/style.css?ver=1.2.3.4.26

141.193.213.11

200 OK

344 B

URL GET HTTP/3
www.ghacks.net/wp-content/themes/new-ghacks-preview/style.css?ver=1.2.3.4.26
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
HTML document, ASCII text, with very long lines (356), with no line terminators
Size
344 B (344 bytes)
Hash
6ec6d67da3e14434b1f44c0274dd6426
cf3db60c5d16f64df4a71ef57a7a284dd53b68b6
d9d4801056836c4f0101417fe4b7ceb30c9444b350cf4ef5bc67f1dd57e66a99

HTTP Headers

GET /wp-content/themes/new-ghacks-preview/style.css?ver=1.2.3.4.26 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 08 Nov 2023 18:58:28 GMT
etag: W/"654bda54-158"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d056d2ab51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-includes/js/comment-reply.min.js?ver=6.4.3

141.193.213.11

200 OK

3.0 kB

URL GET HTTP/3
www.ghacks.net/wp-includes/js/comment-reply.min.js?ver=6.4.3
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
ASCII text, with very long lines (3056), with no line terminators
Size
3.0 kB (2981 bytes)
Hash
dc7f90d513295c29acc441fe114a2cab
ca9e5069d9afc4aa13ab2e152313dfb476e842ef
f87915c58d8c25473c726646b58d2fe0ba9a136987571e6c810aba3c67b4f74c

HTTP Headers

GET /wp-includes/js/comment-reply.min.js?ver=6.4.3 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
etag: W/"625095f6-ba5"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 325759
server: cloudflare
cf-ray: 87a20d065da0b51d-OSL
alt-svc: h3=":443"; ma=86400

sdk.privacy-center.org/sdk/6432b45dc598961221a51f31d27d31da884aa131/modern/sdk.6432b45dc598961221a51f31d27d31da884aa131.js

54.230.111.7

200 OK

350 kB

URL GET HTTP/3
sdk.privacy-center.org/sdk/6432b45dc598961221a51f31d27d31da884aa131/modern/sdk.6432b45dc598961221a51f31d27d31da884aa131.js
IP
54.230.111.7:443
ASN
#16509 AMAZON-02

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerAmazon
Subject*.privacy-center.org
Fingerprint1A:7E:F9:30:82:3B:8F:CF:86:98:3F:EC:6B:3C:10:21:07:6E:A0:8B
ValiditySun, 10 Mar 2024 00:00:00 GMT - Mon, 07 Apr 2025 23:59:59 GMT

File type

Size
350 kB (349891 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sdk/6432b45dc598961221a51f31d27d31da884aa131/modern/sdk.6432b45dc598961221a51f31d27d31da884aa131.js HTTP/1.1
Host: sdk.privacy-center.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=86400
age: 31097
date: Thu, 25 Apr 2024 14:39:56 GMT
last-modified: Thu, 25 Apr 2024 14:39:49 GMT
etag: W/"70dc649d56fa01872df07dc9558652c6-1"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3C3dNyy4nkx8s72A6Kn1SZdAXp3egTX3KG1oy2u6G8hk4kDbb3MeQg==

www.ghacks.net/wp-content/themes/new-ghacks-preview/revamp-infinite-leaderboard.js?ver=0.3

141.193.213.11

200 OK

6.4 kB

URL GET HTTP/3
www.ghacks.net/wp-content/themes/new-ghacks-preview/revamp-infinite-leaderboard.js?ver=0.3
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
Unicode text, UTF-8 text, with very long lines (6532), with no line terminators
Size
6.4 kB (6352 bytes)
Hash
820395478e46e88a5c526ae7d80659c3
74d172c64ae14947204d6bd4c684882eda8c5bd0
91765311b10376ca26258f0209b0da0685b54026e584347831f0efa515e464d1

HTTP Headers

GET /wp-content/themes/new-ghacks-preview/revamp-infinite-leaderboard.js?ver=0.3 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 08 Nov 2023 18:58:28 GMT
etag: W/"654bda54-18d0"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 325759
server: cloudflare
cf-ray: 87a20d065da1b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/plugins/my-custom-functionality-master/assets/js/swiper.min.js?ver=9.9.0

141.193.213.11

200 OK

136 kB

URL GET HTTP/3
www.ghacks.net/wp-content/plugins/my-custom-functionality-master/assets/js/swiper.min.js?ver=9.9.0
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JavaScript source, ASCII text, with very long lines (65281)
Size
136 kB (136235 bytes)
Hash
109e655465f9d245b3a1e362a0191de1
0e0f00c77214ae421645005171d1c8721f917670
d36ac645d9f3443fe2b4ee6306a14b305bc3d93f3ed72e913d067d02200e889c

HTTP Headers

GET /wp-content/plugins/my-custom-functionality-master/assets/js/swiper.min.js?ver=9.9.0 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 08 Nov 2023 18:58:36 GMT
etag: W/"654bda5c-2142b"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d065d9cb51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/themes/new-ghacks-preview/scripts.js?ver=1.2.3.4.26

141.193.213.11

200 OK

871 B

URL GET HTTP/3
www.ghacks.net/wp-content/themes/new-ghacks-preview/scripts.js?ver=1.2.3.4.26
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JavaScript source, ASCII text, with very long lines (893), with no line terminators
Size
871 B (871 bytes)
Hash
4a575beeab891c7e0c9c5aabf017af61
f17b0229a69419ee1a60b4bbdb8949f136f3c90b
b46cef510a78ae4fa455975a4ba95a7971eef079b05ba3be196094cf887d92b6

HTTP Headers

GET /wp-content/themes/new-ghacks-preview/scripts.js?ver=1.2.3.4.26 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 08 Nov 2023 18:58:28 GMT
etag: W/"654bda54-367"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327305
server: cloudflare
cf-ray: 87a20d065d9eb51d-OSL
alt-svc: h3=":443"; ma=86400

notix.io/ent/current/enot.min.js

139.45.197.253

200 OK

145 kB

URL GET HTTP/2
notix.io/ent/current/enot.min.js
IP
139.45.197.253:443
ASN
#9002 RETN Limited

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectnotix.io
Fingerprint3C:56:70:26:73:9D:43:E7:28:EF:40:FE:65:98:CD:7B:0A:56:D9:1B
ValiditySat, 17 Feb 2024 20:57:19 GMT - Fri, 17 May 2024 20:57:18 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
145 kB (145421 bytes)
Hash
9a3ae56c31a58c28e606e1e069a21059
ea3cdfcda002044373d2090e1745f83a15b82d17
6ccf4be26c7c79133eaf94c9c64a2ace27574e72d4c40c3c2011479cadca1f55

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

HTTP Headers

GET /ent/current/enot.min.js HTTP/1.1
Host: notix.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: application/javascript
last-modified: Wed, 13 Mar 2024 11:17:39 GMT
etag: W/"65f18b53-2380d"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

imasdk.googleapis.com/js/sdkloader/ima3.js?ver=1

142.250.74.74

200 OK

396 kB

URL GET HTTP/2
imasdk.googleapis.com/js/sdkloader/ima3.js?ver=1
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (1754)
Size
396 kB (395874 bytes)
Hash
61eaa70d7948780d391ebb60170131b6
5eeb9408b943af3c7e670125b68158cba3a25196
b6a0dc033049e4e05526c0c761456ace62442066b3e162841e9e8187aa383a5c

HTTP Headers

GET /js/sdkloader/ima3.js?ver=1 HTTP/1.1
Host: imasdk.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 135608
date: Thu, 25 Apr 2024 23:18:13 GMT
expires: Thu, 25 Apr 2024 23:18:13 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.ghacks.net/wp-content/plugins/notix-web-push-notifications/public/css/notix-public.css?ver=1.2.4

141.193.213.11

200 OK

1.4 kB

URL GET HTTP/3
www.ghacks.net/wp-content/plugins/notix-web-push-notifications/public/css/notix-public.css?ver=1.2.4
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
ASCII text, with very long lines (1473), with no line terminators
Size
1.4 kB (1403 bytes)
Hash
2e336def6a6179c366ae7b5807f71230
fd798016e1b4de12c4bdb918808a44ba956d82ef
da453daa00bd04b5837395427c6fc357970aa9b4154c9c57e971acc538f2327d

HTTP Headers

GET /wp-content/plugins/notix-web-push-notifications/public/css/notix-public.css?ver=1.2.4 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 18 Dec 2023 04:14:54 GMT
etag: W/"657fc73e-57b"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d055d27b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

141.193.213.11

200 OK

88 kB

URL GET HTTP/3
www.ghacks.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
88 kB (87553 bytes)
Hash
826eb77e86b02ab7724fe3d0141ff87c
79cd3587d565afe290076a8d36c31c305a573d18
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
etag: W/"64ecd5ef-15601"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d057d34b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1711341113

141.193.213.11

200 OK

11 kB

URL GET HTTP/3
www.ghacks.net/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1711341113
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
ASCII text
Size
11 kB (11388 bytes)
Hash
91954b488a9bfcade528d6ff5c7ce83f
edf589eb28247c73ccc04e5b34ad107b90bd1b2e
6bc5622bfab1a16855ad49b99a3f9ed8eb24f49da469a113f9000b866f109e2e

HTTP Headers

GET /wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1711341113 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 25 Mar 2024 04:31:53 GMT
etag: W/"6600fe39-2c7c"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 325759
server: cloudflare
cf-ray: 87a20d065da2b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8

141.193.213.11

200 OK

8.9 kB

URL GET HTTP/3
www.ghacks.net/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
ASCII text, with very long lines (8922), with no line terminators
Size
8.9 kB (8874 bytes)
Hash
f997ab8b5d11afb85c9d3dde3a3e2f12
675d52d60ab0a2907bbb6a87d2093040958fb81b
506cddd8ab140dba8790b114bac2893f9e12c9ede5c7c8c4fe3edcde4927d232

HTTP Headers

GET /wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 08 Nov 2023 18:58:33 GMT
etag: W/"654bda59-22aa"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d056d2fb51d-OSL
alt-svc: h3=":443"; ma=86400

sdk.privacy-center.org/a8ff32f4-78c7-4428-825d-0badb488b68b/loader.js?target=www.ghacks.net

54.230.111.7

200 OK

58 kB

URL GET HTTP/2
sdk.privacy-center.org/a8ff32f4-78c7-4428-825d-0badb488b68b/loader.js?target=www.ghacks.net
IP
54.230.111.7:443
ASN
#16509 AMAZON-02

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerAmazon
Subject*.privacy-center.org
Fingerprint1A:7E:F9:30:82:3B:8F:CF:86:98:3F:EC:6B:3C:10:21:07:6E:A0:8B
ValiditySun, 10 Mar 2024 00:00:00 GMT - Mon, 07 Apr 2025 23:59:59 GMT

File type

Size
58 kB (57465 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a8ff32f4-78c7-4428-825d-0badb488b68b/loader.js?target=www.ghacks.net HTTP/1.1
Host: sdk.privacy-center.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
x-amzn-requestid: f2b92855-b1b1-42f0-8c7b-75f339633647
x-didomi-configs-version: 102
x-amzn-trace-id: root=1-662a7d2b-2e14265313a7f4d0760f2c14;parent=75b19cc49a7151fc;sampled=0;lineage=eaae1266:0
x-didomi-remote-config-metadata: multiReg:true;legacyGlobalGdpr:false
content-encoding: br
date: Thu, 25 Apr 2024 22:12:50 GMT
cache-control: max-age=7200, public
etag: W/"1bb1873f37530e5e36cde01a73f818dd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: Ecz9vKZR62_9xZqq-yCDIDcWG-0ecKxQxe4zBlh6M8VolHwi4_Fqbw==
age: 5883
X-Firefox-Spdy: h2

www.ghacks.net/wp-includes/css/dashicons.min.css?ver=6.4.3

141.193.213.11

200 OK

59 kB

URL GET HTTP/3
www.ghacks.net/wp-includes/css/dashicons.min.css?ver=6.4.3
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
ASCII text, with very long lines (58981)
Size
59 kB (59016 bytes)
Hash
d68d6bf519169d86e155bad0bed833f8
27ba9c67d0e775fc4e6dd62011daf4c3902698fc
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

HTTP Headers

GET /wp-includes/css/dashicons.min.css?ver=6.4.3 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
etag: W/"603ffca6-e688"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d056d29b51d-OSL
alt-svc: h3=":443"; ma=86400

polyfill.io/v2/polyfill.min.js?features=fetch

104.18.51.3

200 OK

103 B

URL GET HTTP/2
polyfill.io/v2/polyfill.min.js?features=fetch
IP
104.18.51.3:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerSectigo Limited
Subject*.polyfill.io
Fingerprint19:AA:59:2F:D9:8A:C1:48:99:20:3C:64:45:4E:E5:A6:1D:E4:92:0C
ValidityTue, 20 Feb 2024 00:00:00 GMT - Wed, 19 Feb 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
103 B (103 bytes)
Hash
9873517c6208ccf281b22546f8898e8c
e76333df8509395e7287905624a940524305051c
117b8d7befad35ab652867c373d5a510f7cfee434d85af052d3078eb63e382a5

HTTP Headers

GET /v2/polyfill.min.js?features=fetch HTTP/1.1
Host: polyfill.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/javascript; charset=utf-8
cf-ray: 87a20d065ad21c0e-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 199
cache-control: public, max-age=14400
content-encoding: gzip
expires: Fri, 26 Apr 2024 03:18:12 GMT
last-modified: Thu, 25 Apr 2024 23:14:53 GMT
vary: Accept-Encoding, User-Agent
access-control-allow-methods: GET,HEAD,OPTIONS
server: cloudflare
X-Firefox-Spdy: h2

www.ghacks.net/wp-content/plugins/my-custom-functionality-master/assets/css/swiper.min.css?ver=6.4.3

141.193.213.11

200 OK

14 kB

URL GET HTTP/3
www.ghacks.net/wp-content/plugins/my-custom-functionality-master/assets/css/swiper.min.css?ver=6.4.3
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
ASCII text, with very long lines (13353)
Size
14 kB (13608 bytes)
Hash
7e29eec1f366019442c2e0b4979cb161
7644bbdcbc0f8cf275cd7d6c7b0aa8b9b2bf932f
58bbd6a241262127ddef359bd0d40bcbb1d84b1218f35164bc8d0348b5e8ec20

HTTP Headers

GET /wp-content/plugins/my-custom-functionality-master/assets/css/swiper.min.css?ver=6.4.3 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 08 Nov 2023 18:58:36 GMT
etag: W/"654bda5c-3528"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d055d26b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/

141.193.213.11

200 OK

150 kB

URL User Request GET HTTP/2
www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type

Size
150 kB (150215 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/ HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:18:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
x-powered-by: WP Engine
link: <https://www.ghacks.net/wp-json/>; rel="https://api.w.org/", <https://www.ghacks.net/wp-json/wp/v2/posts/194771>; rel="alternate"; type="application/json", <https://www.ghacks.net/?p=194771>; rel=shortlink
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 18
x-cache-group: normal
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87a20d0329721c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.ghacks.net/wp-content/plugins/ghacks-post-slider/assets/css/recent-post-style.css?ver=1.0.0

141.193.213.11

200 OK

8.0 kB

URL GET HTTP/3
www.ghacks.net/wp-content/plugins/ghacks-post-slider/assets/css/recent-post-style.css?ver=1.0.0
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
ASCII text, with very long lines (8193), with no line terminators
Size
8.0 kB (7961 bytes)
Hash
d0b1eed64061803f153cd21d2d0c8b0d
7945b89f7f9431761433b169e44fff149157eee9
64b9ef49ce14cc0e3e5163c8023207bd0393932f673b27e23f4cd83d27116077

HTTP Headers

GET /wp-content/plugins/ghacks-post-slider/assets/css/recent-post-style.css?ver=1.0.0 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 08 Nov 2023 18:58:37 GMT
etag: W/"654bda5d-1f19"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d055d25b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/uploads/2024/04/fredrick-suwandi-csXTAyTiESo-unsplash.jpg

141.193.213.11

200 OK

478 kB

URL GET HTTP/3
www.ghacks.net/wp-content/uploads/2024/04/fredrick-suwandi-csXTAyTiESo-unsplash.jpg
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JPEG image data, progressive, precision 8, 1200x800, components 3
Size
478 kB (477863 bytes)
Hash
655d08cf6d96a363e39c465dac10190f
a3bdea8f139718bf47497e04d9a333d14a2cfa9f
ec60f80cd5c197f9b81538bd10f38084a91066faea759c879d5673d68808b99f

HTTP Headers

GET /wp-content/uploads/2024/04/fredrick-suwandi-csXTAyTiESo-unsplash.jpg HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: image/jpeg
content-length: 477863
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=535385
etag: "66167e38-82b59"
last-modified: Wed, 10 Apr 2024 11:55:36 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 327305
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d060d7ab51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/plugins/responsive-menu/v4.0.0/assets/js/rmp-menu.min.js?ver=4.3.4

141.193.213.11

200 OK

7.7 kB

URL GET HTTP/3
www.ghacks.net/wp-content/plugins/responsive-menu/v4.0.0/assets/js/rmp-menu.min.js?ver=4.3.4
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JavaScript source, ASCII text, with very long lines (7916), with no line terminators
Size
7.7 kB (7651 bytes)
Hash
e397e33f80d0711a44d701037fe5eff5
bb0da078edab3b21ddeb70d1719afb77bc68a85d
436e7337050ebacf96ca2ef3790aa307cb6986aef2d5fe276768074ca5c0e556

HTTP Headers

GET /wp-content/plugins/responsive-menu/v4.0.0/assets/js/rmp-menu.min.js?ver=4.3.4 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 22 Apr 2024 04:14:33 GMT
etag: W/"6625e429-1de3"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327305
server: cloudflare
cf-ray: 87a20d065d9db51d-OSL
alt-svc: h3=":443"; ma=86400

btloader.com/tag?o=5633429348548608&domain=ghacks.net&upapi=true

172.67.41.60

200 OK

55 kB

URL GET HTTP/2
btloader.com/tag?o=5633429348548608&domain=ghacks.net&upapi=true
IP
172.67.41.60:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerGoogle Trust Services LLC
Subjectbtloader.com
Fingerprint70:F7:F9:F7:42:5B:08:2E:94:58:BB:71:DF:F9:4D:8C:F5:09:57:DA
ValiditySun, 14 Apr 2024 06:05:01 GMT - Sat, 13 Jul 2024 06:05:00 GMT

File type
JavaScript source, ASCII text, with very long lines (55080)
Size
55 kB (55081 bytes)
Hash
15ce8b579881cb583e8d48d495bb9707
b2a222bcf05e9953da93f0bc6e80171381ebbb55
bba3a16748ae1653de65962e61a348311cc9e3512f1d88f06b8d6dc7e9116ce8

HTTP Headers

GET /tag?o=5633429348548608&domain=ghacks.net&upapi=true HTTP/1.1
Host: btloader.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: application/javascript
content-length: 18411
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
content-encoding: gzip
etag: "c15f54172f48d8d96e1953e4847ee214"
last-modified: Thu, 25 Apr 2024 23:17:40 GMT
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: EXPIRED
accept-ranges: bytes
server: cloudflare
cf-ray: 87a20d0a3a1456ba-OSL
X-Firefox-Spdy: h2

www.ghacks.net/wp-content/tablepress-combined.min.css?ver=7

141.193.213.11

200 OK

6.2 kB

URL GET HTTP/3
www.ghacks.net/wp-content/tablepress-combined.min.css?ver=7
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
ASCII text, with very long lines (6246), with no line terminators
Size
6.2 kB (6222 bytes)
Hash
8b5521ad075a12c55832f020b436e4cd
98dae794a2c78e0f57f8cbe37fc6d1c834b147fa
bf180216fdfcd4098ee0c30421c1c55143be800f3b39e67ab29e31bf540bcef0

HTTP Headers

GET /wp-content/tablepress-combined.min.css?ver=7 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 08 Apr 2024 04:15:10 GMT
etag: W/"66136f4e-184e"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d056d2db51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

141.193.213.11

200 OK

14 kB

URL GET HTTP/3
www.ghacks.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JavaScript source, ASCII text, with very long lines (13479)
Size
14 kB (13577 bytes)
Hash
9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
etag: W/"6482bd64-3509"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d057d36b51d-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtm.js?id=GTM-NHW6RDK

142.250.74.168

200 OK

203 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-NHW6RDK
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (2022)
Size
203 kB (203297 bytes)
Hash
a31b8127f180791c536f30b1ea7b37d7
516abeb8f37df4dde99fa541d39b3cfa467706e1
36c10acb70e8d989e5973366163a453fca3365be7b8f7e842182b0ba08e4fb4f

HTTP Headers

GET /gtm.js?id=GTM-NHW6RDK HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 25 Apr 2024 23:18:12 GMT
expires: Thu, 25 Apr 2024 23:18:12 GMT
cache-control: private, max-age=900
last-modified: Thu, 25 Apr 2024 21:56:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73390
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.datadoghq-browser-agent.com/datadog-rum-v4.js

54.230.83.119

200 OK

153 kB

URL GET HTTP/2
www.datadoghq-browser-agent.com/datadog-rum-v4.js
IP
54.230.83.119:443
ASN
#16509 AMAZON-02

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerDigiCert Inc
Subject*.datadoghq-browser-agent.com
Fingerprint8E:43:FD:49:B4:79:B9:C5:3C:18:E1:BA:9F:28:56:E8:C3:73:9A:C7
ValidityTue, 12 Dec 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT

File type

Size
153 kB (153156 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /datadog-rum-v4.js HTTP/1.1
Host: www.datadoghq-browser-agent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 09 Oct 2023 11:26:13 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
date: Thu, 25 Apr 2024 23:17:59 GMT
cache-control: max-age=14400, s-maxage=60
etag: W/"2630b3d7ad4a41fac67742216e506d83"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _hSH0znzHr8BThByVhJkkJUHHJShbJbHlL4TeI4TgVgpoQn9G_Pf_A==
age: 16
timing-allow-origin: *
X-Firefox-Spdy: h2

spn-v1.revampcdn.com/prebid/ghacks/prebid-client.js

151.101.1.91

200 OK

336 kB

URL GET HTTP/3
spn-v1.revampcdn.com/prebid/ghacks/prebid-client.js
IP
151.101.1.91:443
ASN
#54113 FASTLY

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subject*.revampcdn.com
FingerprintE5:5F:0C:7F:47:E7:70:A7:CE:2A:3A:DA:BE:26:A1:A3:EB:22:F5:58
ValidityTue, 02 Apr 2024 09:59:54 GMT - Mon, 01 Jul 2024 09:59:53 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
336 kB (336489 bytes)
Hash
800ee0a8091abc36b316b172573321cb
45f54af5e23eec352fb27ff4c76e8073ec515424
ff61dc78e659dd793eaa0e5ea0d6409da29d4faf94d22a505aae5a0f91925610

HTTP Headers

GET /prebid/ghacks/prebid-client.js HTTP/1.1
Host: spn-v1.revampcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-length: 95597
server: istio-envoy
content-type: application/javascript; charset=utf-8
x-publisher-id: ghacks
etag: W/"a258da22da081ed7367d11911943f6b5"
x-version: 1.1379.0
x-request-id: 3b733d31-5a3d-4a8b-b282-9464db7c36a1
content-encoding: br
x-envoy-upstream-service-time: 76
x-envoy-decorator-operation: svc-revamp-api-cms.revamp-api-v2.svc.cluster.local:80/*
via: 1.1 google, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 25 Apr 2024 23:18:12 GMT
age: 125295
x-served-by: cache-ams21030-AMS, cache-hel1410026-HEL
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1714087093.820686,VS0,VE1
vary: Accept-Encoding,x-country-code,x-device-platform
access-control-expose-headers: x-country-code, x-region, x-browser-name, x-browser-version, x-platform-id, x-platform-version, x-device-platform
access-control-allow-origin: *
x-country-code: NO
x-region: 03
x-device-platform: Desktop
x-browser-name: Firefox
x-browser-version: 96.0
x-platform-id: Linux
x-platform-version: 
cache-control: max-age=172500, private, stale-if-error=31536000, stale-while-revalidate=864000
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

www.ghacks.net/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3

141.193.213.11

200 OK

110 kB

URL GET HTTP/3
www.ghacks.net/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type

Size
110 kB (110147 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.4.3 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 24 Jan 2024 19:02:28 GMT
etag: W/"65b15ec4-1ae43"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d055d22b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/plugins/all-in-one-schemaorg-rich-snippets/css/style.css?ver=1.0

141.193.213.11

200 OK

2.4 kB

URL GET HTTP/3
www.ghacks.net/wp-content/plugins/all-in-one-schemaorg-rich-snippets/css/style.css?ver=1.0
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
ASCII text, with very long lines (2705), with no line terminators
Size
2.4 kB (2396 bytes)
Hash
52b78c16f3448205252e13c78042da8e
25cc42371ff3e4c7d22ebfd79fb7e1bf7b46852b
25375b10fec2eb232f35f30fd4c9b78577d3cd0b98f775dc5da48607e85e4400

HTTP Headers

GET /wp-content/plugins/all-in-one-schemaorg-rich-snippets/css/style.css?ver=1.0 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 08 Nov 2023 18:58:40 GMT
etag: W/"654bda60-95c"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d057d33b51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/plugins/all-in-one-schemaorg-rich-snippets/js/jquery.rating.min.js

141.193.213.11

200 OK

30 kB

URL GET HTTP/3
www.ghacks.net/wp-content/plugins/all-in-one-schemaorg-rich-snippets/js/jquery.rating.min.js
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JavaScript source, ASCII text, with very long lines (21977), with CRLF line terminators
Size
30 kB (29664 bytes)
Hash
136c745e6d222776ff48f5baf3568739
def0672c6e899debea85b4bb0b4bbe3f09c9c315
554f3ff96cba4f2f33ff2c37c48282006ab24a85cf9ca0ac8b22b0a06126c1d4

HTTP Headers

GET /wp-content/plugins/all-in-one-schemaorg-rich-snippets/js/jquery.rating.min.js HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 08 Nov 2023 18:58:40 GMT
etag: W/"654bda60-73e0"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d057d3bb51d-OSL
alt-svc: h3=":443"; ma=86400

www.ghacks.net/wp-content/plugins/notix-web-push-notifications/public/js/notix-public.js?ver=1.2.4

141.193.213.11

200 OK

838 B

URL GET HTTP/3
www.ghacks.net/wp-content/plugins/notix-web-push-notifications/public/js/notix-public.js?ver=1.2.4
IP
141.193.213.11:443
ASN
#209242 Cloudflare London, LLC

Requested by
https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Certificate
IssuerLet's Encrypt
Subjectwww.ghacks.net
Fingerprint12:1D:35:65:99:DC:0C:3B:62:83:F6:D5:77:BF:20:27:5E:AE:4E:77
ValiditySun, 21 Apr 2024 11:14:39 GMT - Sat, 20 Jul 2024 11:14:38 GMT

File type
JavaScript source, ASCII text, with very long lines (898), with no line terminators
Size
838 B (838 bytes)
Hash
e54984c1349a2e08fc2fb047ef82ed5d
7953e56df0a1f5330cbbf865b13ae63c48b3289f
1eea5dc94ae2aacafcedf09f7e54d77d3ed9a60c21035551386a98b24955e6a2

HTTP Headers

GET /wp-content/plugins/notix-web-push-notifications/public/js/notix-public.js?ver=1.2.4 HTTP/1.1
Host: www.ghacks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Cookie: __cf_bm=SzN2LCpz8FCDdXetx90AnIaT7zprkdGWcAZL.pqB7bQ-1714087091-1.0.1.1-HJF.c7OQ0_4VvsMN1ietWiDdLmw7TFHz7yMpLMAd95hYyB8YOR.SX2feayqe51DDAhmINZEcRlatkJOoev8ZHA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 23:18:12 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 18 Dec 2023 04:14:54 GMT
etag: W/"657fc73e-346"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
cf-cache-status: HIT
age: 327306
server: cloudflare
cf-ray: 87a20d057d37b51d-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (52)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML