www.silentpush.com Open in urlscan Pro
2606:4700:20::681a:a95 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Submission Tags: @nominet_threat_intel feedly-filtered-v1.0 reference_article_link confidence_null cluster_90474341 Search All
Submission: On October 03 via api (October 3rd 2024, 2:58:28 pm UTC) from GB — Scanned from GB

Summary HTTP 63 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 21 IPs in 4 countries across 15 domains to perform 63 HTTP transactions. The main IP is 2606:4700:20::681a:a95, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.silentpush.com.
TLS certificate: Issued by E5 on August 11th 2024. Valid for: 3 months.

This is the only time www.silentpush.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 21	2606:4700:20:... 2606:4700:20::681a:a95	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
1	104.18.142.119 104.18.142.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:8cd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.185.67 142.250.185.67	15169 (GOOGLE) (GOOGLE)
6	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:440... 2606:4700:4400::6812:28f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:6cfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c1f::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.186.99 142.250.186.99	15169 (GOOGLE) (GOOGLE)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
1	142.250.186.67 142.250.186.67	15169 (GOOGLE) (GOOGLE)
4	142.250.185.196 142.250.185.196	15169 (GOOGLE) (GOOGLE)
63	21

21 2606:4700:20::681a:a95 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.silentpush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.142.119 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:8cd1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-na1.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::6812:28f0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6cfe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1f::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	silentpush.com 1 redirects www.silentpush.com	2 MB
8	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4401 www.google.com — Cisco Umbrella Rank: 3	3 KB
6	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4621 forms-na1.hsforms.com — Cisco Umbrella Rank: 7161 perf-na1.hsforms.com — Cisco Umbrella Rank: 3796	7 KB
5	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 3554 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3687 track.hubspot.com — Cisco Umbrella Rank: 2324	28 KB
4	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 136 td.doubleclick.net — Cisco Umbrella Rank: 192 googleads.g.doubleclick.net — Cisco Umbrella Rank: 42	3 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2172	19 KB
3	gstatic.com fonts.gstatic.com www.gstatic.com	260 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	257 KB
2	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 5087	127 B
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4567 forms.hscollectedforms.net — Cisco Umbrella Rank: 4719	25 KB
2	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2500 js-na1.hs-scripts.com — Cisco Umbrella Rank: 6488	2 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2191	25 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3176	4 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6770	157 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	1 KB
63	15

	Domain	Requested by
21	www.silentpush.com	1 redirects www.silentpush.com
7	www.google.com	js.hsforms.net www.silentpush.com www.gstatic.com
3	track.hubspot.com
3	js.hs-banner.com	js.hs-scripts.com js.hs-banner.com
3	forms.hsforms.com	js.hsforms.net www.silentpush.com
3	www.googletagmanager.com	www.silentpush.com www.googletagmanager.com
2	forms-na1.hsforms.com	www.silentpush.com
2	www.google.co.uk	www.silentpush.com
2	td.doubleclick.net	www.googletagmanager.com
2	fonts.gstatic.com	fonts.googleapis.com
1	js-na1.hs-scripts.com	js.hs-analytics.net
1	www.gstatic.com	www.google.com
1	perf-na1.hsforms.com	www.silentpush.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hs-scripts.com	www.silentpush.com
1	js.hsforms.net	www.silentpush.com
1	fonts.googleapis.com	www.silentpush.com
63	25

This site contains links to these domains. Also see Links.

Domain
help.silentpush.com
docs.silentpush.com
explore.silentpush.com
app.silentpush.com
www.youtube.com
www.linkedin.com
twitter.com

Subject Issuer	Validity	Valid
www.silentpush.com E5	`2024-08-11` - `2024-11-09`	3 months	crt.sh
*.google-analytics.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
upload.video.google.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
hsforms.net WE1	`2024-08-11` - `2024-11-09`	3 months	crt.sh
hs-scripts.com WE1	`2024-09-26` - `2024-12-25`	3 months	crt.sh
*.gstatic.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
hsforms.com WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
hsadspixel.net WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
hubspot.com WE1	`2024-10-02` - `2024-12-31`	3 months	crt.sh
hs-banner.com WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh
hs-analytics.net WE1	`2024-08-09` - `2024-11-07`	3 months	crt.sh
hscollectedforms.net WE1	`2024-09-22` - `2024-12-21`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.doubleclick.net WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.google.co.uk WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
www.google.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.google.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Frame ID: 4F5CFA461082D0403AC555887F49DF30
Requests: 53 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-Y982JNG573&gacid=937023003.1727967503&gtm=45je4a10v9181872672za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101747727&z=251450182
Frame ID: 74210C6B244DDDF8DC8CF6EF96CA2387
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/16552353750?random=1727967503694&cv=11&fst=1727967503694&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a10v9185359820z89184255123za200zb9184255123&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.silentpush.com%2Fblog%2Ffin7-malware-deepfake-ai-honeypot%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20hosting%20honeypot%20domains%20with%20malicious%20AI%20DeepNude%20Generators%20%E2%80%93%20New%20Silent%20Push%20research%20-%20Silent%20Push&npa=0&pscdl=noapi&auid=1440388965.1727967504&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 91B0909EC5894F36FF21F80121CEC854
Requests: 1 HTTP requests in this frame

Frame: https://www.silentpush.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js
Frame ID: 82C7FE80CAD0EF6ABABECAF55527055B
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuc2lsZW50cHVzaC5jb206NDQz&hl=en&v=xds0rzGrktR88uEZ2JUvdgOY&size=invisible&badge=inline&cb=9pdrkmr4etc4
Frame ID: 25617A04AD722D40193BFD2FF181964A
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuc2lsZW50cHVzaC5jb206NDQz&hl=en&v=xds0rzGrktR88uEZ2JUvdgOY&size=invisible&badge=inline&cb=eogr4qrighhz
Frame ID: 1F67EB52AAAA19454B6799F566CB95E5
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=xds0rzGrktR88uEZ2JUvdgOY&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Frame ID: D2DE62176B81596D1339954676ABA3B8
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=xds0rzGrktR88uEZ2JUvdgOY&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Frame ID: D1F3FDD170C012FA1049DF7C1B9D0DC0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FIN7 hosting honeypot domains with malicious AI DeepNude Generators – New Silent Push research - Silent Push

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Page Statistics

63
Requests

97 %
HTTPS

65 %
IPv6

15
Domains

25
Subdomains

21
IPs

4
Countries

2526 kB
Transfer

4243 kB
Size

12
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://help.silentpush.com/docs
Title: Knowledge Base

Search URL Search Domain Scan URL

URL: https://docs.silentpush.com/
Title: API Docs

Search URL Search Domain Scan URL

URL: https://explore.silentpush.com/login
Title: Community

Search URL Search Domain Scan URL

URL: https://app.silentpush.com/login
Title: Enterprise

Search URL Search Domain Scan URL

URL: https://help.silentpush.com/docs/tlp-amber-reports
Title: TLP Amber report

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=rTu7V1spGWU&t=10s&ab_channel=SilentPush
Title: Silent Push Web Scanner

Search URL Search Domain Scan URL

URL: https://help.silentpush.com/docs/accessing-iofa-feeds
Title: IOFA Feeds

Search URL Search Domain Scan URL

URL: https://help.silentpush.com/docs/automated-exports
Title: Silent Push API

Search URL Search Domain Scan URL

URL: http://explore.silentpush.com/register
Title: Register today for free

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/silent-push-inc/
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/silentpush
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@silentpush9935
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

https://www.silentpush.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.silentpush.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js

63 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/ 133 KB
24 KB 747ms
639ms Document
text/html 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / WP Engine
Resource Hash: f7ff80a83b6fd9667aefff3be94d18037b600023fb01686c56219c9532e2020a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8ccdca39cfe5cd42-LHR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 03 Oct 2024 14:58:22 GMT
link: <https://www.silentpush.com/?p=7640>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3NAq%2BGEV3IK3xfq4xsKbACY%2Bmv2AIvjfO%2BRL16v3Y%2FLm8F8FgmB2o6033PLM3vxHZu1YlrLXgJv5r4cyo2xzPFaZNcg68EZflYiV%2BTI8%2BhH7bB99cWwjJjPJDFKYWFZPr8Ef%2BuLq57pY4irQ7cqdKA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 46
x-cache-group: normal
x-cacheable: SHORT
x-powered-by: WP Engine

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 263 KB
93 KB 202ms
76ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y982JNG573

Requested by

Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2f750e8a5492edec82ca6d246a1cb01cdd52a69b3a5b272c80796f07b6767c12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 03 Oct 2024 14:58:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 95012
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 style.min.css
www.silentpush.com/wp-includes/css/dist/block-library/ 110 KB
15 KB 69ms
65ms Stylesheet
text/css 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.1
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 885c89e82436cfa3d0a0a5a9b2f6be6e1503457c810cc88ed2c09b4570ae9fd6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"669948b9-1b723"
age: 1700914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2FQDhFy94FrYVV5CV75XR3HVEzAg0koC3s1hvw6EG54qRU8bQ6aXe%2Bya3ox6tj50dlUdWe28Lw4zmXWaXbziqwJKgA9oaZfCNtB1vSdHHaJWAn3nF8y2BH0%2Bm85971%2F7lv8z9VCq11tsCgIHaeSb%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca3ddd0ccd42-LHR
access-control-allow-origin: *
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Thu, 18 Jul 2024 16:54:17 GMT

GET
H2 200 css2
fonts.googleapis.com/ 8 KB
1 KB 196ms
70ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Hanken+Grotesk:wght@300;400;500;600;700&family=Share+Tech+Mono&display=swap

Requested by

Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

13477d030df0506d033810e11ad3f7bc9624f5e74cd4884b057b1de0ce60c282

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 03 Oct 2024 14:58:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: text/css; charset=utf-8
last-modified: Thu, 03 Oct 2024 14:58:23 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 single-common.css
www.silentpush.com/wp-content/themes/silentpush/assets/css/ 10 KB
3 KB 63ms
59ms Stylesheet
text/css 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/wp-content/themes/silentpush/assets/css/single-common.css?ver=17.1
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e07cad7f90f1eb59a916bf7cf34209eb4103817a8c8bac4ff0469c94d58cd41

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"66393fcf-27a7"
age: 2925335
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EfsCyvEd8ebqPdMDf1BmhqTmK4nOiSuE%2FmpLFw6ZX1Wi%2BMOnavanQhInCgUTxVyPjoj4iNz1huWjiJQpG7u1DJnmwGqBq9DbWoKlCaBAw080CYM39cXRpkWXvrEm7VQneHeVVZwAhbe2q4d3aewbyw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca3ddd10cd42-LHR
access-control-allow-origin: *
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Mon, 06 May 2024 20:38:39 GMT

GET
H2 200 gutenberg.css
www.silentpush.com/wp-content/themes/silentpush/assets/css/ 397 B
660 B 107ms
104ms Stylesheet
text/css 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/wp-content/themes/silentpush/assets/css/gutenberg.css?ver=17.1
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7822d3e4a7d30d102f252d7960e5336f36c997f181d51c85a2c3a3d266b58c57

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"66393fce-18d"
age: 2925335
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3YNwvsDAgp%2FRO8aYoe79nLtvpkK%2Bu6keenvy9aDRE3UPQ0sixz6KjtAO%2FG73%2BAbf2z1Pfn7p3Sy0cJ38pogLrCAUhAsL1JukWnRizAhcLR%2BuoWspBBmbjB%2BQyiB6%2BFHuz%2BvCIfs9HYo1YY9swE4vpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca3ddd12cd42-LHR
access-control-allow-origin: *
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Mon, 06 May 2024 20:38:38 GMT

GET
H2 200 gutenberg.css
www.silentpush.com/wp-content/themes/punch/assets/css/ 11 KB
2 KB 71ms
68ms Stylesheet
text/css 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/wp-content/themes/punch/assets/css/gutenberg.css?ver=1.0.94
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6de47615a27b52925a632e49d688c19a4222eb47292b46e6e779f314c7cde8f6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"65832f2a-2c2a"
age: 7883749
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gtZHCaHWIfYwBm6Hqqy6tNel6tu5tBWNN%2FD2%2FLc%2BAVaQWT1D2eu409ps%2FUjjdjlKjRgMBXXNuHSgMSVoc2PDDEadHrW2NENk6rCdHeQYa6SM5sMzvoYuGJzua6i1b3xG5yddh2GRUAAN2JVSuvAAyw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca3ddd14cd42-LHR
access-control-allow-origin: *
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 20 Dec 2023 18:15:06 GMT

GET
H2 200 avia-merged-styles-2b54e4ec2a3fe6e1879e8f88ca3cbe2f---66f144eb805ab.css
www.silentpush.com/wp-content/uploads/dynamic_avia/ 151 KB
19 KB 71ms
68ms Stylesheet
text/css 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/wp-content/uploads/dynamic_avia/avia-merged-styles-2b54e4ec2a3fe6e1879e8f88ca3cbe2f---66f144eb805ab.css
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5aba15d059514fb776e70c720f4ef4a176e4bba715f1d77432af5b7f20dfb39

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"66f144eb-25cbc"
age: 879650
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FNh63Ions%2F59mKCRBqBUEaVuIWOTcp%2BjndY6gHlRBzZ6vvOvLR0FvUlCu%2BAKziQOKEtT85wZ%2B5YxP9afqdmL3FOF92mU97hJM%2FGEg%2Bda075j4nwdo2iaPJx5zdaTUEfDWiGv6uKC%2FsONyJS65XHlng%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca3ddd15cd42-LHR
access-control-allow-origin: *
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Mon, 23 Sep 2024 10:37:31 GMT

GET
H2 200 frontend-gtag.min.js Show response
www.silentpush.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/ 11 KB
3 KB 67ms
67ms Script
application/javascript 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=9.1.1
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7bdba02afa8c04c13f280c71a50f8c8186c883711c5dabbd13566dd738bff0a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"66f370ac-2da9"
age: 732793
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oOm1v9htOiu4obmiXuD%2BvRWdtTBDT0PkQ8ok3keskq%2FR6k80WB7wbafgtZpgorltqR2mlh%2Fn5MJhZ1x5jPHu7Z0TzV4CmH2I5jGfYDNjnCsSVVa0MI3iO%2BkwGtXhF4HUbjQX5%2B3npK5Bc7lsv9Vpcg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca3f1eadcd42-LHR
access-control-allow-origin: *
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 25 Sep 2024 02:08:44 GMT

GET
H2 200 Silent-Push-Logo-@2x.png
www.silentpush.com/wp-content/uploads/ 8 KB
8 KB 62ms
59ms Image
image/png 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.silentpush.com/wp-content/uploads/Silent-Push-Logo-@2x.png
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96617d7cf1037130d819d2948f55e2a444acf9b9bbd19a73c69c3480c9ad29aa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
etag: "6581cc82-1e71"
age: 17174615
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=grOJcZaYJgKuZsZoPjG%2BHu0he%2B%2FBhHD4q9fBhlA%2BIy0v6hyMlswDzuFcGms%2BbtqpeJbOaZcdpN5PFE0gBErKdXRjtCOlQM2OZNh0YAJDnD6iXuNpnzz%2FgPtZQ%2BW8%2BTLTxqnqDchYV6AP73urK%2BZ0pg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca3ddd18cd42-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7793
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: image/png
last-modified: Tue, 19 Dec 2023 17:01:54 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 Silent-Push-Logo-Alternate@2x.png
www.silentpush.com/wp-content/uploads/ 18 KB
19 KB 64ms
61ms Image
image/png 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.silentpush.com/wp-content/uploads/Silent-Push-Logo-Alternate@2x.png
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df3e12dce94226a7f9bf8a12e16bd9fa7a306e0077c5d54279c7dd16a02c8962

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
etag: "6581cc82-4940"
age: 7901704
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x52O0WcuDSGWwMRB01HvuhwmJOd5p411SRTuz0mPAXhZqfcHRYAavYs7AWvt5Zz8bkAzSTlLjxIcAZuYNO2G7PVHmy9KUDDs%2FlNfxjNGL1hWKidLrNDNBTeThux%2FnPwx%2FG077Er6e%2B36HMpqQXd3kg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca3ddd16cd42-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18752
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: image/png
last-modified: Tue, 19 Dec 2023 17:01:54 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 v2.js Show response
js.hsforms.net/forms/embed/ 484 KB
157 KB 117ms
66ms Script
application/javascript 104.18.142.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/embed/v2.js

Requested by

Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.142.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0200a7698afae38e9385f59706f2c5966fcd943aec1b0d47597fb65f319fa2b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

x-request-id: 27b1a325-daf6-43db-9f8c-117c62136e99
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: kLVNDW8Ykh6K0rP5.B3EI30fJIwAAkz3
etag: W/"53fa063fb1734ce6bb187c96e7665972"
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
age: 62
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7YxIYo6Ag1Z6tt4JY%2F3Ulv6JZc3nHlDmhP%2BhizEmayH4wBJkz46v03cr6UDeIE2Q6PRyM7GAySRYSffKNZt9bsY9L1p991KVG9Ptf3RZcoUKQaRXlXNInuRAhNhTA5cU"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: ufxYN2KCq-LOUa1ImpBXQzgxEz2uNzhoC6r9ldFg49X17s3Sq3UCNA==
x-hubspot-correlation-id: 27b1a325-daf6-43db-9f8c-117c62136e99
content-type: application/javascript; charset=utf-8
last-modified: Mon, 30 Sep 2024 16:16:42 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-h692s
x-envoy-upstream-service-time: 1
x-hs-target-asset: forms-embed/static-1.6227/bundles/project-v2.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Thu, 03 Oct 2024 14:58:23 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.6227/bundles/project-v2.js&cfRay=8cc1e29c996cd53c-CDG
via: 1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
cf-ray: 8ccdca3e2edd413c-LHR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 9153394.js Show response
js.hs-scripts.com/ 2 KB
919 B 162ms
68ms Script
application/javascript 2606:4700::6810:8cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/9153394.js?integration=WordPress&ver=11.1.60

Requested by

Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8cd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97be5c7f2b0a7256d5cc6af0a8fe91770aa94be2ba81585c16973a5681b3a34a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

access-control-max-age: 3600
content-encoding: br
cf-bgj: minify
cf-cache-status: HIT
age: 34
x-content-type-options: nosniff
expires: Thu, 03 Oct 2024 14:59:53 GMT
cf-polished: origSize=2519
date: Thu, 03 Oct 2024 14:58:23 GMT
x-hubspot-correlation-id: 77a5af04-5403-4b45-a29e-8b86c61dd2e4
content-type: application/javascript;charset=utf-8
last-modified: Thu, 03 Oct 2024 14:57:49 GMT
vary: origin, Accept-Encoding
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 8ccdca3edc70bef8-LHR
access-control-allow-origin: https://www.silentpush.com
server: cloudflare

GET
H2 200 avia-footer-scripts-5d2214549799fe1101a076e15f98a76b---66f144ebf2cda.js Show response
www.silentpush.com/wp-content/uploads/dynamic_avia/ 11 KB
3 KB 66ms
65ms Script
application/javascript 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/wp-content/uploads/dynamic_avia/avia-footer-scripts-5d2214549799fe1101a076e15f98a76b---66f144ebf2cda.js
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82ad775e3ec1ee52a0fe479d964879edef28e04320db46038f54663f7fe0a880

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"66f144eb-2d81"
age: 879651
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ix48PktDxNixERke%2F%2F6O3F7onxJtS9ahQaKj4JiTHfQfORxjZy2orWP15QtoQyti72F87LMnyewgtcb7s%2BhjPjkitxVbdNu2WxL7Ct%2FP9zU0kJLpz4BXiqABhUq3Cr%2BLni%2FDhiWD9VM6IB2ug84Vg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca3f1eaccd42-LHR
access-control-allow-origin: *
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Mon, 23 Sep 2024 10:37:31 GMT

GET 147e9649-a4ad-41d2-9e0b-5ca598c8fb36
https://www.silentpush.com/ Frame 0
0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 216 KB
77 KB 129ms
128ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TDR48BL3

Requested by

Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b99e202b2d77716430c782fcc4ef90eccfd4510b0ade52ad742e4bea7145ab19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 03 Oct 2024 14:58:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 03 Oct 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 78051
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 ieVn2YZDLWuGJpnzaiwFXS9tYtpd59A.woff2
fonts.gstatic.com/s/hankengrotesk/v8/ 34 KB
34 KB 133ms
57ms Font
font/woff2 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/hankengrotesk/v8/ieVn2YZDLWuGJpnzaiwFXS9tYtpd59A.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Hanken+Grotesk:wght@300;400;500;600;700&family=Share+Tech+Mono&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

sffe /

Resource Hash

cea3bdd3448d502081884071504a01eefb97b9ef971e03db9b600bc659051e56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.silentpush.com
Referer: https://fonts.googleapis.com/

Response headers

age: 197489
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 08:06:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 01 Oct 2024 08:06:54 GMT
last-modified: Tue, 02 May 2023 14:50:22 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34708
x-xss-protection: 0
server: sffe

GET
H3 200 J7aHnp1uDWRBEqV98dVQztYldFcLowEF.woff2
fonts.gstatic.com/s/sharetechmono/v15/ 13 KB
13 KB 136ms
60ms Font
font/woff2 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sharetechmono/v15/J7aHnp1uDWRBEqV98dVQztYldFcLowEF.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Hanken+Grotesk:wght@300;400;500;600;700&family=Share+Tech+Mono&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

sffe /

Resource Hash

41e6b9f297f7d9a2df2aaa274092f76d2f72711a15ca455f7f4f4f92caf16b72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.silentpush.com
Referer: https://fonts.googleapis.com/

Response headers

age: 196012
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 01 Oct 2025 08:31:31 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 01 Oct 2024 08:31:31 GMT
last-modified: Wed, 27 Apr 2022 15:54:30 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13500
x-xss-protection: 0
server: sffe

GET
H2 200 silent-push-icons.woff2
www.silentpush.com/wp-content/uploads/avia_fonts/silent-push-icons/ 12 KB
13 KB 65ms
63ms Font
font/woff2 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/wp-content/uploads/avia_fonts/silent-push-icons/silent-push-icons.woff2?ver=17.1
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89de6059a2b1dbfb5f49e05cffa09d4d4f65744dbf9e8bf997f0ace1a3388db1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.silentpush.com
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
etag: "6583347b-3108"
age: 2912694
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CgvTe6eZAjbKFjDsr1nZ%2FZUjG6Yn3Txngb7CAfTFgjyalWe9oOImZDsgafqR7x87uaqU3%2BIXJ5%2BFrtO5sqAKnS8B%2FxubKHh%2Be32W9mML0PobQdi%2BVwrR1uJoDvPdn5N1a%2BEAX0Lc%2FqNCN3iGEtf9zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca3f6f10cd42-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12552
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: font/woff2
last-modified: Wed, 20 Dec 2023 18:37:47 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 fa-fontello.woff2
www.silentpush.com/wp-content/themes/punch/assets/fonts/ 5 KB
5 KB 107ms
105ms Font
font/woff2 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/wp-content/themes/punch/assets/fonts/fa-fontello.woff2?ver=17.1
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e67d703e0c13b20be535d048fac3610238856ddda14cfb9cb5aa8c4a77486b1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.silentpush.com
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
etag: "65832f2a-121c"
age: 2912694
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xOBGhXIfx06fkvaPJz2UEgImYbJDFmyNFpvH1n%2BL1SI4FMX0z%2B2eWmwd9%2FA%2F1C%2BO5J8L2YvLqXJA3xFIlBBLGdysugEeptdRDtKVALmMO%2Fs0576k4JCAb%2BJobFqMea6RXGVZobuheR52JJpEjmpaiw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca3f6f12cd42-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4636
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: font/woff2
last-modified: Wed, 20 Dec 2023 18:15:06 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 FIN7_Malware.png
www.silentpush.com/wp-content/uploads/ 2 MB
2 MB 68ms
65ms Image
image/png 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.silentpush.com/wp-content/uploads/FIN7_Malware.png
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: add54078248369e722b9785d590833cc75377116cf55077f81a87b04be252312

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
etag: "66fd1106-1850e0"
age: 106493
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=je0ecWPjnfdLnbZ7R2Bel8GZ7qZNMD2ph%2FqtpG8dwGKlfOjPUAiwJ3f73vi7Fs5ftG9fWqF16xD0401lYqf9EFVT2o5DMDEeanTZgYgA1eEyTD1uFAo0RDFnU08xzjmrzkEeHxr2c2qJeo4EJbnILQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca3f6f13cd42-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1593568
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: image/png
last-modified: Wed, 02 Oct 2024 09:23:18 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 json Show response
forms.hsforms.com/embed/v3/form/9153394/74caba7a-d0e8-455c-910c-bb3c0d8282c3/ 2 KB
2 KB 228ms
178ms XHR
application/json 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/9153394/74caba7a-d0e8-455c-910c-bb3c0d8282c3/json?hs_static_app=forms-embed&hs_static_app_version=1.6227&X-HubSpot-Static-App-Info=forms-embed-1.6227

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbdadf6802d980dc48bddce7e4ffbef9b26b9d51abe5aec6d05d908933c4b02d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.silentpush.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: e558ca1b-0a04-47b2-9671-00d9bc859b67
access-control-expose-headers: X-Origin-Hublet
content-encoding: gzip
cf-cache-status: DYNAMIC
x-origin-hublet: na1
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Thu, 03 Oct 2024 14:58:23 GMT
x-hubspot-correlation-id: e558ca1b-0a04-47b2-9671-00d9bc859b67
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-jd289
x-envoy-upstream-service-time: 31
access-control-allow-credentials: false
cf-ray: 8ccdca4078fd63a7-LHR
access-control-allow-origin: https://www.silentpush.com
x-evy-trace-route-configuration: listener_https/all
content-length: 1156
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 json Show response
forms.hsforms.com/embed/v3/form/9153394/74caba7a-d0e8-455c-910c-bb3c0d8282c3/ 2 KB
2 KB 328ms
152ms XHR
application/json 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/9153394/74caba7a-d0e8-455c-910c-bb3c0d8282c3/json?hs_static_app=forms-embed&hs_static_app_version=1.6227&X-HubSpot-Static-App-Info=forms-embed-1.6227

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

86471b0d5045a8a4bb119eb25d15ff7ac0b5861d3fa5e9bd5c05b902827c9692

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.silentpush.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 05feb8b5-8807-44ab-a575-a42f600cc80c
access-control-expose-headers: X-Origin-Hublet
content-encoding: gzip
cf-cache-status: DYNAMIC
x-origin-hublet: na1
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Thu, 03 Oct 2024 14:58:23 GMT
x-hubspot-correlation-id: 05feb8b5-8807-44ab-a575-a42f600cc80c
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-np7s7
x-envoy-upstream-service-time: 10
access-control-allow-credentials: false
cf-ray: 8ccdca419a6863a7-LHR
access-control-allow-origin: https://www.silentpush.com
x-evy-trace-route-configuration: listener_https/all
content-length: 1155
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 222ms
85ms Script
application/javascript 2606:4700::6811:80ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/9153394.js?integration=WordPress&ver=11.1.60

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

86687f3e5f5afdcf3625c8dde9300bb27a5715ae747f119a1a4c8f89064c254c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

x-evy-trace-virtual-host: all
x-request-id: 0569ac9a-aef2-496b-a3ec-ba1d36daed7f
content-encoding: gzip
cf-cache-status: HIT
etag: W/"df55045bc18928673797ec8f36531ce2"
x-amz-version-id: fkDbXM_kB0FZ912HTkyCuMu2yw0VZYTm
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age: 2
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: WqqaCjGCqomUMU3-mH1pDLqqOdz5DUNEKjGCYlrF8oUyhOK4wLGcVQ==
date: Thu, 03 Oct 2024 14:58:23 GMT
x-hubspot-correlation-id: 0569ac9a-aef2-496b-a3ec-ba1d36daed7f
content-type: application/javascript; charset=utf-8
last-modified: Wed, 02 Oct 2024 14:25:36 UTC
vary: Accept-Encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-cb7cl
x-envoy-upstream-service-time: 0
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.602/bundles/pixels-release.js&cfRay=8cc56bf5197e8895-AMS
via: 1.1 1f1067e4f193aaabd2c24b99bcdc4e88.cloudfront.net (CloudFront)
cf-ray: 8ccdca416cd863f4-LHR
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.602/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 83 KB
25 KB 224ms
83ms Script
application/javascript 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/9153394.js?integration=WordPress&ver=11.1.60

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27b8c9dba167b9abbc392c93181111c44976eead2aa813930c12b05b9758a01f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.silentpush.com
Referer: https://www.silentpush.com/

Response headers

x-request-id: 9ecdafc9-4036-473d-8cd3-264627243c9b
content-encoding: gzip
cf-cache-status: HIT
etag: W/"14bcc683805605bbb16f8ac4d41fed6e"
x-amz-version-id: 0HojATkvJR9e.pt3rb76MdxxpXaqmIS_
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
age: 239
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M5li1Z5CPDsmDSfep6O4vT1Omz6GPnGXKxLgtnxqQW%2BdFzDmXS%2BSpSnuVFD61NGCfBXACf2%2BIhPYM1FjIRYSapr00DO1W%2FOAnWE0A%2F6EYkltnI3yPVWYTPgSs%2BSY9G0vuNWOMYr8Tpjo%2FDZh"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: UnfmeRGIOaU_0Rd5xdKQ3X_Oj3-gD-Mp9tcAAzKO3F619hsi2Da5VA==
x-hubspot-correlation-id: 9ecdafc9-4036-473d-8cd3-264627243c9b
content-type: application/javascript; charset=utf-8
last-modified: Tue, 01 Oct 2024 13:28:24 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-jtkd6
x-envoy-upstream-service-time: 32
x-hs-target-asset: web-interactives-embed/static-2.1532/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Thu, 03 Oct 2024 14:58:23 GMT
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1532/bundles/project.js&cfRay=8cbce35f2bcd9f0c-CDG
via: 1.1 6b29c936420d116b13807604a0e67044.cloudfront.net (CloudFront)
cf-ray: 8ccdca416f27cd50-LHR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 9153394.js Show response
js.hs-banner.com/ 61 KB
19 KB 222ms
81ms Script
text/javascript 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/9153394.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/9153394.js?integration=WordPress&ver=11.1.60
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d843d246c0f423bb207375c28078c14907108166a22cb7ea42a5e0815f4bc4d4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 96709f08-e47d-4343-a7cc-03797cb11b30
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: HIT
etag: W/"b870c32ac00ec0b2e93fd6686d63524c"
x-amz-version-id: JGrD5CSIMqUXDoOXwel1FVHOl6OJtVv5
age: 239
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Thu, 03 Oct 2024 14:55:07 GMT
x-evy-trace-listener: listener_https
date: Thu, 03 Oct 2024 14:58:23 GMT
x-hubspot-correlation-id: 96709f08-e47d-4343-a7cc-03797cb11b30
content-type: text/javascript; charset=UTF-8
last-modified: Tue, 06 Aug 2024 13:11:11 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 0QchkI6ksNdld3culeGt2txCIA52iOcOzYSxHd0VQga5r9GeTIGYH0JnUi7p91jA4zcj4WrbPSA=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-g9d49
x-envoy-upstream-service-time: 27
access-control-allow-credentials: true
x-amz-request-id: QNZSWY2248MWKDNG
cf-ray: 8ccdca416a8563be-LHR
access-control-allow-origin: https://www.silentpush.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 9153394.js Show response
js.hs-analytics.net/analytics/1727967300000/ 68 KB
25 KB 323ms
183ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1727967300000/9153394.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/9153394.js?integration=WordPress&ver=11.1.60
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66dd2a8e46f38f2a2a863d2a61cd1528097eccbb149b07f0a89a2024fc3adc3b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

x-amz-server-side-encryption: AES256
x-request-id: a762f527-bf18-462c-af7e-4ad6b998a6ba
content-encoding: gzip
cf-cache-status: MISS
etag: W/"734d7b0561868dd76fd9e351ebb9d5fc"
x-amz-version-id: null
expires: Thu, 03 Oct 2024 15:03:23 GMT
x-evy-trace-listener: listener_https
date: Thu, 03 Oct 2024 14:58:23 GMT
x-hubspot-correlation-id: a762f527-bf18-462c-af7e-4ad6b998a6ba
content-type: text/javascript
last-modified: Tue, 01 Oct 2024 15:46:25 GMT
vary: origin, Accept-Encoding
x-amz-id-2: tVZbXiasjwVB/fmbSNGl55nPq+oyaUiRJkwZRN+GLs5zx48m/GSiwk9doTZa+MoEVXl2cUPct8wELfesXehH099sDbNuZYZg
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-75d7846cb8-tzvsz
x-envoy-upstream-service-time: 21
access-control-allow-credentials: false
x-amz-request-id: V78NC1KVKQW7ZA3X
cf-ray: 8ccdca416d10416a-LHR
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
24 KB 200ms
61ms Script
application/javascript 2606:4700::6810:6cfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/9153394.js?integration=WordPress&ver=11.1.60

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6cfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77080938572095bddc311784e1c284e7cd12268f46946aff94d04a43a53dffc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.silentpush.com
Referer: https://www.silentpush.com/

Response headers

x-request-id: df83136a-c7df-470d-9cea-7c7774ef2932
content-encoding: gzip
cf-cache-status: HIT
etag: W/"48bb5c8a01043eceaf45e65d5c98950b"
x-amz-version-id: lfSnPi6du9uQQl9EfUkg_44QCbCVLa2H
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
age: 239
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: sb8QSo8Jn9jny0DCcVL8DSfuTPJ7-YK1WMY3wnVRW0E200tVYOKhrw==
x-hubspot-correlation-id: df83136a-c7df-470d-9cea-7c7774ef2932
content-type: application/javascript; charset=utf-8
last-modified: Thu, 12 Sep 2024 08:47:39 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-ncl8g
x-envoy-upstream-service-time: 2
x-hs-target-asset: collected-forms-embed-js/static-1.772/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Thu, 03 Oct 2024 14:58:23 GMT
vary: Accept-Encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.772/bundles/project.js&cfRay=8c842b056c0e9574-CDG
via: 1.1 9dc566ff42777d2cad8483451738f334.cloudfront.net (CloudFront)
cf-ray: 8ccdca416eaf5318-LHR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 178ms
53ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-Y982JNG573&gtm=45je4a10v9181872672za200&_p=1727967503008&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101671035~101747727&gdid=dZGIzZG&cid=937023003.1727967503&ul=en-gb&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1727967503&sct=1&seg=0&dl=https%3A%2F%2Fwww.silentpush.com%2Fblog%2Ffin7-malware-deepfake-ai-honeypot%2F&dt=FIN7%20hosting%20honeypot%20domains%20with%20malicious%20AI%20DeepNude%20Generators%20%E2%80%93%20New%20Silent%20Push%20research%20-%20Silent%20Push&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.forceSSL=true&ep.link_attribution=true&tfd=1278
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y982JNG573
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.silentpush.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
547 B 207ms
54ms Ping
text/plain 2a00:1450:400c:c1f::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-Y982JNG573&cid=937023003.1727967503&gtm=45je4a10v9181872672za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101671035~101747727
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y982JNG573
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c1f::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.silentpush.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 7421 0
0 205ms
67ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-Y982JNG573&gacid=937023003.1727967503&gtm=45je4a10v9181872672za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101747727&z=251450182

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y982JNG573

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.silentpush.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 03 Oct 2024 14:58:23 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ga-audiences
www.google.co.uk/ads/ 42 B
63 B 179ms
93ms Image
image/gif 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Y982JNG573&cid=937023003.1727967503&gtm=45je4a10v9181872672za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101671035~101747727&tag_exp=101671035~101747727&z=439911974

Requested by

Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 03 Oct 2024 14:58:23 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 body.css
www.silentpush.com/wp-content/themes/punch/assets/css/ 6 KB
2 KB 59ms
59ms Stylesheet
text/css 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/wp-content/themes/punch/assets/css/body.css?v=1.0.94
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 585855ece0f56ae59cf584f5068fc0b2f0742d9e55d6b1ef79b6e54916afbe5e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"65832f2a-160c"
age: 16876163
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jwHsozTcqJGut15XSyTAaMsrPkMd0YvFDG5YQ035xmmwlHqpYEsZH%2FVjUlxANnvThrbzwCLNSoVsxaTkCeAbmzppLd%2F0VqqjmCiJR52UQJARFJ7livPYbSvyEY4Krnd2bAS34qzTmp8zG7GVGBUVpw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca413924cd42-LHR
access-control-allow-origin: *
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 20 Dec 2023 18:15:06 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 245 KB
87 KB 79ms
78ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-16552353750&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDR48BL3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f508cd17ab12d1f8e48f162dcdb0278a7dca7543e4ee03be3bda4dd881c685a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 03 Oct 2024 14:58:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 03 Oct 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 88958
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 body.css
www.silentpush.com/wp-content/themes/silentpush/assets/css/ 19 KB
4 KB 57ms
57ms Stylesheet
text/css 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/wp-content/themes/silentpush/assets/css/body.css?v=17.1
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82f3824b648603cdda1492835a17a618e6d9d10387a73b1925f6137d78bd435d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"66d2095d-4c73"
age: 2925334
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1BziDziKFvZ9v%2F2Uy0NhgEBe6HBwen%2BKUkfffgU1XEvt6f7%2FnrMCWBS41ZZXFWcqcvEUXZ5GuvZ2h%2FLUFeNUEDm1OsA7Mw1G3tmiW4h4xvR%2Blw0nINf%2F%2FSpxJBkh43F2oB%2FedyAMKZVACxwlUr7IDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca41a9a3cd42-LHR
access-control-allow-origin: *
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Fri, 30 Aug 2024 18:03:09 GMT

GET
H2 200 loading.svg
www.silentpush.com/wp-content/themes/silentpush/assets/img/svg/ 697 B
792 B 66ms
65ms Image
image/svg+xml 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.silentpush.com/wp-content/themes/silentpush/assets/img/svg/loading.svg
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/wp-content/themes/silentpush/assets/css/body.css?v=17.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9520913d41133464cefaaea3ba4ea4c6f6d2383da26152bcf51370c06b34fcf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/wp-content/themes/silentpush/assets/css/body.css?v=17.1

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6582f752-2b9"
age: 17120711
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pq7y3tLtNS%2FP6K68O3Mw4CMNuzzPMuR0zt5QZgqhfFMHq2pwfiFDCYREYOBmCkNenwcNJTkNerzmoXraFZ6PXI6wAdjQGS8S1v60EZOdBonRxOTQylmBp3YQHNHM2DDD5L1acCEKRTO4hG9X6pI%2FOA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca422a44cd42-LHR
access-control-allow-origin: *
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Wed, 20 Dec 2023 14:16:50 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/16552353750/ 6 KB
2 KB 196ms
79ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/16552353750/?random=1727967503694&cv=11&fst=1727967503694&bg=ffffff&guid=ON&async=1&gtm=45be4a10v9185359820z89184255123za200zb9184255123&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.silentpush.com%2Fblog%2Ffin7-malware-deepfake-ai-honeypot%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20hosting%20honeypot%20domains%20with%20malicious%20AI%20DeepNude%20Generators%20%E2%80%93%20New%20Silent%20Push%20research%20-%20Silent%20Push&npa=0&pscdl=noapi&auid=1440388965.1727967504&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-16552353750&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

3cb20bd5151a82bf8ac55de72194fcdf3b6eeb18f8ec8479740bbc5f5a632891

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2447
date: Thu, 03 Oct 2024 14:58:23 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 16552353750
td.doubleclick.net/td/rul/ Frame 91B0 0
0 94ms
82ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/16552353750?random=1727967503694&cv=11&fst=1727967503694&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a10v9185359820z89184255123za200zb9184255123&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.silentpush.com%2Fblog%2Ffin7-malware-deepfake-ai-honeypot%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20hosting%20honeypot%20domains%20with%20malicious%20AI%20DeepNude%20Generators%20%E2%80%93%20New%20Silent%20Push%20research%20-%20Silent%20Push&npa=0&pscdl=noapi&auid=1440388965.1727967504&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-16552353750&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.silentpush.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 03 Oct 2024 14:58:23 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 wp-emoji-release.min.js Show response
www.silentpush.com/wp-includes/js/ 18 KB
5 KB 67ms
66ms Script
application/javascript 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/wp-includes/js/wp-emoji-release.min.js?ver=6.6.1
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"667d6e6f-4926"
age: 1712753
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=36JSr%2BwKU4QxmhhA6zAk%2FEedk7rl6x1jCUWIN%2BbD56Ys0YsV10JG2lUyA9xx4w28mKeQS5Y3ZlGtTO6Ryj0XXaNRqjihrrYHCl4iGMGsYm6bsEzzk7GfnJOj%2BxTEMvJwXtOBMlghXVAVpl%2BMsOxEDg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca427aa0cd42-LHR
access-control-allow-origin: *
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Thu, 27 Jun 2024 13:51:43 GMT

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
864 B 202ms
142ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

x-robots-tag: none
x-request-id: b75e8690-1522-439d-ac9c-233d2cab71dc
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Thu, 03 Oct 2024 14:58:23 GMT
x-hubspot-correlation-id: b75e8690-1522-439d-ac9c-233d2cab71dc
content-type: image/gif
vary: origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-8sd72
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8ccdca42eb0a0722-LHR
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 246ms
156ms Preflight
application/octet-stream 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.silentpush.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.silentpush.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 8ccdca433d29640d-LHR
content-length: 0
content-type: application/octet-stream
date: Thu, 03 Oct 2024 14:58:23 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-75d7846cb8-2cf7p
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: afa2e8ce-4c2c-4deb-a9db-8709ec2fc2c6
x-request-id: afa2e8ce-4c2c-4deb-a9db-8709ec2fc2c6

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
154 B 155ms
152ms XHR
text/plain 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/cookie-banner-public/v1/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/9153394.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.silentpush.com/

Response headers

access-control-max-age: 604800
x-request-id: d6af0381-9bb6-4983-be2c-82b58cb6c19d
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cf-cache-status: DYNAMIC
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Thu, 03 Oct 2024 14:58:24 GMT
x-hubspot-correlation-id: d6af0381-9bb6-4983-be2c-82b58cb6c19d
vary: origin
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-75d7846cb8-2cf7p
timing-allow-origin: *
x-envoy-upstream-service-time: 16
access-control-allow-credentials: true
cf-ray: 8ccdca443e81640d-LHR
access-control-allow-origin: https://www.silentpush.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2

200

main.js Show response
www.silentpush.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/ Frame 82C7
Redirect Chain

https://www.silentpush.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.silentpush.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?

8 KB
4 KB

59ms
59ms

Script
application/javascript

2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.silentpush.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?

Requested by

Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Protocol

Server

2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b10b5361bcebb51cdd9f0736f029c6acb0a51d62c1855aaae0f33b836857b349

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4ux91Dkaw08O%2FljWu44XirY1rHRgCzj5BM9pR%2Bz80f3aOHFk0k0amVtfUcK4%2BLgq2cPeFKrx%2Fr57WQhkldH9Pk1qs1nLkYrPQepTLGkfqUMDchPH2t3JB7MXtrE4sbSxcWq7aDdpEE4I%2FkxxwCKGCw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8ccdca432b7dcd42-LHR
date: Thu, 03 Oct 2024 14:58:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BcMe6MH0cO8ufExHxqti1Xc8%2BkKiSxT78lm4dFqfhtFE53wC5ZHpCYcxPnW2iJJM8wslVgfwYRGJwNFRXmRCI%2FgPMmavyE5jaXSrq1GVlySwDsEL%2BpPST36vtFy0R53aa0NAFC2OhYHgLIxT6lx9Dg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ccdca42aad0cd42-LHR
access-control-allow-origin: *
content-length: 0
date: Thu, 03 Oct 2024 14:58:23 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 95 B
1 KB 160ms
158ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=9153394&currentUrl=https%3A%2F%2Fwww.silentpush.com%2Fblog%2Ffin7-malware-deepfake-ai-honeypot%2F

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: 73f332af-6fb4-4c1f-a311-e19215df1167
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OOzqamHjkPkocZFaqGbSHJQjwqfNrAiCssdU3nwQSEsqHEfhTV%2BaEiFypOexo5EB%2FTHH204iy38ZX01%2BqDzglT1TGaoNsKFD6vt1Gj%2FYCusjdCGnmNpiRaMnl9bXTTUIDsEVNrGWANEZQ9X57z0Nie6e7FrBSZfmtDM%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Thu, 03 Oct 2024 14:58:23 GMT
x-hubspot-correlation-id: 73f332af-6fb4-4c1f-a311-e19215df1167
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-jwqxb
x-envoy-upstream-service-time: 9
access-control-allow-credentials: true
cf-ray: 8ccdca42b8decd50-LHR
access-control-allow-origin: https://www.silentpush.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 134 B
453 B 149ms
144ms XHR
application/json 2606:4700::6810:6cfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=9153394&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6cfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

265e7311ce56499f94bfca5f0a7d9b7eb70776738acd006b4c21bec9df498104

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.silentpush.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: b36ed495-9318-4fc0-b76f-241008af536e
content-encoding: br
cf-cache-status: DYNAMIC
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Thu, 03 Oct 2024 14:58:23 GMT
x-hubspot-correlation-id: b36ed495-9318-4fc0-b76f-241008af536e
content-type: application/json;charset=utf-8
vary: Accept-Encoding
access-control-allow-headers: *
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-jtkd6
x-envoy-upstream-service-time: 8
cf-ray: 8ccdca42c8385318-LHR
access-control-allow-origin: https://www.silentpush.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 enterprise.js Show response
www.google.com/recaptcha/ 2 KB
1 KB 196ms
66ms Script
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_1a7eacc8_dfb5_4a2b_b9f1_db448a199c8b&render=explicit&hl=en

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a8eef40427eb0c88bd5fd6bbdfca37d57783c547cacc477e27c9eb5ee82be78f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Thu, 03 Oct 2024 14:58:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Thu, 03 Oct 2024 14:58:23 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
829 B 143ms
142ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

x-robots-tag: none
x-request-id: 0a8b40b6-8da4-4721-ac8c-508ab28019e2
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Thu, 03 Oct 2024 14:58:23 GMT
x-hubspot-correlation-id: 0a8b40b6-8da4-4721-ac8c-508ab28019e2
content-type: image/gif
vary: origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-jwqxb
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8ccdca430b2d0722-LHR
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 enterprise.js Show response
www.google.com/recaptcha/ 2 KB
1 KB 165ms
73ms Script
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_ee106681_67d5_4dd1_a963_5adfb8af59ec&render=explicit&hl=en

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dd0b6531105862797ac50a3a48b346e9ad96784763e27ee174179106ae58f263

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Thu, 03 Oct 2024 14:58:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Thu, 03 Oct 2024 14:58:23 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

POST
H2 200 8ccdca39cfe5cd42 Show response
www.silentpush.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 82C7 0
912 B 111ms
107ms XHR
text/plain 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/cdn-cgi/challenge-platform/h/g/jsd/r/8ccdca39cfe5cd42
Requested by: Host: www.silentpush.com
URL: https://www.silentpush.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

cf-ray: 8ccdca445c90cd42-LHR
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length: 0
date: Thu, 03 Oct 2024 14:58:24 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BdMKpWj9V7oBCJ2Nft%2FXMBcXs2UVu0fW3tio1foRa6bAx54hBXt8DWzbxgxIgwd6U0l839zqezjaaeG0H1EHRfQeXZ%2FI%2B0EsSzKAMNWOTBvIKkY0sZYM0W0Ow6z5ZvjIrrBZfvF9r2Tvin2g7nFk%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
520 B 198ms
197ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

x-robots-tag: none
x-request-id: e38bff09-059a-43cc-b8ab-cac3de00af19
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Thu, 03 Oct 2024 14:58:24 GMT
x-hubspot-correlation-id: e38bff09-059a-43cc-b8ab-cac3de00af19
content-type: image/gif
vary: origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-svmtn
x-envoy-upstream-service-time: 1
access-control-allow-credentials: false
cf-ray: 8ccdca445c460722-LHR
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 /
www.google.com/pagead/1p-user-list/16552353750/ 42 B
340 B 474ms
470ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/16552353750/?random=1727967503694&cv=11&fst=1727964000000&bg=ffffff&guid=ON&async=1&gtm=45be4a10v9185359820z89184255123za200zb9184255123&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.silentpush.com%2Fblog%2Ffin7-malware-deepfake-ai-honeypot%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20hosting%20honeypot%20domains%20with%20malicious%20AI%20DeepNude%20Generators%20%E2%80%93%20New%20Silent%20Push%20research%20-%20Silent%20Push&npa=0&pscdl=noapi&auid=1440388965.1727967504&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfqOySZBL6rgKXQ2amSMf981rBdateEg&random=3067341388&rmt_tld=0&ipr=y

Requested by

Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 03 Oct 2024 14:58:24 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.co.uk/pagead/1p-user-list/16552353750/ 42 B
64 B 192ms
190ms Image
image/gif 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/16552353750/?random=1727967503694&cv=11&fst=1727964000000&bg=ffffff&guid=ON&async=1&gtm=45be4a10v9185359820z89184255123za200zb9184255123&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.silentpush.com%2Fblog%2Ffin7-malware-deepfake-ai-honeypot%2F&hn=www.googleadservices.com&frm=0&tiba=FIN7%20hosting%20honeypot%20domains%20with%20malicious%20AI%20DeepNude%20Generators%20%E2%80%93%20New%20Silent%20Push%20research%20-%20Silent%20Push&npa=0&pscdl=noapi&auid=1440388965.1727967504&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfqOySZBL6rgKXQ2amSMf981rBdateEg&random=3067341388&rmt_tld=1&ipr=y

Requested by

Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 03 Oct 2024 14:58:24 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
562 B 157ms
155ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.silentpush.com
URL: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

x-robots-tag: none
x-request-id: 73ebd161-f89c-49d3-99d0-e891881efd01
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Thu, 03 Oct 2024 14:58:24 GMT
x-hubspot-correlation-id: 73ebd161-f89c-49d3-99d0-e891881efd01
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Thu, 03 Oct 2024 14:58:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-np7s7
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8ccdca446c5a0722-LHR
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/ 539 KB
213 KB 141ms
57ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_1a7eacc8_dfb5_4a2b_b9f1_db448a199c8b&render=explicit&hl=en

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

b5e8ec5d4dcc080657deb2d004f65d974bf4ec9e9aa5d621e10749182fff8731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.silentpush.com
Referer: https://www.silentpush.com/

Response headers

content-encoding: gzip
age: 62310
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Thu, 02 Oct 2025 21:39:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 02 Oct 2024 21:39:54 GMT
last-modified: Mon, 23 Sep 2024 04:00:50 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 218137
x-xss-protection: 0
server: sffe

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame 2561 0
0 192ms
79ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly93d3cuc2lsZW50cHVzaC5jb206NDQz&hl=en&v=xds0rzGrktR88uEZ2JUvdgOY&size=invisible&badge=inline&cb=9pdrkmr4etc4

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kfsD702LpoPaZRPPnFRD3w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.silentpush.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-kfsD702LpoPaZRPPnFRD3w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Thu, 03 Oct 2024 14:58:24 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame 1F67 0
0 207ms
95ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-IMFO_DpvEAnFme9KwE_Ukw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.silentpush.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-IMFO_DpvEAnFme9KwE_Ukw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Thu, 03 Oct 2024 14:58:24 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 9153394.js Show response
js-na1.hs-scripts.com/ 2 KB
665 B 110ms
84ms Script
application/javascript 2606:4700::6810:8cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-na1.hs-scripts.com/9153394.js

Requested by

Host: js.hs-analytics.net
URL: https://js.hs-analytics.net/analytics/1727967300000/9153394.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8cd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6ed4bc60fdc398983728eb116a166600d1998c13da66ec55e775c8405718804

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

access-control-max-age: 3600
content-encoding: br
cf-bgj: minify
cf-cache-status: HIT
age: 5422
x-content-type-options: nosniff
cf-polished: origSize=2519
date: Thu, 03 Oct 2024 14:58:25 GMT
x-hubspot-correlation-id: 4a77a66a-b3de-4a13-8dad-ad7b6333e93b
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Thu, 03 Oct 2024 12:45:05 GMT
access-control-allow-credentials: true
cf-ray: 8ccdca4bfd86bef8-LHR
access-control-allow-origin: https://www.silentpush.com
server: cloudflare

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
749 B 341ms
225ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3754766307&v=1.1&a=9153394&ct=blog-post&rcu=https%3A%2F%2Fwww.silentpush.com%2Fblog%2Ffin7-malware-deepfake-ai-honeypot%2F&pu=https%3A%2F%2Fwww.silentpush.com%2Fblog%2Ffin7-malware-deepfake-ai-honeypot%2F&t=FIN7+hosting+honeypot+domains+with+malicious+AI+DeepNude+Generators+%E2%80%93+New+Silent+Push+research+-+Silent+Push&cts=1727967505203&vi=7608625a000fd0d61708a7c40e57d4f8&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

x-robots-tag: none
x-request-id: 22acb28f-3cd6-448d-af01-63fc765101dc
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IssrTlTBMwDarRJXdpmzjNR%2FJ2uIyrOmX2lxvxEi7LCTz0PPiLHXjFY3jBeFrbTcQvfdOgbnPvtjahtNjNBri%2FGmGoFxZyOSrLh3W9EtOAyoDBq5wEoiqOTVOx%2F4DkiBNDxEGakLpwq4s%2Fu%2FLAPp"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Thu, 03 Oct 2024 14:58:25 GMT
x-hubspot-correlation-id: 22acb28f-3cd6-448d-af01-63fc765101dc
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-689db97f95-jzrdq
x-envoy-upstream-service-time: 6
access-control-allow-credentials: false
cf-ray: 8ccdca4c7a3263b7-LHR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
750 B 291ms
188ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=74caba7a-d0e8-455c-910c-bb3c0d8282c3&fci=1a7eacc8-dfb5-4a2b-b9f1-db448a199c8b&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3754766307&v=1.1&a=9153394&ct=blog-post&rcu=https%3A%2F%2Fwww.silentpush.com%2Fblog%2Ffin7-malware-deepfake-ai-honeypot%2F&pu=https%3A%2F%2Fwww.silentpush.com%2Fblog%2Ffin7-malware-deepfake-ai-honeypot%2F&t=FIN7+hosting+honeypot+domains+with+malicious+AI+DeepNude+Generators+%E2%80%93+New+Silent+Push+research+-+Silent+Push&cts=1727967505204&vi=7608625a000fd0d61708a7c40e57d4f8&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

x-robots-tag: none
x-request-id: ad5482b7-9baa-4531-9825-ff4623f9dd13
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lv036YuA3agjlw5cZUfDCrz21PbCF%2FzF%2BuRIcijJuhVgFQE3ksWvKWFqRprkcSpVcz7%2F0WtW14kd9WwJG37o4RgC%2BIK9sWD8rOwo0Pc%2FjxWQUnyfMQixI4SbfU8gplIGouSQzW6XqLo5m0DVFfuV"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Thu, 03 Oct 2024 14:58:25 GMT
x-hubspot-correlation-id: ad5482b7-9baa-4531-9825-ff4623f9dd13
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-689db97f95-2x5nb
x-envoy-upstream-service-time: 6
access-control-allow-credentials: false
cf-ray: 8ccdca4c7a3463b7-LHR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 272ms
170ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=74caba7a-d0e8-455c-910c-bb3c0d8282c3&fci=ee106681-67d5-4dd1-a963-5adfb8af59ec&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3754766307&v=1.1&a=9153394&ct=blog-post&rcu=https%3A%2F%2Fwww.silentpush.com%2Fblog%2Ffin7-malware-deepfake-ai-honeypot%2F&pu=https%3A%2F%2Fwww.silentpush.com%2Fblog%2Ffin7-malware-deepfake-ai-honeypot%2F&t=FIN7+hosting+honeypot+domains+with+malicious+AI+DeepNude+Generators+%E2%80%93+New+Silent+Push+research+-+Silent+Push&cts=1727967505204&vi=7608625a000fd0d61708a7c40e57d4f8&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/

Response headers

x-robots-tag: none
x-request-id: 1865959d-8331-4733-b592-f9ed482c69b4
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z%2BeTSCj7SdCxDV7bT5ipTBWQDyZONlx1zoUtSPO4zPyhCFjwiiHZEHMP5CI9yCOMsW8%2ByOWkXlyGEBO9bwpSErUSrU2A5EV3K07XYgNBqq2vfvb1vfDd0W60KqYtMOxvO%2FreIq9v2fDQlFoe9ge2"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Thu, 03 Oct 2024 14:58:25 GMT
x-hubspot-correlation-id: 1865959d-8331-4733-b592-f9ed482c69b4
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-689db97f95-p2dmg
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8ccdca4c7a3563b7-LHR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 Silent-Push-Favicon-1.jpg
www.silentpush.com/wp-content/uploads/ 47 KB
47 KB 70ms
61ms Other
image/jpeg 2606:4700:20::681a:a95
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.silentpush.com/wp-content/uploads/Silent-Push-Favicon-1.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d067d9c4d6dbc2d02193f577924918e8701e63640b21fba589924728ee658577

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/

Response headers

cf-bgj: h2pri
etag: "6581cc82-ba0b"
age: 16859253
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kbRPi3gjhDKpZltW3G8Rm1Mhf0IvEzH47B0bmX6U3FllLQBrE7GOotjIDrrFImMYRXNbxWq2b2INuhzFMTgqrtGY2t2APNwpl0NEvTL2%2F9Ykn6UvDOVOoLmkrcxeqr3N9AhgTzVV6CQAMxeaVCinqw%3D%3D"}],"group":"cf-nel","max_age":604800}
date: Thu, 03 Oct 2024 14:58:25 GMT
content-type: image/jpeg
last-modified: Tue, 19 Dec 2023 17:01:54 GMT
vary: Accept-Encoding
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ccdca4bde06cd42-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 47627
server: cloudflare

GET
H3 200 bframe
www.google.com/recaptcha/enterprise/ Frame D2DE 0
0 87ms
79ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=xds0rzGrktR88uEZ2JUvdgOY&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-SiR-32GdFHatdqwHQmZiFQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.silentpush.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-SiR-32GdFHatdqwHQmZiFQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Thu, 03 Oct 2024 14:58:25 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bframe
www.google.com/recaptcha/enterprise/ Frame D1F3 0
0 239ms
232ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=xds0rzGrktR88uEZ2JUvdgOY&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ApYhotYHLVNOq1XPjjnDaQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.silentpush.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ApYhotYHLVNOq1XPjjnDaQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Thu, 03 Oct 2024 14:58:25 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.silentpush.com
URL: blob:https://www.silentpush.com/147e9649-a4ad-41d2-9e0b-5ca598c8fb36

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-21 04:18:39	Name: _GRECAPTCHA Value: 09AGteOyrsPQL2y9y5SODcXYCObEzyO3DyeavsAp4FttuUPToyM1JyufGKPmhrWoKE671fHrjcLplOMiGHXnNFnl4
.hsforms.net/	1970-01-20 23:59:29	Name: __cf_bm Value: Wl6PnwrrKqVujyHJN0Kn5nE7jTWnR6LjUdHklS5UMAM-1727967503-1.0.1.1-4t9dTCwbeQRZ0BsYlrIXtub0x0bFfBeqi59jfhTqRRuC6mp_uNTUqNtvPdIK5oqSpQtdk63eW.uJgsv5VCnn.Q
.silentpush.com/	1970-01-21 09:35:27	Name: _ga_Y982JNG573 Value: GS1.1.1727967503.1.0.1727967503.60.0.0
.silentpush.com/	1970-01-21 09:35:27	Name: _ga Value: GA1.1.937023003.1727967503
.silentpush.com/	1970-01-21 02:09:03	Name: _gcl_au Value: 1.1.1440388965.1727967504
.doubleclick.net/	1970-01-21 09:21:03	Name: IDE Value: AHWqTUm8Uckv--BfrhljhQYYOBIo7setJIOXYUFZswLJGOhvbeq_HqXGxpdMQuJV
.doubleclick.net/	1970-01-20 23:59:28	Name: test_cookie Value: CheckForPermission
.hsforms.com/	1970-01-20 23:59:29	Name: __cf_bm Value: i6wh9cpYNA9xvWOLgEatgl05p03Cowm6um9bAk2FgsI-1727967503-1.0.1.1-1vZhdb6zrQWnDIpw4npvsvvX0YK3qxzv7vOV6RjkhUNthoSKLtlc5ZZ992ESWOfMJe.YCbyi4jxS.TSy_wop9w
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: mDSF1s0jo0qvRh1LeSSp74jlR3CsTCVC8Dj5pWLiKS8-1727967503944-0.0.1.1-604800000
.silentpush.com/	1970-01-21 08:45:03	Name: cf_clearance Value: lANWl8u3D4.yqyudg3WmmyI1x2_7On5iF0ezuCTyV5w-1727967504-1.2.1.1-FkcmKyx.DcC1pQVhcFD4xRqG.049uauAN6CCI8C58X_tJLZQji9ZIkaEIHAvMOK.c6n1WFzZDmLL7UKdvEeyZP7wRSUPzv19URfQhUhF32lJ_K7raNXTE3dY7M9Uq4NyXrFh1Uhqw5B6alfKkKuNFA5CR7uX7mYhrIJ8KEh8JQ6kxTFsCeThvlZZOxiQlz9Z7YpM.yL9acmTpZtm5tN59_xKWGCj0M4567SOLyFoTohbjH5KrCJcoy8r9WjhwcC6sJXO1dGLTqVlDcr4h3OfNPfyrzxOLt1fC_22zNG3VQcjNHiimnVe2Fm9.jTVU447ndeV.53SVuKjWI7upduv0T5CnJZGQUWiuFvplmMr3lR58kPMz7l2JQXG9jaDcLkC
.hubspot.com/	1970-01-20 23:59:29	Name: __cf_bm Value: cpHtvHKsIo4RMgwr.qWAIpIYqjMRGRvUvwwMPgagte8-1727967505-1.0.1.1-svJgM.1jnKfVZvn1DBTVUtmbOQTXHozyiuCFrB4Cj3waBRQ9u6KrLMBYzydwvjaHQumzotaAYoClB27FPU7xhQ
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: SQbSL3pRLv2eUJu7j6IoiamjARpm2KQOGmbaqZSw7j0-1727967505520-0.0.1.1-604800000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cta-service-cms2.hubspot.com
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
googleads.g.doubleclick.net
js-na1.hs-scripts.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsforms.net
js.hubspot.com
perf-na1.hsforms.com
region1.analytics.google.com
stats.g.doubleclick.net
td.doubleclick.net
track.hubspot.com
www.google.co.uk
www.google.com
www.googletagmanager.com
www.gstatic.com
www.silentpush.com
www.silentpush.com
104.18.142.119
104.19.175.188
142.250.184.226
142.250.185.196
142.250.185.67
142.250.186.67
142.250.186.99
2001:4860:4802:34::36
2606:4700:20::681a:a95
2606:4700:4400::6812:28f0
2606:4700::6810:6cfe
2606:4700::6810:7574
2606:4700::6810:8cd1
2606:4700::6811:80ac
2606:4700::6811:afc9
2a00:1450:4001:808::2008
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2004
2a00:1450:4001:82b::200a
2a00:1450:400c:c1f::9d
0200a7698afae38e9385f59706f2c5966fcd943aec1b0d47597fb65f319fa2b0
13477d030df0506d033810e11ad3f7bc9624f5e74cd4884b057b1de0ce60c282
265e7311ce56499f94bfca5f0a7d9b7eb70776738acd006b4c21bec9df498104
27b8c9dba167b9abbc392c93181111c44976eead2aa813930c12b05b9758a01f
2f750e8a5492edec82ca6d246a1cb01cdd52a69b3a5b272c80796f07b6767c12
3cb20bd5151a82bf8ac55de72194fcdf3b6eeb18f8ec8479740bbc5f5a632891
41e6b9f297f7d9a2df2aaa274092f76d2f72711a15ca455f7f4f4f92caf16b72
4e07cad7f90f1eb59a916bf7cf34209eb4103817a8c8bac4ff0469c94d58cd41
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
585855ece0f56ae59cf584f5068fc0b2f0742d9e55d6b1ef79b6e54916afbe5e
66dd2a8e46f38f2a2a863d2a61cd1528097eccbb149b07f0a89a2024fc3adc3b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6de47615a27b52925a632e49d688c19a4222eb47292b46e6e779f314c7cde8f6
6e67d703e0c13b20be535d048fac3610238856ddda14cfb9cb5aa8c4a77486b1
77080938572095bddc311784e1c284e7cd12268f46946aff94d04a43a53dffc9
7822d3e4a7d30d102f252d7960e5336f36c997f181d51c85a2c3a3d266b58c57
82ad775e3ec1ee52a0fe479d964879edef28e04320db46038f54663f7fe0a880
82f3824b648603cdda1492835a17a618e6d9d10387a73b1925f6137d78bd435d
86471b0d5045a8a4bb119eb25d15ff7ac0b5861d3fa5e9bd5c05b902827c9692
86687f3e5f5afdcf3625c8dde9300bb27a5715ae747f119a1a4c8f89064c254c
885c89e82436cfa3d0a0a5a9b2f6be6e1503457c810cc88ed2c09b4570ae9fd6
89de6059a2b1dbfb5f49e05cffa09d4d4f65744dbf9e8bf997f0ace1a3388db1
96617d7cf1037130d819d2948f55e2a444acf9b9bbd19a73c69c3480c9ad29aa
97be5c7f2b0a7256d5cc6af0a8fe91770aa94be2ba81585c16973a5681b3a34a
a8eef40427eb0c88bd5fd6bbdfca37d57783c547cacc477e27c9eb5ee82be78f
add54078248369e722b9785d590833cc75377116cf55077f81a87b04be252312
b10b5361bcebb51cdd9f0736f029c6acb0a51d62c1855aaae0f33b836857b349
b5aba15d059514fb776e70c720f4ef4a176e4bba715f1d77432af5b7f20dfb39
b5e8ec5d4dcc080657deb2d004f65d974bf4ec9e9aa5d621e10749182fff8731
b99e202b2d77716430c782fcc4ef90eccfd4510b0ade52ad742e4bea7145ab19
cea3bdd3448d502081884071504a01eefb97b9ef971e03db9b600bc659051e56
d067d9c4d6dbc2d02193f577924918e8701e63640b21fba589924728ee658577
d6ed4bc60fdc398983728eb116a166600d1998c13da66ec55e775c8405718804
d7bdba02afa8c04c13f280c71a50f8c8186c883711c5dabbd13566dd738bff0a
d843d246c0f423bb207375c28078c14907108166a22cb7ea42a5e0815f4bc4d4
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd0b6531105862797ac50a3a48b346e9ad96784763e27ee174179106ae58f263
df3e12dce94226a7f9bf8a12e16bd9fa7a306e0077c5d54279c7dd16a02c8962
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225
f508cd17ab12d1f8e48f162dcdb0278a7dca7543e4ee03be3bda4dd881c685a2
f7ff80a83b6fd9667aefff3be94d18037b600023fb01686c56219c9532e2020a
f9520913d41133464cefaaea3ba4ea4c6f6d2383da26152bcf51370c06b34fcf
fbdadf6802d980dc48bddce7e4ffbef9b26b9d51abe5aec6d05d908933c4b02d

www.silentpush.com Open in urlscan Pro 2606:4700:20::681a:a95 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

63 Requests

97 %HTTPS

65 %IPv6

15 Domains

25 Subdomains

21 IPs

4 Countries

2526 kBTransfer

4243 kBSize

12 Cookies

12 Outgoing links

Redirected requests

63 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.silentpush.com Open in urlscan Pro
2606:4700:20::681a:a95 Public Scan

Screenshot
Live screenshot

Full Image

63
Requests

97 %
HTTPS

65 %
IPv6

15
Domains

25
Subdomains

21
IPs

4
Countries

2526 kB
Transfer

4243 kB
Size

12
Cookies

63 HTTP transactions
0 data transactions