urlscan.io logo urlscan.io
SecurityTrails logo

www.truesec.com Open in urlscan Pro
185.195.92.48  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Submission: On November 21 via api from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 20 IPs in 4 countries across 14 domains to perform 41 HTTP transactions. The main IP is 185.195.92.48, located in Sweden and belongs to bbn Baffin Bay Networks AB, SE. The main domain is www.truesec.com.
TLS certificate: Issued by E6 on November 8th 2024. Valid for: 3 months.
This is the only time www.truesec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
16 185.195.92.48 42649 (bbn Baffi...)
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
1 172.65.208.22 13335 (CLOUDFLAR...)
2 2001:bc8:1e80... 12876 (AS12876 S...)
1 172.65.202.201 13335 (CLOUDFLAR...)
2 172.65.192.122 13335 (CLOUDFLAR...)
1 172.65.238.60 13335 (CLOUDFLAR...)
1 172.65.236.181 13335 (CLOUDFLAR...)
1 172.65.219.229 13335 (CLOUDFLAR...)
2 2a02:26f0:170... 20940 (AKAMAI-AS...)
1 172.65.198.159 13335 (CLOUDFLAR...)
2 172.65.232.43 13335 (CLOUDFLAR...)
1 2a06:98c1:320... 13335 (CLOUDFLAR...)
2 2a02:26f0:350... 20940 (AKAMAI-AS...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:350... 20940 (AKAMAI-AS...)
1 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 172.65.240.166 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
41 20
16    185.195.92.48 (Sweden)

ASN42649 (bbn Baffin Bay Networks AB, SE)
PTR: anycast.baffinbaynetworks.com
www.truesec.com
1    2606:4700::6810:8ad1 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
1    172.65.208.22 (United States)

ASN13335 (CLOUDFLARENET, US)
js-eu1.hs-scripts.com
2    2001:bc8:1e80:149:: (Warsaw, Poland)

ASN12876 (AS12876 SCALEWAY S.A.S., FR)
gtm.truesec.com
1    172.65.202.201 (United States)

ASN13335 (CLOUDFLARENET, US)
js-eu1.hs-banner.com
2    172.65.192.122 (United States)

ASN13335 (CLOUDFLARENET, US)
js-eu1.hscollectedforms.net
forms-eu1.hscollectedforms.net
1    172.65.238.60 (United States)

ASN13335 (CLOUDFLARENET, US)
js-eu1.hs-analytics.net
1    172.65.236.181 (United States)

ASN13335 (CLOUDFLARENET, US)
js-eu1.hubspot.com
1    172.65.219.229 (United States)

ASN13335 (CLOUDFLARENET, US)
js-eu1.hsadspixel.net
2    2a02:26f0:1700:11::b856:6798 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
consent.cookiebot.com
1    172.65.198.159 (United States)

ASN13335 (CLOUDFLARENET, US)
cta-eu1.hubspot.com
2    172.65.232.43 (United States)

ASN13335 (CLOUDFLARENET, US)
perf-eu1.hsforms.com
forms-eu1.hsforms.com
1    2a06:98c1:3200::90:1 (United States)

ASN13335 (CLOUDFLARENET, US)
api-eu1.hubapi.com
2    2a02:26f0:3500:887::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
consentcdn.cookiebot.com
imgsct.cookiebot.com
2    2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a02:26f0:3500:10::210:a99 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
snap.licdn.com
3    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
1    172.65.240.166 (United States)

ASN13335 (CLOUDFLARENET, US)
track-eu1.hubspot.com
1    2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
Apex Domain
Subdomains		 Transfer
18 truesec.com
www.truesec.com
gtm.truesec.com
1 MB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 333
px4.ads.linkedin.com — Cisco Umbrella Rank: 7032
2 KB
4 cookiebot.com
consent.cookiebot.com — Cisco Umbrella Rank: 4433
consentcdn.cookiebot.com — Cisco Umbrella Rank: 5051
imgsct.cookiebot.com — Cisco Umbrella Rank: 5232
138 KB
3 hubspot.com
js-eu1.hubspot.com — Cisco Umbrella Rank: 20435
cta-eu1.hubspot.com — Cisco Umbrella Rank: 20388
track-eu1.hubspot.com — Cisco Umbrella Rank: 15690
27 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
91 KB
2 hsforms.com
perf-eu1.hsforms.com — Cisco Umbrella Rank: 21170
forms-eu1.hsforms.com — Cisco Umbrella Rank: 26598
2 KB
2 hscollectedforms.net
js-eu1.hscollectedforms.net — Cisco Umbrella Rank: 25928
forms-eu1.hscollectedforms.net — Cisco Umbrella Rank: 26357
25 KB
2 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2580
js-eu1.hs-scripts.com — Cisco Umbrella Rank: 14917
1 KB
1 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 831
14 KB
1 hubapi.com
api-eu1.hubapi.com — Cisco Umbrella Rank: 24413
818 B
1 hsadspixel.net
js-eu1.hsadspixel.net — Cisco Umbrella Rank: 22529
3 KB
1 hs-analytics.net
js-eu1.hs-analytics.net — Cisco Umbrella Rank: 15492
25 KB
1 hs-banner.com
js-eu1.hs-banner.com — Cisco Umbrella Rank: 15263
26 KB
41 14
Domain Requested by
16 www.truesec.com www.truesec.com
3 px.ads.linkedin.com 1 redirects snap.licdn.com
2 www.googletagmanager.com js-eu1.hsadspixel.net
www.googletagmanager.com
2 consent.cookiebot.com gtm.truesec.com
consent.cookiebot.com
2 gtm.truesec.com www.truesec.com
gtm.truesec.com
1 pagead2.googlesyndication.com www.googletagmanager.com
1 imgsct.cookiebot.com
1 track-eu1.hubspot.com
1 px4.ads.linkedin.com www.truesec.com
1 forms-eu1.hsforms.com www.truesec.com
1 snap.licdn.com js-eu1.hsadspixel.net
1 consentcdn.cookiebot.com consent.cookiebot.com
1 api-eu1.hubapi.com js-eu1.hsadspixel.net
1 perf-eu1.hsforms.com www.truesec.com
1 cta-eu1.hubspot.com js-eu1.hubspot.com
1 forms-eu1.hscollectedforms.net js-eu1.hscollectedforms.net
1 js-eu1.hsadspixel.net js.hs-scripts.com
1 js-eu1.hubspot.com js.hs-scripts.com
1 js-eu1.hs-analytics.net js.hs-scripts.com
1 js-eu1.hscollectedforms.net js.hs-scripts.com
1 js-eu1.hs-banner.com js.hs-scripts.com
1 js-eu1.hs-scripts.com www.truesec.com
1 js.hs-scripts.com 1 redirects
41 23
Subject Issuer Validity Valid
www.truesec.com
E6		 2024-11-08 -
2025-02-06		 3 months crt.sh
gtm.truesec.com
R11		 2024-09-23 -
2024-12-22		 3 months crt.sh
hs-banner.com
WE1		 2024-09-24 -
2024-12-23		 3 months crt.sh
hscollectedforms.net
WE1		 2024-11-20 -
2025-02-18		 3 months crt.sh
hs-analytics.net
WE1		 2024-10-07 -
2025-01-05		 3 months crt.sh
hubspot.com
WE1		 2024-10-03 -
2025-01-01		 3 months crt.sh
hsadspixel.net
WE1		 2024-10-10 -
2025-01-08		 3 months crt.sh
consent.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-02-28 -
2025-02-27		 a year crt.sh
hsforms.com
WE1		 2024-10-10 -
2025-01-08		 3 months crt.sh
hubapi.com
WE1		 2024-11-07 -
2025-02-05		 3 months crt.sh
*.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-02-26 -
2025-02-26		 a year crt.sh
*.google-analytics.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-12-13 -
2024-12-12		 a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-10-14 -
2025-04-14		 6 months crt.sh
*.g.doubleclick.net
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.truesec.com/hub/blog/helldown-ransomware-group
Frame ID: 987BABE18848CC52A94E0D017846810F
Requests: 42 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 88ADC335369E984843C233D7154E6DF4
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4bj0/sw_iframe.html?origin=https%3A%2F%2Fwww.truesec.com
Frame ID: B78624E512A5C3AE30D7D066DEA5D0DE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Helldown Ransomware – A New Emerging Ransomware Threat

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • consent\.cookiebot\.com
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Page Statistics

41
Requests

95 %
HTTPS

45 %
IPv6

14
Domains

23
Subdomains

20
IPs

4
Countries

1875 kB
Transfer

3332 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://js.hs-scripts.com/26747823.js HTTP 307
  • https://js-eu1.hs-scripts.com/26747823.js
Request Chain 36
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=660105&time=1732170283923&url=https%3A%2F%2Fwww.truesec.com%2Fhub%2Fblog%2Fhelldown-ransomware-group HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=660105&time=1732170283923&url=https%3A%2F%2Fwww.truesec.com%2Fhub%2Fblog%2Fhelldown-ransomware-group&e_ipv6=AQJvUZGGNVVfhwAAAZNNZPys7IHupfAsytaDD3MdID18Rwj4WD1EBz_iRul4uctd-4lnis53ZHPmWaehhtuTgNWuMpBkkw

41 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request helldown-ransomware-group
www.truesec.com/hub/blog/ 		51 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet / WP Engine
Resource Hash
a04dd8b43762ab31f34d0575d28fac79bceb672d42344958c1e8c935f06ed88b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000 max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control
max-age=600, must-revalidate
Connection
keep-alive
Content-Encoding
br
Content-Type
text/html; charset=UTF-8
Date
Thu, 21 Nov 2024 06:24:41 GMT
Link
<https://www.truesec.com/wp-json/>; rel="https://api.w.org/" <https://www.truesec.com/wp-json/wp/v2/posts/19496>; rel="alternate"; title="JSON"; type="application/json"
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Referrer-Policy
strict-origin-when-cross-origin
Server
baffin-bay-inlet
Strict-Transport-Security
max-age=63072000 max-age=14515200
Transfer-Encoding
chunked
Vary
Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
X-Cache
HIT: 3
X-Cache-Group
normal
X-Cacheable
SHORT
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Powered-By
WP Engine
X-XSS-Protection
1; mode=block
admin-ajax.php
www.truesec.com/wp-admin/ 		0
889 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.truesec.com/wp-admin/admin-ajax.php?action=pll_xdata_check&redirect=https%3A%2F%2Fwww.truesec.com%2Fhub%2Fblog%2Fhelldown-ransomware-group&nonce=48962581cc
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet / WP Engine
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/hub/blog/helldown-ransomware-group

Response headers

X-Robots-Tag
noindex
X-Pass-Why
wp-admin
X-Content-Type-Options
nosniff
Expires
Wed, 11 Jan 1984 05:00:00 GMT
X-Cacheable
NO:Passed
X-Cache
MISS
Date
Thu, 21 Nov 2024 06:24:42 GMT
Content-Type
application/javascript
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
max-age=0, must-revalidate, private
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Content-Length
0
X-XSS-Protection
1; mode=block
X-Powered-By
WP Engine
Server
baffin-bay-inlet
style.min.css
www.truesec.com/wp-includes/css/dist/block-library/ 		110 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.truesec.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.1
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
885c89e82436cfa3d0a0a5a9b2f6be6e1503457c810cc88ed2c09b4570ae9fd6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/hub/blog/helldown-ransomware-group

Response headers

Content-Encoding
br
ETag
W/"66b9ce0c-1b723"
X-Content-Type-Options
nosniff
Date
Thu, 21 Nov 2024 06:24:42 GMT
Last-Modified
Mon, 12 Aug 2024 08:55:40 GMT
Content-Type
text/css
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Server
baffin-bay-inlet
app.css
www.truesec.com/wp-content/themes/truesec/dist/ 		151 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.truesec.com/wp-content/themes/truesec/dist/app.css?ver=1728894318
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
3ce75adf3ef7b013d278d74b53d13b5b39c2ae15b547bd72dcdacb45d1bda847
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/hub/blog/helldown-ransomware-group

Response headers

Content-Encoding
br
ETag
W/"670cd56e-25c8d"
X-Content-Type-Options
nosniff
Date
Thu, 21 Nov 2024 06:24:42 GMT
Last-Modified
Mon, 14 Oct 2024 08:25:18 GMT
Content-Type
text/css
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Server
baffin-bay-inlet
26747823.js
js-eu1.hs-scripts.com/
Redirect Chain
  • https://js.hs-scripts.com/26747823.js
  • https://js-eu1.hs-scripts.com/26747823.js
3 KB
1014 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hs-scripts.com/26747823.js
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
H2
Server
172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7acbe791f0f11668385053b83e7bd7171c8efbbe50314eb269dabd11f65465ae
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

access-control-max-age
3600
content-encoding
gzip
cf-cache-status
HIT
age
6331
x-content-type-options
nosniff
date
Thu, 21 Nov 2024 06:24:43 GMT
x-hubspot-correlation-id
19f1a8cf-d123-4546-849f-20e42d6face9
content-type
application/javascript;charset=utf-8
vary
origin, Accept-Encoding
last-modified
Thu, 21 Nov 2024 04:39:12 GMT
access-control-allow-credentials
true
cf-ray
8e5e992d89f39b1f-FRA
accept-ranges
bytes
access-control-allow-origin
https://www.truesec.com
content-length
681
server
cloudflare

Redirect headers

access-control-max-age
3600
cache-control
public, max-age=90
location
https://js-eu1.hs-scripts.com/26747823.js
cf-cache-status
MISS
access-control-allow-credentials
true
x-content-type-options
nosniff
cf-ray
8e5e9929e96603d8-FRA
expires
Thu, 21 Nov 2024 06:26:13 GMT
access-control-allow-origin
https://www.truesec.com
date
Thu, 21 Nov 2024 06:24:43 GMT
x-hubspot-correlation-id
ef5aa042-ed78-416e-8263-7dbcdf43fc4a
vary
origin, Accept-Encoding
server
cloudflare
stephan_khader_boelt-480x480.jpg
www.truesec.com/wp-content/uploads/2024/11/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.truesec.com/wp-content/uploads/2024/11/stephan_khader_boelt-480x480.jpg
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
9a16df4ca47fb735db8debb963d9f1576b9cb1d06b3270deaa3bf57fb8d8d341
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/hub/blog/helldown-ransomware-group

Response headers

ETag
"672ddebc-7e8f"
X-Content-Type-Options
nosniff
Date
Thu, 21 Nov 2024 06:24:42 GMT
Content-Type
image/jpeg
Last-Modified
Fri, 08 Nov 2024 09:49:48 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
32399
X-XSS-Protection
1; mode=block
Server
baffin-bay-inlet
helldown_ransomware_group.png
www.truesec.com/wp-content/uploads/2024/11/ 		805 KB
806 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.truesec.com/wp-content/uploads/2024/11/helldown_ransomware_group.png
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
d345eb95471fd463d7b7a86af9a9d93a6110c887fe50724bba2d975d4e4d764a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/hub/blog/helldown-ransomware-group

Response headers

ETag
"672c9458-c94ca"
X-Content-Type-Options
nosniff
Date
Thu, 21 Nov 2024 06:24:42 GMT
Content-Type
image/png
Last-Modified
Thu, 07 Nov 2024 10:20:08 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
824522
X-XSS-Protection
1; mode=block
Server
baffin-bay-inlet
ransom_note_helldown.png
www.truesec.com/wp-content/uploads/2024/11/ 		168 KB
169 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.truesec.com/wp-content/uploads/2024/11/ransom_note_helldown.png
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
1519275edf2a825c5f287829ed52a1327aae0e65eb70b375cde3f390c1c4045f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/hub/blog/helldown-ransomware-group

Response headers

ETag
"672c7db2-2a021"
X-Content-Type-Options
nosniff
Date
Thu, 21 Nov 2024 06:24:42 GMT
Content-Type
image/png
Last-Modified
Thu, 07 Nov 2024 08:43:30 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
172065
X-XSS-Protection
1; mode=block
Server
baffin-bay-inlet
view.min.js
www.truesec.com/wp-includes/blocks/image/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.truesec.com/wp-includes/blocks/image/view.min.js?ver=6.6.1
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
8c7fc09c88a480d80cdda47817b5ed84fffdf67c11c90558d2e3265dfcf74285
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.truesec.com
Referer
https://www.truesec.com/hub/blog/helldown-ransomware-group

Response headers

Content-Encoding
br
ETag
W/"65c66d5e-f78"
X-Content-Type-Options
nosniff
Date
Thu, 21 Nov 2024 06:24:42 GMT
Last-Modified
Fri, 09 Feb 2024 18:22:22 GMT
Content-Type
application/javascript
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Server
baffin-bay-inlet
interactivity.min.js
www.truesec.com/wp-includes/js/dist/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.truesec.com/wp-includes/js/dist/interactivity.min.js?ver=6.6.1
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
429fc71a17fa7f185fd18f6c0c082c4840a6c616cfcaa6869d6ab11c90b3a178
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.truesec.com
Referer
https://www.truesec.com/hub/blog/helldown-ransomware-group

Response headers

Content-Encoding
br
ETag
W/"66b9ce0b-8f4e"
X-Content-Type-Options
nosniff
Date
Thu, 21 Nov 2024 06:24:42 GMT
Last-Modified
Mon, 12 Aug 2024 08:55:39 GMT
Content-Type
application/javascript
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Server
baffin-bay-inlet
app.js
www.truesec.com/wp-content/themes/truesec/dist/ 		105 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.truesec.com/wp-content/themes/truesec/dist/app.js?ver=1728894318
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
ca05cc791954b32b5ab25904884db9dfbf5444923c35cf8a2498396a497a9ed4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/hub/blog/helldown-ransomware-group

Response headers

Content-Encoding
br
ETag
W/"670cd56e-1a2b4"
X-Content-Type-Options
nosniff
Date
Thu, 21 Nov 2024 06:24:42 GMT
Last-Modified
Mon, 14 Oct 2024 08:25:18 GMT
Content-Type
application/javascript
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Server
baffin-bay-inlet
gtm.js
gtm.truesec.com/ 		334 KB
104 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gtm.truesec.com/gtm.js?id=GTM-K2VMF8D
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:bc8:1e80:149:: Warsaw, Poland, ASN12876 (AS12876 SCALEWAY S.A.S., FR),
Reverse DNS
Software
nginx /
Resource Hash
4abe4fdc4b62cefdd49a2eddefa795cfee4f45347aa1b4769d8ea9cfbd2767c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Thu, 21 Nov 2024 06:24:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 21 Nov 2024 06:24:42 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding, Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
trace-id
37e20bce-9496-490f-b759-8806753a6227
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
x-xss-protection
0
server
nginx
Poppins-SemiBold.woff2
www.truesec.com/wp-content/themes/truesec/dist/assets/fonts/ 		50 KB
51 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.truesec.com/wp-content/themes/truesec/dist/assets/fonts/Poppins-SemiBold.woff2
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/wp-content/themes/truesec/dist/app.css?ver=1728894318
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
0bcf29d5a91c47ba2452ef5dd89570db049ce7803ec79b3621978e49f73bc02b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.truesec.com
Referer
https://www.truesec.com/wp-content/themes/truesec/dist/app.css?ver=1728894318

Response headers

ETag
"670cd56e-c794"
X-Content-Type-Options
nosniff
Date
Thu, 21 Nov 2024 06:24:43 GMT
Content-Type
font/woff2
Last-Modified
Mon, 14 Oct 2024 08:25:18 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
51092
X-XSS-Protection
1; mode=block
Server
baffin-bay-inlet
Poppins-Regular.woff2
www.truesec.com/wp-content/themes/truesec/dist/assets/fonts/ 		50 KB
51 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.truesec.com/wp-content/themes/truesec/dist/assets/fonts/Poppins-Regular.woff2
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/wp-content/themes/truesec/dist/app.css?ver=1728894318
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
a2c1dd01db85a00fb60520dce8e9fbce9e80ef72b602a6750689fe606fb626e8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.truesec.com
Referer
https://www.truesec.com/wp-content/themes/truesec/dist/app.css?ver=1728894318

Response headers

ETag
"670cd56e-c7cc"
X-Content-Type-Options
nosniff
Date
Thu, 21 Nov 2024 06:24:43 GMT
Content-Type
font/woff2
Last-Modified
Mon, 14 Oct 2024 08:25:18 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
51148
X-XSS-Protection
1; mode=block
Server
baffin-bay-inlet
fontello.woff2
www.truesec.com/wp-content/themes/truesec/dist/assets/fontello/ 		8 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.truesec.com/wp-content/themes/truesec/dist/assets/fontello/fontello.woff2?98155108
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/wp-content/themes/truesec/dist/app.css?ver=1728894318
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
496d8b2e60efeb534f97ed2df7a915c0649b452b0f003ae46e95d6d387492a79
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.truesec.com
Referer
https://www.truesec.com/wp-content/themes/truesec/dist/app.css?ver=1728894318

Response headers

ETag
"670cd56e-2074"
X-Content-Type-Options
nosniff
Date
Thu, 21 Nov 2024 06:24:42 GMT
Content-Type
font/woff2
Last-Modified
Mon, 14 Oct 2024 08:25:18 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
8308
X-XSS-Protection
1; mode=block
Server
baffin-bay-inlet
Poppins-Italic.woff2
www.truesec.com/wp-content/themes/truesec/dist/assets/fonts/ 		57 KB
58 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.truesec.com/wp-content/themes/truesec/dist/assets/fonts/Poppins-Italic.woff2
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/wp-content/themes/truesec/dist/app.css?ver=1728894318
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
e5c881781b5f13b6a618751ac58527fbaac9e728b471608462171d615639d9d1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.truesec.com
Referer
https://www.truesec.com/wp-content/themes/truesec/dist/app.css?ver=1728894318

Response headers

ETag
"670cd56e-e4c0"
X-Content-Type-Options
nosniff
Date
Thu, 21 Nov 2024 06:24:43 GMT
Content-Type
font/woff2
Last-Modified
Mon, 14 Oct 2024 08:25:18 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
58560
X-XSS-Protection
1; mode=block
Server
baffin-bay-inlet
Poppins-Bold.woff2
www.truesec.com/wp-content/themes/truesec/dist/assets/fonts/ 		49 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.truesec.com/wp-content/themes/truesec/dist/assets/fonts/Poppins-Bold.woff2
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/wp-content/themes/truesec/dist/app.css?ver=1728894318
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
5bd7a1e006fa739a820cbf397667fc86e7c4e2eb700df81b532121f78ef7d3d7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.truesec.com
Referer
https://www.truesec.com/wp-content/themes/truesec/dist/app.css?ver=1728894318

Response headers

ETag
"670cd56e-c590"
X-Content-Type-Options
nosniff
Date
Thu, 21 Nov 2024 06:24:43 GMT
Content-Type
font/woff2
Last-Modified
Mon, 14 Oct 2024 08:25:18 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
50576
X-XSS-Protection
1; mode=block
Server
baffin-bay-inlet
truncated
/ 		26 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
banner.js
js-eu1.hs-banner.com/v2/26747823/ 		72 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hs-banner.com/v2/26747823/banner.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/26747823.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.202.201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71a85fea17711790ac71b1b4c10f5956a877c971a2931d5cd106a615affdfca6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

x-evy-trace-virtual-host
all
access-control-max-age
604800
x-request-id
cd5c90f7-15cb-43b9-8955-a9d3e5354c70
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding
gzip
cf-cache-status
HIT
etag
W/"71c232729402a64a59d5aaee7494458f"
x-amz-version-id
IRXPtjw2tvHDQIqRt.8hA.Zin4zz9Vjo
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires
Thu, 21 Nov 2024 06:29:22 GMT
x-evy-trace-listener
listener_https
date
Thu, 21 Nov 2024 06:24:43 GMT
x-hubspot-correlation-id
cd5c90f7-15cb-43b9-8955-a9d3e5354c70
content-type
text/javascript; charset=UTF-8
last-modified
Fri, 06 Sep 2024 08:45:45 GMT
vary
origin, Accept-Encoding
x-amz-id-2
ii9JsXsIUjHdC9WD9Lpo8ECOUx4gu85E2FzpFcWq+4D+04/iB6ShEIJm9OwKg0bfxFPZdutqHFaM1oBy2q1qrg==
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=300,public
timing-allow-origin
*
x-evy-trace-served-by-pod
fra04/analytics-js-proxy-td/envoy-proxy-5cc6cdbf4d-zl2nn
x-envoy-upstream-service-time
39
access-control-allow-credentials
true
x-amz-request-id
86SWS8KRMZN23G8A
cf-ray
8e5e992ffb9b30c6-FRA
access-control-allow-origin
https://career.truesec.com
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-amz-server-side-encryption
AES256
collectedforms.js
js-eu1.hscollectedforms.net/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hscollectedforms.net/collectedforms.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/26747823.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca9ead1a878c5a474808166462389da9859bbe06ee7c5e4365029c8062709121
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.truesec.com
Referer
https://www.truesec.com/

Response headers

x-request-id
7c02c73d-fbe2-46b8-bc1a-a8fc65cb4217
content-encoding
gzip
cf-cache-status
HIT
etag
W/"216a00fb66fa9b149d5f8b5557f0f563"
x-amz-version-id
_vUoUmuymk3IT7Uikz585Nn8PzBEJUsn
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
age
464
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
JqWOISEqXb8wDzHdV7UIg9nvq_EYHd6TZi0ftKQmiwCxcmcJGGuZmg==
x-hubspot-correlation-id
7c02c73d-fbe2-46b8-bc1a-a8fc65cb4217
content-type
application/javascript; charset=utf-8
last-modified
Mon, 14 Oct 2024 10:34:35 UTC
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=600, max-age=300
x-evy-trace-served-by-pod
fra04/app-td/envoy-proxy-96ff69c4c-8v584
x-envoy-upstream-service-time
1
x-hs-target-asset
collected-forms-embed-js/static-1.885/bundles/project.js
server
cloudflare
x-evy-trace-virtual-host
all
x-amz-server-side-encryption
AES256
x-hs-cache-status
HIT
date
Thu, 21 Nov 2024 06:24:43 GMT
vary
accept-encoding
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.885/bundles/project.js&cfRay=8e496d9ef8f89903-ARN
via
1.1 383422f03bfc9d77974d0ac637421c22.cloudfront.net (CloudFront)
cf-ray
8e5e992e4f03dbd8-FRA
access-control-allow-origin
*
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
FRA56-P8
26747823.js
js-eu1.hs-analytics.net/analytics/1732163700000/ 		68 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hs-analytics.net/analytics/1732163700000/26747823.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/26747823.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.238.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b1d8ba8eb9be8ed121930611f473d5704eaebd6767f9ab4a7efb9a19f6fca5a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

x-amz-server-side-encryption
AES256
x-request-id
91bb429a-701f-4f23-91e4-4de19d459ea7
content-encoding
gzip
cf-cache-status
HIT
etag
W/"abae146c1e1059996d666abf534bfefb"
age
21
expires
Thu, 21 Nov 2024 06:29:22 GMT
x-evy-trace-listener
listener_https
date
Thu, 21 Nov 2024 06:24:43 GMT
x-hubspot-correlation-id
91bb429a-701f-4f23-91e4-4de19d459ea7
content-type
text/javascript
last-modified
Tue, 01 Oct 2024 15:37:35 GMT
vary
origin, Accept-Encoding
x-amz-id-2
90o4fNJJQsn+nUSndt1ywyAARYdG3/C41gZkA2q8DRUNshIUwIQB6gJFlW/eMMoLMYcriueYgQ4=
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=300,public
x-evy-trace-served-by-pod
fra04/analytics-js-proxy-td/envoy-proxy-74cc458cc9-q2w4x
x-envoy-upstream-service-time
30
access-control-allow-credentials
false
x-amz-request-id
3T5XVKH12PRJX3TE
cf-ray
8e5e992e3d49dbd4-FRA
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
web-interactives-embed.js
js-eu1.hubspot.com/ 		83 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hubspot.com/web-interactives-embed.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/26747823.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.236.181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1adb8f4ff0f589850abec6b8c7802e2d3439388ac02ca1634869a2642ca4386d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.truesec.com
Referer
https://www.truesec.com/

Response headers

x-request-id
5a306a29-c645-4d95-94be-338999c0d2af
content-encoding
gzip
cf-cache-status
HIT
x-amz-version-id
r0zz5GAsIOCHuwKnJG82ZUrTf5Lyo7bV
etag
W/"a38d86c9f9be42e9c8c2b36ef58a3f75"
cache-tag
staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
age
464
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6H2jkED4s%2Bljd%2FfcBs2dr%2BAoLx1oAC%2BKDpl4aaL1KA08GmebixbQELTZyGBXvQU0C0s7RYX%2FZtR6Fgit0hSidx1QqWUaLYBDT%2BbSrZ1xTcybdGL7SwmHrRqpEMPPVDOHiZiOpA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
LwBXSaelaoxrldI1dMgJZGWqrATm3yRHW8VZtL6YzXCXva8CVXS8pA==
x-hubspot-correlation-id
5a306a29-c645-4d95-94be-338999c0d2af
content-type
application/javascript; charset=utf-8
last-modified
Tue, 19 Nov 2024 20:45:15 UTC
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=600
x-evy-trace-served-by-pod
fra04/app-td/envoy-proxy-df5c94fff-99gvk
x-envoy-upstream-service-time
7
x-hs-target-asset
web-interactives-embed/static-2.1769/bundles/project.js
server
cloudflare
x-evy-trace-virtual-host
all
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET
x-hs-cache-status
MISS
date
Thu, 21 Nov 2024 06:24:43 GMT
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1769/bundles/project.js&cfRay=8e531d2d5d83543c-WAW
via
1.1 0434556f8ccac61e8735f7c75767727c.cloudfront.net (CloudFront)
cf-ray
8e5e992e4a0f371b-FRA
access-control-allow-origin
*
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
FRA56-C2
fb.js
js-eu1.hsadspixel.net/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hsadspixel.net/fb.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/26747823.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.219.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd3471893d25c1197b569216081cc878e1fc30f90e30c604e77a404236bbc674
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

x-evy-trace-virtual-host
all
x-request-id
a18e141c-ba29-4ecd-9c38-8dde1ecaa871
content-encoding
gzip
cf-cache-status
HIT
etag
W/"b259dd2a2404a1f419efaeb51bf2f0e8"
x-amz-version-id
Y3Sq5ppo87BXAWaik3Fd_Cx7z3WC0DHq
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age
145
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-hs-cache-status
MISS
x-amz-cf-id
mfkZwC-UW51BGcJ0Cs-0xEbT4jWiDVYxQh_c9O6R_eusHZ-24mCgRA==
date
Thu, 21 Nov 2024 06:24:43 GMT
x-hubspot-correlation-id
a18e141c-ba29-4ecd-9c38-8dde1ecaa871
content-type
application/javascript; charset=utf-8
last-modified
Wed, 20 Nov 2024 20:11:11 UTC
vary
accept-encoding
x-evy-trace-listener
listener_https
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=600
x-evy-trace-served-by-pod
fra04/app-td/envoy-proxy-df5c94fff-95z8g
x-envoy-upstream-service-time
5
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.756/bundles/pixels-release.js&cfRay=8e5b25439fcb3a49-WAW
via
1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
cf-ray
8e5e992e3ef8047a-FRA
x-evy-trace-route-configuration
listener_https/all
x-hs-target-asset
adsscriptloaderstatic/static-1.756/bundles/pixels-release.js
x-amz-cf-pop
FRA56-C2
server
cloudflare
x-amz-server-side-encryption
AES256
uc.js
consent.cookiebot.com/ 		110 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/uc.js?cbid=fb174c59-0016-4d4c-8f79-2c133cf6c3fc&implementation=gtm&consentmode-dataredaction=dynamic
Requested by
Host: gtm.truesec.com
URL: https://gtm.truesec.com/gtm.js?id=GTM-K2VMF8D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:11::b856:6798 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
b30b70e2067e407e427ac15a978091acb030d9b2db360ea2a3ce3eec6ef474e5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

access-control-expose-headers
Request-Context
cache-control
public, max-age=749
content-encoding
gzip
etag
"42d4c62e8219db1:0"
cross-origin-resource-policy
cross-origin
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
expires
Thu, 21 Nov 2024 06:37:12 GMT
accept-ranges
bytes
content-length
34533
date
Thu, 21 Nov 2024 06:24:43 GMT
content-type
application/javascript
last-modified
Tue, 08 Oct 2024 13:01:25 GMT
vary
Accept-Encoding
json
forms-eu1.hscollectedforms.net/collected-forms/v1/config/ 		134 B
464 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json?portalId=26747823&utk=
Requested by
Host: js-eu1.hscollectedforms.net
URL: https://js-eu1.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29e84562cf0ee330f89c0ba8d7c5c19c64d05995e18ccbac48387fe558fb055d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://www.truesec.com/

Response headers

x-robots-tag
none
access-control-max-age
180
x-request-id
8cac5bf7-c06f-4637-afdc-41674322aec0
content-encoding
br
cf-cache-status
DYNAMIC
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options
nosniff
x-evy-trace-listener
listener_https
date
Thu, 21 Nov 2024 06:24:43 GMT
x-hubspot-correlation-id
8cac5bf7-c06f-4637-afdc-41674322aec0
content-type
application/json;charset=utf-8
vary
Accept-Encoding
access-control-allow-headers
*
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0
x-evy-trace-served-by-pod
fra04/app-td/envoy-proxy-df5c94fff-95z8g
x-envoy-upstream-service-time
11
cf-ray
8e5e992f18a5dbd8-FRA
access-control-allow-origin
https://www.truesec.com
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
combinedConfigs
cta-eu1.hubspot.com/web-interactives/public/v1/embed/ 		61 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cta-eu1.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=26747823&currentUrl=https%3A%2F%2Fwww.truesec.com%2Fhub%2Fblog%2Fhelldown-ransomware-group
Requested by
Host: js-eu1.hubspot.com
URL: https://js-eu1.hubspot.com/web-interactives-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.198.159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

x-robots-tag
noindex, follow
access-control-max-age
180
x-request-id
7e148ac2-9ae5-4159-9f3f-7eb142377340
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RDdPh70p3CnBunaJAEG4vOMsBacLf5ScX2y2E5i7e7GuwDTt6MpVkfmeaHwtjdJpwr4g3%2BriYIzZ0EXRyimOFapd%2Frc9nIILmzaG%2FiUwNTyqcU%2B4E8qen9LHLspgrmedsUOnoto%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
access-control-allow-methods
OPTIONS, GET
x-evy-trace-listener
listener_https
date
Thu, 21 Nov 2024 06:24:43 GMT
x-hubspot-correlation-id
7e148ac2-9ae5-4159-9f3f-7eb142377340
content-type
application/json;charset=utf-8
vary
origin
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
fra04/star-hubspot-td/envoy-proxy-74fb9b7c66-2s4pr
x-envoy-upstream-service-time
7
access-control-allow-credentials
true
cf-ray
8e5e99302bd14d52-FRA
access-control-allow-origin
https://www.truesec.com
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
counters.gif
perf-eu1.hsforms.com/embed/v3/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf-eu1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

x-robots-tag
none
x-request-id
de7f3ad0-de6e-4b0f-9718-a7db2c783a19
access-control-expose-headers
X-Origin-Hublet
CF-Cache-Status
MISS
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
Date
Thu, 21 Nov 2024 06:24:43 GMT
x-hubspot-correlation-id
de7f3ad0-de6e-4b0f-9718-a7db2c783a19
Content-Type
image/gif
vary
origin, Accept-Encoding
Last-Modified
Thu, 21 Nov 2024 06:24:43 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
Cache-Control
max-age=0, no-cache, no-store
x-evy-trace-served-by-pod
fra04/star-hubspot-td/envoy-proxy-74fb9b7c66-lv8jm
x-envoy-upstream-service-time
3
Connection
keep-alive
access-control-allow-credentials
false
CF-RAY
8e5e9930ecd6917d-FRA
Accept-Ranges
bytes
x-evy-trace-route-configuration
listener_https/all
Content-Length
35
Server
cloudflare
x-evy-trace-virtual-host
all
json
api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 		180 B
818 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=26747823
Requested by
Host: js-eu1.hsadspixel.net
URL: https://js-eu1.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3200::90:1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d918f4e81884383ac285ff349c24e637c70cedb82ec91fa7a2d3dcdddea07fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

access-control-max-age
180
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ItCQkvPDnoIhbnCYm27CKzYbYJz8qPxEJSsLV0VeXg9gqTDnWkbcHsUlPRTvpbeMd4RgeIHm7wyzcIKf0V6%2B5%2BlMR%2FbfZV2R9k63Qq1B7eHQC8twPNlaKgmDfLZnvdmN1R9Zfa2G%2B3LtO4Jgl2WZw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options
nosniff
date
Thu, 21 Nov 2024 06:24:43 GMT
x-hubspot-correlation-id
a784b0cb-9dae-4a66-9450-e1c17d779d64
content-type
application/json;charset=utf-8
vary
origin
access-control-allow-headers
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
false
cf-ray
8e5e99310e615b7a-FRA
access-control-allow-origin
https://www.truesec.com
server
cloudflare
bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame 88AD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=fb174c59-0016-4d4c-8f79-2c133cf6c3fc&implementation=gtm&consentmode-dataredaction=dynamic
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:887::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash

Request headers

Referer
https://www.truesec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=31297270
content-encoding
gzip
content-length
392
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 21 Nov 2024 06:24:43 GMT
etag
"3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires
Tue, 18 Nov 2025 12:05:53 GMT
last-modified
Mon, 04 Apr 2022 07:23:49 GMT
server
AkamaiNetStorage
server-timing
cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1732170283701_388276619_865400712_20_811_34_42_255";dur=1
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,1
cc.js
consent.cookiebot.com/fb174c59-0016-4d4c-8f79-2c133cf6c3fc/ 		357 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/fb174c59-0016-4d4c-8f79-2c133cf6c3fc/cc.js?renew=false&referer=www.truesec.com&dnt=false&init=false
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=fb174c59-0016-4d4c-8f79-2c133cf6c3fc&implementation=gtm&consentmode-dataredaction=dynamic
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:11::b856:6798 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
383ad068acbf0b5721ada409c4dac495a4c60fcb2204f9095a49ace54b6c39ea

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

cache-control
private, max-age=1200
access-control-expose-headers
Request-Context
content-encoding
gzip
cross-origin-resource-policy
cross-origin
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
content-length
104905
date
Thu, 21 Nov 2024 06:24:43 GMT
content-type
application/x-javascript; charset=utf-8
last-modified
Thu, 21 Nov 2024 06:24:43 GMT
vary
Accept-Encoding
js
www.googletagmanager.com/gtag/ 		255 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-1013665450
Requested by
Host: js-eu1.hsadspixel.net
URL: https://js-eu1.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
52302a995ab97a89717459642f37bec6a51d50a11a954f60ef24037ac2f5df87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Thu, 21 Nov 2024 06:24:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 21 Nov 2024 06:24:43 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Thu, 21 Nov 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
92899
x-xss-protection
0
server
Google Tag Manager
js
gtm.truesec.com/gtag/ 		255 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gtm.truesec.com/gtag/js?id=AW-1013665450&l=dataLayer&cx=c&gtm=45He4bk0v852249449za204
Requested by
Host: gtm.truesec.com
URL: https://gtm.truesec.com/gtm.js?id=GTM-K2VMF8D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:bc8:1e80:149:: Warsaw, Poland, ASN12876 (AS12876 SCALEWAY S.A.S., FR),
Reverse DNS
Software
nginx /
Resource Hash
8cf5da900c24b1a018bd844f01554544ce8f2b432d483eb7059d43ec8601a908
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

x-robots-tag
noindex
content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Thu, 21 Nov 2024 06:24:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 21 Nov 2024 06:24:43 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding, Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
trace-id
95cc1755-137f-48a3-938b-a7e7ce8e7bcd
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
x-xss-protection
0
server
nginx
insight.min.js
snap.licdn.com/li.lms-analytics/ 		40 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: js-eu1.hsadspixel.net
URL: https://js-eu1.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

cache-control
max-age=14769
content-encoding
gzip
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
content-length
14628
date
Thu, 21 Nov 2024 06:24:43 GMT
last-modified
Thu, 22 Aug 2024 10:43:55 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
48680d709a95eb5f7d484d4bd60168861437efa34d233d3c057317fb5a51ea8c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		293 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
counters.gif
forms-eu1.hsforms.com/embed/v3/ 		35 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

x-robots-tag
none
x-request-id
b2c135bd-74fc-4088-a6fd-fec598ece5bc
access-control-expose-headers
X-Origin-Hublet
CF-Cache-Status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
Date
Thu, 21 Nov 2024 06:24:44 GMT
x-hubspot-correlation-id
b2c135bd-74fc-4088-a6fd-fec598ece5bc
Content-Type
image/gif
vary
origin
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
Cache-Control
max-age=0, no-cache, no-store
x-evy-trace-served-by-pod
fra04/star-hubspot-td/envoy-proxy-74fb9b7c66-wdf7r
x-envoy-upstream-service-time
2
Connection
keep-alive
access-control-allow-credentials
false
CF-RAY
8e5e99331ed1dcc2-FRA
x-evy-trace-route-configuration
listener_https/all
Content-Length
35
Server
cloudflare
x-evy-trace-virtual-host
all
attribution_trigger
px.ads.linkedin.com/ 		2 B
813 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=660105&time=1732170283923&url=https%3A%2F%2Fwww.truesec.com%2Fhub%2Fblog%2Fhelldown-ransomware-group
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
*
Referer
https://www.truesec.com/

Response headers

x-li-pop
afd-prod-lor1-x
content-encoding
gzip
x-fs-uuid
00062766527ad2b80ce8ce121c9d4a76
x-msedge-ref
Ref A: 579424D030FB45498BBCF8D447D609AF Ref B: FRAEDGE2008 Ref C: 2024-11-21T06:24:44Z
x-li-fabric
prod-lor1
x-restli-protocol-version
1.0.0
access-control-allow-methods
GET, OPTIONS
x-li-uuid
AAYnZlJ60rgM6M4SHJ1Kdg==
x-li-proto
http/2
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Thu, 21 Nov 2024 06:24:44 GMT
content-type
application/json
access-control-allow-headers
*
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=660105&time=1732170283923&url=https%3A%2F%2Fwww.truesec.com%2Fhub%2Fblog%2Fhelldown-ransomware-group
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=660105&time=1732170283923&url=https%3A%2F%2Fwww.truesec.com%2Fhub%2Fblog%2Fhelldown-ransomware-group&e_ipv6=AQJvUZGGNVVfhwAAAZNNZPys7IHupfAsytaDD...
0
267 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=660105&time=1732170283923&url=https%3A%2F%2Fwww.truesec.com%2Fhub%2Fblog%2Fhelldown-ransomware-group&e_ipv6=AQJvUZGGNVVfhwAAAZNNZPys7IHupfAsytaDD3MdID18Rwj4WD1EBz_iRul4uctd-4lnis53ZHPmWaehhtuTgNWuMpBkkw
Requested by
Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/helldown-ransomware-group
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

linkedin-action
1
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: F1C75A06343B4EA5A5496A63A407CEDE Ref B: DUS30EDGE0416 Ref C: 2024-11-21T06:24:44Z
x-li-fabric
prod-lor1
x-li-uuid
AAYnZlKAYSTNaK1XE3X1CA==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Thu, 21 Nov 2024 06:24:43 GMT
content-type
application/javascript

Redirect headers

linkedin-action
1
x-li-pop
afd-prod-lor1-x
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=660105&time=1732170283923&url=https%3A%2F%2Fwww.truesec.com%2Fhub%2Fblog%2Fhelldown-ransomware-group&e_ipv6=AQJvUZGGNVVfhwAAAZNNZPys7IHupfAsytaDD3MdID18Rwj4WD1EBz_iRul4uctd-4lnis53ZHPmWaehhtuTgNWuMpBkkw
x-msedge-ref
Ref A: FFE591549AB84F6DBBC9EE2478CDDC33 Ref B: FRAEDGE1514 Ref C: 2024-11-21T06:24:44Z
x-li-fabric
prod-lor1
x-li-uuid
AAYnZlJ6y/e6CQxtIc8Y3g==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Thu, 21 Nov 2024 06:24:43 GMT
/
px.ads.linkedin.com/wa/ 		0
196 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.truesec.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
*
Content-Type
text/plain;charset=UTF-8

Response headers

linkedin-action
1
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 4A542ECD3E6E447E944DA5EBC7E03F70 Ref B: FRAEDGE1514 Ref C: 2024-11-21T06:24:44Z
x-li-fabric
prod-lor1
access-control-allow-credentials
true
x-li-uuid
AAYnZlKDdrznpNMdT0KNpA==
x-li-proto
http/2
access-control-allow-origin
https://www.truesec.com
x-cache
CONFIG_NOCACHE
date
Thu, 21 Nov 2024 06:24:44 GMT
vary
Origin
__ptq.gif
track-eu1.hubspot.com/ 		45 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3377520574&v=1.1&a=26747823&rcu=https%3A%2F%2Fwww.truesec.com%2Fhub%2Fblog%2Fhelldown-ransomware-group&pu=https%3A%2F%2Fwww.truesec.com%2Fhub%2Fblog%2Fhelldown-ransomware-group&t=Helldown+Ransomware+%E2%80%93+A+New+Emerging+Ransomware+Threat&cts=1732170284671&vi=5133b56b90490297d576265d06cbf4e1&nc=true&u=94123522.5133b56b90490297d576265d06cbf4e1.1732170284666.1732170284666.1732170284666.1&b=94123522.1.1732170284666&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

x-robots-tag
none
x-request-id
b890ccad-8b6d-4264-9353-0541bf5fbeb9
cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U9%2FKlJm67B1ChH6Egcy4GkrJDyA7HUHRZpyFKNBA9iP0yGCKV1952Z6TCnZQWeo6unVNQfmaeIaZi0OQMetfuUqEbHs6evsdb1C0c78SVh%2FiELUoryqFft0yF%2FNR0pgLvvVxS37Grw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-evy-trace-listener
listener_https
p3p
CP="NOI CUR ADM OUR NOR STA NID"
date
Thu, 21 Nov 2024 06:24:44 GMT
x-hubspot-correlation-id
b890ccad-8b6d-4264-9353-0541bf5fbeb9
content-type
image/gif
last-modified
Thu, 21 Nov 2024 06:24:44 GMT
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
no-cache, no-store, no-transform
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
fra04/analytics-tracking-td/envoy-proxy-594546558b-gs2sd
x-envoy-upstream-service-time
3
access-control-allow-credentials
false
cf-ray
8e5e9937eda2d22b-FRA
accept-ranges
bytes
x-evy-trace-route-configuration
listener_https/all
content-length
45
server
cloudflare
x-evy-trace-virtual-host
all
1.gif
imgsct.cookiebot.com/ 		35 B
781 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgsct.cookiebot.com/1.gif?dgi=fb174c59-0016-4d4c-8f79-2c133cf6c3fc
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:887::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
UploadServer /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers

x-goog-metageneration
1
Access-Control-Expose-Headers
*
x-goog-hash
crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
ETag
"c2196de8ba412c60c22ab491af7b1409"
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
35
Date
Thu, 21 Nov 2024 06:24:44 GMT
Last-Modified
Mon, 23 Oct 2023 11:39:32 GMT
Content-Type
image/gif
X-GUploader-UploadID
AFiumC6_M8Kkk3kwHmVAgMzuxFA8H2amUznzY_A56ycbXLVaJMRCy6LI2ZCawhyG07nLtrJP-eE
Cache-Control
public,max-age=1800
x-goog-storage-class
STANDARD
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
x-goog-generation
1698061172769999
Content-Length
35
Server
UploadServer
favicon.svg
www.truesec.com/wp-content/uploads/2023/09/ 		867 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.truesec.com/wp-content/uploads/2023/09/favicon.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.92.48 , Sweden, ASN42649 (bbn Baffin Bay Networks AB, SE),
Reverse DNS
anycast.baffinbaynetworks.com
Software
baffin-bay-inlet /
Resource Hash
22176aa7ae07186e4a33ac657a27a839a7938cc6c925c15fd93c482d8e53b96e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000, max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/hub/blog/helldown-ransomware-group

Response headers

Content-Encoding
br
ETag
W/"651d896c-363"
X-Content-Type-Options
nosniff
Date
Thu, 21 Nov 2024 06:24:45 GMT
Last-Modified
Wed, 04 Oct 2023 15:49:00 GMT
Content-Type
image/svg+xml
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000, max-age=14515200
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self 'https://player.vimeo.com'), payment=()
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Server
baffin-bay-inlet
collect
pagead2.googlesyndication.com/ccm/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.truesec.com%2Fhub%2Fblog%2Fhelldown-ransomware-group&scrsrc=www.googletagmanager.com&frm=0&rnd=1002860125.1732170286&npa=1&us_privacy=1---&did=dMWZhNz%2CdZTQ1Zm&gdid=dMWZhNz.dZTQ1Zm&gtm=45be4bk0za200zb852249449&gcs=G100&gcd=13p3p3p2p5l1&dma_cps=-&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&tft=1732170285981&tfd=4943&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1013665450
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.truesec.com/

Response headers
sw_iframe.html
www.googletagmanager.com/static/service_worker/4bj0/ Frame B786 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/static/service_worker/4bj0/sw_iframe.html?origin=https%3A%2F%2Fwww.truesec.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1013665450
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
119013
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1476
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Tue, 19 Nov 2024 21:21:13 GMT
expires
Wed, 19 Nov 2025 21:21:13 GMT
last-modified
Tue, 19 Nov 2024 10:38:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| dataLayer object| _hsp object| google_tag_manager object| google_tag_data boolean| PIXELS_RAN object| enabledEventSettings object| _hsq function| sanitizeKey boolean| _hstc_loaded object| __hsCollectedFormsDebug object| hsCtasOnReady object| __PRIVATE__HubspotCtaClient object| hsCallsToActionsReady object| __hsWebInteractiveInstance object| hsConversationsOnReady object| HubSpotCallsToActions boolean| hubspot_web_interactives_running object| hsCookieBanner boolean| _hspb_loaded boolean| _hspb_ran object| CookieControl function| __uspapi function| addUspapiLocatorFrame function| __handleUspapiMessage function| propagateIABStub object| Cookiebot object| CookieConsent object| _linkedin_data_partner_ids object| CookiebotDialog object| CookieConsentDialog function| lintrk boolean| _already_called_lintrk object| ORIBILI boolean| _hstc_ran string| __hsUserToken number| expireDateTime

12 Cookies

Domain/Path Name / Value
www.truesec.com/ Name: pll_language
Value: en
.hsforms.com/ Name: __cf_bm
Value: qwZrmNNATvku2LIsOCaCFRoF7bvH2bPTyQEk_IbmYVU-1732170283-1.0.1.1-MEKPrkmosckJES.M2ni1C34IWmLAUiqV.sOFsvqkTSdd1FsPcRrysXbbHODFBEu5VHrSLKv5wn9aOz9w8IDJpw
.hsforms.com/ Name: _cfuvid
Value: 5tkUgdBtMMNNaZlIYgWP7yFlvFz5DBNp6VP2X7ZmWyU-1732170283689-0.0.1.1-604800000
.linkedin.com/ Name: bcookie
Value: "v=2&cf5617df-f579-4b08-81e2-0f69bbe6fad9"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MzIxNzAyODQ7MjswMjEByHQ44aPOvTuXUyaYbtKs/Ck+948xBvhaRPv1H2j8jA==
.linkedin.com/ Name: lidc
Value: "b=OGST02:s=O:r=O:a=O:p=O:g=3406:u=1:x=1:i=1732170284:t=1732256684:v=2:sig=AQEz5UYt7IqRE5yfveKs2VFuIoeCtbDl"
.truesec.com/ Name: __hstc
Value: 94123522.5133b56b90490297d576265d06cbf4e1.1732170284666.1732170284666.1732170284666.1
.truesec.com/ Name: hubspotutk
Value: 5133b56b90490297d576265d06cbf4e1
.truesec.com/ Name: __hssrc
Value: 1
.truesec.com/ Name: __hssc
Value: 94123522.1.1732170284666
.hubspot.com/ Name: __cf_bm
Value: rfm1dcFsOEftC_3L_aS1AgIMUZNWHIR5zvWmXWeloFQ-1732170284-1.0.1.1-a7ncKJR9P.27YW4pOYV0a6Bsxl7BhIF7biGRUt0jgZj67NIhz8RMx1Owo4yLkFsSHQ8D5I33147UOYCFxv7_aA
.hubspot.com/ Name: _cfuvid
Value: Na.XW3cVkqBVeu9aC0rZphDeLepgEupWD6oWXhXSi78-1732170284821-0.0.1.1-604800000

1 Console Messages

Source Level URL
Text
security error
Message:
Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000 max-age=14515200
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-eu1.hubapi.com
consent.cookiebot.com
consentcdn.cookiebot.com
cta-eu1.hubspot.com
forms-eu1.hscollectedforms.net
forms-eu1.hsforms.com
gtm.truesec.com
imgsct.cookiebot.com
js-eu1.hs-analytics.net
js-eu1.hs-banner.com
js-eu1.hs-scripts.com
js-eu1.hsadspixel.net
js-eu1.hscollectedforms.net
js-eu1.hubspot.com
js.hs-scripts.com
pagead2.googlesyndication.com
perf-eu1.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
track-eu1.hubspot.com
www.googletagmanager.com
www.truesec.com
13.107.42.14
172.65.192.122
172.65.198.159
172.65.202.201
172.65.208.22
172.65.219.229
172.65.232.43
172.65.236.181
172.65.238.60
172.65.240.166
185.195.92.48
2001:bc8:1e80:149::
2606:4700::6810:8ad1
2620:1ec:21::14
2a00:1450:4001:80b::2002
2a00:1450:4001:81c::2008
2a02:26f0:1700:11::b856:6798
2a02:26f0:3500:10::210:a99
2a02:26f0:3500:887::f09
2a06:98c1:3200::90:1
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
0bcf29d5a91c47ba2452ef5dd89570db049ce7803ec79b3621978e49f73bc02b
1519275edf2a825c5f287829ed52a1327aae0e65eb70b375cde3f390c1c4045f
1adb8f4ff0f589850abec6b8c7802e2d3439388ac02ca1634869a2642ca4386d
22176aa7ae07186e4a33ac657a27a839a7938cc6c925c15fd93c482d8e53b96e
29e84562cf0ee330f89c0ba8d7c5c19c64d05995e18ccbac48387fe558fb055d
383ad068acbf0b5721ada409c4dac495a4c60fcb2204f9095a49ace54b6c39ea
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3ce75adf3ef7b013d278d74b53d13b5b39c2ae15b547bd72dcdacb45d1bda847
3d918f4e81884383ac285ff349c24e637c70cedb82ec91fa7a2d3dcdddea07fa
429fc71a17fa7f185fd18f6c0c082c4840a6c616cfcaa6869d6ab11c90b3a178
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48680d709a95eb5f7d484d4bd60168861437efa34d233d3c057317fb5a51ea8c
496d8b2e60efeb534f97ed2df7a915c0649b452b0f003ae46e95d6d387492a79
4abe4fdc4b62cefdd49a2eddefa795cfee4f45347aa1b4769d8ea9cfbd2767c1
52302a995ab97a89717459642f37bec6a51d50a11a954f60ef24037ac2f5df87
5b1d8ba8eb9be8ed121930611f473d5704eaebd6767f9ab4a7efb9a19f6fca5a
5bd7a1e006fa739a820cbf397667fc86e7c4e2eb700df81b532121f78ef7d3d7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
71a85fea17711790ac71b1b4c10f5956a877c971a2931d5cd106a615affdfca6
7acbe791f0f11668385053b83e7bd7171c8efbbe50314eb269dabd11f65465ae
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979
885c89e82436cfa3d0a0a5a9b2f6be6e1503457c810cc88ed2c09b4570ae9fd6
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8c7fc09c88a480d80cdda47817b5ed84fffdf67c11c90558d2e3265dfcf74285
8cf5da900c24b1a018bd844f01554544ce8f2b432d483eb7059d43ec8601a908
9a16df4ca47fb735db8debb963d9f1576b9cb1d06b3270deaa3bf57fb8d8d341
a04dd8b43762ab31f34d0575d28fac79bceb672d42344958c1e8c935f06ed88b
a2c1dd01db85a00fb60520dce8e9fbce9e80ef72b602a6750689fe606fb626e8
b30b70e2067e407e427ac15a978091acb030d9b2db360ea2a3ce3eec6ef474e5
ca05cc791954b32b5ab25904884db9dfbf5444923c35cf8a2498396a497a9ed4
ca9ead1a878c5a474808166462389da9859bbe06ee7c5e4365029c8062709121
cd3471893d25c1197b569216081cc878e1fc30f90e30c604e77a404236bbc674
d345eb95471fd463d7b7a86af9a9d93a6110c887fe50724bba2d975d4e4d764a
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c881781b5f13b6a618751ac58527fbaac9e728b471608462171d615639d9d1