URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Submission: On December 19 via api from IN — Scanned from DE

Summary

This website contacted 16 IPs in 3 countries across 15 domains to perform 189 HTTP transactions. The main IP is 192.124.249.59, located in Menifee, United States and belongs to SUCURI-SEC, US. The main domain is threatresearch.ext.hp.com.
TLS certificate: Issued by Starfield Secure Certificate Authorit... on February 12th 2022. Valid for: a year.
This is the only time threatresearch.ext.hp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
133 192.124.249.59 30148 (SUCURI-SEC)
2 19 95.100.69.71 16625 (AKAMAI-AS)
7 2a02:26f0:350... 20940 (AKAMAI-ASN1)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 23.75.165.98 16625 (AKAMAI-AS)
4 152.195.15.58 15133 (EDGECAST)
1 15.72.164.74 71 (HP-INTERN...)
1 2a02:fe80:101... 30148 (SUCURI-SEC)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 192.28.144.124 15224 (OMNITURE)
1 2a00:1450:400... 15169 (GOOGLE)
9 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
189 16
Apex Domain
Subdomains
Transfer
160 hp.com
threatresearch.ext.hp.com
www8.hp.com — Cisco Umbrella Rank: 35987
www.hp.com — Cisco Umbrella Rank: 12014
hp.com — Cisco Umbrella Rank: 1654
12 MB
9 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 403
172 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 29
20 KB
3 bizible.com
cdn.bizible.com — Cisco Umbrella Rank: 7521
33 KB
3 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 3364
8 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 51
204 KB
2 gstatic.com
fonts.gstatic.com
39 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 672
303 B
1 google.de
www.google.de — Cisco Umbrella Rank: 6041
501 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
501 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 77
448 B
1 mktoresp.com
497-itq-712.mktoresp.com
318 B
1 bizibly.com
cdn.bizibly.com — Cisco Umbrella Rank: 11516
203 B
1 bromium.com
www.bromium.com — Cisco Umbrella Rank: 394120
20 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 37
2 KB
189 15
Domain Requested by
133 threatresearch.ext.hp.com threatresearch.ext.hp.com
19 www8.hp.com 2 redirects threatresearch.ext.hp.com
www8.hp.com
9 cdn.cookielaw.org www.hp.com
cdn.bizible.com
cdn.cookielaw.org
7 www.hp.com threatresearch.ext.hp.com
www8.hp.com
hp.com
3 www.google-analytics.com www.googletagmanager.com
cdn.bizible.com
3 cdn.bizible.com threatresearch.ext.hp.com
cdn.bizible.com
3 munchkin.marketo.net threatresearch.ext.hp.com
munchkin.marketo.net
3 www.googletagmanager.com threatresearch.ext.hp.com
2 fonts.gstatic.com threatresearch.ext.hp.com
1 geolocation.onetrust.com cdn.bizible.com
1 www.google.de
1 www.google.com
1 stats.g.doubleclick.net cdn.bizible.com
1 497-itq-712.mktoresp.com munchkin.marketo.net
1 cdn.bizibly.com threatresearch.ext.hp.com
1 www.bromium.com threatresearch.ext.hp.com
1 hp.com threatresearch.ext.hp.com
1 fonts.googleapis.com threatresearch.ext.hp.com
189 18
Subject Issuer Validity Valid
threatresearch.ext.hp.com
Starfield Secure Certificate Authority - G2
2022-02-12 -
2023-03-15
a year crt.sh
www8.hp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2022-02-03 -
2023-02-03
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2022-02-06 -
2023-02-07
a year crt.sh
io.bizible.com
DigiCert TLS RSA SHA256 2020 CA1
2022-06-30 -
2023-07-31
a year crt.sh
cdn-origin-ftp.extweb.hp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2022-05-09 -
2023-05-10
a year crt.sh
bromium.com
Starfield Secure Certificate Authority - G2
2022-02-22 -
2023-02-22
a year crt.sh
*.gstatic.com
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
www.hp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2022-01-25 -
2023-01-25
a year crt.sh
*.mktoresp.com
DigiCert TLS RSA SHA256 2020 CA1
2022-10-05 -
2023-11-05
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2022-05-01 -
2023-05-01
a year crt.sh
www.google.com
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
www.google.de
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2022-12-13 -
2023-12-13
a year crt.sh

This page contains 1 frames:

Primary Page: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Frame ID: 4CDEB78A7A511CF049DDED0CF9063F52
Requests: 189 HTTP requests in this frame

Screenshot

Page Title

Magniber Ransomware Adopts JavaScript, Targeting Home Users with Fake Software Updates | HP Wolf SecurityBack ButtonFilter Button

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc\.clientlibs/

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • backbone.*\.js

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • lightbox(?:-plus-jquery)?.{0,32}\.js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns
  • /revslider/[/\w-]+/js

Overall confidence: 100%
Detected patterns
  • select2(?:\.min|\.full)?\.js

Overall confidence: 100%
Detected patterns
  • underscore.*\.js(?:\?ver=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

189
Requests

99 %
HTTPS

63 %
IPv6

15
Domains

18
Subdomains

16
IPs

3
Countries

12551 kB
Transfer

18169 kB
Size

21
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://www8.hp.com/us/en/scripts/framework/jquery/v-1-8/jquery.js HTTP 301
  • https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/jquery.js
Request Chain 1
  • https://www8.hp.com/us/en/scripts/framework/jquery/v-1-8/can.jquery.js HTTP 301
  • https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/can.jquery.js

189 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
1 MB
150 KB
Document
General
Full URL
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
93d8e449cf5588f81cdf7f5906b7fce641d7693deac6efc27aa7ac9b1e38f6bf
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-encoding
br
content-security-policy
upgrade-insecure-requests;
content-type
text/html; charset=UTF-8
date
Mon, 19 Dec 2022 10:56:39 GMT
host-header
8441280b0c35cbc1147f8ba998a563a7
link
<https://threatresearch.ext.hp.com/wp-json/>; rel="https://api.w.org/", <https://threatresearch.ext.hp.com/wp-json/wp/v2/posts/22511>; rel="alternate"; type="application/json", <https://threatresearch.ext.hp.com/?p=22511>; rel=shortlink
server
nginx
vary
Accept-Encoding
x-cache-enabled
True
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-httpd
1
x-proxy-cache
HIT
x-sucuri-cache
HIT
x-sucuri-id
15009
x-xss-protection
1; mode=block
jquery.js
www.hp.com/us-en/scripts/framework/jquery/v-1-8/
Redirect Chain
  • https://www8.hp.com/us/en/scripts/framework/jquery/v-1-8/jquery.js
  • https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/jquery.js
141 KB
41 KB
Script
General
Full URL
https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/jquery.js
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Server
2a02:26f0:3500:18::1724:a297 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
42c9bbf0bfd51db9c2f857c01784e8be555ac102a251f51823fd6b25960ccc12
Security Headers
Name Value
Strict-Transport-Security max-age=600
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher
dispatcher2westus2
date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=600
akamai-grn
, , , , 0.97a02417.1671447400.293ae760
x-vhost
publish
content-length
41470
last-modified
Wed, 26 Jan 2022 20:34:30 GMT
server
Apache
etag
"23521-5d68220ec4180-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Tue, 20 Dec 2022 10:56:40 GMT

Redirect headers

location
https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/jquery.js
pragma
no-cache
date
Mon, 19 Dec 2022 10:56:40 GMT
cache-control
max-age=0, no-cache, no-store
server
AkamaiGHost
content-length
0
expires
Mon, 19 Dec 2022 10:56:40 GMT
can.jquery.js
www.hp.com/us-en/scripts/framework/jquery/v-1-8/
Redirect Chain
  • https://www8.hp.com/us/en/scripts/framework/jquery/v-1-8/can.jquery.js
  • https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/can.jquery.js
49 KB
16 KB
Script
General
Full URL
https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/can.jquery.js
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Server
2a02:26f0:3500:18::1724:a297 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
a8706f9a07813ae80582404c482cba9754150066c9f04ffcdcd9e549632d16be
Security Headers
Name Value
Strict-Transport-Security max-age=600
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN, SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher
dispatcher2eastus2
date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=600
akamai-grn
, , 0.97a02417.1671447400.293ae761
x-vhost
publish
content-length
15442
last-modified
Wed, 26 Jan 2022 20:26:35 GMT
server
Apache
etag
"c49d-5d682049c54c0-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Tue, 20 Dec 2022 10:56:40 GMT

Redirect headers

location
https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/can.jquery.js
pragma
no-cache
date
Mon, 19 Dec 2022 10:56:40 GMT
cache-control
max-age=0, no-cache, no-store
server
AkamaiGHost
content-length
0
expires
Mon, 19 Dec 2022 10:56:40 GMT
latest.r
www8.hp.com/caas/header-footer/us/en/default/
350 KB
28 KB
Script
General
Full URL
https://www8.hp.com/caas/header-footer/us/en/default/latest.r?contentType=js
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d51837cd386e761f20379867c01328d7a4ddd1507d9b0ad8af8ea5e1854099f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher
dispatcher2eastus2
date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-vhost
globalnav
content-length
28012
last-modified
Thu, 15 Dec 2022 20:20:10 GMT
server
Apache
etag
"579c3-5efe3946a332d-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=297745
accept-ranges
bytes
expires
Thu, 22 Dec 2022 21:39:05 GMT
js
www.googletagmanager.com/gtag/
112 KB
44 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-197588716-1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cb7b66b586c6c920797da9adae995c0f225eb5c53719fdbb902df83f891000af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
44686
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 19 Dec 2022 10:56:40 GMT
blocks.style.build.css
threatresearch.ext.hp.com/wp-content/plugins/social-warfare/assets/js/post-editor/dist/
2 KB
1 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=6.1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
4834aa58000857ce42bdc4ae2322104fbbb5c0e96a7dbd4deab73900ae9d23a7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Fri, 27 Aug 2021 01:59:25 GMT
server
nginx
etag
W/"8a1-5ca80d536d39a"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
layerslider.css
threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/css/
25 KB
5 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=7.5.3
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
feeb150a3bd16c65fc36dca51f686a254645a5d60adb4a37aaaa797339013816
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:52:09 GMT
server
nginx
etag
W/"63de-5eb94f7d8b4cb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
css
fonts.googleapis.com/
47 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Lato:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7COpen+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7CIndie+Flower:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7COswald:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
56ad6f73cd42c34973f5903add0b80f25ab64da518ab7b779a5d62b0f8f71d2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 19 Dec 2022 10:56:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 19 Dec 2022 09:46:08 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 19 Dec 2022 10:56:39 GMT
mediaelementplayer-legacy.min.css
threatresearch.ext.hp.com/wp-includes/js/mediaelement/
11 KB
3 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Fri, 30 Apr 2021 03:10:53 GMT
server
nginx
etag
W/"2bf8-5c127f5aab452"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-mediaelement.min.css
threatresearch.ext.hp.com/wp-includes/js/mediaelement/
4 KB
1 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Tue, 17 Dec 2019 03:59:47 GMT
server
nginx
etag
W/"105a-599de5bea507f"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
views-frontend.css
threatresearch.ext.hp.com/wp-content/plugins/wp-views/public/css/
23 KB
4 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wp-views/public/css/views-frontend.css?ver=3.6.3
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
b062f2232e3094e4cfbd9543fdf9f043d560f92f8f064813e7a71f80b35ce1fa
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Thu, 19 May 2022 22:31:36 GMT
server
nginx
etag
W/"5db6-5df64efcc4927"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
classic-themes.min.css
threatresearch.ext.hp.com/wp-includes/css/
217 B
600 B
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/css/classic-themes.min.css?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:35:46 GMT
server
nginx
etag
W/"d9-5ee7de3f810ce"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
styles.css
threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/libs/fontastic/
5 KB
1 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/libs/fontastic/styles.css?ver=3.0.30
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
578332cd14c1c8f1c9ea7cc966ca50ae73945b7de3055e07f06dc099d4feeee0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:22:29 GMT
server
nginx
etag
W/"1421-5ee7db47056b7"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.css
threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/css/
10 KB
2 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/css/style.css?ver=3.0.30
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
e19a0e64789068d756a1b250084e54bb0ef77da66685e3dd9eafdc9a71ea1406
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:22:29 GMT
server
nginx
etag
W/"2678-5ee7db4702bbe"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
ditty.css
threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/includes/css/
37 KB
6 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/includes/css/ditty.css?ver=3.0.30
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
9e9b2b2d98bb21ba98a3e7d0166f2de7bae986b81a727c7804a44f4f81b09737
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:22:29 GMT
server
nginx
etag
W/"9417-5ee7db471cdbe"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
all.css
threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker//includes/libs/fontawesome-6.2.0/css/
136 KB
22 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker//includes/libs/fontawesome-6.2.0/css/all.css?ver=6.2.0
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
83c5ebd47131aa8aeef9d7ace04d313c997b67934791fa92c366e78e99242329
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:22:29 GMT
server
nginx
etag
W/"220f1-5ee7db4722798"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.css
threatresearch.ext.hp.com/wp-content/plugins/thumbs-rating/css/
859 B
675 B
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/thumbs-rating/css/style.css?ver=4.0.3
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
ee991e02add6bbe26b55d521d8f83e94031eb9f9f636b30756d4e3fc09a3cff4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Fri, 30 Apr 2021 02:10:54 GMT
server
nginx
etag
W/"35b-5c1271f2f1cab"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
ult_marketo_forms-public.css
threatresearch.ext.hp.com/wp-content/plugins/ultimate-marketo-forms/public/css/
35 B
494 B
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/ultimate-marketo-forms/public/css/ult_marketo_forms-public.css?ver=1.0.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
7a109bbaf31b60ea0c1182758f73e7e2050aeabc9d37913ebc0c72030a48cf23
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 17 Dec 2018 17:45:47 GMT
server
nginx
etag
W/"23-57d3b59d188c0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
wonderplugin3dcarousel.css
threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-3dcarousel/engine/
24 KB
2 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-3dcarousel/engine/wonderplugin3dcarousel.css?ver=4.3.1PRO
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
62855a25508bf218a96a1179788320756ce0ae0346a586cca1fc5a6b5e7a4668
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:40:00 GMT
server
nginx
etag
W/"61f9-5eb94cc6a08e7"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
wonderpluginsliderengine.css
threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-slider/engine/
16 KB
1 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-slider/engine/wonderpluginsliderengine.css?ver=13.5.1PRO
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
c3ef28a4f156c353239b74328046126175c702be2d89b9a24c8527a8b53ee0e4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:24:40 GMT
server
nginx
etag
W/"4039-5ee7dbc45fb0c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
frontend.min.css
threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/css/
99 KB
14 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=4.4.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
c74e09e98dae6e3a87e561dc5a65603f5eee4b9d6d38729a4799c201b50d17da
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Sun, 18 Dec 2022 23:03:10 GMT
server
nginx
etag
W/"18ad0-5f02234df70e4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
flatpickr.min.css
threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/
14 KB
3 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=4.4.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
3668f6d335416599574fb1f336cbd2b9bb2f8fcff63e63a9ca3b68df4d0c6165
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Sun, 18 Dec 2022 23:03:10 GMT
server
nginx
etag
W/"3601-5f02234e02c68"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
select2.min.css
threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/select2/
15 KB
2 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=6.1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:24:27 GMT
server
nginx
etag
W/"3a75-5ee7dbb828816"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.min.css
threatresearch.ext.hp.com/wp-content/plugins/social-warfare/assets/css/
87 KB
10 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/social-warfare/assets/css/style.min.css?ver=4.3.0
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
f975207e21041e251c165009f22311cc20b0acf1477d309fd62538beb50e0eb6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Fri, 27 Aug 2021 01:59:25 GMT
server
nginx
etag
W/"15c19-5ca80d536bc29"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.css
threatresearch.ext.hp.com/wp-content/themes/Avada/
507 B
742 B
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/style.css?ver=6.1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
472cf661f1007ee950af6a88f55e240f93c279b5b0960ff218c95b864b52a68f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"1fb-5eb94f0f37025"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.min.css
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/css/
84 KB
15 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/css/style.min.css?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
8da3130463864da4b9e900c389edfa7488c93fca573e18766e9660a7b721aea2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"14fe2-5eb94f0f3e16f"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
toolset-common-es-frontend.js
threatresearch.ext.hp.com/wp-content/plugins/wp-views/vendor/toolset/common-es/public/
4 KB
2 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wp-views/vendor/toolset/common-es/public/toolset-common-es-frontend.js?ver=163000
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
7c356a9d56062296d80aaa7faa72446bedb5e783aa6a9c557e1efddaa6055258
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Thu, 19 May 2022 22:31:36 GMT
server
nginx
etag
W/"10f5-5df64efcd626d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.min.js
threatresearch.ext.hp.com/wp-includes/js/jquery/
88 KB
30 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:35:46 GMT
server
nginx
etag
W/"15e54-5ee7de3f87278"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-migrate.min.js
threatresearch.ext.hp.com/wp-includes/js/jquery/
11 KB
4 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Fri, 30 Apr 2021 03:10:53 GMT
server
nginx
etag
W/"2bd8-5c127f5aa6e01"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
layerslider.utils.js
threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/
120 KB
39 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=7.5.3
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
919fecd4dc7f498339d04030c87de7f4db63cc2f08be69148562b14dc3a415a6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:52:09 GMT
server
nginx
etag
W/"1e049-5eb94f7d8c46b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
layerslider.kreaturamedia.jquery.js
threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/
144 KB
51 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=7.5.3
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
0556c9c3691f4d98501088fade814d01213830b5fe9eeb68e7e9a65f68f9c8f1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:52:09 GMT
server
nginx
etag
W/"241c3-5eb94f7d8c46b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
layerslider.transitions.js
threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/
23 KB
4 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=7.5.3
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
0ad75b71fbe2be4806d58d482067535f7789abfda5e4eaa18971278e30c70f3e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:52:09 GMT
server
nginx
etag
W/"5ca7-5eb94f7d8c46b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
frontend-gtag.min.js
threatresearch.ext.hp.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/
12 KB
3 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.10.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
abc9faa4970e07db7d506d6b2a98e4c86223be305c7541ced54ea2e15f99a76e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:22:40 GMT
server
nginx
etag
W/"2e7a-5ee7db51ea71e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
rbtools.min.js
threatresearch.ext.hp.com/wp-content/plugins/revslider/public/assets/js/
161 KB
58 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.7
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
c4596b16b126326b0d8fc2fb8bf91389ad3dc4671a269187913c19a8f2ad1094
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:34:06 GMT
server
nginx
etag
W/"285db-5ee7dddfe22f0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
rs6.min.js
threatresearch.ext.hp.com/wp-content/plugins/revslider/public/assets/js/
399 KB
96 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.7
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
208d013c583899ce6bb2fe281662492caa32a1edd39924f7e5760233c22c7f69
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:34:06 GMT
server
nginx
etag
W/"63b18-5ee7dddfe22f0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
general.js
threatresearch.ext.hp.com/wp-content/plugins/thumbs-rating/js/
2 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/thumbs-rating/js/general.js?ver=4.0.3
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
0a3364d1f00ceab070910d588e47e47a584e60e0dc2b235270195f8bbf5a36d1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Fri, 30 Apr 2021 02:10:54 GMT
server
nginx
etag
W/"6c2-5c1271f2f2c4c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
forms2.min.js
threatresearch.ext.hp.com/wp-content/plugins/ultimate-marketo-forms/public/js/
164 KB
54 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/ultimate-marketo-forms/public/js/forms2.min.js?ver=1.0.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
de5ba330570616401d1840de0075059a65e62280b8d2524334be84290f43a4d7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 17 Dec 2018 17:45:47 GMT
server
nginx
etag
W/"29076-57d3b59d188c0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
ult_marketo_forms-public.js
threatresearch.ext.hp.com/wp-content/plugins/ultimate-marketo-forms/public/js/
2 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/ultimate-marketo-forms/public/js/ult_marketo_forms-public.js?ver=1.0.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
4463996b808a043a2091ce400b56adcdb7407264272e6d2e389075e143e1c901
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 17 Dec 2018 17:45:47 GMT
server
nginx
etag
W/"6fb-57d3b59d188c0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js?ver=1.0.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.75.165.98 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-75-165-98.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Mon, 19 Dec 2022 10:56:40 GMT
Content-Encoding
gzip
Last-Modified
Fri, 09 Sep 2022 01:18:39 GMT
Server
AkamaiNetStorage
ETag
"92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
728
wp3dcarousellightbox.js
threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-3dcarousel/engine/
124 KB
25 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-3dcarousel/engine/wp3dcarousellightbox.js?ver=4.3.1PRO
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
bbc9f84967a6306b0db8bfc4c80cd5aa2b7733b1a312c684ade35a2972f86edd
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:40:00 GMT
server
nginx
etag
W/"1ef75-5eb94cc69f176"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
wonderplugin3dcarousel.js
threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-3dcarousel/engine/
60 KB
11 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-3dcarousel/engine/wonderplugin3dcarousel.js?ver=4.3.1PRO
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
9209a89d1d74bc0ff6b779bc341ee5e40a72698f078bd4a0ea224e20466b616b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:40:00 GMT
server
nginx
etag
W/"f15e-5eb94cc6a2ff7"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
wonderpluginsliderskins.js
threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-slider/engine/
175 KB
7 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-slider/engine/wonderpluginsliderskins.js?ver=13.5.1PRO
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
ef8e48e37e4317aa7063a4a2e7056620681b2e69073f922dc8c0d27de3e4cef2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:24:40 GMT
server
nginx
etag
W/"2bb07-5ee7dbc45d3fc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
wonderpluginslider.js
threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-slider/engine/
318 KB
50 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-slider/engine/wonderpluginslider.js?ver=13.5.1PRO
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
21593e36fb12916f2fbfe2e3140894e00c0c9757b03c6987aab38d0cd8cdf2c8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:24:40 GMT
server
nginx
etag
W/"4f9a7-5ee7dbc45e39c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
flatpickr.min.js
threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/
49 KB
14 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=4.4.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
1f77f1c60435921cb2d68ccfb3bf2da81dd35f274014c4cd5a5b9c20c4a46a27
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Sun, 18 Dec 2022 23:03:10 GMT
server
nginx
etag
W/"c5ad-5f02234e03050"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
select2.min.js
threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/select2/
69 KB
18 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=4.4.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Sun, 18 Dec 2022 23:03:10 GMT
server
nginx
etag
W/"114c3-5f02234df78b5"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
js
www.googletagmanager.com/gtag/
109 KB
43 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-31745238-1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ed6e5398c8c66153d0d96326eb08b6db3406a384eae2facfbfd26b71406ea4ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43594
x-xss-protection
0
last-modified
Mon, 19 Dec 2022 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 19 Dec 2022 10:56:40 GMT
bizible.js
cdn.bizible.com/scripts/
83 KB
32 KB
Script
General
Full URL
https://cdn.bizible.com/scripts/bizible.js
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67D4) /
Resource Hash
3511de47d3250e54206caa8bfd8b2401d7ae512f821258d06a52d5e9584690f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
gzip
last-modified
Mon, 12 Dec 2022 18:11:12 GMT
server
ECS (frb/67D4)
age
41921
etag
"b32e51e55ed91:0"
vary
Accept-Encoding
x-cache
HIT
content-type
application/x-javascript
cache-control
max-age=86400
accept-ranges
bytes
content-length
32316
privacy-banner.js
hp.com/cma/ng/lib/exceptions/
16 KB
9 KB
Script
General
Full URL
https://hp.com/cma/ng/lib/exceptions/privacy-banner.js
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
15.72.164.74 , United States, ASN71 (HP-INTERNET-AS, US),
Reverse DNS
hp.com.hr
Software
Apache /
Resource Hash
56daa473cc200622ef8ef8c20eb3ded1d19a583b2e0810f8d459326b04f11463
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Mon, 19 Dec 2022 10:56:40 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
Apache
ETag
"5ec1a6b6a80c0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=7200
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
8374
Expires
Mon, 19 Dec 2022 12:56:40 GMT
BromiumBlog_Images_0010.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/05/
2 MB
2 MB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2021/05/BromiumBlog_Images_0010.jpg
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
8b625a6ed2cfde39e761f2e9fc10ad83f2d4305c942471f911fcff9e4bb98808
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
2094385
x-xss-protection
1; mode=block
last-modified
Wed, 12 May 2021 10:25:17 GMT
server
nginx
etag
"1ff531-5c21f6d54bdd4"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
magniber_01.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/
21 KB
22 KB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_01.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
a26bbb2fb16ca3717c4690a816e25c43be2ad4fcb45adb878b3c98b6b01fbeb9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
21803
x-xss-protection
1; mode=block
last-modified
Thu, 13 Oct 2022 10:16:08 GMT
server
nginx
etag
"552b-5eae7cc429ae2"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
x-proxy-cache
HIT
magniber_02.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/
101 KB
102 KB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_02.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
5a4f9b81ce5e4dc3bb3fa525cd250753923aa7474a9d5bbf8801048a3fb10c24
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
103785
x-xss-protection
1; mode=block
last-modified
Thu, 13 Oct 2022 10:16:10 GMT
server
nginx
etag
"19569-5eae7cc63c7b4"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
x-proxy-cache
HIT
magniber_03.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/
59 KB
59 KB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_03.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
9db372bd5a5d506904ce7fda178ece352bfe33dd38292f8d398e613eb4a7968a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
60430
x-xss-protection
1; mode=block
last-modified
Thu, 13 Oct 2022 10:16:13 GMT
server
nginx
etag
"ec0e-5eae7cc8c862b"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
x-proxy-cache
HIT
magniber_04.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/
73 KB
73 KB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_04.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
192a450bdc8200b9df998cd74c4295d01acd74430375452983b4de474375829d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
74370
x-xss-protection
1; mode=block
last-modified
Thu, 13 Oct 2022 10:08:56 GMT
server
nginx
etag
"12282-5eae7b28260d6"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
x-proxy-cache
HIT
magniber_05.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/
45 KB
45 KB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_05.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
527d982dd4e2527fafe888adec2c719929a6476b2106952464a65ea02dee7893
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
46106
x-xss-protection
1; mode=block
last-modified
Thu, 13 Oct 2022 10:16:25 GMT
server
nginx
etag
"b41a-5eae7cd3c68f5"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
x-proxy-cache
HIT
magniber_06.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/
32 KB
32 KB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_06.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
a81c390548502ac446b8c2eabdc6ea07a8bc43b23e206a9c232d3ceaef3cae9a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
32687
x-xss-protection
1; mode=block
last-modified
Thu, 13 Oct 2022 10:16:27 GMT
server
nginx
etag
"7faf-5eae7cd5e60eb"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
x-proxy-cache
HIT
magniber_07.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/
10 KB
10 KB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_07.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
af810e2b2886d81e6225b34eb2391f15be48f95f5ce80bd04f7b25b6e15eb7c8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
9734
x-xss-protection
1; mode=block
last-modified
Thu, 13 Oct 2022 10:09:00 GMT
server
nginx
etag
"2606-5eae7b2ba1b86"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
x-proxy-cache
HIT
magniber_08.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/
18 KB
18 KB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_08.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
5d9e229dde2a12fae04e5a3e85eb93f8ef6a7541c0384152901b4d9dec29ef29
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
18462
x-xss-protection
1; mode=block
last-modified
Thu, 13 Oct 2022 10:09:02 GMT
server
nginx
etag
"481e-5eae7b2d6d78a"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
x-proxy-cache
HIT
magniber_09.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/
84 KB
85 KB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_09.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
a537306122d97954096b0591324fdc7f3d8b54a518b20e30714459b3584e6782
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
86034
x-xss-protection
1; mode=block
last-modified
Thu, 13 Oct 2022 10:16:38 GMT
server
nginx
etag
"15012-5eae7ce0c383b"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
x-proxy-cache
HIT
magniber_10.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/
52 KB
53 KB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_10.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
f9060ef4ed91de78998d5f9b15592b736dd9b62f02ecae043dffd6ebca7dd894
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
53312
x-xss-protection
1; mode=block
last-modified
Thu, 13 Oct 2022 10:09:03 GMT
server
nginx
etag
"d040-5eae7b2ef8083"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
x-proxy-cache
HIT
profile_img-150x150.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/01/
8 KB
8 KB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2021/01/profile_img-150x150.jpg
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
6eb52a97833a253a404e06ef580bfc474b9883681a2e7abf223b1a9434201bae
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
8242
x-xss-protection
1; mode=block
last-modified
Tue, 19 Jan 2021 12:52:40 GMT
server
nginx
etag
"2032-5b940505ef0ed"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
x-proxy-cache
HIT
BromiumBlog_Images_0008.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/05/
2 MB
2 MB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2021/05/BromiumBlog_Images_0008.jpg
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
0df6356a9dd9333fe8a139307f90de62efc5bba4dcb4e8007be03e596f4c2f77
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
2045815
x-xss-protection
1; mode=block
last-modified
Wed, 12 May 2021 10:25:13 GMT
server
nginx
etag
"1f3777-5c21f6d12fcb2"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
blogImage__b6.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/05/
2 MB
2 MB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2021/05/blogImage__b6.jpg
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
c85d4f64101e48851e2a89069e50aefd6aeb901c535c7aa39986903d4baf1353
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
2050865
x-xss-protection
1; mode=block
last-modified
Wed, 12 May 2021 11:13:55 GMT
server
nginx
etag
"1f4b31-5c2201b3ceea5"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
blogImage__b9.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/05/
2 MB
2 MB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2021/05/blogImage__b9.jpg
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
9a19f69eb87e131998e91350c4eb6f55a44de97614261b1af11694576949ac39
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
2098561
x-xss-protection
1; mode=block
last-modified
Wed, 12 May 2021 11:13:43 GMT
server
nginx
etag
"200581-5c2201a89aceb"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
blogImage__b2.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/05/
2 MB
2 MB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2021/05/blogImage__b2.jpg
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
d68605f97c0c27101ea06a1276a2e55c2bf65f0e07e8e0c11be145addde1344b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
content-length
2112187
x-xss-protection
1; mode=block
last-modified
Wed, 12 May 2021 11:13:47 GMT
server
nginx
etag
"203abb-5c2201ac87831"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
expires
Thu, 31 Dec 2037 23:55:55 GMT
blogImage_refresh_001.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/10/
110 KB
110 KB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2021/10/blogImage_refresh_001.jpg
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
100c3577372983a9ae444d3a1fcecec6525dae128e75a396bf38bd23eb972c5c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
112333
x-xss-protection
1; mode=block
last-modified
Thu, 28 Oct 2021 10:38:17 GMT
server
nginx
etag
"1b6cd-5cf674f0171cb"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
x-proxy-cache
HIT
profile_img.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/01/
15 KB
15 KB
Image
General
Full URL
https://threatresearch.ext.hp.com/wp-content/uploads/2021/01/profile_img.jpg
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
08de3edfa1e71b1c4ddc7fde8cbdad1e98a05222d7fdf1f9321313d821d20cfa
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
15350
x-xss-protection
1; mode=block
last-modified
Tue, 19 Jan 2021 12:52:40 GMT
server
nginx
etag
"3bf6-5b940505b56fe"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
accept-ranges
bytes
x-proxy-cache
HIT
style.min.css
threatresearch.ext.hp.com/wp-includes/css/dist/block-library/
93 KB
12 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:35:46 GMT
server
nginx
etag
W/"172a9-5ee7de3f7da1d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
rs6.css
threatresearch.ext.hp.com/wp-content/plugins/revslider/public/assets/css/
57 KB
12 KB
Stylesheet
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.7
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
95f59f9a4a19697496edc01bb55011ea4056f90625cc816a7f18256f056a6258
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:34:06 GMT
server
nginx
etag
W/"e394-5ee7dddfe1b20"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
swiped-events.min.js
threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/js/
2 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/js/swiped-events.min.js?ver=1.1.4
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
db0fe819895d07af230d0f21f183ae4c9ecdec27664f004c6ac8844deaf55adc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:22:29 GMT
server
nginx
etag
W/"6e8-5ee7db4704aff"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
imagesloaded.min.js
threatresearch.ext.hp.com/wp-includes/js/
5 KB
2 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Wed, 19 Aug 2020 23:51:51 GMT
server
nginx
etag
W/"15fd-5ad43b00c07ef"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
effect.min.js
threatresearch.ext.hp.com/wp-includes/js/jquery/ui/
17 KB
7 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/jquery/ui/effect.min.js?ver=1.13.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
4471f0e0712693e37d562bb4981a7da17248062fc39140f3df05826943879fb7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:35:46 GMT
server
nginx
etag
W/"43ba-5ee7de3f8b0f9"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
ditty-news-ticker.min.js
threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/js/
14 KB
3 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/js/ditty-news-ticker.min.js?ver=3.0.30
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
9808e9a37df4741d8a212c739cae654d1e935e3d3f9251c9eef6be7bb24b1eab
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:22:29 GMT
server
nginx
etag
W/"362b-5ee7db4704ee7"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
frontend.min.js
threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/js/
19 KB
4 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=4.4.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
255bbdc2a44e99169f7196982ff3155cf5631bdc043a1a431e5ea8f51297bb73
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
HIT
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
x-xss-protection
1; mode=block
last-modified
Sun, 18 Dec 2022 23:03:10 GMT
server
nginx
etag
W/"4a87-5f02234e00557"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
script.min.js
threatresearch.ext.hp.com/wp-content/plugins/social-warfare/assets/js/
21 KB
6 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/social-warfare/assets/js/script.min.js?ver=4.3.0
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
824881cb24a4442381024afdf51da2932d717bb59cb549edc4cad3e00394bdce
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Fri, 27 Aug 2021 01:59:25 GMT
server
nginx
etag
W/"550b-5ca80d536cbc9"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
new-tab.js
threatresearch.ext.hp.com/wp-content/plugins/page-links-to/dist/
24 KB
9 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.6
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Wed, 19 Jan 2022 02:30:56 GMT
server
nginx
etag
W/"609e-5d5e62ce6cc0e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
cssua.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
3 KB
2 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/cssua.js?ver=2.1.28
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
daf181ab9ead5372eefb6fe5d87704d7abdbfa6c09e4c79a2a2f688c6fac5ada
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"d10-5eb94f0f84e55"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-animations.js
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/
2 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-animations.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
2e52dea09005063c3ff69fc36c11c7008b8efa5d4a97e38e7161ffaf0b0aedb6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:51:12 GMT
server
nginx
etag
W/"70c-5eb94f46d7924"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-vertical-menu-widget.js
threatresearch.ext.hp.com/wp-content/plugins/fusion-core/js/min/
1 KB
880 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/fusion-core/js/min/fusion-vertical-menu-widget.js?ver=5.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
93a897eedca2d924b738067a03528933e4eb07d4c2f78d65276b6576b7f4d370
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:51:17 GMT
server
nginx
etag
W/"572-5eb94f4c4e99f"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
modernizr.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
18 KB
7 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/modernizr.js?ver=3.3.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
072d2a46607c107cdd7f20d3e5410963b281151df62444ad775ade8361cfa6cc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"4670-5eb94f0f84685"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/
5 KB
2 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion.js?ver=3.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
760fe5e9d4fdf4fe5962edc3926816d8051faf168aa36ea467cdf7a80e09ede2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"1281-5eb94f0f83acd"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
bootstrap.transition.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
741 B
787 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.transition.js?ver=3.3.6
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
bd6def1ae1509946499390f95acaa1fd39a76452c8312f165d2bc0b791c9e0ef
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"2e5-5eb94f0f84e55"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
bootstrap.tooltip.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
11 KB
4 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.tooltip.js?ver=3.3.5
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
23263a19c0dc4b29036a56f858a2b6f915ea0e415ed7c46071a071f170626c88
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"2a6e-5eb94f0f84a6d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
bootstrap.modal.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
4 KB
2 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.modal.js?ver=3.1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
9a2d11b76feb7a9e531a9d055fae88e495017645e5c823a010c818a7744b2c45
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"f86-5eb94f0f84a6d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.requestAnimationFrame.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
695 B
759 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.requestAnimationFrame.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
980aba21181e373e49d5e2602223454f0bb78ccb263eabcfb850abb14ad8c904
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"2b7-5eb94f0f84685"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.easing.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
2 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.easing.js?ver=1.3
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
c8c066c331d08eaf858338789a0499c5ad85cfc6325d7685ea8a9463750d8684
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"8eb-5eb94f0f84e55"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.fitvids.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
2 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.fitvids.js?ver=1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
233cb2b905dec5df68df039e52e26980f674880fee51a8f6b7f75486760f1f3e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"6e7-5eb94f0f8429d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.flexslider.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
22 KB
6 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.flexslider.js?ver=2.7.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
f2d424362aca158ad49da19b48c212e687fbed93ece9fed06fcf8871f5f64c5f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"57ca-5eb94f0f84e55"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.ilightbox.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
81 KB
24 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.ilightbox.js?ver=2.2.3
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
990f2544353261a345a25a88644c6b30411fdbb6163358bf8872787908e275e6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"14287-5eb94f0f84a6d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.mousewheel.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
3 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.mousewheel.js?ver=3.0.6
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
cce83fa2c5096e414c0e32c9fc07ba011e2f4d67a51f9c4155651122329ec0dc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"a41-5eb94f0f8523d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.placeholder.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
2 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.placeholder.js?ver=2.0.7
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
fa34de993dea91eb0120c3745378192fa1177ba8ec5772e08632318d1d5e1267
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"880-5eb94f0f84a6d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.fade.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
1 KB
861 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.fade.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
836e98f92408ccb7250927acef9b494fbacc18678ef18888f835101557bddd37
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"48a-5eb94f0f84e55"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-equal-heights.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/
1 KB
992 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-equal-heights.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
d3d1fc3b726f87e9440670838b6d33dc22ee1c854274724b27de90be75d1069c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"55b-5eb94f0f836e4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-parallax.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
12 KB
3 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-parallax.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
a1e265af7b140bf70ba7a061b8ddee61e32ced0c50d985f0b05cdfe061112cb5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"2ef3-5eb94f0f84685"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-video-general.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
3 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-general.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
ea2dd31704608166bfd31e6c1b54027061ea568cd9aa1163656843a5907ac45d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"d31-5eb94f0f84685"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-video-bg.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
4 KB
2 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-bg.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
46af13bd348d946968c6bd1c844dccbca02856ecdcaa8dcb35969e99d1399562
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"1192-5eb94f0f84a6d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-lightbox.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/
7 KB
2 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-lightbox.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
93d5f2281324f8a87ce2bdf811d8d1fd5ca4781618754a490a0fce0f166d479c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"1c46-5eb94f0f83acd"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-tooltip.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/
849 B
742 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-tooltip.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
4ea735c25bb36d6130e169c43dd545f9ab091b791672b1538046ebedef3308f6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"351-5eb94f0f83acd"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-sharing-box.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/
945 B
755 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-sharing-box.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
45a6eea93903fe37410887ca5eb4605572ecfaf1968387365ec9ed9331a36487
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"3b1-5eb94f0f83eb5"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.sticky-kit.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
6 KB
2 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.sticky-kit.js?ver=1.1.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
19e2b8ef435756c4dc18bc450f4ec0fbe6db2ceb7b99a7d656877bc49eb342ec
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"17d5-5eb94f0f84a6d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-youtube.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
4 KB
2 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-youtube.js?ver=2.2.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
828ef7357ef25a04a505c7f21b1418620b4c13faec1ac0d562e2127400c751fb
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"10c3-5eb94f0f84e55"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
vimeoPlayer.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/
16 KB
6 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/vimeoPlayer.js?ver=2.2.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
501c8b7edd85aa5b93a52254d40cf04d754018292b113caf7f76441701d30a0a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"40bd-5eb94f0f84a6d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
avada-general-footer.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/
413 B
626 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-general-footer.js?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
61e7bb6d0210c308eb1f6153f18b4063eb715fde885b7d20b4d209d3fcb5a217
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"19d-5eb94f0f4eefc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
avada-quantity.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/
2 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-quantity.js?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
893ed74f27210911877234fad64cae770cf4af4b2b9b2c75b80d401c43f281d1
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"7b6-5eb94f0f4f6cd"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
avada-crossfade-images.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/
418 B
627 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-crossfade-images.js?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
80e9a74251b9a8f1f7e72a0ea7cbd8905e4777b931e92b09f545087161fa0b37
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"1a2-5eb94f0f4f6cd"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
avada-select.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/
886 B
754 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-select.js?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
bf3722b93fa395dc556c14f331f86a9d5e31fa813e46f0cfcb8afd19fae33034
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"376-5eb94f0f4eefc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
avada-tabs-widget.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/
503 B
668 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-tabs-widget.js?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
6afaae08a9346fc9ca891d0d80f8483905c1421bca9f918506150566d3912e9a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"1f7-5eb94f0f4fab5"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
avada-rev-styles.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/
3 KB
975 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-rev-styles.js?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
68bec0121363230f259b5abcfe8287100777c0e3b3d7bfb619d18273a6aa4728
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"ad6-5eb94f0f4f6cd"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.elasticslider.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/library/
4 KB
2 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/library/jquery.elasticslider.js?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
11f4df8462b2edc6add3928ab5f30dcab77f69c29c0e175b1888f4cb6275823c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"11c1-5eb94f0f4fe9d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
avada-live-search.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/
3 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-live-search.js?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
c9bf057820b3b0223c468e08beb0d41a12b451e224308149bc05f0d4a607fcab
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"bfd-5eb94f0f4f6cd"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-alert.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/
260 B
618 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-alert.js?ver=6.1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
eb6481e44617b3e40d345b2df5e20965503b4ab87c9346a43894f93a601ccde7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"104-5eb94f0f83acd"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
awb-off-canvas.js
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/
12 KB
4 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/awb-off-canvas.js?ver=3.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
d8c519e27f603a4eb131526c2a93cdade281348b8efc845a1007e9a29ffdfef4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:51:12 GMT
server
nginx
etag
W/"3149-5eb94f46d80f4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-flexslider.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/
6 KB
2 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-flexslider.js?ver=6.1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
cb56816d72e7289b2aab8ba19bd1bdb4708cbbc7e70d7f38f9138a4dd10215a5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"195e-5eb94f0f83eb5"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-column-legacy.js
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/
2 KB
837 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-column-legacy.js?ver=6.1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
bc7b145a0eb35703d5ce10b9204920b9d09e4454bc2288addc9ed5142862f9cd
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:51:12 GMT
server
nginx
etag
W/"619-5eb94f46d80f4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.textillate.js
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/library/
6 KB
2 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/library/jquery.textillate.js?ver=2.0
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
e8b416c2f2a14bb138209a5ce434802a742d3de53ce668445485e5423efa1fb2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:51:12 GMT
server
nginx
etag
W/"1717-5eb94f46d9094"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-title.js
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/
4 KB
2 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-title.js?ver=6.1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
fb84c55756f2946fd5d5c6c6d3f7a62079c1d7a7123b6c817832835e82b3270c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:51:12 GMT
server
nginx
etag
W/"e85-5eb94f46d80f4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-modal.js
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/
3 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-modal.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
0e19faf0a539d09a276473d2e2b1604a7343e56557f1c1b06b3c6f227ac4db9c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:51:12 GMT
server
nginx
etag
W/"a92-5eb94f46d7d0c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-container.js
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/
16 KB
3 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-container.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
65347e16a9383e200a2e32223e7471f8add0c899f24ddee20bca454c6f7de583
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:51:12 GMT
server
nginx
etag
W/"3e81-5eb94f46d7d0c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
avada-elastic-slider.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/
565 B
661 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-elastic-slider.js?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
3647d841b21197b1efa74e92c861a3bf4cebef0f9a33f5a4c0ea276d74c768b0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"235-5eb94f0f4f2e5"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
avada-drop-down.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/
6 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-drop-down.js?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
579683e317a76a9a6758e42680b394e80957cbdd2863c25abac9a875852abfc7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"17b6-5eb94f0f4eefc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
avada-to-top.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/
1017 B
865 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-to-top.js?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
2b2c2f9810fbe4d8643c2f6b9359daa7dd67b78cffa63e6746202c76d068547e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"3f9-5eb94f0f4eefc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
avada-header.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/
31 KB
4 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-header.js?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
80669a9bb1655e529ea0f150945f879706df8fc3957bc1c02d07cdbb6862f60b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"7d2b-5eb94f0f4f2e5"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
avada-menu.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/
39 KB
7 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-menu.js?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
11181d395c0be8cd6705515ab1e773e64dadf2eb342badf535ebe21d3825897f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"9ac5-5eb94f0f4f2e5"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
bootstrap.scrollspy.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/library/
3 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/library/bootstrap.scrollspy.js?ver=3.3.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
5c569522330e4e6b040229701ae98650839c5baa9912e15f821ffef8341187f5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"a9a-5eb94f0f4fab5"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
avada-scrollspy.js
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/
845 B
756 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-scrollspy.js?ver=7.8.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
b66b53112e230d6a90572fd4af0506b89a3021fedad6e9395ad85dc7a3b32094
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:13 GMT
server
nginx
etag
W/"34d-5eb94f0f4f2e5"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-responsive-typography.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/
3 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-responsive-typography.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
4cb4122592bfa905b2f19c491d0beb0f47a6e609694998e2f002e5e5d403b521
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"dd8-5eb94f0f83acd"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-scroll-to-anchor.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/
6 KB
2 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-scroll-to-anchor.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
0925ff0405f3cdb2fa37bbd7fe7431e77451c294cf8b2e28c9497a18dc7894a9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"17bf-5eb94f0f836e4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-general-global.js
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/
496 B
663 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-general-global.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
709432d669fa084fba23a097defbdecc8097a07717c30ac6f915314bf2a05933
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
W/"1f0-5eb94f0f83acd"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-video.js
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/
2 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-video.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
9a0a34bc67f5d3623591214473ac2d449be18a8ce1cb5e531b185ef22a09b31f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:51:12 GMT
server
nginx
etag
W/"815-5eb94f46d84dc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
fusion-column.js
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/
1 KB
849 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-column.js?ver=1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
0db4581da25e31921f01cc132b22a55b140c1b6e4291dbe0b74e18cbc1499b54
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:51:12 GMT
server
nginx
etag
W/"42a-5eb94f46d84dc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
core.min.js
threatresearch.ext.hp.com/wp-includes/js/jquery/ui/
21 KB
7 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
ca7154cdda62b535ceaba9ad2a2b2217ff49de94c069a2c4e89733f3f06b3651
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:35:46 GMT
server
nginx
etag
W/"53c0-5ee7de3f8bcb1"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
datepicker.min.js
threatresearch.ext.hp.com/wp-includes/js/jquery/ui/
36 KB
11 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.13.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
8821cd10861112ac07254592b0b332abd02cfb6ac32c0ac71378be0fb58c309f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:35:46 GMT
server
nginx
etag
W/"8f7b-5ee7de3f8ad11"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
mouse.min.js
threatresearch.ext.hp.com/wp-includes/js/jquery/ui/
3 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
809ec973a018b6bf8ac18e74bfffc3d25182e6f44df00128d531cf3e07570ee6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:35:46 GMT
server
nginx
etag
W/"d4a-5ee7de3f89989"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
slider.min.js
threatresearch.ext.hp.com/wp-includes/js/jquery/ui/
10 KB
3 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/jquery/ui/slider.min.js?ver=1.13.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
5a95ac55c7f0f440eb1984d8da5d548f23ae0cbbb1babf81d985d810346c9dbf
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:35:46 GMT
server
nginx
etag
W/"29e8-5ee7de3f8a541"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.ui.touch-punch.js
threatresearch.ext.hp.com/wp-includes/js/jquery/
1 KB
975 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/jquery/jquery.ui.touch-punch.js?ver=0.2.2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
196bed4faf0fe38b89a496b1f41319b2a8077263f85819f8ad42933e0a2e2e52
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 17 Dec 2018 17:45:39 GMT
server
nginx
etag
W/"49b-57d3b595776c0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
mediaelement-and-player.min.js
threatresearch.ext.hp.com/wp-includes/js/mediaelement/
154 KB
35 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
b15c3ea03d50c2430490e7416733a254feea4237bb60b54181bd3473ebe4149f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:35:46 GMT
server
nginx
etag
W/"26935-5ee7de3f8fb32"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
mediaelement-migrate.min.js
threatresearch.ext.hp.com/wp-includes/js/mediaelement/
1 KB
944 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Thu, 23 Jun 2022 08:46:12 GMT
server
nginx
etag
W/"4a7-5e2197c5c7e81"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-mediaelement.min.js
threatresearch.ext.hp.com/wp-includes/js/mediaelement/
906 B
858 B
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
3e6131330963c472b950b8aaf544ba3829735b8ccb103d614ba7793e3a786550
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Fri, 30 Apr 2021 03:10:53 GMT
server
nginx
etag
W/"38a-5c127f5aab452"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
underscore.min.js
threatresearch.ext.hp.com/wp-includes/js/
18 KB
7 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/underscore.min.js?ver=1.13.4
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
726b820e44f6ab90ad991d30a4bf26d3a5d71493cbcd1fb1efd0d14e89b9df2a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:35:46 GMT
server
nginx
etag
W/"4991-5ee7de3f86e90"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-util.min.js
threatresearch.ext.hp.com/wp-includes/js/
1 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/wp-util.min.js?ver=6.1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
3bc6467a95cec8fa516c6f5f69e1301e37e16f9bb1046fe7756729249f901b95
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:35:46 GMT
server
nginx
etag
W/"592-5ee7de3f906eb"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
backbone.min.js
threatresearch.ext.hp.com/wp-includes/js/
23 KB
8 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/backbone.min.js?ver=1.4.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
a714d3e7cd0751a5f1428881d65043743826415dbdcf7b3f3bc3f938180f18da
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:35:46 GMT
server
nginx
etag
W/"5d28-5ee7de3f8c099"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-playlist.min.js
threatresearch.ext.hp.com/wp-includes/js/mediaelement/
3 KB
1 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-includes/js/mediaelement/wp-playlist.min.js?ver=6.1.1
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
a0ee283f00bfe45c9bc531f8cc7ae149f4bab2d212f6904b9eb64df0f6b71e24
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Mon, 28 Nov 2022 01:35:46 GMT
server
nginx
etag
W/"d75-5ee7de3f8fb32"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
views-frontend.js
threatresearch.ext.hp.com/wp-content/plugins/wp-views/public/js/
76 KB
13 KB
Script
General
Full URL
https://threatresearch.ext.hp.com/wp-content/plugins/wp-views/public/js/views-frontend.js?ver=3.6.3
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
cloudproxy10059.sucuri.net
Software
nginx /
Resource Hash
14d05a8eaa240594562514e267d5dc4578cbb84a27b020345334c2a335fa2242
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-proxy-cache
MISS
date
Mon, 19 Dec 2022 10:56:39 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
content-encoding
br
x-proxy-cache-info
0 NC:000000 UP:
x-sucuri-cache
HIT
host-header
6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection
1; mode=block
last-modified
Thu, 19 May 2022 22:31:36 GMT
server
nginx
etag
W/"1316a-5df64efcc5cb0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
15009
expires
Thu, 31 Dec 2037 23:55:55 GMT
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.75.165.98 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-75-165-98.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Mon, 19 Dec 2022 10:56:40 GMT
Content-Encoding
gzip
Last-Modified
Fri, 09 Sep 2022 01:18:39 GMT
Server
AkamaiNetStorage
ETag
"92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
728
awb-icons.woff
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/
20 KB
20 KB
Font
General
Full URL
https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/awb-icons.woff
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:fe80:1010::17:8 , United States, ASN30148 (SUCURI-SEC, US),
Reverse DNS
Software
nginx /
Resource Hash
370c8c8b69b06cb4193000e87c36d9efb2d55dcf1ef270cdea0ecc47d1aa3a61
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://threatresearch.ext.hp.com/
Origin
https://threatresearch.ext.hp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Mon, 19 Dec 2022 10:56:40 GMT
content-security-policy
upgrade-insecure-requests;
x-content-type-options
nosniff
x-sucuri-cache
HIT
host-header
8441280b0c35cbc1147f8ba998a563a7
content-length
20336
x-xss-protection
1; mode=block
last-modified
Sat, 22 Oct 2022 00:50:14 GMT
server
nginx
etag
"4f70-5eb94f0f8235c"
x-frame-options
SAMEORIGIN
content-type
font/woff
access-control-allow-origin
*
x-httpd
1
cache-control
max-age=315360000
x-sucuri-id
19017
accept-ranges
bytes
x-proxy-cache
HIT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatresearch.ext.hp.com/
Origin
https://threatresearch.ext.hp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 12 Dec 2022 17:43:57 GMT
x-content-type-options
nosniff
age
580363
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13036
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:04:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Dec 2023 17:43:57 GMT
Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2
fonts.gstatic.com/s/josefinsans/v25/
26 KB
26 KB
Font
General
Full URL
https://fonts.gstatic.com/s/josefinsans/v25/Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3701f4ae604d8fccb4ddca393e076a456aebfb06c1a9d94c1c13089293f55716
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatresearch.ext.hp.com/
Origin
https://threatresearch.ext.hp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sun, 18 Dec 2022 13:52:06 GMT
x-content-type-options
nosniff
age
75874
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26592
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 20:56:22 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 18 Dec 2023 13:52:06 GMT
clientlib-hf-fontface.b22705a833161152e97e23aed2dba7ff.css
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlibs-fonts/us/en/
2 KB
609 B
Stylesheet
General
Full URL
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlibs-fonts/us/en/clientlib-hf-fontface.b22705a833161152e97e23aed2dba7ff.css
Requested by
Host: www8.hp.com
URL: https://www8.hp.com/us/en/scripts/framework/jquery/v-1-8/jquery.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
bf7c1ee4ea1d4db7943015c49b30ba3fd16e656409476c693213cc0899995a54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher
dispatcher2westus2
date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-vhost
globalnav
content-length
327
last-modified
Thu, 15 Dec 2022 19:15:31 GMT
server
Apache
etag
"983-5efe2ad32fac0-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=294426
accept-ranges
bytes
expires
Thu, 22 Dec 2022 20:43:46 GMT
clientlib-hpi-hf-r-css.b22705a833161152e97e23aed2dba7ff.css
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/
99 KB
13 KB
Stylesheet
General
Full URL
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.b22705a833161152e97e23aed2dba7ff.css
Requested by
Host: www8.hp.com
URL: https://www8.hp.com/us/en/scripts/framework/jquery/v-1-8/jquery.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3f0c35c186a443edd70777b18f9dc725baf2952a24466697f3123b56a60b6668
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher
dispatcher1westus2
date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-vhost
globalnav
content-length
12634
last-modified
Thu, 15 Dec 2022 19:08:42 GMT
server
Apache
etag
"18c9e-5efe294d22280-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=292916
accept-ranges
bytes
expires
Thu, 22 Dec 2022 20:18:36 GMT
clientlib-hf-js.51c2c2e74d1424e6ddae709ba9728d3e.js
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/
205 KB
46 KB
Script
General
Full URL
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hf-js.51c2c2e74d1424e6ddae709ba9728d3e.js
Requested by
Host: www8.hp.com
URL: https://www8.hp.com/us/en/scripts/framework/jquery/v-1-8/jquery.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b4fd3d2682af09e6cbec0df0e6e487ce412b96c5dfbc4c8abe9e0a6e4ac9e2dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher
dispatcher1westus2
date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-vhost
globalnav
content-length
47056
last-modified
Thu, 15 Dec 2022 19:08:42 GMT
server
Apache
etag
"33437-5efe294d22280-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=292729
accept-ranges
bytes
expires
Thu, 22 Dec 2022 20:15:29 GMT
gtm.js
www.googletagmanager.com/
484 KB
117 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PDHM2PK
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4b2914bf4eb22edc4b0af212e3bf6fd237d9d83d6eee1680aa4682158c663dd5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
119405
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Mon, 19 Dec 2022 10:56:40 GMT
Group%2011990@2x.png
www.hp.com/content/dam/sites/worldwide/dems/search/support/
983 B
1 KB
Image
General
Full URL
https://www.hp.com/content/dam/sites/worldwide/dems/search/support/Group%2011990@2x.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a297 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
0a4e5a184816d1a7d02aef64b08929cdc9e75657382b77aeeb7fa5decd975dd8
Security Headers
Name Value
Strict-Transport-Security max-age=600
X-Frame-Options SAMEORIGIN, SAMEORIGIN, SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
strict-transport-security
max-age=600
last-modified
Wed, 31 Aug 2022 20:19:29 GMT
x-serial
1341
server
Akamai Image Manager
x-check-cacheable
YES
akamai-grn
, , , , , , , , , , , , , , 0.97a02417.1671447400.293af320
etag
"9cd-5e78d541ac9c0"
x-frame-options
SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
content-type
image/png
cache-control
private, no-transform, max-age=49232
content-length
983
expires
Tue, 20 Dec 2022 00:37:12 GMT
Group%2011991@2x.png
www.hp.com/content/dam/sites/worldwide/dems/search/support/
921 B
1 KB
Image
General
Full URL
https://www.hp.com/content/dam/sites/worldwide/dems/search/support/Group%2011991@2x.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a297 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
b16f7ee66e29b27d1f14719cefc0e67211523787cc1729be52322583175d0cec
Security Headers
Name Value
Strict-Transport-Security max-age=600
X-Frame-Options SAMEORIGIN, SAMEORIGIN, SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
strict-transport-security
max-age=600
last-modified
Wed, 31 Aug 2022 20:37:49 GMT
server
Akamai Image Manager
akamai-grn
, , , , , , 0.97a02417.1671447400.293af36e
etag
"992-5e78d540b8780"
x-frame-options
SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
content-type
image/png
cache-control
private, no-transform, max-age=48131
content-length
921
expires
Tue, 20 Dec 2022 00:18:51 GMT
Group%2011992@2x.png
www.hp.com/content/dam/sites/worldwide/dems/search/support/
1023 B
1 KB
Image
General
Full URL
https://www.hp.com/content/dam/sites/worldwide/dems/search/support/Group%2011992@2x.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a297 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
04b7e0e82e49247408274fb7bb56b942d8d3e5b8233fe00590b22411e390d237
Security Headers
Name Value
Strict-Transport-Security max-age=600
X-Frame-Options SAMEORIGIN, SAMEORIGIN, SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
strict-transport-security
max-age=600
last-modified
Wed, 31 Aug 2022 20:26:51 GMT
x-serial
448
server
Akamai Image Manager
x-check-cacheable
YES
akamai-grn
, , , , , 0.97a02417.1671447400.293af36f
etag
"9ff-5e78d540b8780"
x-frame-options
SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
content-type
image/png
cache-control
private, no-transform, max-age=48788
content-length
1023
expires
Tue, 20 Dec 2022 00:29:48 GMT
black-logo-hp.png
www8.hp.com/content/dam/sites/worldwide/galactic-nav/
894 B
1 KB
Image
General
Full URL
https://www8.hp.com/content/dam/sites/worldwide/galactic-nav/black-logo-hp.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
3ff29527b86595610b0b3281abfbf51f6e38c7d9c1afa8e877ea993a2e8cd799

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
last-modified
Sun, 11 Dec 2022 14:12:25 GMT
server
Akamai Image Manager
etag
"111e-5d9418d94e3c0"
content-type
image/webp
cache-control
private, no-transform, max-age=64193
content-length
894
expires
Tue, 20 Dec 2022 04:46:33 GMT
z-by-hp-new.png
www8.hp.com/content/dam/sites/worldwide/galactic-nav/
584 B
772 B
Image
General
Full URL
https://www8.hp.com/content/dam/sites/worldwide/galactic-nav/z-by-hp-new.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
a3bee7ffc1e0104eef9846229b8d875f7125fcbb23fc6930ef2f830c28741bbc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
last-modified
Sun, 17 Jul 2022 13:09:43 GMT
server
Akamai Image Manager
etag
"88f-5d5e04edc3c00"
content-type
image/png
cache-control
private, no-transform, max-age=54998
content-length
584
expires
Tue, 20 Dec 2022 02:13:18 GMT
OMEN-logo3.png
www8.hp.com/content/dam/sites/worldwide/galactic-nav/
1 KB
2 KB
Image
General
Full URL
https://www8.hp.com/content/dam/sites/worldwide/galactic-nav/OMEN-logo3.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
5dc4132c6d0e42b159c7574181aaa98129b445c3f9569548c61d36873f8d23b2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
last-modified
Sat, 11 Jun 2022 18:41:51 GMT
server
Akamai Image Manager
etag
"16b5-5d4dabdfd33c0"
content-type
image/png
cache-control
private, no-transform, max-age=24845
content-length
1396
expires
Mon, 19 Dec 2022 17:50:45 GMT
HYPER-X-logo7.png
www8.hp.com/content/dam/sites/worldwide/galactic-nav/
3 KB
3 KB
Image
General
Full URL
https://www8.hp.com/content/dam/sites/worldwide/galactic-nav/HYPER-X-logo7.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
68a1b82779788f93c7b77702d5fef83c9f8dfc089f72beb4d7629f5d4ade180b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
last-modified
Wed, 05 Jan 2022 19:18:10 GMT
server
Akamai Image Manager
etag
"2dcc-5d4da979a8ac0"
content-type
image/webp
cache-control
private, no-transform, max-age=52912
content-length
3126
expires
Tue, 20 Dec 2022 01:38:32 GMT
arize-hp-logo2.png
www8.hp.com/content/dam/sites/worldwide/galactic-nav/
2 KB
2 KB
Image
General
Full URL
https://www8.hp.com/content/dam/sites/worldwide/galactic-nav/arize-hp-logo2.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
a75e8ab5771af0ea36e62f66d3edbe0ec14657b04e87bf99a46a891e652c1add

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
last-modified
Tue, 02 Aug 2022 22:01:00 GMT
server
Akamai Image Manager
etag
"1bb2-5d58fff4f9b00"
content-type
image/webp
cache-control
private, no-transform, max-age=9472
content-length
2330
expires
Mon, 19 Dec 2022 13:34:32 GMT
poly@3x.png
www8.hp.com/content/dam/sites/worldwide/galactic-nav/
2 KB
2 KB
Image
General
Full URL
https://www8.hp.com/content/dam/sites/worldwide/galactic-nav/poly@3x.png
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
f305193707707d5489946d5960934e9d86d50dbc57fd76f927f134f0129e313d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
last-modified
Fri, 28 Oct 2022 15:37:42 GMT
server
Akamai Image Manager
etag
"d2a-5e9486f503d80"
content-type
image/png
cache-control
private, no-transform, max-age=66138
content-length
1824
expires
Tue, 20 Dec 2022 05:18:58 GMT
munchkin.js
munchkin.marketo.net/162/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/162/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js?ver=1.0.1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.75.165.98 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-75-165-98.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Mon, 19 Dec 2022 10:56:40 GMT
Content-Encoding
gzip
Last-Modified
Fri, 01 Jul 2022 00:59:12 GMT
Server
AkamaiNetStorage
ETag
"75daf56f6191efe42577301908659c29:1656637152.894482"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type
application/x-javascript
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4677
Expires
Wed, 29 Mar 2023 10:56:40 GMT
ipv
cdn.bizible.com/m/
43 B
304 B
Image
General
Full URL
https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=689fe4e49cf94526b7a5ac489e6fa6ea&_biz_s=1f0444&_biz_l=https%3A%2F%2Fthreatresearch.ext.hp.com%2Fmagniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates%2F&_biz_t=1671447400733&_biz_i=Magniber%20Ransomware%20Adopts%20JavaScript%2C%20Targeting%20Home%20Users%20with%20Fake%20Software%20Updates%20%7C%20HP%20Wolf%20Security&_biz_n=0&rnd=936186&cdn_o=a&_biz_z=1671447400734
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6760) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 19 Dec 2022 10:56:40 GMT
last-modified
Wed, 14 Dec 2022 14:12:16 GMT
server
ECS (frb/6760)
age
420264
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
Image/GIF
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
43
expires
-1
u
cdn.bizibly.com/
43 B
203 B
Image
General
Full URL
https://cdn.bizibly.com/u?_biz_u=689fe4e49cf94526b7a5ac489e6fa6ea&_biz_s=1f0444&_biz_l=https%3A%2F%2Fthreatresearch.ext.hp.com%2Fmagniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates%2F&_biz_t=1671447400736&_biz_i=Magniber%20Ransomware%20Adopts%20JavaScript%2C%20Targeting%20Home%20Users%20with%20Fake%20Software%20Updates%20%7C%20HP%20Wolf%20Security&rnd=842370&cdn_o=a&_biz_z=1671447400736
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67C2) /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 19 Dec 2022 10:56:40 GMT
last-modified
Thu, 15 Dec 2022 23:58:39 GMT
server
ECS (frb/67C2)
age
298681
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
Image/GIF
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
43
expires
-1
HPSimplifiedRegular.woff
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlibs-fonts/clientlib-hf-fontface-core/resources/fonts/
44 KB
43 KB
Font
General
Full URL
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlibs-fonts/clientlib-hf-fontface-core/resources/fonts/HPSimplifiedRegular.woff
Requested by
Host: www8.hp.com
URL: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlibs-fonts/us/en/clientlib-hf-fontface.b22705a833161152e97e23aed2dba7ff.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2 /
Resource Hash
24719977091e8bcc0071cf9d6515c874e8c2f1b96695367c1141aeba7710e1c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlibs-fonts/us/en/clientlib-hf-fontface.b22705a833161152e97e23aed2dba7ff.css
Origin
https://threatresearch.ext.hp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher
dispatcher1eastus2
unused62
8096267
date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-vhost
globalnav
content-length
43688
last-modified
Mon, 17 Aug 2020 19:53:29 GMT
server
Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2
etag
"af90-5ad181fddc040-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-font-woff
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Tue, 20 Dec 2022 10:56:40 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-197588716-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 19 Dec 2022 09:50:44 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
3956
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Mon, 19 Dec 2022 11:50:44 GMT
xdc.js
cdn.bizible.com/
84 B
493 B
Script
General
Full URL
https://cdn.bizible.com/xdc.js?_biz_u=689fe4e49cf94526b7a5ac489e6fa6ea&_biz_h=-1906410348&cdn_o=a&jsVer=4.22.11.18
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6711) /
Resource Hash
6d22e660ead72f14b0aa8e3dfc8de1da35f17e3559b489e00692f15f50faa1a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
gzip
server
ECS (frb/6711)
etag
EFEDFBC3
vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
text/javascript; charset=utf-8
cache-control
private, must-revalidate, max-age=21600
content-length
186
privacy-banner.js
www.hp.com/cma/ng/lib/exceptions/
16 KB
8 KB
Script
General
Full URL
https://www.hp.com/cma/ng/lib/exceptions/privacy-banner.js
Requested by
Host: www8.hp.com
URL: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hf-js.51c2c2e74d1424e6ddae709ba9728d3e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a297 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
56daa473cc200622ef8ef8c20eb3ded1d19a583b2e0810f8d459326b04f11463
Security Headers
Name Value
Strict-Transport-Security max-age=600
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=600
server
Apache
akamai-grn
, , , 0.97a02417.1671447400.293afa84
etag
"5ec1a6b6a80c0"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=7200
accept-ranges
bytes
content-length
8374
expires
Mon, 19 Dec 2022 12:56:40 GMT
newhplogo.ttf
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/
1 KB
1 KB
Font
General
Full URL
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/newhplogo.ttf
Requested by
Host: www8.hp.com
URL: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.b22705a833161152e97e23aed2dba7ff.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d075070aee6fff82f826766497e5141a38f5ae89ec2d91600c7ba9da58191e35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.b22705a833161152e97e23aed2dba7ff.css
Origin
https://threatresearch.ext.hp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher
dispatcher2eastus2
date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-vhost
globalnav
content-length
737
last-modified
Thu, 01 Oct 2020 18:02:05 GMT
server
Apache
etag
"4c0-5b09fd053e140-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-font-ttf
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Tue, 20 Dec 2022 10:56:40 GMT
united_states.gif
www8.hp.com/content/dam/hpit-aem-globalnav/flags/
296 B
488 B
Image
General
Full URL
https://www8.hp.com/content/dam/hpit-aem-globalnav/flags/united_states.gif
Requested by
Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
848f5ae901a6db38f9cdb30ad9d2908962b6bad10c6ca2239cc9e5c73040fb2b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:40 GMT
last-modified
Tue, 06 Oct 2020 21:30:45 GMT
server
Akamai Image Manager
etag
"253-5ad18c2b4c340"
content-type
image/webp
access-control-allow-origin
*
cache-control
private, no-transform, max-age=20227
content-length
296
expires
Mon, 19 Dec 2022 16:33:47 GMT
footericons.woff
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/
8 KB
4 KB
Font
General
Full URL
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/footericons.woff
Requested by
Host: www8.hp.com
URL: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.b22705a833161152e97e23aed2dba7ff.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2 /
Resource Hash
140b71e7ee1bc50ac88eacc4d1baf755e3799a112cfc8e1dae02ae0f14f26ead
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.b22705a833161152e97e23aed2dba7ff.css
Origin
https://threatresearch.ext.hp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher
dispatcher1eastus2
unused62
8096267
date
Mon, 19 Dec 2022 10:56:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-vhost
globalnav
content-length
3860
last-modified
Mon, 17 Aug 2020 19:53:28 GMT
server
Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2
etag
"2088-5ad181fce7e00-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-font-woff
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Tue, 20 Dec 2022 10:56:40 GMT
visitWebPage
497-itq-712.mktoresp.com/webevents/
2 B
318 B
Ping
General
Full URL
https://497-itq-712.mktoresp.com/webevents/visitWebPage?_mchNc=1671447400962&_mchCn=&_mchId=497-ITQ-712&_mchTk=_mch-hp.com-1671447400961-85129&_mchHo=threatresearch.ext.hp.com&_mchPo=&_mchRu=%2Fmagniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates%2F&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Mon, 19 Dec 2022 10:56:41 GMT
Content-Encoding
gzip
Server
nginx/1.20.1
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
aff81f37-6638-4fbf-bb6d-11af37dc1e0c
latest_icons.woff
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/
1 KB
1 KB
Font
General
Full URL
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/latest_icons.woff
Requested by
Host: www8.hp.com
URL: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.b22705a833161152e97e23aed2dba7ff.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2 /
Resource Hash
7a156f2f864432042b65e6a619f067bca03c7eaf855a7dcce14166f2f77a3487
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.b22705a833161152e97e23aed2dba7ff.css
Origin
https://threatresearch.ext.hp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher
dispatcher1eastus2
unused62
8096267
date
Mon, 19 Dec 2022 10:56:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-vhost
globalnav
content-length
839
last-modified
Mon, 17 Aug 2020 19:53:28 GMT
server
Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2
etag
"5a4-5ad181fce7e00-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-font-woff
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Tue, 20 Dec 2022 10:56:41 GMT
collect
www.google-analytics.com/j/
1 B
21 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=26878115&t=pageview&_s=1&dl=https%3A%2F%2Fthreatresearch.ext.hp.com%2Fmagniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates%2F&ul=en-us&de=UTF-8&dt=Magniber%20Ransomware%20Adopts%20JavaScript%2C%20Targeting%20Home%20Users%20with%20Fake%20Software%20Updates%20%7C%20HP%20Wolf%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=2146309068&gjid=1348303452&cid=1111156987.1671447401&tid=UA-197588716-1&_gid=303135760.1671447401&_r=1&gtm=2oubu0&did=dZGIzZG&gdid=dZGIzZG&z=496762966
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://threatresearch.ext.hp.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 19 Dec 2022 10:56:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatresearch.ext.hp.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/
2 B
22 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=26878115&t=pageview&_s=1&dl=https%3A%2F%2Fthreatresearch.ext.hp.com%2Fmagniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates%2F&ul=en-us&de=UTF-8&dt=Magniber%20Ransomware%20Adopts%20JavaScript%2C%20Targeting%20Home%20Users%20with%20Fake%20Software%20Updates%20%7C%20HP%20Wolf%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=240482115&gjid=114599166&cid=1111156987.1671447401&tid=UA-31745238-1&_gid=303135760.1671447401&_r=1&gtm=2oubu0&did=dZGIzZG&gdid=dZGIzZG&z=1102758791
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://threatresearch.ext.hp.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 19 Dec 2022 10:56:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatresearch.ext.hp.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
mu.js
www.hp.com/cma/ng/lib/exceptions/
82 KB
33 KB
Script
General
Full URL
https://www.hp.com/cma/ng/lib/exceptions/mu.js
Requested by
Host: hp.com
URL: https://hp.com/cma/ng/lib/exceptions/privacy-banner.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a297 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
40fe0531af10f8e894b2206b9b54f135e80505b1768b730a93eadf8e1e8af174
Security Headers
Name Value
Strict-Transport-Security max-age=600
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=600
server
Apache
akamai-grn
, , 0.97a02417.1671447401.293afc6d
etag
"5eca75b7a7980"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=7200
accept-ranges
bytes
content-length
33754
expires
Mon, 19 Dec 2022 12:56:41 GMT
exparrow.ttf
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/
1 KB
933 B
Font
General
Full URL
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/exparrow.ttf
Requested by
Host: www8.hp.com
URL: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.b22705a833161152e97e23aed2dba7ff.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2 /
Resource Hash
d94db9ce60ff8e6a0e1dcdab83ff6d1f60dd5c28b50d8f027f5fe268f87fa5ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.b22705a833161152e97e23aed2dba7ff.css
Origin
https://threatresearch.ext.hp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher
dispatcher1eastus2
unused62
8096267
date
Mon, 19 Dec 2022 10:56:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-vhost
globalnav
content-length
585
last-modified
Mon, 17 Aug 2020 19:53:28 GMT
server
Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2
etag
"420-5ad181fce7e00-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-font-ttf
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Tue, 20 Dec 2022 10:56:41 GMT
close.ttf
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/
1 KB
937 B
Font
General
Full URL
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/close.ttf
Requested by
Host: www8.hp.com
URL: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.b22705a833161152e97e23aed2dba7ff.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.69.71 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-69-71.deploy.static.akamaitechnologies.com
Software
Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2 /
Resource Hash
7d2949d827d3f71a1a610d17034a34844cc3f2169cb8ce1c4b28665316bc0c0a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.b22705a833161152e97e23aed2dba7ff.css
Origin
https://threatresearch.ext.hp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-dispatcher
dispatcher1eastus2
unused62
8096267
date
Mon, 19 Dec 2022 10:56:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-vhost
globalnav
content-length
589
last-modified
Mon, 17 Aug 2020 19:53:28 GMT
server
Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2
etag
"414-5ad181fce7e00-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-font-ttf
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Tue, 20 Dec 2022 10:56:41 GMT
collect
stats.g.doubleclick.net/j/
4 B
448 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-31745238-1&cid=1111156987.1671447401&jid=240482115&gjid=114599166&_gid=303135760.1671447401&_u=YEDAAUABAAAAACAAI~&z=885758328
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0d::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://threatresearch.ext.hp.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Mon, 19 Dec 2022 10:56:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://threatresearch.ext.hp.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
21 KB
8 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.hp.com
URL: https://www.hp.com/cma/ng/lib/exceptions/mu.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 19 Dec 2022 10:56:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
e0VkrpV+7zqDAjQ/RMXPsw==
age
41623
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
7151
x-ms-lease-status
unlocked
last-modified
Fri, 16 Dec 2022 04:11:39 GMT
server
cloudflare
etag
0x8DADF1BA184D727
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
26e168d1-b01e-0029-41ac-11aea4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
77bf9cf1cadf90d6-FRA
ga-audiences
www.google.com/ads/
42 B
501 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-31745238-1&cid=1111156987.1671447401&jid=240482115&_u=YEDAAUABAAAAACAAI~&z=2004542346
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 19 Dec 2022 10:56:41 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
501 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-31745238-1&cid=1111156987.1671447401&jid=240482115&_u=YEDAAUABAAAAACAAI~&z=2004542346
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 19 Dec 2022 10:56:41 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
d8197f25-dce3-4110-addb-f3ffbe70bcbd.json
cdn.cookielaw.org/consent/d8197f25-dce3-4110-addb-f3ffbe70bcbd/
9 KB
3 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/d8197f25-dce3-4110-addb-f3ffbe70bcbd/d8197f25-dce3-4110-addb-f3ffbe70bcbd.json
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b97b640e8caf3a6aeb76186fad0057593970b7ce2945add451dae091be04350c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 19 Dec 2022 10:56:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
pA9uKCn2+RsSXb3Q+TxybQ==
age
2416
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2608
x-ms-lease-status
unlocked
last-modified
Tue, 22 Nov 2022 09:46:56 GMT
server
cloudflare
etag
0x8DACC6E7EAAFC6A
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
8d3c4993-601e-002b-6f59-feac5e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
77bf9cf21beb929b-FRA
expires
Tue, 20 Dec 2022 10:56:41 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
66 B
303 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://threatresearch.ext.hp.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 19 Dec 2022 10:56:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
77bf9cf29cb6926d-FRA
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.39.0/
372 KB
89 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0ba033e6cb25fa6e20186d6d8113cc3821028b7891c93eebe671b75f6eebc3f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 19 Dec 2022 10:56:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Zp/CcrZmK7hQ2S6c/t9Tpw==
age
41623
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
90454
x-ms-lease-status
unlocked
last-modified
Fri, 26 Aug 2022 16:31:04 GMT
server
cloudflare
etag
0x8DA87805EB35DE2
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
a98cb099-e01e-0171-4a83-b9ec8a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
77bf9cf2ed2290d6-FRA
en-us.json
cdn.cookielaw.org/consent/d8197f25-dce3-4110-addb-f3ffbe70bcbd/79a7d4b1-1cd6-41c0-98fa-a258972139b8/
270 KB
47 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/d8197f25-dce3-4110-addb-f3ffbe70bcbd/79a7d4b1-1cd6-41c0-98fa-a258972139b8/en-us.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
563747bd06e81569c64a65ce1c5af6126ee888e07072d254687e541dbb8450e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 19 Dec 2022 10:56:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
K5IkOh7BaqoipxujbLEVRQ==
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
47936
x-ms-lease-status
unlocked
last-modified
Tue, 22 Nov 2022 09:46:50 GMT
server
cloudflare
etag
0x8DACC6E7A9D5FAF
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
3ad6ddfd-201e-0068-325b-fe86b7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
77bf9cf34e9e929b-FRA
expires
Tue, 20 Dec 2022 10:56:41 GMT
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/6.39.0/assets/
9 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otCenterRounded.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d94edd219d965011aa7c423435675f8fc3aba340d1d2a45840c88592b922dbf2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 19 Dec 2022 10:56:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Qf6Hj+Kf+u3YI1ZamXkcOw==
age
2416
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2612
x-ms-lease-status
unlocked
last-modified
Fri, 26 Aug 2022 16:30:56 GMT
server
cloudflare
etag
0x8DA878059EDB228
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
f8e8749e-401e-0051-0278-b9c613000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
77bf9cf3bf88929b-FRA
otPcTab.json
cdn.cookielaw.org/scripttemplates/6.39.0/assets/v2/
63 KB
14 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/v2/otPcTab.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0cc5068304cfb22bbddb5a9800f7c59d843824381ad7183f89291ae41a6d09b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 19 Dec 2022 10:56:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
PpYet/3D+UMQBHrd1SR49w==
age
2416
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
13981
x-ms-lease-status
unlocked
last-modified
Fri, 26 Aug 2022 16:30:58 GMT
server
cloudflare
etag
0x8DA87805B3CBC97
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
8ec6017a-d01e-0150-6978-b981bb000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
77bf9cf3bf8d929b-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/6.39.0/assets/
22 KB
5 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 19 Dec 2022 10:56:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
B55i3ZY9miZIaUrwjufy0w==
age
2416
x-ms-lease-status
unlocked
last-modified
Fri, 26 Aug 2022 16:31:09 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
a97584b3-e01e-0171-6b78-b9ec8a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
77bf9cf3bf91929b-FRA
hp_logo.gif
cdn.cookielaw.org/logos/4abb22ef-0e20-458e-be93-e351ad21c465/a3f73d0e-a0d6-4b32-9444-47fc97baefe0/
1 KB
1 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/4abb22ef-0e20-458e-be93-e351ad21c465/a3f73d0e-a0d6-4b32-9444-47fc97baefe0/hp_logo.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54ed90f80a10bef5bb9ca48da0a4a97cd75dff3c1fcf220ba3335dcf9aeb576e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 19 Dec 2022 10:56:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
v7jYSLqzJ+a4UzP7TytjRg==
age
41119
content-length
1118
x-ms-lease-status
unlocked
last-modified
Wed, 19 Feb 2020 08:36:03 GMT
server
cloudflare
etag
0x8D7B516C14BEE48
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
x-ms-request-id
c4267b48-e01e-00f6-7ca8-2cfff0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
77bf9cf43fa990d6-FRA
powered_by_logo.svg
cdn.cookielaw.org/logos/static/
7 KB
3 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99c967c84f5947041a529dd99136e428117246d87dcf40819eae5c3937236c01
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatresearch.ext.hp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 19 Dec 2022 10:56:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
nvsqHj63Mt+zbyhgtmGw4w==
age
36614
x-ms-lease-status
unlocked
last-modified
Thu, 15 Dec 2022 13:30:09 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
72a855b3-101e-0085-3cfa-108f33000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
77bf9cf43fae90d6-FRA

Verdicts & Comments Add Verdict or Comment

310 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange function| $ function| jQuery object| can function| Scanner object| HP object| loaderScriptElement function| initHF function| hfwsGetHeaderFooter boolean| CAAS_HF_CLIENTSIDE string| wmts_license_status string| mi_version boolean| mi_track_user string| mi_no_track_reason object| disableStrs function| __gtagTrackerIsOptedOut undefined| index function| __gtagTrackerOptout function| gaOptout function| __gtagDataLayer function| __gtagTracker object| dataLayer object| MonsterInsightsDualTracker function| gtag function| __gaTracker object| LS_Meta object| monsterinsights_frontend object| thumbs_rating_ajax object| MktoForms2 function| readCookie function| get_url_var function| form_ready object| WONDERPLUGIN_SLIDER_SKIN_OPTIONS string| key object| WONDERPLUGIN_SLIDER_TEXT_EFFECT_FORMATS object| WONDERPLUGIN_SLIDER_CUSTOM_TEXT_EFFECT function| ASliderTimer object| ASPlatforms object| wonderpluginsliderObjects boolean| ASYouTubeIframeAPIReady number| ASYouTubeTimeout number| wonderpluginsliderId function| onYouTubeIframeAPIReady function| setREVStartSize object| doc object| RS_MODULES object| mtphr_dnt_vars object| pp_ajax_form object| socialWarfare object| fusionAnimationsVars object| fusionJSVars object| fusionLightboxVideoVars object| fusionEqualHeightVars object| fusionVideoGeneralVars object| fusionVideoBgVars object| fusionLightboxVars object| avadaRevVars object| avadaLiveSearchVars object| fusionFlexSliderVars object| fusionContainerVars object| avadaElasticSliderVars object| avadaSelectVars object| avadaToTopVars object| avadaHeaderVars object| avadaMenuVars object| fusionTypographyVars object| fusionScrollToAnchorVars object| fusionVideoVars object| mejsL10n object| _wpmejsSettings object| _wpUtilSettings object| wpv_pagination_local string| swp_nonce boolean| swpFloatBeforeContent string| swp_ajax_url string| swp_post_id boolean| swpClickTracking object| toolsetCommonEs function| _initLayerSlider undefined| LS_oldGS undefined| LS_oldGSQueue undefined| LS_oldGSDefine object| LS_GSAP object| _gsScope undefined| GreenSockGlobals undefined| _gsQueue undefined| _gsDefine object| _layerSlider object| _layerSliders object| _lsData object| layerSliderTransitions function| MonsterInsights object| MonsterInsightsObject function| thumbs_rating_vote function| load3DCarouselHtml5LightBox object| wp3DCarouselLightboxObjects object| wp3DCarouselObjects function| flatpickr function| EvEmitter function| imagesLoaded function| ppFormRecaptchaLoadCallback object| ppressCheckoutForm object| cssua function| fusionSetAnimationData object| awbAnimationObservers object| html5 object| Modernizr object| fusion object| browserPrefixes function| _fusionRefreshScroll function| _fusionParallaxAll function| _fusionRefreshWindow object| _fusionImageParallaxImages function| playVideoAndPauseOthers object| $youtubeBGVideos function| _fbRowGetAllElementsWithAttribute function| _fbRowOnPlayerReady function| _fbRowOnPlayerStateChange function| resizeVideo function| vimeoReady function| fusionInitVimeoPlayers function| avadaLightBoxInitializeLightbox object| avadaLightBox object| $ilInstances function| fusionInitTooltips undefined| prevCallback object| fusionTimeout function| registerYoutubePlayers function| onPlayerReady function| loadYoutubeIframeAPI function| onYouTubePlayerAPIReadyCallback function| onPlayerStateChange function| ytVidId function| insertParam function| fusionYouTubeTimeout function| onYouTubePlayerAPIReady function| YTReady object| Vimeo boolean| VimeoPlayerResizeEmbeds_ function| avadaAddQuantityBoxes function| compositeAddQuantityBoxes function| fusionResizeCrossfadeImagesContainer function| calcSelectArrowDimensions function| avadaAddRevStyles function| avadaRemoveRevStyles function| avadaLiveSearch object| awb_oc_timeouts object| awbOffCanvas function| fusionInitPostFlexSlider function| fusionDestroyPostFlexSlider function| fusionCalcColumnEqualHeights function| getScrollBarWidth function| fusionInitStickyContainers function| fusionInitSticky function| fusionGetStickyOffset function| initScrollingSections function| setCorrectResizeValuesForScrollSections function| scrollToCurrentScrollSection function| getScrollSectionPositionValues function| addAvadaSelectStyles function| removeAvadaSelectStyles function| avadaUpdateToTopPostion function| fusionDisableStickyHeader function| fusionInitStickyHeader function| getStickyHeaderHeight function| resizeOverlaySearch function| fusionGetScrollOffset function| fusionCalculateResponsiveTypeValues function| fusionSetOriginalTypographyData function| fusionInitTypography function| checkHoverTouchState function| fusionInitStickyColumns object| mejs function| MediaElement object| HtmlMediaElement function| DefaultPlayer function| MediaElementPlayer object| wp function| _ object| Backbone function| WPPlaylistView object| wpvPaginationAjaxLoaded object| wpvPaginationAnimationFinished object| wpvPaginationQueue object| jQuery18308475851200006332 string| responsiveTypeElements string| fusionBaseFontSize object| gsapVersions object| tpGS object| punchgs object| google_tag_manager object| RSANYID object| RSANYID_sliderID boolean| _R_is_Editor function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| Bizible object| BizTrackingA object| BizA object| _vis_opt_queue object| LC_API number| lastYPosition boolean| scrollDisabled object| wpvCachedPages object| wpvCachedImages object| google_tag_data string| GoogleAnalyticsObject function| ga number| _fusionScrollTop number| _fusionWindowHeight number| _fusionScrollLeft number| _fusionWindowWidth undefined| signInButtons undefined| signOutButtons undefined| signedItems undefined| profileName undefined| signInLoaders undefined| dataSso undefined| gnbSsoCheckUrl undefined| signinSections undefined| signinMenu undefined| menuItems undefined| myAccount undefined| currentURL undefined| urlHash undefined| headerTab undefined| rof function| setPostionMinicart string| languageRTLFlag boolean| country_flag function| langDirection function| checkResolution number| screen_size object| gnav undefined| menuFE undefined| hashCheck undefined| gnbSsoCheck undefined| printData undefined| metrics object| ~hpgn~ object| MunchkinTracker object| gaplugins object| gaGlobal object| gaData function| getHTMLtag function| getMeta function| getCharSet function| getShortHn function| getOwnerHn function| getCookieHn string| t0n number| tMu number| t0 object| cMkt object| cReg string| iscsS object| iscsA string| iscsCS object| iscsCA string| devRE string| magCS object| magCA object| la function| mapHPc string| lmap function| isC function| isL function| isCL function| urlCL function| metaL function| metaC function| getCcLc function| ifM function| findS function| getReg function| getCur function| getX function| regRSIDs function| buildDomainList function| getPlatform function| gST function| hyperXcc object| mus function| metaUdlSite object| section object| _A function| syncXD object| _O number| clearCheckID object| php_js object| fusionVimeoPlayers boolean| mobileMenuSepAdded number| mtIter number| mtIntvl object| mediaTax boolean| mediaTaxReadyFlag boolean| commercialFlagReady number| mktPageView function| checkOptGroup string| optanonConsentGroups object| OneTrustStub object| _this string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| Optanon object| OneTrust string| w

21 Cookies

Domain/Path Name / Value
www.hp.com/content/dam/sites/worldwide/dems/search/support Name: aka_client_code
Value: DE-de
www.hp.com/us-en/scripts/framework/jquery/v-1-8 Name: aka_client_code
Value: DE-de
www.hp.com/cma/ng/lib/exceptions Name: aka_client_code
Value: DE-de
.hp.com/ Name: _biz_uid
Value: 689fe4e49cf94526b7a5ac489e6fa6ea
.hp.com/ Name: _biz_sid
Value: 1f0444
.hp.com/ Name: _biz_nA
Value: 1
.bizible.com/ Name: _BUID
Value: 689fe4e49cf94526b7a5ac489e6fa6ea
.bizibly.com/ Name: _BUID
Value: 2a12b6830c57950e65633a093e7cd85f
.hp.com/ Name: _biz_pendingA
Value: %5B%5D
.hp.com/ Name: _mkto_trk
Value: id:497-ITQ-712&token:_mch-hp.com-1671447400961-85129
.hp.com/ Name: dcm_s
Value: 1671447400993.1435400646
.hp.com/ Name: _ga
Value: GA1.2.1111156987.1671447401
.hp.com/ Name: _gid
Value: GA1.2.303135760.1671447401
.hp.com/ Name: _gat_gtag_UA_197588716_1
Value: 1
.hp.com/ Name: _gat_gtag_UA_31745238_1
Value: 1
.hp.com/ Name: _biz_flagsA
Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.hp.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Mon+Dec+19+2022+10%3A56%3A41+GMT%2B0000+(GMT)&version=6.39.0&isIABGlobal=false&hosts=&consentId=966fe46f-25c9-45a2-abbb-9120bf968c84&interactionCount=0&landingPath=https%3A%2F%2Fthreatresearch.ext.hp.com%2Fmagniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates%2F&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0
threatresearch.ext.hp.com/ Name: s_p_cnt
Value: 1
threatresearch.ext.hp.com/ Name: hp_pv1_prefs
Value: null
.hp.com/ Name: hpeuck_prefs
Value: 1000
.hp.com/ Name: hpeuck_answ
Value: 0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

497-itq-712.mktoresp.com
cdn.bizible.com
cdn.bizibly.com
cdn.cookielaw.org
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
hp.com
munchkin.marketo.net
stats.g.doubleclick.net
threatresearch.ext.hp.com
www.bromium.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.hp.com
www8.hp.com
15.72.164.74
152.195.15.58
192.124.249.59
192.28.144.124
23.75.165.98
2606:4700::6810:9440
2606:4700::6812:1a55
2a00:1450:4001:802::200e
2a00:1450:4001:806::200a
2a00:1450:4001:827::2004
2a00:1450:4001:829::2003
2a00:1450:4001:829::2008
2a00:1450:400c:c0d::9c
2a02:26f0:3500:18::1724:a297
2a02:fe80:1010::17:8
95.100.69.71
00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908
04b7e0e82e49247408274fb7bb56b942d8d3e5b8233fe00590b22411e390d237
0556c9c3691f4d98501088fade814d01213830b5fe9eeb68e7e9a65f68f9c8f1
072d2a46607c107cdd7f20d3e5410963b281151df62444ad775ade8361cfa6cc
08de3edfa1e71b1c4ddc7fde8cbdad1e98a05222d7fdf1f9321313d821d20cfa
0925ff0405f3cdb2fa37bbd7fe7431e77451c294cf8b2e28c9497a18dc7894a9
0a3364d1f00ceab070910d588e47e47a584e60e0dc2b235270195f8bbf5a36d1
0a4e5a184816d1a7d02aef64b08929cdc9e75657382b77aeeb7fa5decd975dd8
0ad75b71fbe2be4806d58d482067535f7789abfda5e4eaa18971278e30c70f3e
0cc5068304cfb22bbddb5a9800f7c59d843824381ad7183f89291ae41a6d09b8
0db4581da25e31921f01cc132b22a55b140c1b6e4291dbe0b74e18cbc1499b54
0df6356a9dd9333fe8a139307f90de62efc5bba4dcb4e8007be03e596f4c2f77
0e19faf0a539d09a276473d2e2b1604a7343e56557f1c1b06b3c6f227ac4db9c
100c3577372983a9ae444d3a1fcecec6525dae128e75a396bf38bd23eb972c5c
11181d395c0be8cd6705515ab1e773e64dadf2eb342badf535ebe21d3825897f
11f4df8462b2edc6add3928ab5f30dcab77f69c29c0e175b1888f4cb6275823c
140b71e7ee1bc50ac88eacc4d1baf755e3799a112cfc8e1dae02ae0f14f26ead
14d05a8eaa240594562514e267d5dc4578cbb84a27b020345334c2a335fa2242
192a450bdc8200b9df998cd74c4295d01acd74430375452983b4de474375829d
196bed4faf0fe38b89a496b1f41319b2a8077263f85819f8ad42933e0a2e2e52
19e2b8ef435756c4dc18bc450f4ec0fbe6db2ceb7b99a7d656877bc49eb342ec
1f77f1c60435921cb2d68ccfb3bf2da81dd35f274014c4cd5a5b9c20c4a46a27
208d013c583899ce6bb2fe281662492caa32a1edd39924f7e5760233c22c7f69
21593e36fb12916f2fbfe2e3140894e00c0c9757b03c6987aab38d0cd8cdf2c8
23263a19c0dc4b29036a56f858a2b6f915ea0e415ed7c46071a071f170626c88
233cb2b905dec5df68df039e52e26980f674880fee51a8f6b7f75486760f1f3e
24719977091e8bcc0071cf9d6515c874e8c2f1b96695367c1141aeba7710e1c8
255bbdc2a44e99169f7196982ff3155cf5631bdc043a1a431e5ea8f51297bb73
2b2c2f9810fbe4d8643c2f6b9359daa7dd67b78cffa63e6746202c76d068547e
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e52dea09005063c3ff69fc36c11c7008b8efa5d4a97e38e7161ffaf0b0aedb6
3511de47d3250e54206caa8bfd8b2401d7ae512f821258d06a52d5e9584690f9
3647d841b21197b1efa74e92c861a3bf4cebef0f9a33f5a4c0ea276d74c768b0
3668f6d335416599574fb1f336cbd2b9bb2f8fcff63e63a9ca3b68df4d0c6165
3701f4ae604d8fccb4ddca393e076a456aebfb06c1a9d94c1c13089293f55716
370c8c8b69b06cb4193000e87c36d9efb2d55dcf1ef270cdea0ecc47d1aa3a61
3bc6467a95cec8fa516c6f5f69e1301e37e16f9bb1046fe7756729249f901b95
3e6131330963c472b950b8aaf544ba3829735b8ccb103d614ba7793e3a786550
3f0c35c186a443edd70777b18f9dc725baf2952a24466697f3123b56a60b6668
3ff29527b86595610b0b3281abfbf51f6e38c7d9c1afa8e877ea993a2e8cd799
40fe0531af10f8e894b2206b9b54f135e80505b1768b730a93eadf8e1e8af174
42c9bbf0bfd51db9c2f857c01784e8be555ac102a251f51823fd6b25960ccc12
4463996b808a043a2091ce400b56adcdb7407264272e6d2e389075e143e1c901
4471f0e0712693e37d562bb4981a7da17248062fc39140f3df05826943879fb7
45a6eea93903fe37410887ca5eb4605572ecfaf1968387365ec9ed9331a36487
46af13bd348d946968c6bd1c844dccbca02856ecdcaa8dcb35969e99d1399562
472cf661f1007ee950af6a88f55e240f93c279b5b0960ff218c95b864b52a68f
4834aa58000857ce42bdc4ae2322104fbbb5c0e96a7dbd4deab73900ae9d23a7
4b2914bf4eb22edc4b0af212e3bf6fd237d9d83d6eee1680aa4682158c663dd5
4cb4122592bfa905b2f19c491d0beb0f47a6e609694998e2f002e5e5d403b521
4ea735c25bb36d6130e169c43dd545f9ab091b791672b1538046ebedef3308f6
501c8b7edd85aa5b93a52254d40cf04d754018292b113caf7f76441701d30a0a
527d982dd4e2527fafe888adec2c719929a6476b2106952464a65ea02dee7893
54ed90f80a10bef5bb9ca48da0a4a97cd75dff3c1fcf220ba3335dcf9aeb576e
563747bd06e81569c64a65ce1c5af6126ee888e07072d254687e541dbb8450e9
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56ad6f73cd42c34973f5903add0b80f25ab64da518ab7b779a5d62b0f8f71d2e
56daa473cc200622ef8ef8c20eb3ded1d19a583b2e0810f8d459326b04f11463
578332cd14c1c8f1c9ea7cc966ca50ae73945b7de3055e07f06dc099d4feeee0
579683e317a76a9a6758e42680b394e80957cbdd2863c25abac9a875852abfc7
5a4f9b81ce5e4dc3bb3fa525cd250753923aa7474a9d5bbf8801048a3fb10c24
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5a95ac55c7f0f440eb1984d8da5d548f23ae0cbbb1babf81d985d810346c9dbf
5c569522330e4e6b040229701ae98650839c5baa9912e15f821ffef8341187f5
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
5d9e229dde2a12fae04e5a3e85eb93f8ef6a7541c0384152901b4d9dec29ef29
5dc4132c6d0e42b159c7574181aaa98129b445c3f9569548c61d36873f8d23b2
61e7bb6d0210c308eb1f6153f18b4063eb715fde885b7d20b4d209d3fcb5a217
62855a25508bf218a96a1179788320756ce0ae0346a586cca1fc5a6b5e7a4668
65347e16a9383e200a2e32223e7471f8add0c899f24ddee20bca454c6f7de583
68a1b82779788f93c7b77702d5fef83c9f8dfc089f72beb4d7629f5d4ade180b
68bec0121363230f259b5abcfe8287100777c0e3b3d7bfb619d18273a6aa4728
6afaae08a9346fc9ca891d0d80f8483905c1421bca9f918506150566d3912e9a
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f
6d22e660ead72f14b0aa8e3dfc8de1da35f17e3559b489e00692f15f50faa1a6
6eb52a97833a253a404e06ef580bfc474b9883681a2e7abf223b1a9434201bae
709432d669fa084fba23a097defbdecc8097a07717c30ac6f915314bf2a05933
726b820e44f6ab90ad991d30a4bf26d3a5d71493cbcd1fb1efd0d14e89b9df2a
760fe5e9d4fdf4fe5962edc3926816d8051faf168aa36ea467cdf7a80e09ede2
7a109bbaf31b60ea0c1182758f73e7e2050aeabc9d37913ebc0c72030a48cf23
7a156f2f864432042b65e6a619f067bca03c7eaf855a7dcce14166f2f77a3487
7c356a9d56062296d80aaa7faa72446bedb5e783aa6a9c557e1efddaa6055258
7d2949d827d3f71a1a610d17034a34844cc3f2169cb8ce1c4b28665316bc0c0a
80669a9bb1655e529ea0f150945f879706df8fc3957bc1c02d07cdbb6862f60b
809ec973a018b6bf8ac18e74bfffc3d25182e6f44df00128d531cf3e07570ee6
80e9a74251b9a8f1f7e72a0ea7cbd8905e4777b931e92b09f545087161fa0b37
824881cb24a4442381024afdf51da2932d717bb59cb549edc4cad3e00394bdce
828ef7357ef25a04a505c7f21b1418620b4c13faec1ac0d562e2127400c751fb
836e98f92408ccb7250927acef9b494fbacc18678ef18888f835101557bddd37
83c5ebd47131aa8aeef9d7ace04d313c997b67934791fa92c366e78e99242329
848f5ae901a6db38f9cdb30ad9d2908962b6bad10c6ca2239cc9e5c73040fb2b
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8821cd10861112ac07254592b0b332abd02cfb6ac32c0ac71378be0fb58c309f
893ed74f27210911877234fad64cae770cf4af4b2b9b2c75b80d401c43f281d1
8b625a6ed2cfde39e761f2e9fc10ad83f2d4305c942471f911fcff9e4bb98808
8da3130463864da4b9e900c389edfa7488c93fca573e18766e9660a7b721aea2
919fecd4dc7f498339d04030c87de7f4db63cc2f08be69148562b14dc3a415a6
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc
9209a89d1d74bc0ff6b779bc341ee5e40a72698f078bd4a0ea224e20466b616b
93a897eedca2d924b738067a03528933e4eb07d4c2f78d65276b6576b7f4d370
93d5f2281324f8a87ce2bdf811d8d1fd5ca4781618754a490a0fce0f166d479c
93d8e449cf5588f81cdf7f5906b7fce641d7693deac6efc27aa7ac9b1e38f6bf
95f59f9a4a19697496edc01bb55011ea4056f90625cc816a7f18256f056a6258
9808e9a37df4741d8a212c739cae654d1e935e3d3f9251c9eef6be7bb24b1eab
980aba21181e373e49d5e2602223454f0bb78ccb263eabcfb850abb14ad8c904
990f2544353261a345a25a88644c6b30411fdbb6163358bf8872787908e275e6
99c967c84f5947041a529dd99136e428117246d87dcf40819eae5c3937236c01
9a0a34bc67f5d3623591214473ac2d449be18a8ce1cb5e531b185ef22a09b31f
9a19f69eb87e131998e91350c4eb6f55a44de97614261b1af11694576949ac39
9a2d11b76feb7a9e531a9d055fae88e495017645e5c823a010c818a7744b2c45
9db372bd5a5d506904ce7fda178ece352bfe33dd38292f8d398e613eb4a7968a
9e9b2b2d98bb21ba98a3e7d0166f2de7bae986b81a727c7804a44f4f81b09737
a0ee283f00bfe45c9bc531f8cc7ae149f4bab2d212f6904b9eb64df0f6b71e24
a1e265af7b140bf70ba7a061b8ddee61e32ced0c50d985f0b05cdfe061112cb5
a26bbb2fb16ca3717c4690a816e25c43be2ad4fcb45adb878b3c98b6b01fbeb9
a3bee7ffc1e0104eef9846229b8d875f7125fcbb23fc6930ef2f830c28741bbc
a537306122d97954096b0591324fdc7f3d8b54a518b20e30714459b3584e6782
a714d3e7cd0751a5f1428881d65043743826415dbdcf7b3f3bc3f938180f18da
a75e8ab5771af0ea36e62f66d3edbe0ec14657b04e87bf99a46a891e652c1add
a81c390548502ac446b8c2eabdc6ea07a8bc43b23e206a9c232d3ceaef3cae9a
a8706f9a07813ae80582404c482cba9754150066c9f04ffcdcd9e549632d16be
abc9faa4970e07db7d506d6b2a98e4c86223be305c7541ced54ea2e15f99a76e
af810e2b2886d81e6225b34eb2391f15be48f95f5ce80bd04f7b25b6e15eb7c8
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b062f2232e3094e4cfbd9543fdf9f043d560f92f8f064813e7a71f80b35ce1fa
b15c3ea03d50c2430490e7416733a254feea4237bb60b54181bd3473ebe4149f
b16f7ee66e29b27d1f14719cefc0e67211523787cc1729be52322583175d0cec
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b4fd3d2682af09e6cbec0df0e6e487ce412b96c5dfbc4c8abe9e0a6e4ac9e2dd
b66b53112e230d6a90572fd4af0506b89a3021fedad6e9395ad85dc7a3b32094
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b97b640e8caf3a6aeb76186fad0057593970b7ce2945add451dae091be04350c
bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0
bbc9f84967a6306b0db8bfc4c80cd5aa2b7733b1a312c684ade35a2972f86edd
bc7b145a0eb35703d5ce10b9204920b9d09e4454bc2288addc9ed5142862f9cd
bd6def1ae1509946499390f95acaa1fd39a76452c8312f165d2bc0b791c9e0ef
bf3722b93fa395dc556c14f331f86a9d5e31fa813e46f0cfcb8afd19fae33034
bf7c1ee4ea1d4db7943015c49b30ba3fd16e656409476c693213cc0899995a54
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
c3ef28a4f156c353239b74328046126175c702be2d89b9a24c8527a8b53ee0e4
c4596b16b126326b0d8fc2fb8bf91389ad3dc4671a269187913c19a8f2ad1094
c74e09e98dae6e3a87e561dc5a65603f5eee4b9d6d38729a4799c201b50d17da
c85d4f64101e48851e2a89069e50aefd6aeb901c535c7aa39986903d4baf1353
c8c066c331d08eaf858338789a0499c5ad85cfc6325d7685ea8a9463750d8684
c9bf057820b3b0223c468e08beb0d41a12b451e224308149bc05f0d4a607fcab
ca7154cdda62b535ceaba9ad2a2b2217ff49de94c069a2c4e89733f3f06b3651
cb56816d72e7289b2aab8ba19bd1bdb4708cbbc7e70d7f38f9138a4dd10215a5
cb7b66b586c6c920797da9adae995c0f225eb5c53719fdbb902df83f891000af
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cce83fa2c5096e414c0e32c9fc07ba011e2f4d67a51f9c4155651122329ec0dc
d075070aee6fff82f826766497e5141a38f5ae89ec2d91600c7ba9da58191e35
d3d1fc3b726f87e9440670838b6d33dc22ee1c854274724b27de90be75d1069c
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969
d51837cd386e761f20379867c01328d7a4ddd1507d9b0ad8af8ea5e1854099f8
d68605f97c0c27101ea06a1276a2e55c2bf65f0e07e8e0c11be145addde1344b
d8c519e27f603a4eb131526c2a93cdade281348b8efc845a1007e9a29ffdfef4
d94db9ce60ff8e6a0e1dcdab83ff6d1f60dd5c28b50d8f027f5fe268f87fa5ef
d94edd219d965011aa7c423435675f8fc3aba340d1d2a45840c88592b922dbf2
daf181ab9ead5372eefb6fe5d87704d7abdbfa6c09e4c79a2a2f688c6fac5ada
db0fe819895d07af230d0f21f183ae4c9ecdec27664f004c6ac8844deaf55adc
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de5ba330570616401d1840de0075059a65e62280b8d2524334be84290f43a4d7
e0ba033e6cb25fa6e20186d6d8113cc3821028b7891c93eebe671b75f6eebc3f
e19a0e64789068d756a1b250084e54bb0ef77da66685e3dd9eafdc9a71ea1406
e8b416c2f2a14bb138209a5ce434802a742d3de53ce668445485e5423efa1fb2
ea2dd31704608166bfd31e6c1b54027061ea568cd9aa1163656843a5907ac45d
eb6481e44617b3e40d345b2df5e20965503b4ab87c9346a43894f93a601ccde7
ed6e5398c8c66153d0d96326eb08b6db3406a384eae2facfbfd26b71406ea4ba
ee991e02add6bbe26b55d521d8f83e94031eb9f9f636b30756d4e3fc09a3cff4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef8e48e37e4317aa7063a4a2e7056620681b2e69073f922dc8c0d27de3e4cef2
f2d424362aca158ad49da19b48c212e687fbed93ece9fed06fcf8871f5f64c5f
f305193707707d5489946d5960934e9d86d50dbc57fd76f927f134f0129e313d
f9060ef4ed91de78998d5f9b15592b736dd9b62f02ecae043dffd6ebca7dd894
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
f975207e21041e251c165009f22311cc20b0acf1477d309fd62538beb50e0eb6
fa34de993dea91eb0120c3745378192fa1177ba8ec5772e08632318d1d5e1267
fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4
fb84c55756f2946fd5d5c6c6d3f7a62079c1d7a7123b6c817832835e82b3270c
feeb150a3bd16c65fc36dca51f686a254645a5d60adb4a37aaaa797339013816
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869