threatresearch.ext.hp.com Open in urlscan Pro
192.124.249.59 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Effective URL:
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Submission: On October 14 via api (October 14th 2022, 8:19:07 pm UTC) from US — Scanned from DE

Summary HTTP 187 Redirects Links 207 Behaviour Indicators

Summary

This website contacted 17 IPs in 3 countries across 15 domains to perform 187 HTTP transactions. The main IP is 192.124.249.59, located in Menifee, United States and belongs to SUCURI-SEC, US. The main domain is threatresearch.ext.hp.com.
TLS certificate: Issued by Starfield Secure Certificate Authorit... on February 12th 2022. Valid for: a year.

This is the only time threatresearch.ext.hp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
132	192.124.249.59 192.124.249.59	30148 (SUCURI-SEC) (SUCURI-SEC)
2 18	104.122.24.60 104.122.24.60	16625 (AKAMAI-AS) (AKAMAI-AS)
7	2a02:26f0:170... 2a02:26f0:1700:11::b856:6799	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:e2:... 2606:4700:e2::ac40:840f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	23.45.104.85 23.45.104.85	16625 (AKAMAI-AS) (AKAMAI-AS)
4	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
1	15.73.192.108 15.73.192.108	11680 (HPINC) (HPINC)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
9	2606:4700::68... 2606:4700::6810:9540	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::6812:2962	13335 (CLOUDFLAR...) (CLOUDFLARENET)
187	17

132 192.124.249.59 (Menifee, United States)

ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10059.sucuri.net

threatresearch.ext.hp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 104.122.24.60 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-122-24-60.deploy.static.akamaitechnologies.com

www8.hp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:1700:11::b856:6799 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.hp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e2::ac40:840f (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.45.104.85 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-104-85.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.73.192.108 (United States)

ASN11680 (HPINC, US)
PTR: hpphotosolutions.com

hp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

497-itq-712.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2962 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
158	hp.com 2 redirects threatresearch.ext.hp.com www8.hp.com — Cisco Umbrella Rank: 34212 www.hp.com — Cisco Umbrella Rank: 12127 hp.com — Cisco Umbrella Rank: 1629	12 MB
9	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 413	170 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 32	20 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 7285	26 KB
3	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 2933	7 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 61	193 KB
2	gstatic.com fonts.gstatic.com	39 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 678	384 B
1	google.de www.google.de — Cisco Umbrella Rank: 6045	501 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	501 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 84	448 B
1	mktoresp.com 497-itq-712.mktoresp.com	318 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 11353	202 B
1	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 931	13 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 44	2 KB
187	15

	Domain	Requested by
132	threatresearch.ext.hp.com	threatresearch.ext.hp.com
18	www8.hp.com	2 redirects threatresearch.ext.hp.com www8.hp.com
9	cdn.cookielaw.org	www.hp.com cdn.bizible.com cdn.cookielaw.org threatresearch.ext.hp.com
7	www.hp.com	threatresearch.ext.hp.com www8.hp.com www.hp.com
3	www.google-analytics.com	www.googletagmanager.com cdn.bizible.com
3	cdn.bizible.com	threatresearch.ext.hp.com cdn.bizible.com
3	munchkin.marketo.net	threatresearch.ext.hp.com munchkin.marketo.net
3	www.googletagmanager.com	threatresearch.ext.hp.com
2	fonts.gstatic.com	threatresearch.ext.hp.com
1	geolocation.onetrust.com	cdn.bizible.com
1	www.google.de	threatresearch.ext.hp.com
1	www.google.com	threatresearch.ext.hp.com
1	stats.g.doubleclick.net	cdn.bizible.com
1	497-itq-712.mktoresp.com	munchkin.marketo.net
1	cdn.bizibly.com	threatresearch.ext.hp.com
1	hp.com	threatresearch.ext.hp.com
1	use.fontawesome.com	threatresearch.ext.hp.com
1	fonts.googleapis.com	threatresearch.ext.hp.com
187	18

This site contains links to these domains. Also see Links.

Domain
www.hp.com
h20429.www2.hp.com
hp.com
support.hp.com
h30434.www3.hp.com
instantink.hpconnected.com
parts.hp.com
register.hp.com
twitter.com
www.linkedin.com
www.facebook.com
malpedia.caad.fkie.fraunhofer.de
www.bleepingcomputer.com
github.com
learn.microsoft.com
pinvoke.net
j00ru.vexillium.org
winscripting.blog
www.cisa.gov
www8.hp.com
jobs.hp.com
investor.hp.com
press.hp.com
garage.hp.com
locator.hp.com
h20212.www2.hp.com
www.hpsalescentral.com
partner.hp.com
developers.hp.com
www.instagram.com
www.youtube.com
h20195.www2.hp.com
www.onetrust.com

Subject Issuer	Validity	Valid
threatresearch.ext.hp.com Starfield Secure Certificate Authority - G2	`2022-02-12` - `2023-03-15`	a year	crt.sh
www8.hp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2022-02-03` - `2023-02-03`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-06` - `2023-06-05`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2022-02-06` - `2023-02-07`	a year	crt.sh
io.bizible.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-30` - `2023-07-31`	a year	crt.sh
cdn-origin-ftp.extweb.hp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2022-05-09` - `2023-05-10`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.hp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-01-12` - `2023-01-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Frame ID: 774912ED790E8744C9501AD8E32C12B9
Requests: 187 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Magniber Ransomware Adopts JavaScript, Targeting Home Users with Fake Software Updates | HP Wolf SecurityBack ButtonFilter Button

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc\.clientlibs/

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Backbone.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

backbone.*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Lightbox (JavaScript Libraries) Expand

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Revslider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/revslider/[/\w-]+/js

Select2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

select2(?:\.min|\.full)?\.js

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

187
Requests

99 %
HTTPS

65 %
IPv6

15
Domains

18
Subdomains

17
IPs

3
Countries

12492 kB
Transfer

17950 kB
Size

22
Cookies

207 Outgoing links

These are links going to different origins than the main page.

URL: https://www.hp.com/us-en/home.html

Search URL Search Domain Scan URL

URL: https://www.hp.com/webapp/wcs/stores/servlet/AjaxOrderItemDisplayView?langId=-1&catalogId=10051&storeId=10151

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/printers/site-print/layout-robot.html
Title: Construction layout robot

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/printers/hp-plus.html
Title: HP+ smart printing system

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/printers/instant-ink.html
Title: Instant Ink

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/printers/printandplay.html
Title: Print, play, learn

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/vr/vr-products.html
Title: VR

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/hp-information/sustainable-impact.html
Title: Sustainable Impact

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/laptops-and-2-in-1s.html
Title: Laptops

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/desktops-and-all-in-ones.html
Title: Desktops

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/gaming.html
Title: Gaming

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/monitors-accessories/computer-monitors.html
Title: Monitors

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/monitors-accessories/computer-accessories.html
Title: Accessories

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/laptops/business-laptops-and-2-in-1s.html
Title: Business laptops

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/desktops/business-desktops.html
Title: Business desktops

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/workstations/workstation-pcs.html
Title: Workstations

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/cartridge/ink-toner-paper.html
Title: Ink, toner & papers

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/printers/home-printers.html
Title: Home printers

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/printers/business-printers.html
Title: Home office & Business printers

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/printers/enterprise-printers.html
Title: Enterprise printers

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/printers/scanners.html
Title: Scanners

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/printers/large-format.html
Title: Large-format printers & plotters

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/industrial-digital-presses.html
Title: Industrial presses

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/specialty-printing-solutions.html
Title: Specialty printing solutions

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/services/managed-print-services.html
Title: Managed print services

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/printers/3d-printers.html
Title: 3D print

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/security/endpoint-security-solutions.html
Title: Security

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/solutions/presence.html
Title: Collaboration

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/solutions/digital-workspaces.html
Title: Digital workspaces

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/solutions/industries.html
Title: Industry solutions

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/services.html
Title: Business Services

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/services/consumer/services-overview.html
Title: Consumer Services

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/solutions/business-solutions.html
Title: Explore all

Search URL Search Domain Scan URL

URL: https://h20429.www2.hp.com/HP2B/landingpages/US_Public_Sector.html
Title: Public sector purchasing

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/solutions/pos-systems.html#All-in-OneSystems
Title: Retail solutions

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop
Title: HP.com store

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/cat/ink--toner---paper
Title: Ink & toner cartridges

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/cv/instantink
Title: Instant Ink

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/slp/weekly-deals
Title: Weekly Deals

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/cat/business-solutions
Title: Business store

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/cv/hp-education
Title: University student discounts

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/cv/hp-business-club
Title: Business discounts

Search URL Search Domain Scan URL

URL: https://www.hp.com/webapp/wcs/stores/servlet/MyAccountOrderStatusView?catalogId=10051&langId=-1&storeId=10151&krypto=7GuY4YJJvZeu0wI0CGjE%2Bw%3D%3D&ddkey=http:MyAccountOrderStatusView
Title: Track your order

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/cat/laptops
Title: Laptops

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/cat/desktops
Title: Desktops

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/slp/hp-gaming
Title: Gaming PCs

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/vwa/business-solutions/bizcat=Laptop
Title: Business laptops

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/mlp/business-solutions/desktops-and-workstations
Title: Business desktops

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/mlp/business-solutions/workstations
Title: Z Workstations

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/cv/hp-chromebooks
Title: Chromebooks

Search URL Search Domain Scan URL

URL: https://hp.com/us-en/shop/cat/printers
Title: Printers

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/vwa/printers/prnttyp=Laser
Title: Laser printers

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/vwa/printers/segm=Home,Home-and-home-office
Title: Home & home office printers

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/slp/designjet-plotter-printers
Title: Large format plotter printers

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/slp/hp-plus-printers/hp-plus
Title: HP+

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/slp/hp-refurbs
Title: Refurbished printers

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/vwa/ink--toner---paper/papertype=HP-Business-Papers-for-inkjet,HP-Business-Papers-for-laser,HP-Business-Papers-for-laser-HP-Business-Papers-for-inkjet,HP-Home-Office-Papers,HP-Photo-Papers-for-inkjet,Large-format
Title: Paper

Search URL Search Domain Scan URL

URL: https://hp.com/us-en/shop/cat/accessories-88342--1
Title: Accessories

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/vwa/accessories-88342--1/subcat=Monitors
Title: Monitors

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/vwa/accessories-88342--1/subcat=Mice-Keyboards
Title: Mice & keyboards

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/vwa/accessories-88342--1/subcat=Workspace-Accessories;typeworkacc=Docking-Stations,USB-Hubs
Title: Docking stations & hubs

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/vwa/accessories-88342--1/subcat=Chargers-Adapters
Title: Chargers & power adapters

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/vwa/accessories-88342--1/brandgaming=HyperX;subcat=Gaming-Accessories
Title: HyperX Accessories

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/vwa/accessories-88342--1/subcat=Software
Title: Software

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/cat/care-packs-88343--1
Title: Care Packs

Search URL Search Domain Scan URL

URL: https://support.hp.com/us-en
Title: Support & troubleshooting

Search URL Search Domain Scan URL

URL: https://support.hp.com/us-en/drivers
Title: Software & drivers

Search URL Search Domain Scan URL

URL: https://support.hp.com/us-en/topic/diagnostics
Title: Diagnostic tools

Search URL Search Domain Scan URL

URL: https://h30434.www3.hp.com/
Title: Community

Search URL Search Domain Scan URL

URL: https://support.hp.com/us-en/topic/windows-10-support-center
Title: Windows 10 / Windows 11 Support

Search URL Search Domain Scan URL

URL: https://support.hp.com/us-en/printer
Title: Printing

Search URL Search Domain Scan URL

URL: https://support.hp.com/us-en/computer
Title: Computing

Search URL Search Domain Scan URL

URL: https://instantink.hpconnected.com/us/en/l/
Title: Instant Ink

Search URL Search Domain Scan URL

URL: https://support.hp.com/us-en/products
Title: Other Products

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/contact-hp/contact.html
Title: Contact us

Search URL Search Domain Scan URL

URL: https://support.hp.com/us-en/checkwarranty
Title: Check warranty

Search URL Search Domain Scan URL

URL: https://support.hp.com/us-en/service-center
Title: Authorized service providers

Search URL Search Domain Scan URL

URL: https://support.hp.com/us-en/security-bulletins
Title: Security bulletin archive

Search URL Search Domain Scan URL

URL: https://parts.hp.com/hpparts/default.aspx?cc=US&lang=EN
Title: Parts store

Search URL Search Domain Scan URL

URL: https://register.hp.com/americas/flowPage/registration/index.do?execution=e1s1&cc=US&lang=en
Title: Product registration

Search URL Search Domain Scan URL

URL: https://support.hp.com/us-en/search?q=
Title: See All

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?url=https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Search URL Search Domain Scan URL

URL: https://hp.com/wolf
Title: HP Wolf Security

Search URL Search Domain Scan URL

URL: https://malpedia.caad.fkie.fraunhofer.de/details/win.magniber
Title: Magniber

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/
Title: known to demand $2,500

Search URL Search Domain Scan URL

URL: https://github.com/tyranid/DotNetToJScript
Title: DotNetToJScript

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows-server/storage/file-server/volume-shadow-copy-service
Title: shadow copy files

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/memory/memory-protection-constants
Title: PAGE_EXECUTE_READWRITE

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/api/winnls/nf-winnls-enumuilanguagesa
Title: EnumUILanguages

Search URL Search Domain Scan URL

URL: http://pinvoke.net/default.aspx/ntdll/NtCreateThreadEx.html
Title: NtCreateThreadEx

Search URL Search Domain Scan URL

URL: https://j00ru.vexillium.org/syscalls/nt/64/
Title: source

Search URL Search Domain Scan URL

URL: https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/
Title: UAC bypass

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/bcdedit
Title: bcdedit

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/wbadmin
Title: wbadmin

Search URL Search Domain Scan URL

URL: https://www.cisa.gov/uscert/bsi/articles/knowledge/principles/least-privilege
Title: principle of least privilege

Search URL Search Domain Scan URL

URL: https://www8.hp.com/lamerica_nsc_cnt_amer/es/home.html
Title: América Central

Search URL Search Domain Scan URL

URL: https://www8.hp.com/ar/es/home.html
Title: Argentina

Search URL Search Domain Scan URL

URL: https://www8.hp.com/bo/es/home.html
Title: Bolivia

Search URL Search Domain Scan URL

URL: https://www8.hp.com/br/pt/home.html
Title: Brasil

Search URL Search Domain Scan URL

URL: https://www8.hp.com/ca/en/home.html
Title: Canada

Search URL Search Domain Scan URL

URL: https://www8.hp.com/ca/fr/home.html
Title: Canada - Français

Search URL Search Domain Scan URL

URL: https://www8.hp.com/lamerica_nsc_carib/en/home.html
Title: Caribbean

Search URL Search Domain Scan URL

URL: https://www8.hp.com/cl/es/home.html
Title: Chile

Search URL Search Domain Scan URL

URL: https://www8.hp.com/co/es/home.html
Title: Colombia

Search URL Search Domain Scan URL

URL: https://www8.hp.com/ec/es/home.html
Title: Ecuador

Search URL Search Domain Scan URL

URL: https://www8.hp.com/mx/es/home.html
Title: México

Search URL Search Domain Scan URL

URL: https://www8.hp.com/py/es/home.html
Title: Paraguay

Search URL Search Domain Scan URL

URL: https://www8.hp.com/pe/es/home.html
Title: Perú

Search URL Search Domain Scan URL

URL: https://www8.hp.com/pr/es/home.html
Title: Puerto Rico

Search URL Search Domain Scan URL

URL: https://www8.hp.com/us/en/home.html
Title: United States

Search URL Search Domain Scan URL

URL: https://www8.hp.com/uy/es/home.html
Title: Uruguay

Search URL Search Domain Scan URL

URL: https://www8.hp.com/ve/es/home.html
Title: Venezuela

Search URL Search Domain Scan URL

URL: https://www8.hp.com/asia_pac/en/default.html
Title: Asia Pacific

Search URL Search Domain Scan URL

URL: https://www8.hp.com/au/en/home.html
Title: Australia

Search URL Search Domain Scan URL

URL: https://www.hp.com/bd-en/home.html
Title: Bangladesh

Search URL Search Domain Scan URL

URL: https://www8.hp.com/hk/en/home.html
Title: Hong Kong SAR

Search URL Search Domain Scan URL

URL: https://www8.hp.com/in/en/home.html
Title: India

Search URL Search Domain Scan URL

URL: https://www.hp.com/id-id/home.html
Title: Indonesia

Search URL Search Domain Scan URL

URL: https://www8.hp.com/my/en/home.html
Title: Malaysia

Search URL Search Domain Scan URL

URL: https://www8.hp.com/nz/en/home.html
Title: New Zealand

Search URL Search Domain Scan URL

URL: https://www8.hp.com/ph/en/home.html
Title: Philippines

Search URL Search Domain Scan URL

URL: https://www8.hp.com/sg/en/home.html
Title: Singapore

Search URL Search Domain Scan URL

URL: https://www.hp.com/lk-en/home.html
Title: Sri Lanka

Search URL Search Domain Scan URL

URL: https://www.hp.com/vn-vi/home.html
Title: Việt Nam

Search URL Search Domain Scan URL

URL: https://www.hp.com/th-th/home.html
Title: ไทย

Search URL Search Domain Scan URL

URL: https://www8.hp.com/cn/zh/home.html
Title: 中华人民共和国

Search URL Search Domain Scan URL

URL: https://www8.hp.com/hk/zh/home.html
Title: 中國香港 - 繁體中文

Search URL Search Domain Scan URL

URL: https://www8.hp.com/tw/zh/home.html
Title: 臺灣地區

Search URL Search Domain Scan URL

URL: https://www8.hp.com/jp/ja/home.html
Title: 日本

Search URL Search Domain Scan URL

URL: https://www8.hp.com/kr/ko/home.html
Title: 한국

Search URL Search Domain Scan URL

URL: https://www8.hp.com/emea_africa/en/home.html
Title: Africa

Search URL Search Domain Scan URL

URL: https://www8.hp.com/emea_africa/fr/home.html
Title: Afrique

Search URL Search Domain Scan URL

URL: https://www8.hp.com/be/nl/home.html
Title: België

Search URL Search Domain Scan URL

URL: https://www8.hp.com/be/fr/home.html
Title: Belgique

Search URL Search Domain Scan URL

URL: https://www8.hp.com/cz/cs/home.html
Title: Česká republika

Search URL Search Domain Scan URL

URL: https://www8.hp.com/dk/da/home.html
Title: Danmark

Search URL Search Domain Scan URL

URL: https://www8.hp.com/de/de/home.html
Title: Deutschland

Search URL Search Domain Scan URL

URL: https://www8.hp.com/ee/et/home.html
Title: Eesti

Search URL Search Domain Scan URL

URL: https://www8.hp.com/es/es/home.html
Title: España

Search URL Search Domain Scan URL

URL: https://www8.hp.com/fr/fr/home.html
Title: France

Search URL Search Domain Scan URL

URL: https://www8.hp.com/hr/hr/home.html
Title: Hrvatska

Search URL Search Domain Scan URL

URL: https://www8.hp.com/ie/en/home.html
Title: Ireland

Search URL Search Domain Scan URL

URL: https://www8.hp.com/it/it/home.html
Title: Italia

Search URL Search Domain Scan URL

URL: https://www8.hp.com/lv/lv/home.html
Title: Latvija

Search URL Search Domain Scan URL

URL: https://www8.hp.com/lt/lt/home.html
Title: Lietuva

Search URL Search Domain Scan URL

URL: https://www8.hp.com/hu/hu/home.html
Title: Magyarország

Search URL Search Domain Scan URL

URL: https://www8.hp.com/emea_middle_east/en/home.html
Title: Middle East

Search URL Search Domain Scan URL

URL: https://www8.hp.com/nl/nl/home.html
Title: Nederland

Search URL Search Domain Scan URL

URL: https://www8.hp.com/no/no/home.html
Title: Norge

Search URL Search Domain Scan URL

URL: https://www8.hp.com/at/de/home.html
Title: Österreich

Search URL Search Domain Scan URL

URL: https://www8.hp.com/pl/pl/home.html
Title: Polska

Search URL Search Domain Scan URL

URL: https://www8.hp.com/pt/pt/home.html
Title: Portugal

Search URL Search Domain Scan URL

URL: https://www8.hp.com/ro/ro/home.html
Title: România

Search URL Search Domain Scan URL

URL: https://www8.hp.com/sa/en/home.html
Title: Saudi Arabia

Search URL Search Domain Scan URL

URL: https://www8.hp.com/si/sl/home.html
Title: Slovenija

Search URL Search Domain Scan URL

URL: https://www8.hp.com/sk/sk/home.html
Title: Slovensko

Search URL Search Domain Scan URL

URL: https://www8.hp.com/za/en/home.html
Title: South Africa

Search URL Search Domain Scan URL

URL: https://www8.hp.com/ch/fr/home.html
Title: Suisse

Search URL Search Domain Scan URL

URL: https://www8.hp.com/fi/fi/home.html
Title: Suomi

Search URL Search Domain Scan URL

URL: https://www8.hp.com/se/sv/home.html
Title: Sverige

Search URL Search Domain Scan URL

URL: https://www8.hp.com/ch/de/home.html
Title: Switzerland

Search URL Search Domain Scan URL

URL: https://www8.hp.com/tr/tr/home.html
Title: Türkiye

Search URL Search Domain Scan URL

URL: https://www8.hp.com/uk/en/home.html
Title: United Kingdom

Search URL Search Domain Scan URL

URL: https://www8.hp.com/gr/el/home.html
Title: Ελλάδα

Search URL Search Domain Scan URL

URL: https://www8.hp.com/bg/bg/home.html
Title: България

Search URL Search Domain Scan URL

URL: https://www8.hp.com/kz/ru/home.html
Title: Казахстан

Search URL Search Domain Scan URL

URL: https://www8.hp.com/rs/sr/home.html
Title: Србија

Search URL Search Domain Scan URL

URL: https://www.hp.com/ua-uk/home.html
Title: Україна

Search URL Search Domain Scan URL

URL: https://www8.hp.com/il/he/home.html
Title: ישראל

Search URL Search Domain Scan URL

URL: https://www8.hp.com/emea_middle_east/ar/home.html
Title: الشرق الأوسط

Search URL Search Domain Scan URL

URL: https://www8.hp.com/sa/ar/home.html
Title: المملكة العربية السعودية

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/hp-information.html
Title: About Us

Search URL Search Domain Scan URL

URL: https://jobs.hp.com/en-us/
Title: Careers

Search URL Search Domain Scan URL

URL: https://investor.hp.com/home/default.aspx
Title: Investor relations

Search URL Search Domain Scan URL

URL: https://press.hp.com/us/en.html
Title: Press center

Search URL Search Domain Scan URL

URL: https://garage.hp.com/us/en.html
Title: The Garage

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/contact-hp/shopping.html
Title: Call an HP rep

Search URL Search Domain Scan URL

URL: https://locator.hp.com/us/en/?ml___lang=en-US%20(1)&ml___region=us&ml___cont=US
Title: Find a reseller

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/hp-information/business-site.html
Title: Enterprise store

Search URL Search Domain Scan URL

URL: https://support.hp.com/us-en/
Title: Support

Search URL Search Domain Scan URL

URL: https://register.hp.com/apac/flowPage/registration/index.do?execution=e1s1&cc=us&lang=en
Title: Register your product

Search URL Search Domain Scan URL

URL: https://h20212.www2.hp.com/Cso_Status/CsoStatus.aspx?lc=en&cc=us
Title: Check repair status

Search URL Search Domain Scan URL

URL: https://www.hpsalescentral.com/#/training/training
Title: Training & certification

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/hpfraud-alert.html
Title: Fraud alert

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/security/cyber-security-center.html
Title: Security Center

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/solutions/hp-amplify-partner-program.html
Title: HP Amplify Partner Program

Search URL Search Domain Scan URL

URL: https://partner.hp.com/login
Title: HP Partner Portal

Search URL Search Domain Scan URL

URL: https://developers.hp.com/
Title: Developers

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/hp

Search URL Search Domain Scan URL

URL: http://www.facebook.com/HP

Search URL Search Domain Scan URL

URL: https://www.instagram.com/hp/

Search URL Search Domain Scan URL

URL: https://twitter.com/HP

Search URL Search Domain Scan URL

URL: http://www.youtube.com/hp

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/hp-information/recalls.html
Title: Recalls

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/hp-information/sustainable-impact/planet-product-recycling.html
Title: Product recycling

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/hp-information/accessibility-aging.html
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://h20195.www2.hp.com/v2/GetDocument.aspx?docname=c05388050
Title: CA Supply Chains Act

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/privacy/privacy-central.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/privacy/use-of-cookies.html
Title: Use of cookies

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/personal-data-rights.html
Title: Personal data rights

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/terms-of-use.html
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/privacy/limited_warranty.html
Title: Limited warranty statement

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/shop/cv/termsandconditions?jumpid=re_r11662_redirect_ETR&ts=20151012014516_LIymYBM9Ho1W
Title: Terms & conditions of sales & service

Search URL Search Domain Scan URL

URL: https://www.hp.com/us-en/privacy/privacy.html#section=What-Data-We-Collect
Title: (What data we collect)

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www8.hp.com/us/en/scripts/framework/jquery/v-1-8/jquery.js HTTP 301
https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/jquery.js

Request Chain 1

https://www8.hp.com/us/en/scripts/framework/jquery/v-1-8/can.jquery.js HTTP 301
https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/can.jquery.js

187 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/ 1 MB
150 KB 2402ms
1989ms Document
text/html 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

6fb8431490c9315912f9a21925bc4d22adc2f1ef0603ed574a4756485ef96f00

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
content-encoding: br
content-security-policy: upgrade-insecure-requests;
content-type: text/html; charset=UTF-8
date: Fri, 14 Oct 2022 20:19:00 GMT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
link: <https://threatresearch.ext.hp.com/wp-json/>; rel="https://api.w.org/", <https://threatresearch.ext.hp.com/wp-json/wp/v2/posts/22511>; rel="alternate"; type="application/json", <https://threatresearch.ext.hp.com/?p=22511>; rel=shortlink
server: nginx
vary: Accept-Encoding
x-cache-enabled: True
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-httpd: 1
x-proxy-cache: MISS
x-proxy-cache-info: 0 NC:000000 UP:SKIP_CACHE_SET_COOKIE
x-sucuri-cache: MISS
x-sucuri-id: 15009
x-xss-protection: 1; mode=block

GET
H2

200

jquery.js Show response
www.hp.com/us-en/scripts/framework/jquery/v-1-8/
Redirect Chain

https://www8.hp.com/us/en/scripts/framework/jquery/v-1-8/jquery.js
https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/jquery.js

141 KB
41 KB

215ms
31ms

Script
application/javascript

2a02:26f0:1700:11::b856:6799
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/jquery.js

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Server

2a02:26f0:1700:11::b856:6799 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

42c9bbf0bfd51db9c2f857c01784e8be555ac102a251f51823fd6b25960ccc12

Security Headers

Name	Value
Strict-Transport-Security	max-age=600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-dispatcher: dispatcher2westus2
date: Fri, 14 Oct 2022 20:19:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=600
akamai-grn: , 0.996656b8.1665778741.18281901
x-vhost: publish
content-length: 41470
last-modified: Wed, 26 Jan 2022 20:34:30 GMT
server: Apache
etag: "23521-5d68220ec4180-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 15 Oct 2022 20:19:01 GMT

Redirect headers

location: https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/jquery.js
pragma: no-cache
date: Fri, 14 Oct 2022 20:19:01 GMT
cache-control: max-age=0, no-cache, no-store
server: AkamaiGHost
content-length: 0
expires: Fri, 14 Oct 2022 20:19:01 GMT

GET
H2

200

can.jquery.js Show response
www.hp.com/us-en/scripts/framework/jquery/v-1-8/
Redirect Chain

https://www8.hp.com/us/en/scripts/framework/jquery/v-1-8/can.jquery.js
https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/can.jquery.js

49 KB
16 KB

242ms
60ms

Script
application/javascript

2a02:26f0:1700:11::b856:6799
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/can.jquery.js

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Server

2a02:26f0:1700:11::b856:6799 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

a8706f9a07813ae80582404c482cba9754150066c9f04ffcdcd9e549632d16be

Security Headers

Name	Value
Strict-Transport-Security	max-age=600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-dispatcher: dispatcher2eastus2
date: Fri, 14 Oct 2022 20:19:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=600
akamai-grn: , , , , 0.996656b8.1665778741.18281924
x-vhost: publish
content-length: 15442
last-modified: Wed, 26 Jan 2022 20:26:35 GMT
server: Apache
etag: "c49d-5d682049c54c0-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 15 Oct 2022 20:19:01 GMT

Redirect headers

location: https://www.hp.com/us-en/scripts/framework/jquery/v-1-8/can.jquery.js
pragma: no-cache
date: Fri, 14 Oct 2022 20:19:01 GMT
cache-control: max-age=0, no-cache, no-store
server: AkamaiGHost
content-length: 0
expires: Fri, 14 Oct 2022 20:19:01 GMT

GET
H2 200 latest.r Show response
www8.hp.com/caas/header-footer/us/en/default/ 337 KB
27 KB 396ms
86ms Script
application/javascript 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www8.hp.com/caas/header-footer/us/en/default/latest.r?contentType=js

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-122-24-60.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e640c9b93c95d5e94af0c9bb3db9daa081aedc4c396a96361d6478b6f21244cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-dispatcher: dispatcher2westus2
date: Fri, 14 Oct 2022 20:19:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: globalnav
content-length: 27439
last-modified: Tue, 11 Oct 2022 16:14:39 GMT
server: Apache
etag: "544cf-5eac492bda1e1-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=331313
accept-ranges: bytes
expires: Tue, 18 Oct 2022 16:20:54 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 109 KB
43 KB 95ms
37ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-197588716-1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

991629886a291eccc8075fd7858d143337b13c6810ab214071000e1d2954b688

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 43452
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 14 Oct 2022 20:19:01 GMT

GET
H2 200 blocks.style.build.css
threatresearch.ext.hp.com/wp-content/plugins/social-warfare/assets/js/post-editor/dist/ 2 KB
1 KB 27ms
15ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

4834aa58000857ce42bdc4ae2322104fbbb5c0e96a7dbd4deab73900ae9d23a7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Aug 2021 01:59:25 GMT
server: nginx
etag: W/"8a1-5ca80d536d39a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 layerslider.css
threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/css/ 24 KB
5 KB 27ms
16ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=7.5.0

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

5b94f9b79c70240108f19250c9e8dc6c7c705c977ec455298e5ef474b1c2f193

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:57:24 GMT
server: nginx
etag: W/"60ef-5e92c222ef08f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 47 KB
2 KB 77ms
27ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7COpen+Sans:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7CIndie+Flower:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7COswald:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

56ad6f73cd42c34973f5903add0b80f25ab64da518ab7b779a5d62b0f8f71d2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 14 Oct 2022 20:19:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 14 Oct 2022 18:46:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 14 Oct 2022 20:19:00 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
threatresearch.ext.hp.com/wp-includes/js/mediaelement/ 11 KB
3 KB 27ms
17ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Fri, 30 Apr 2021 03:10:53 GMT
server: nginx
etag: W/"2bf8-5c127f5aab452"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-mediaelement.min.css
threatresearch.ext.hp.com/wp-includes/js/mediaelement/ 4 KB
1 KB 27ms
17ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Tue, 17 Dec 2019 03:59:47 GMT
server: nginx
etag: W/"105a-599de5bea507f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 views-frontend.css
threatresearch.ext.hp.com/wp-content/plugins/wp-views/public/css/ 23 KB
4 KB 27ms
17ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wp-views/public/css/views-frontend.css?ver=3.6.3

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

b062f2232e3094e4cfbd9543fdf9f043d560f92f8f064813e7a71f80b35ce1fa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Thu, 19 May 2022 22:31:36 GMT
server: nginx
etag: W/"5db6-5df64efcc4927"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 styles.css
threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/libs/fontastic/ 5 KB
1 KB 28ms
18ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/libs/fontastic/styles.css?ver=3.0.28

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

578332cd14c1c8f1c9ea7cc966ca50ae73945b7de3055e07f06dc099d4feeee0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:54:18 GMT
server: nginx
etag: W/"1421-5e92c1715635b"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/css/ 10 KB
2 KB 28ms
18ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/css/style.css?ver=3.0.28

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

e19a0e64789068d756a1b250084e54bb0ef77da66685e3dd9eafdc9a71ea1406

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:54:18 GMT
server: nginx
etag: W/"2678-5e92c1715347a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ditty.css
threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/includes/css/ 55 KB
8 KB 28ms
19ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/includes/css/ditty.css?ver=3.0.28

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

8a7ccc64792c0d1df7f339ce17da572bc616c0d56bc935fbe9641b5d24bfa266

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:54:18 GMT
server: nginx
etag: W/"da53-5e92c171674d0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.15.3/css/ 58 KB
13 KB 83ms
29ms Stylesheet
text/css 2606:4700:e2::ac40:840f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.15.3/css/all.css?ver=5.15.3
Requested by: Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: FNNBZ2C3K8YHA3QC
age: 22666752
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: HLAvGHZKr4Hw6PQipSghW+C36SE9qxAqAzdTU/Kc9up95uT+CO5GVhfuUzYiXqLvGjHnl9OJ3lU=
last-modified: Wed, 30 Jun 2021 15:41:15 GMT
server: cloudflare
etag: W/"74bab4578692993514e7f882cc15c218"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x8MbhTVY0JlSMKm2Co%2Fz3kepSuoq1OHon7zAGyAn9JtSrVHFo2735LzhtzCH8DbP6IxBCQ9AZMTtlND81z%2FJclclAB3tRxDKAhrJUNDbNQO0dTQ%2FiSRH8%2B3WoGNXVXf65%2BymNSZbN5WHESTRqbH9thF7"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 75a301ea49cf927f-FRA

GET
H2 200 style.css
threatresearch.ext.hp.com/wp-content/plugins/thumbs-rating/css/ 859 B
675 B 38ms
30ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/thumbs-rating/css/style.css?ver=4.0.3

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

ee991e02add6bbe26b55d521d8f83e94031eb9f9f636b30756d4e3fc09a3cff4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Fri, 30 Apr 2021 02:10:54 GMT
server: nginx
etag: W/"35b-5c1271f2f1cab"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ult_marketo_forms-public.css
threatresearch.ext.hp.com/wp-content/plugins/ultimate-marketo-forms/public/css/ 35 B
494 B 38ms
31ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/ultimate-marketo-forms/public/css/ult_marketo_forms-public.css?ver=1.0.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

7a109bbaf31b60ea0c1182758f73e7e2050aeabc9d37913ebc0c72030a48cf23

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Mon, 17 Dec 2018 17:45:47 GMT
server: nginx
etag: W/"23-57d3b59d188c0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wonderplugin3dcarousel.css
threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-3dcarousel/engine/ 24 KB
2 KB 39ms
31ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-3dcarousel/engine/wonderplugin3dcarousel.css?ver=4.2C

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

62855a25508bf218a96a1179788320756ce0ae0346a586cca1fc5a6b5e7a4668

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Aug 2021 02:07:15 GMT
server: nginx
etag: W/"61f9-5ca80f13c50e2"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wonderpluginsliderengine.css
threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-slider/engine/ 16 KB
1 KB 39ms
32ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-slider/engine/wonderpluginsliderengine.css?ver=13.4C

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

c3ef28a4f156c353239b74328046126175c702be2d89b9a24c8527a8b53ee0e4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:55:02 GMT
server: nginx
etag: W/"4039-5e92c19b95b73"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.css
threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/css/ 97 KB
14 KB 39ms
32ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=4.1.4

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

0f5e9e83ad407689dddf4694f0a45ec08a3baf6bf8c529b6fb4b37cecffe9fbe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:54:38 GMT
server: nginx
etag: W/"185bf-5e92c18401dd2"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 flatpickr.min.css
threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 14 KB
3 KB 40ms
33ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=4.1.4

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

3668f6d335416599574fb1f336cbd2b9bb2f8fcff63e63a9ca3b68df4d0c6165

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:54:38 GMT
server: nginx
etag: W/"3601-5e92c1840ba15"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 select2.min.css
threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/select2/ 15 KB
2 KB 40ms
34ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:54:38 GMT
server: nginx
etag: W/"3a75-5e92c1840298b"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
threatresearch.ext.hp.com/wp-content/plugins/social-warfare/assets/css/ 87 KB
10 KB 40ms
34ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/social-warfare/assets/css/style.min.css?ver=4.3.0

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

f975207e21041e251c165009f22311cc20b0acf1477d309fd62538beb50e0eb6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Aug 2021 01:59:25 GMT
server: nginx
etag: W/"15c19-5ca80d536bc29"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
threatresearch.ext.hp.com/wp-content/themes/Avada/ 507 B
742 B 41ms
36ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/style.css?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

7e897fa456239969c47e613580d34626e02d4bca60b714611c304bc25b023ae9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"1fb-5e6a7fbf88439"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/css/ 84 KB
15 KB 41ms
36ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/css/style.min.css?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

8da3130463864da4b9e900c389edfa7488c93fca573e18766e9660a7b721aea2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"14fe2-5e6a7fbf8f96b"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 toolset-common-es-frontend.js Show response
threatresearch.ext.hp.com/wp-content/plugins/wp-views/vendor/toolset/common-es/public/ 4 KB
2 KB 35ms
11ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wp-views/vendor/toolset/common-es/public/toolset-common-es-frontend.js?ver=163000

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

7c356a9d56062296d80aaa7faa72446bedb5e783aa6a9c557e1efddaa6055258

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Thu, 19 May 2022 22:31:36 GMT
server: nginx
etag: W/"10f5-5df64efcd626d"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/jquery/ 87 KB
30 KB 49ms
44ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Aug 2021 03:00:41 GMT
server: nginx
etag: W/"15db1-5ca81b05be81a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/jquery/ 11 KB
4 KB 36ms
12ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Fri, 30 Apr 2021 03:10:53 GMT
server: nginx
etag: W/"2bd8-5c127f5aa6e01"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 layerslider.utils.js Show response
threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/ 120 KB
39 KB 36ms
13ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=7.5.0

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

919fecd4dc7f498339d04030c87de7f4db63cc2f08be69148562b14dc3a415a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:57:24 GMT
server: nginx
etag: W/"1e049-5e92c222efc47"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 layerslider.kreaturamedia.jquery.js Show response
threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/ 140 KB
50 KB 38ms
14ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=7.5.0

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

82532cb95499ad6077354f833dc75ea9b60bc71e36556c642b9af35fe8fed673

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:57:24 GMT
server: nginx
etag: W/"22faf-5e92c222efc47"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 layerslider.transitions.js Show response
threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/ 23 KB
4 KB 39ms
15ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=7.5.0

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

0ad75b71fbe2be4806d58d482067535f7789abfda5e4eaa18971278e30c70f3e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:57:24 GMT
server: nginx
etag: W/"5ca7-5e92c222f002f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend-gtag.min.js Show response
threatresearch.ext.hp.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/ 12 KB
3 KB 40ms
16ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.9.0

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

abc9faa4970e07db7d506d6b2a98e4c86223be305c7541ced54ea2e15f99a76e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:54:27 GMT
server: nginx
etag: W/"2e7a-5e92c1794d6cb"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rbtools.min.js Show response
threatresearch.ext.hp.com/wp-content/plugins/revslider/public/assets/js/ 126 KB
46 KB 40ms
17ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.18

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

5c9203860ae657336596c738730f9d362e00bb9948a0f581fb074270c328e26b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:33:35 GMT
server: nginx
etag: W/"1f725-5e6a81213018e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rs6.min.js Show response
threatresearch.ext.hp.com/wp-content/plugins/revslider/public/assets/js/ 383 KB
93 KB 42ms
19ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.31

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

d048af27682e7811ddf8a3be2684b8446f5c16c4fb39141567913ac8aac28fc0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:33:35 GMT
server: nginx
etag: W/"5fa2e-5e6a81213018e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 general.js Show response
threatresearch.ext.hp.com/wp-content/plugins/thumbs-rating/js/ 2 KB
1 KB 65ms
42ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/thumbs-rating/js/general.js?ver=4.0.3

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

0a3364d1f00ceab070910d588e47e47a584e60e0dc2b235270195f8bbf5a36d1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Fri, 30 Apr 2021 02:10:54 GMT
server: nginx
etag: W/"6c2-5c1271f2f2c4c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 forms2.min.js Show response
threatresearch.ext.hp.com/wp-content/plugins/ultimate-marketo-forms/public/js/ 164 KB
54 KB 52ms
47ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/ultimate-marketo-forms/public/js/forms2.min.js?ver=1.0.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

de5ba330570616401d1840de0075059a65e62280b8d2524334be84290f43a4d7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Mon, 17 Dec 2018 17:45:47 GMT
server: nginx
etag: W/"29076-57d3b59d188c0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ult_marketo_forms-public.js Show response
threatresearch.ext.hp.com/wp-content/plugins/ultimate-marketo-forms/public/js/ 2 KB
1 KB 52ms
48ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/ultimate-marketo-forms/public/js/ult_marketo_forms-public.js?ver=1.0.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

4463996b808a043a2091ce400b56adcdb7407264272e6d2e389075e143e1c901

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Mon, 17 Dec 2018 17:45:47 GMT
server: nginx
etag: W/"6fb-57d3b59d188c0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 89ms
24ms Script
application/x-javascript 23.45.104.85
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js?ver=1.0.1
Requested by: Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.104.85 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-104-85.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Fri, 14 Oct 2022 20:19:01 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Sep 2022 01:18:39 GMT
Server: AkamaiNetStorage
ETag: "92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 728

GET
H2 200 wp3dcarousellightbox.js Show response
threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-3dcarousel/engine/ 120 KB
24 KB 65ms
43ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-3dcarousel/engine/wp3dcarousellightbox.js?ver=4.2C

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

a1323bcfc774c0eca14adb6af88eac4bf5a2f4ab1779f49a427e04704395f086

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Aug 2021 02:07:15 GMT
server: nginx
etag: W/"1df10-5ca80f13c4141"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wonderplugin3dcarousel.js Show response
threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-3dcarousel/engine/ 60 KB
11 KB 66ms
43ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-3dcarousel/engine/wonderplugin3dcarousel.js?ver=4.2C

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

568f1348a060326db6e1cf816b7beff8a5bf6ba2b57f3d11d58639ff969b6f3e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Aug 2021 02:07:15 GMT
server: nginx
etag: W/"f052-5ca80f13c5c9a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wonderpluginsliderskins.js Show response
threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-slider/engine/ 175 KB
7 KB 52ms
48ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-slider/engine/wonderpluginsliderskins.js?ver=13.4C

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

0c54a2b60a83d5b02034550c173617b744d53f0ba29d5747425f80f359d107c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:55:02 GMT
server: nginx
etag: W/"2bb6b-5e92c19b92c92"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wonderpluginslider.js Show response
threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-slider/engine/ 323 KB
51 KB 52ms
48ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wonderplugin-slider/engine/wonderpluginslider.js?ver=13.4C

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

c2b41a498e43fd7a47b985f4099dd1bcb6635550bd8ac0cbb4fa3d8c8099c802

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:55:02 GMT
server: nginx
etag: W/"50cc2-5e92c19b94bd3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 flatpickr.min.js Show response
threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 49 KB
14 KB 66ms
43ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

8c2230e1348d437f591bf23a319992999e4869ab9aef142861ae206b05ec1be4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:54:38 GMT
server: nginx
etag: W/"c570-5e92c1840ba15"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 select2.min.js Show response
threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/select2/ 69 KB
18 KB 66ms
43ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:54:38 GMT
server: nginx
etag: W/"114c3-5e92c1840298b"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 106 KB
42 KB 121ms
66ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-31745238-1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

44af15434fdaccbc4aa6895eaecd5f4f128eb8f270cbc95fe32b4cc89048a89f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42393
x-xss-protection: 0
last-modified: Fri, 14 Oct 2022 18:31:20 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 14 Oct 2022 20:19:01 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 83 KB
25 KB 148ms
34ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: 4120c62c25cd2f9d7f5155aaf84f772c08e18dd1be19e39ed0d866d3916bedce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:01 GMT
content-encoding: gzip
last-modified: Thu, 13 Oct 2022 16:15:20 GMT
server: ECS (frb/67D4)
age: 83042
etag: "21acccfd1edfd81:0+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
content-length: 25492

GET
H/1.1 200
OK privacy-banner.js Show response
hp.com/cma/ng/lib/exceptions/ 15 KB
8 KB 3643ms
149ms Script
text/javascript 15.73.192.108
HPINC

General

Check archive.org

Show headers Download Go to

Full URL

https://hp.com/cma/ng/lib/exceptions/privacy-banner.js

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

15.73.192.108 , United States, ASN11680 (HPINC, US),

Reverse DNS

hpphotosolutions.com

Software

Apache /

Resource Hash

f5d85763e1976cdb524069c423644c66fd5e7399a4a4c090c4d7d6e187c502e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Fri, 14 Oct 2022 20:19:05 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
ETag: "5e65fdd33e2c0"
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript
Cache-Control: max-age=7200
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 7992
Expires: Fri, 14 Oct 2022 22:19:05 GMT

GET
H2 200 BromiumBlog_Images_0010.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/05/ 2 MB
2 MB 66ms
44ms Image
image/jpeg 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2021/05/BromiumBlog_Images_0010.jpg

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

8b625a6ed2cfde39e761f2e9fc10ad83f2d4305c942471f911fcff9e4bb98808

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
content-length: 2094385
x-xss-protection: 1; mode=block
last-modified: Wed, 12 May 2021 10:25:17 GMT
server: nginx
etag: "1ff531-5c21f6d54bdd4"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 magniber_01.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/ 21 KB
22 KB 66ms
44ms Image
image/png 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_01.png

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

a26bbb2fb16ca3717c4690a816e25c43be2ad4fcb45adb878b3c98b6b01fbeb9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 21803
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Oct 2022 10:16:08 GMT
server: nginx
etag: "552b-5eae7cc429ae2"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 magniber_02.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/ 101 KB
102 KB 66ms
44ms Image
image/png 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_02.png

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

5a4f9b81ce5e4dc3bb3fa525cd250753923aa7474a9d5bbf8801048a3fb10c24

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 103785
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Oct 2022 10:16:10 GMT
server: nginx
etag: "19569-5eae7cc63c7b4"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 magniber_03.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/ 59 KB
59 KB 66ms
45ms Image
image/png 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_03.png

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

9db372bd5a5d506904ce7fda178ece352bfe33dd38292f8d398e613eb4a7968a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 60430
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Oct 2022 10:16:13 GMT
server: nginx
etag: "ec0e-5eae7cc8c862b"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 magniber_04.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/ 73 KB
73 KB 66ms
45ms Image
image/png 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_04.png

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

192a450bdc8200b9df998cd74c4295d01acd74430375452983b4de474375829d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 74370
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Oct 2022 10:08:56 GMT
server: nginx
etag: "12282-5eae7b28260d6"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 magniber_05.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/ 45 KB
45 KB 66ms
45ms Image
image/png 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_05.png

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

527d982dd4e2527fafe888adec2c719929a6476b2106952464a65ea02dee7893

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 46106
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Oct 2022 10:16:25 GMT
server: nginx
etag: "b41a-5eae7cd3c68f5"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 magniber_06.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/ 32 KB
32 KB 67ms
45ms Image
image/png 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_06.png

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

a81c390548502ac446b8c2eabdc6ea07a8bc43b23e206a9c232d3ceaef3cae9a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 32687
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Oct 2022 10:16:27 GMT
server: nginx
etag: "7faf-5eae7cd5e60eb"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 magniber_07.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/ 10 KB
10 KB 67ms
46ms Image
image/png 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_07.png

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

af810e2b2886d81e6225b34eb2391f15be48f95f5ce80bd04f7b25b6e15eb7c8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 9734
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Oct 2022 10:09:00 GMT
server: nginx
etag: "2606-5eae7b2ba1b86"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 magniber_08.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/ 18 KB
18 KB 67ms
46ms Image
image/png 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_08.png

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

5d9e229dde2a12fae04e5a3e85eb93f8ef6a7541c0384152901b4d9dec29ef29

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 18462
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Oct 2022 10:09:02 GMT
server: nginx
etag: "481e-5eae7b2d6d78a"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 magniber_09.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/ 84 KB
85 KB 67ms
46ms Image
image/png 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_09.png

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

a537306122d97954096b0591324fdc7f3d8b54a518b20e30714459b3584e6782

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 86034
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Oct 2022 10:16:38 GMT
server: nginx
etag: "15012-5eae7ce0c383b"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 magniber_10.png
threatresearch.ext.hp.com/wp-content/uploads/2022/10/ 52 KB
53 KB 67ms
47ms Image
image/png 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2022/10/magniber_10.png

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

f9060ef4ed91de78998d5f9b15592b736dd9b62f02ecae043dffd6ebca7dd894

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 53312
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Oct 2022 10:09:03 GMT
server: nginx
etag: "d040-5eae7b2ef8083"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 profile_img-150x150.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/01/ 8 KB
8 KB 68ms
47ms Image
image/jpeg 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2021/01/profile_img-150x150.jpg

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

6eb52a97833a253a404e06ef580bfc474b9883681a2e7abf223b1a9434201bae

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 8242
x-xss-protection: 1; mode=block
last-modified: Tue, 19 Jan 2021 12:52:40 GMT
server: nginx
etag: "2032-5b940505ef0ed"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 BromiumBlog_Images_0008.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/05/ 2 MB
2 MB 68ms
47ms Image
image/jpeg 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2021/05/BromiumBlog_Images_0008.jpg

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

0df6356a9dd9333fe8a139307f90de62efc5bba4dcb4e8007be03e596f4c2f77

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 2045815
x-xss-protection: 1; mode=block
last-modified: Wed, 12 May 2021 10:25:13 GMT
server: nginx
etag: "1f3777-5c21f6d12fcb2"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 blogImage__b6.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/05/ 2 MB
2 MB 68ms
48ms Image
image/jpeg 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2021/05/blogImage__b6.jpg

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

c85d4f64101e48851e2a89069e50aefd6aeb901c535c7aa39986903d4baf1353

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 2050865
x-xss-protection: 1; mode=block
last-modified: Wed, 12 May 2021 11:13:55 GMT
server: nginx
etag: "1f4b31-5c2201b3ceea5"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 blogImage__b9.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/05/ 2 MB
2 MB 68ms
48ms Image
image/jpeg 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2021/05/blogImage__b9.jpg

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

9a19f69eb87e131998e91350c4eb6f55a44de97614261b1af11694576949ac39

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 2098561
x-xss-protection: 1; mode=block
last-modified: Wed, 12 May 2021 11:13:43 GMT
server: nginx
etag: "200581-5c2201a89aceb"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 blogImage__b2.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/05/ 2 MB
2 MB 68ms
48ms Image
image/jpeg 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2021/05/blogImage__b2.jpg

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

d68605f97c0c27101ea06a1276a2e55c2bf65f0e07e8e0c11be145addde1344b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 2112187
x-xss-protection: 1; mode=block
last-modified: Wed, 12 May 2021 11:13:47 GMT
server: nginx
etag: "203abb-5c2201ac87831"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 blogImage_refresh_001.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/10/ 110 KB
110 KB 68ms
48ms Image
image/jpeg 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2021/10/blogImage_refresh_001.jpg

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

100c3577372983a9ae444d3a1fcecec6525dae128e75a396bf38bd23eb972c5c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 112333
x-xss-protection: 1; mode=block
last-modified: Thu, 28 Oct 2021 10:38:17 GMT
server: nginx
etag: "1b6cd-5cf674f0171cb"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 profile_img.jpg
threatresearch.ext.hp.com/wp-content/uploads/2021/01/ 15 KB
15 KB 68ms
49ms Image
image/jpeg 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatresearch.ext.hp.com/wp-content/uploads/2021/01/profile_img.jpg

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

08de3edfa1e71b1c4ddc7fde8cbdad1e98a05222d7fdf1f9321313d821d20cfa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 15350
x-xss-protection: 1; mode=block
last-modified: Tue, 19 Jan 2021 12:52:40 GMT
server: nginx
etag: "3bf6-5b940505b56fe"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 style.min.css
threatresearch.ext.hp.com/wp-includes/css/dist/block-library/ 87 KB
11 KB 16ms
15ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Thu, 21 Jul 2022 00:58:40 GMT
server: nginx
etag: W/"15b64-5e44637e5d7ae"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rs6.css
threatresearch.ext.hp.com/wp-content/plugins/revslider/public/assets/css/ 58 KB
12 KB 16ms
16ms Stylesheet
text/css 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.31

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

03e062c8df89efc8bb5788f310d45c12f7f1dbb2329bba5cc127292a14689429

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:00 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:33:35 GMT
server: nginx
etag: W/"e8bd-5e6a81212f9be"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 swiped-events.min.js Show response
threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/js/ 2 KB
1 KB 68ms
49ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/js/swiped-events.min.js?ver=1.1.4

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

db0fe819895d07af230d0f21f183ae4c9ecdec27664f004c6ac8844deaf55adc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:54:18 GMT
server: nginx
etag: W/"6e8-5e92c171557a2"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 imagesloaded.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/ 5 KB
2 KB 69ms
49ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Wed, 19 Aug 2020 23:51:51 GMT
server: nginx
etag: W/"15fd-5ad43b00c07ef"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 effect.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/jquery/ui/ 17 KB
7 KB 69ms
49ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/jquery/ui/effect.min.js?ver=1.13.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

5f030eda75a32de3b4f63e28a38e83642b8a723c84ae73bf3726b85cd411bfee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Thu, 23 Jun 2022 08:46:12 GMT
server: nginx
etag: W/"43b3-5e2197c5c3830"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ditty-news-ticker.min.js Show response
threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/js/ 14 KB
3 KB 69ms
50ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/ditty-news-ticker/legacy/inc/static/js/ditty-news-ticker.min.js?ver=3.0.28

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

9808e9a37df4741d8a212c739cae654d1e935e3d3f9251c9eef6be7bb24b1eab

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:54:18 GMT
server: nginx
etag: W/"362b-5e92c17155b8a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/js/ 18 KB
4 KB 69ms
50ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=4.1.4

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

c9f426305c9ba18d2b7594d3328050da20fa9db95661bd0af22c99c3ef90b101

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: HIT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-xss-protection: 1; mode=block
last-modified: Wed, 21 Sep 2022 08:54:38 GMT
server: nginx
etag: W/"494e-5e92c18409ad5"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 script.min.js Show response
threatresearch.ext.hp.com/wp-content/plugins/social-warfare/assets/js/ 21 KB
6 KB 69ms
50ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/social-warfare/assets/js/script.min.js?ver=4.3.0

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

824881cb24a4442381024afdf51da2932d717bb59cb549edc4cad3e00394bdce

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Aug 2021 01:59:25 GMT
server: nginx
etag: W/"550b-5ca80d536cbc9"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 new-tab.js Show response
threatresearch.ext.hp.com/wp-content/plugins/page-links-to/dist/ 24 KB
9 KB 69ms
50ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.6

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Wed, 19 Jan 2022 02:30:56 GMT
server: nginx
etag: W/"609e-5d5e62ce6cc0e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cssua.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 3 KB
2 KB 69ms
51ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/cssua.js?ver=2.1.28

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

daf181ab9ead5372eefb6fe5d87704d7abdbfa6c09e4c79a2a2f688c6fac5ada

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"d10-5e6a7fbfe067c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-animations.js Show response
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 2 KB
1 KB 69ms
51ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-animations.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

2e52dea09005063c3ff69fc36c11c7008b8efa5d4a97e38e7161ffaf0b0aedb6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:31:16 GMT
server: nginx
etag: W/"70c-5e6a809c5b5a7"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-vertical-menu-widget.js Show response
threatresearch.ext.hp.com/wp-content/plugins/fusion-core/js/min/ 1 KB
879 B 69ms
51ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/fusion-core/js/min/fusion-vertical-menu-widget.js?ver=5.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

93a897eedca2d924b738067a03528933e4eb07d4c2f78d65276b6576b7f4d370

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:32:30 GMT
server: nginx
etag: W/"572-5e6a80e32ce28"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 modernizr.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 18 KB
7 KB 69ms
51ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/modernizr.js?ver=3.3.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

072d2a46607c107cdd7f20d3e5410963b281151df62444ad775ade8361cfa6cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"4670-5e6a7fbfe0294"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 5 KB
2 KB 69ms
51ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion.js?ver=3.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

760fe5e9d4fdf4fe5962edc3926816d8051faf168aa36ea467cdf7a80e09ede2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"1281-5e6a7fbfdf2f3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.transition.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 741 B
786 B 69ms
52ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.transition.js?ver=3.3.6

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

bd6def1ae1509946499390f95acaa1fd39a76452c8312f165d2bc0b791c9e0ef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"2e5-5e6a7fbfe067c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.tooltip.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 11 KB
4 KB 69ms
52ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.tooltip.js?ver=3.3.5

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

23263a19c0dc4b29036a56f858a2b6f915ea0e415ed7c46071a071f170626c88

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"2a6e-5e6a7fbfe0294"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.modal.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 4 KB
2 KB 69ms
52ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.modal.js?ver=3.1.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

9a2d11b76feb7a9e531a9d055fae88e495017645e5c823a010c818a7744b2c45

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"f86-5e6a7fbfe067c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.requestAnimationFrame.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 695 B
759 B 70ms
52ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.requestAnimationFrame.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

980aba21181e373e49d5e2602223454f0bb78ccb263eabcfb850abb14ad8c904

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"2b7-5e6a7fbfdfeac"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.easing.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 2 KB
1 KB 70ms
52ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.easing.js?ver=1.3

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

c8c066c331d08eaf858338789a0499c5ad85cfc6325d7685ea8a9463750d8684

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"8eb-5e6a7fbfe067c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.fitvids.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 2 KB
1 KB 70ms
53ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.fitvids.js?ver=1.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

233cb2b905dec5df68df039e52e26980f674880fee51a8f6b7f75486760f1f3e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"6e7-5e6a7fbfdfeac"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.flexslider.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 22 KB
6 KB 70ms
53ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.flexslider.js?ver=2.7.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

f2d424362aca158ad49da19b48c212e687fbed93ece9fed06fcf8871f5f64c5f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"57ca-5e6a7fbfe067c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.ilightbox.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 81 KB
24 KB 70ms
53ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.ilightbox.js?ver=2.2.3

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

990f2544353261a345a25a88644c6b30411fdbb6163358bf8872787908e275e6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"14287-5e6a7fbfe0294"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.mousewheel.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 3 KB
1 KB 70ms
53ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.mousewheel.js?ver=3.0.6

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

cce83fa2c5096e414c0e32c9fc07ba011e2f4d67a51f9c4155651122329ec0dc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"a41-5e6a7fbfe0a64"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.placeholder.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 2 KB
1 KB 70ms
54ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.placeholder.js?ver=2.0.7

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

fa34de993dea91eb0120c3745378192fa1177ba8ec5772e08632318d1d5e1267

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"880-5e6a7fbfe0294"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.fade.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 1 KB
861 B 70ms
54ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.fade.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

836e98f92408ccb7250927acef9b494fbacc18678ef18888f835101557bddd37

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"48a-5e6a7fbfe067c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-equal-heights.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 1 KB
992 B 70ms
54ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-equal-heights.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

d3d1fc3b726f87e9440670838b6d33dc22ee1c854274724b27de90be75d1069c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"55b-5e6a7fbfdef0b"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-parallax.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 12 KB
3 KB 70ms
54ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-parallax.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

a1e265af7b140bf70ba7a061b8ddee61e32ced0c50d985f0b05cdfe061112cb5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"2ef3-5e6a7fbfdfeac"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-video-general.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 3 KB
1 KB 70ms
55ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-general.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

ea2dd31704608166bfd31e6c1b54027061ea568cd9aa1163656843a5907ac45d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"d31-5e6a7fbfdfeac"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-video-bg.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 4 KB
2 KB 70ms
55ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-bg.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

46af13bd348d946968c6bd1c844dccbca02856ecdcaa8dcb35969e99d1399562

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"1192-5e6a7fbfe0294"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-lightbox.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 7 KB
2 KB 70ms
55ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-lightbox.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

93d5f2281324f8a87ce2bdf811d8d1fd5ca4781618754a490a0fce0f166d479c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"1c46-5e6a7fbfdf2f3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-tooltip.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 849 B
742 B 71ms
55ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-tooltip.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

4ea735c25bb36d6130e169c43dd545f9ab091b791672b1538046ebedef3308f6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"351-5e6a7fbfdf2f3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-sharing-box.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 945 B
755 B 71ms
55ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-sharing-box.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

45a6eea93903fe37410887ca5eb4605572ecfaf1968387365ec9ed9331a36487

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"3b1-5e6a7fbfdf6dc"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.sticky-kit.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 6 KB
2 KB 71ms
56ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.sticky-kit.js?ver=1.1.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

19e2b8ef435756c4dc18bc450f4ec0fbe6db2ceb7b99a7d656877bc49eb342ec

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"17d5-5e6a7fbfe067c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-youtube.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 4 KB
2 KB 71ms
56ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-youtube.js?ver=2.2.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

828ef7357ef25a04a505c7f21b1418620b4c13faec1ac0d562e2127400c751fb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"10c3-5e6a7fbfe0a64"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 vimeoPlayer.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 16 KB
6 KB 71ms
56ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/vimeoPlayer.js?ver=2.2.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

501c8b7edd85aa5b93a52254d40cf04d754018292b113caf7f76441701d30a0a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"40bd-5e6a7fbfe0294"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-general-footer.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/ 413 B
626 B 71ms
56ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-general-footer.js?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

61e7bb6d0210c308eb1f6153f18b4063eb715fde885b7d20b4d209d3fcb5a217

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"19d-5e6a7fbfa8bcb"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-quantity.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/ 2 KB
1 KB 71ms
57ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-quantity.js?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

893ed74f27210911877234fad64cae770cf4af4b2b9b2c75b80d401c43f281d1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"7b6-5e6a7fbfa939b"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-crossfade-images.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/ 418 B
627 B 71ms
57ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-crossfade-images.js?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

80e9a74251b9a8f1f7e72a0ea7cbd8905e4777b931e92b09f545087161fa0b37

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"1a2-5e6a7fbfa8fb3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-select.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/ 886 B
754 B 71ms
57ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-select.js?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

bf3722b93fa395dc556c14f331f86a9d5e31fa813e46f0cfcb8afd19fae33034

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"376-5e6a7fbfa8bcb"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-tabs-widget.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/ 503 B
668 B 71ms
57ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-tabs-widget.js?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

6afaae08a9346fc9ca891d0d80f8483905c1421bca9f918506150566d3912e9a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"1f7-5e6a7fbfa9783"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-rev-styles.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/ 3 KB
975 B 71ms
57ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-rev-styles.js?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

68bec0121363230f259b5abcfe8287100777c0e3b3d7bfb619d18273a6aa4728

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"ad6-5e6a7fbfa8fb3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.elasticslider.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/library/ 4 KB
2 KB 71ms
58ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/library/jquery.elasticslider.js?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

11f4df8462b2edc6add3928ab5f30dcab77f69c29c0e175b1888f4cb6275823c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"11c1-5e6a7fbfa9783"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-live-search.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/ 3 KB
1 KB 71ms
58ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-live-search.js?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

c9bf057820b3b0223c468e08beb0d41a12b451e224308149bc05f0d4a607fcab

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"bfd-5e6a7fbfa8fb3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-alert.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 260 B
618 B 71ms
58ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-alert.js?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

eb6481e44617b3e40d345b2df5e20965503b4ab87c9346a43894f93a601ccde7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"104-5e6a7fbfdf2f3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 awb-off-canvas.js Show response
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 12 KB
4 KB 71ms
58ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/awb-off-canvas.js?ver=3.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

d8c519e27f603a4eb131526c2a93cdade281348b8efc845a1007e9a29ffdfef4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:31:16 GMT
server: nginx
etag: W/"3149-5e6a809c5bd77"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-flexslider.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 6 KB
2 KB 72ms
58ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-flexslider.js?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

cb56816d72e7289b2aab8ba19bd1bdb4708cbbc7e70d7f38f9138a4dd10215a5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"195e-5e6a7fbfdf6dc"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-column-legacy.js Show response
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 2 KB
838 B 72ms
59ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-column-legacy.js?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

bc7b145a0eb35703d5ce10b9204920b9d09e4454bc2288addc9ed5142862f9cd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:31:16 GMT
server: nginx
etag: W/"619-5e6a809c5b98f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.textillate.js Show response
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/library/ 6 KB
2 KB 72ms
59ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/library/jquery.textillate.js?ver=2.0

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

e8b416c2f2a14bb138209a5ce434802a742d3de53ce668445485e5423efa1fb2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:31:16 GMT
server: nginx
etag: W/"1717-5e6a809c5c92f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-title.js Show response
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 4 KB
2 KB 72ms
59ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-title.js?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

fb84c55756f2946fd5d5c6c6d3f7a62079c1d7a7123b6c817832835e82b3270c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:31:16 GMT
server: nginx
etag: W/"e85-5e6a809c5bd77"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-modal.js Show response
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 3 KB
1 KB 72ms
59ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-modal.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

0e19faf0a539d09a276473d2e2b1604a7343e56557f1c1b06b3c6f227ac4db9c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:31:16 GMT
server: nginx
etag: W/"a92-5e6a809c5b98f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-container.js Show response
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 16 KB
3 KB 72ms
60ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-container.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

65347e16a9383e200a2e32223e7471f8add0c899f24ddee20bca454c6f7de583

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:31:16 GMT
server: nginx
etag: W/"3e81-5e6a809c5b5a7"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-elastic-slider.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/ 565 B
661 B 72ms
60ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-elastic-slider.js?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

3647d841b21197b1efa74e92c861a3bf4cebef0f9a33f5a4c0ea276d74c768b0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"235-5e6a7fbfa8bcb"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-drop-down.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/ 6 KB
1 KB 72ms
60ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-drop-down.js?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

579683e317a76a9a6758e42680b394e80957cbdd2863c25abac9a875852abfc7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"17b6-5e6a7fbfa8bcb"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-to-top.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/ 1017 B
865 B 72ms
60ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-to-top.js?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

2b2c2f9810fbe4d8643c2f6b9359daa7dd67b78cffa63e6746202c76d068547e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"3f9-5e6a7fbfa8bcb"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-header.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/ 31 KB
4 KB 72ms
61ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-header.js?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

80669a9bb1655e529ea0f150945f879706df8fc3957bc1c02d07cdbb6862f60b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"7d2b-5e6a7fbfa8fb3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-menu.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/ 39 KB
7 KB 73ms
61ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-menu.js?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

11181d395c0be8cd6705515ab1e773e64dadf2eb342badf535ebe21d3825897f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"9ac5-5e6a7fbfa8fb3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.scrollspy.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/library/ 3 KB
1 KB 73ms
61ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/library/bootstrap.scrollspy.js?ver=3.3.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

5c569522330e4e6b040229701ae98650839c5baa9912e15f821ffef8341187f5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"a9a-5e6a7fbfa9783"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-scrollspy.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/ 845 B
756 B 73ms
61ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/assets/min/js/general/avada-scrollspy.js?ver=7.8.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

b66b53112e230d6a90572fd4af0506b89a3021fedad6e9395ad85dc7a3b32094

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:24 GMT
server: nginx
etag: W/"34d-5e6a7fbfa8bcb"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-responsive-typography.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 3 KB
1 KB 73ms
62ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-responsive-typography.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

4cb4122592bfa905b2f19c491d0beb0f47a6e609694998e2f002e5e5d403b521

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"dd8-5e6a7fbfdf2f3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-scroll-to-anchor.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 6 KB
2 KB 73ms
62ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-scroll-to-anchor.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

0925ff0405f3cdb2fa37bbd7fe7431e77451c294cf8b2e28c9497a18dc7894a9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"17bf-5e6a7fbfdef0b"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-general-global.js Show response
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 496 B
663 B 73ms
62ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-general-global.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

709432d669fa084fba23a097defbdecc8097a07717c30ac6f915314bf2a05933

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: W/"1f0-5e6a7fbfdf2f3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-video.js Show response
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 2 KB
1 KB 73ms
62ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-video.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

9a0a34bc67f5d3623591214473ac2d449be18a8ce1cb5e531b185ef22a09b31f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:31:16 GMT
server: nginx
etag: W/"815-5e6a809c5bd77"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-column.js Show response
threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 1 KB
849 B 73ms
63ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-column.js?ver=1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

0db4581da25e31921f01cc132b22a55b140c1b6e4291dbe0b74e18cbc1499b54

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:31:16 GMT
server: nginx
etag: W/"42a-5e6a809c5c15f"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 core.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/jquery/ui/ 20 KB
7 KB 73ms
63ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

240b702419d6c39ecc4896f0132ccfc9bc517e9aef0c782d99580e0c678b47d5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Thu, 23 Jun 2022 08:46:12 GMT
server: nginx
etag: W/"50eb-5e2197c5c3c18"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 datepicker.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/jquery/ui/ 36 KB
11 KB 73ms
63ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.13.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

2e65f5c3b3b4c402074c19dee3d24d6bc02a8a86b19c8c992a4a6e78b254b2cd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Thu, 23 Jun 2022 08:46:12 GMT
server: nginx
etag: W/"8f87-5e2197c5c3830"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mouse.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/jquery/ui/ 3 KB
1 KB 73ms
63ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

7c4dcab706e6bf67c64df89d3f5e137cb19efa293771613f511aff1ad563a6df

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Thu, 23 Jun 2022 08:46:12 GMT
server: nginx
etag: W/"d53-5e2197c5c3060"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 slider.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/jquery/ui/ 10 KB
3 KB 73ms
63ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/jquery/ui/slider.min.js?ver=1.13.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

7ce6eb9cd7f07b424c34ee977214503668ae5e137d07b3fe0a37373e57686ebf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Thu, 23 Jun 2022 08:46:12 GMT
server: nginx
etag: W/"29ff-5e2197c5c3448"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.ui.touch-punch.js Show response
threatresearch.ext.hp.com/wp-includes/js/jquery/ 1 KB
975 B 73ms
64ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/jquery/jquery.ui.touch-punch.js?ver=0.2.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

196bed4faf0fe38b89a496b1f41319b2a8077263f85819f8ad42933e0a2e2e52

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Mon, 17 Dec 2018 17:45:39 GMT
server: nginx
etag: W/"49b-57d3b595776c0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mediaelement-and-player.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/mediaelement/ 154 KB
35 KB 73ms
64ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

443ba0af7a7ed827223c7fb3c008c02b9ff1d651b6492e9c270378b07d9f6008

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Fri, 30 Apr 2021 03:10:53 GMT
server: nginx
etag: W/"267aa-5c127f5aab83a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mediaelement-migrate.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/mediaelement/ 1 KB
944 B 75ms
66ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Thu, 23 Jun 2022 08:46:12 GMT
server: nginx
etag: W/"4a7-5e2197c5c7e81"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-mediaelement.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/mediaelement/ 906 B
858 B 76ms
66ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

3e6131330963c472b950b8aaf544ba3829735b8ccb103d614ba7793e3a786550

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Fri, 30 Apr 2021 03:10:53 GMT
server: nginx
etag: W/"38a-5c127f5aab452"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 underscore.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/ 18 KB
7 KB 76ms
67ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/underscore.min.js?ver=1.13.3

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

0da4791b446818516f710c51707081aec7b23a7c5212fc0b2629c973210136a4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Thu, 23 Jun 2022 08:46:12 GMT
server: nginx
etag: W/"49df-5e2197c5c18ef"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-util.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/ 1 KB
1 KB 76ms
67ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/wp-util.min.js?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

b8e78b48acc08ce31457aff168d6fb2c814d51a8739a97693cdba585d60f5b35

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Fri, 27 Aug 2021 03:00:41 GMT
server: nginx
etag: W/"53c-5ca81b05c16fb"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 backbone.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/ 23 KB
8 KB 76ms
67ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/backbone.min.js?ver=1.4.1

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

146a1dd527f3be2370720144eb77fb0d4213e4e0c7fe51ee5d46a1dbf08ca84b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Thu, 23 Jun 2022 08:46:12 GMT
server: nginx
etag: W/"5d79-5e2197c5c3c18"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-playlist.min.js Show response
threatresearch.ext.hp.com/wp-includes/js/mediaelement/ 3 KB
1 KB 76ms
67ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-includes/js/mediaelement/wp-playlist.min.js?ver=6.0.2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

da360ca7e83587e1bd7c15be023c50be227e22ac5322d0b405585ddd4d542952

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Tue, 17 Dec 2019 03:59:47 GMT
server: nginx
etag: W/"d67-599de5bea5467"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 views-frontend.js Show response
threatresearch.ext.hp.com/wp-content/plugins/wp-views/public/js/ 76 KB
13 KB 76ms
68ms Script
application/javascript 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/plugins/wp-views/public/js/views-frontend.js?ver=3.6.3

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

14d05a8eaa240594562514e267d5dc4578cbb84a27b020345334c2a335fa2242

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-proxy-cache: MISS
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
content-encoding: br
x-proxy-cache-info: 0 NC:000000 UP:
x-sucuri-cache: HIT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-xss-protection: 1; mode=block
last-modified: Thu, 19 May 2022 22:31:36 GMT
server: nginx
etag: W/"1316a-5df64efcc5cb0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 106ms
28ms Script
application/x-javascript 23.45.104.85
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.104.85 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-104-85.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Fri, 14 Oct 2022 20:19:01 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Sep 2022 01:18:39 GMT
Server: AkamaiNetStorage
ETag: "92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 728

GET
H2 200 awb-icons.woff
threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/ 20 KB
20 KB 67ms
67ms Font
font/woff 192.124.249.59
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://threatresearch.ext.hp.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/awb-icons.woff

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.59 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10059.sucuri.net

Software

nginx /

Resource Hash

370c8c8b69b06cb4193000e87c36d9efb2d55dcf1ef270cdea0ecc47d1aa3a61

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Origin: https://threatresearch.ext.hp.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires: Thu, 31 Dec 2037 23:55:55 GMT
date: Fri, 14 Oct 2022 20:19:01 GMT
content-security-policy: upgrade-insecure-requests;
x-content-type-options: nosniff
x-sucuri-cache: HIT
host-header: 8441280b0c35cbc1147f8ba998a563a7
content-length: 20336
x-xss-protection: 1; mode=block
last-modified: Sat, 20 Aug 2022 08:27:25 GMT
server: nginx
etag: "4f70-5e6a7fbfddb83"
x-frame-options: SAMEORIGIN
content-type: font/woff
access-control-allow-origin: *
x-httpd: 1
cache-control: max-age=315360000
x-sucuri-id: 15009
accept-ranges: bytes
x-proxy-cache: HIT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ 13 KB
13 KB 64ms
24ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatresearch.ext.hp.com/
Origin: https://threatresearch.ext.hp.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 16:24:40 GMT
x-content-type-options: nosniff
age: 273261
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Oct 2023 16:24:40 GMT

GET
H2 200 Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2
fonts.gstatic.com/s/josefinsans/v25/ 26 KB
26 KB 26ms
18ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/josefinsans/v25/Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3701f4ae604d8fccb4ddca393e076a456aebfb06c1a9d94c1c13089293f55716

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatresearch.ext.hp.com/
Origin: https://threatresearch.ext.hp.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 15:47:51 GMT
x-content-type-options: nosniff
age: 102670
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26592
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:56:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Oct 2023 15:47:51 GMT

GET
H2 200 clientlib-hf-fontface.f1fd8c989ac7be868d381a8c81046d13.css
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlibs-fonts/us/en/ 2 KB
609 B 83ms
82ms Stylesheet
text/css 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlibs-fonts/us/en/clientlib-hf-fontface.f1fd8c989ac7be868d381a8c81046d13.css

Requested by

Host: www8.hp.com
URL: https://www8.hp.com/us/en/scripts/framework/jquery/v-1-8/jquery.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-122-24-60.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

89f36cfc523365e8e04be143bfc8c74d3775a0eb3caf5993fa23832c227f66c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-dispatcher: dispatcher1eastus2
date: Fri, 14 Oct 2022 20:19:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: globalnav
content-length: 326
last-modified: Thu, 06 Oct 2022 16:16:24 GMT
server: Apache
etag: "983-5ea6003bc8600-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=445093
accept-ranges: bytes
expires: Wed, 19 Oct 2022 23:57:14 GMT

GET
H2 200 clientlib-hpi-hf-r-css.f1fd8c989ac7be868d381a8c81046d13.css
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/ 99 KB
13 KB 87ms
86ms Stylesheet
text/css 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.f1fd8c989ac7be868d381a8c81046d13.css

Requested by

Host: www8.hp.com
URL: https://www8.hp.com/us/en/scripts/framework/jquery/v-1-8/jquery.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-122-24-60.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

4e620643345f952994fb284b328e186fa2c7fac3b4f45ebcf2b9fad38376baba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-dispatcher: dispatcher1eastus2
date: Fri, 14 Oct 2022 20:19:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: globalnav
content-length: 12626
last-modified: Thu, 06 Oct 2022 16:16:22 GMT
server: Apache
etag: "18c0a-5ea60039e0180-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=445065
accept-ranges: bytes
expires: Wed, 19 Oct 2022 23:56:46 GMT

GET
H2 200 clientlib-hf-js.498cc085410eb250e8baf0bfb30a966e.js Show response
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/ 165 KB
37 KB 91ms
91ms Script
application/javascript 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hf-js.498cc085410eb250e8baf0bfb30a966e.js

Requested by

Host: www8.hp.com
URL: https://www8.hp.com/us/en/scripts/framework/jquery/v-1-8/jquery.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-122-24-60.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

4d96f425504cc4fe41bd1e2db4f6d6920d7734def158bca7be95f919a0e9d849

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-dispatcher: dispatcher1westus2
date: Fri, 14 Oct 2022 20:19:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: globalnav
content-length: 37486
last-modified: Thu, 06 Oct 2022 16:15:18 GMT
server: Apache
etag: "295d8-5ea5fffcd7180-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=444094
accept-ranges: bytes
expires: Wed, 19 Oct 2022 23:40:35 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 459 KB
108 KB 64ms
32ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PDHM2PK

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d4b731780a88b0460aaf90b4066295ab0fe28376547d5a843f5d66b00d958a62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 110946
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 14 Oct 2022 20:19:01 GMT

GET
H2 200 Group%2011990@2x.png
www.hp.com/content/dam/sites/worldwide/dems/search/support/ 983 B
1 KB 45ms
43ms Image
image/png 2a02:26f0:1700:11::b856:6799
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hp.com/content/dam/sites/worldwide/dems/search/support/Group%2011990@2x.png

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:11::b856:6799 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

0a4e5a184816d1a7d02aef64b08929cdc9e75657382b77aeeb7fa5decd975dd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=600
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:01 GMT
strict-transport-security: max-age=600
last-modified: Wed, 31 Aug 2022 20:19:29 GMT
x-serial: 1341
server: Akamai Image Manager
x-check-cacheable: YES
akamai-grn: , , , 0.996656b8.1665778741.18282093
etag: "9cd-5e78d541ac9c0"
x-frame-options: SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
content-type: image/png
cache-control: private, no-transform, max-age=49232
content-length: 983
expires: Sat, 15 Oct 2022 09:59:33 GMT

GET
H2 200 Group%2011991@2x.png
www.hp.com/content/dam/sites/worldwide/dems/search/support/ 921 B
1 KB 63ms
61ms Image
image/png 2a02:26f0:1700:11::b856:6799
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hp.com/content/dam/sites/worldwide/dems/search/support/Group%2011991@2x.png

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:11::b856:6799 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

b16f7ee66e29b27d1f14719cefc0e67211523787cc1729be52322583175d0cec

Security Headers

Name	Value
Strict-Transport-Security	max-age=600
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:01 GMT
strict-transport-security: max-age=600
last-modified: Wed, 31 Aug 2022 20:37:49 GMT
server: Akamai Image Manager
akamai-grn: , 0.996656b8.1665778741.182820c1
etag: "992-5e78d540b8780"
x-frame-options: SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
content-type: image/png
cache-control: private, no-transform, max-age=48131
content-length: 921
expires: Sat, 15 Oct 2022 09:41:12 GMT

GET
H2 200 Group%2011992@2x.png
www.hp.com/content/dam/sites/worldwide/dems/search/support/ 1023 B
1 KB 72ms
70ms Image
image/png 2a02:26f0:1700:11::b856:6799
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hp.com/content/dam/sites/worldwide/dems/search/support/Group%2011992@2x.png

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:11::b856:6799 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

04b7e0e82e49247408274fb7bb56b942d8d3e5b8233fe00590b22411e390d237

Security Headers

Name	Value
Strict-Transport-Security	max-age=600
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:01 GMT
strict-transport-security: max-age=600
last-modified: Wed, 31 Aug 2022 20:26:51 GMT
x-serial: 448
server: Akamai Image Manager
x-check-cacheable: YES
akamai-grn: , , 0.996656b8.1665778741.182820ea
etag: "9ff-5e78d540b8780"
x-frame-options: SAMEORIGIN, SAMEORIGIN, SAMEORIGIN
content-type: image/png
cache-control: private, no-transform, max-age=48788
content-length: 1023
expires: Sat, 15 Oct 2022 09:52:09 GMT

GET
H2 200 black-logo-hp.png
www8.hp.com/content/dam/sites/worldwide/galactic-nav/ 894 B
1 KB 93ms
92ms Image
image/webp 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www8.hp.com/content/dam/sites/worldwide/galactic-nav/black-logo-hp.png
Requested by: Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-122-24-60.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: 3ff29527b86595610b0b3281abfbf51f6e38c7d9c1afa8e877ea993a2e8cd799

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:01 GMT
last-modified: Fri, 07 Oct 2022 09:18:13 GMT
server: Akamai Image Manager
etag: "111e-5d9418d94e3c0"
content-type: image/webp
cache-control: private, no-transform, max-age=77877
content-length: 894
expires: Sat, 15 Oct 2022 17:56:58 GMT

GET
H2 200 z-by-hp-new.png
www8.hp.com/content/dam/sites/worldwide/galactic-nav/ 584 B
771 B 104ms
102ms Image
image/png 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www8.hp.com/content/dam/sites/worldwide/galactic-nav/z-by-hp-new.png
Requested by: Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-122-24-60.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: a3bee7ffc1e0104eef9846229b8d875f7125fcbb23fc6930ef2f830c28741bbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:01 GMT
last-modified: Sun, 17 Jul 2022 13:09:43 GMT
server: Akamai Image Manager
etag: "88f-5d5e04edc3c00"
content-type: image/png
cache-control: private, no-transform, max-age=11968
content-length: 584
expires: Fri, 14 Oct 2022 23:38:29 GMT

GET
H2 200 OMEN-logo3.png
www8.hp.com/content/dam/sites/worldwide/galactic-nav/ 1 KB
2 KB 104ms
103ms Image
image/png 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www8.hp.com/content/dam/sites/worldwide/galactic-nav/OMEN-logo3.png
Requested by: Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-122-24-60.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: 5dc4132c6d0e42b159c7574181aaa98129b445c3f9569548c61d36873f8d23b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:01 GMT
last-modified: Sat, 11 Jun 2022 18:41:51 GMT
server: Akamai Image Manager
etag: "16b5-5d4dabdfd33c0"
content-type: image/png
cache-control: private, no-transform, max-age=19751
content-length: 1396
expires: Sat, 15 Oct 2022 01:48:12 GMT

GET
H2 200 HYPER-X-logo7.png
www8.hp.com/content/dam/sites/worldwide/galactic-nav/ 3 KB
3 KB 105ms
104ms Image
image/webp 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www8.hp.com/content/dam/sites/worldwide/galactic-nav/HYPER-X-logo7.png
Requested by: Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-122-24-60.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: 68a1b82779788f93c7b77702d5fef83c9f8dfc089f72beb4d7629f5d4ade180b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:01 GMT
last-modified: Wed, 05 Jan 2022 19:18:10 GMT
server: Akamai Image Manager
etag: "2dcc-5d4da979a8ac0"
content-type: image/webp
cache-control: private, no-transform, max-age=38058
content-length: 3126
expires: Sat, 15 Oct 2022 06:53:19 GMT

GET
H2 200 arize-hp-logo2.png
www8.hp.com/content/dam/sites/worldwide/galactic-nav/ 2 KB
2 KB 144ms
143ms Image
image/webp 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www8.hp.com/content/dam/sites/worldwide/galactic-nav/arize-hp-logo2.png
Requested by: Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-122-24-60.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: a75e8ab5771af0ea36e62f66d3edbe0ec14657b04e87bf99a46a891e652c1add

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:01 GMT
last-modified: Tue, 02 Aug 2022 22:01:00 GMT
server: Akamai Image Manager
etag: "1bb2-5d58fff4f9b00"
content-type: image/webp
cache-control: private, no-transform, max-age=75736
content-length: 2330
expires: Sat, 15 Oct 2022 17:21:17 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/162/ 11 KB
5 KB 76ms
76ms Script
application/x-javascript 23.45.104.85
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/162/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js?ver=1.0.1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.104.85 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-104-85.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Fri, 14 Oct 2022 20:19:01 GMT
Content-Encoding: gzip
Last-Modified: Fri, 01 Jul 2022 00:59:12 GMT
Server: AkamaiNetStorage
ETag: "75daf56f6191efe42577301908659c29:1656637152.894482"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4677
Expires: Sun, 22 Jan 2023 20:19:01 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 55ms
15ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-197588716-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 14 Oct 2022 19:01:59 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 4623
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Fri, 14 Oct 2022 21:01:59 GMT

GET
H2 200 HPSimplifiedRegular.woff
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlibs-fonts/clientlib-hf-fontface-core/resources/fonts/ 44 KB
43 KB 121ms
32ms Font
application/x-font-woff 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlibs-fonts/clientlib-hf-fontface-core/resources/fonts/HPSimplifiedRegular.woff

Requested by

Host: www8.hp.com
URL: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlibs-fonts/us/en/clientlib-hf-fontface.f1fd8c989ac7be868d381a8c81046d13.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-122-24-60.deploy.static.akamaitechnologies.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2 /

Resource Hash

24719977091e8bcc0071cf9d6515c874e8c2f1b96695367c1141aeba7710e1c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlibs-fonts/us/en/clientlib-hf-fontface.f1fd8c989ac7be868d381a8c81046d13.css
Origin: https://threatresearch.ext.hp.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-dispatcher: dispatcher1eastus2
date: Fri, 14 Oct 2022 20:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: globalnav
content-length: 43688
last-modified: Mon, 17 Aug 2020 19:53:29 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2
etag: "af90-5ad181fddc040-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-font-woff
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 15 Oct 2022 20:19:02 GMT

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
332 B 16ms
16ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=ad48c3c3759e4f42c5a5d96cd7ea1ba0&_biz_s=46a1cd&_biz_l=https%3A%2F%2Fthreatresearch.ext.hp.com%2Fmagniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates%2F&_biz_t=1665778741999&_biz_i=Magniber%20Ransomware%20Adopts%20JavaScript%2C%20Targeting%20Home%20Users%20with%20Fake%20Software%20Updates%20%7C%20HP%20Wolf%20Security&_biz_n=0&rnd=161223&cdn_o=a&_biz_z=1665778742001
Requested by: Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6760) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Oct 2022 20:19:02 GMT
last-modified: Wed, 12 Oct 2022 14:12:06 GMT
server: ECS (frb/6760)
age: 194816
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
202 B 39ms
18ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=ad48c3c3759e4f42c5a5d96cd7ea1ba0&_biz_s=46a1cd&_biz_l=https%3A%2F%2Fthreatresearch.ext.hp.com%2Fmagniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates%2F&_biz_t=1665778742003&_biz_i=Magniber%20Ransomware%20Adopts%20JavaScript%2C%20Targeting%20Home%20Users%20with%20Fake%20Software%20Updates%20%7C%20HP%20Wolf%20Security&rnd=228507&cdn_o=a&_biz_z=1665778742003
Requested by: Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C2) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Oct 2022 20:19:02 GMT
last-modified: Thu, 13 Oct 2022 23:58:34 GMT
server: ECS (frb/67C2)
age: 73228
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 privacy-banner.js Show response
www.hp.com/cma/ng/lib/exceptions/ 15 KB
8 KB 49ms
49ms Script
text/javascript 2a02:26f0:1700:11::b856:6799
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hp.com/cma/ng/lib/exceptions/privacy-banner.js

Requested by

Host: www8.hp.com
URL: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hf-js.498cc085410eb250e8baf0bfb30a966e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:11::b856:6799 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

f5d85763e1976cdb524069c423644c66fd5e7399a4a4c090c4d7d6e187c502e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=600
server: Apache
akamai-grn: , , 0.996656b8.1665778742.18282339
etag: "5e65fdd33e2c0"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=7200
accept-ranges: bytes
content-length: 7992
expires: Fri, 14 Oct 2022 22:19:02 GMT

GET
H2 200 newhplogo.ttf
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/ 1 KB
1 KB 97ms
62ms Font
application/x-font-ttf 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/newhplogo.ttf

Requested by

Host: www8.hp.com
URL: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.f1fd8c989ac7be868d381a8c81046d13.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-122-24-60.deploy.static.akamaitechnologies.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2 /

Resource Hash

d075070aee6fff82f826766497e5141a38f5ae89ec2d91600c7ba9da58191e35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.f1fd8c989ac7be868d381a8c81046d13.css
Origin: https://threatresearch.ext.hp.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-dispatcher: dispatcher1eastus2
date: Fri, 14 Oct 2022 20:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: globalnav
content-length: 737
last-modified: Thu, 01 Oct 2020 18:02:05 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2
etag: "4c0-5b09fd053e140-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 15 Oct 2022 20:19:02 GMT

POST
H/1.1 200
OK visitWebPage
497-itq-712.mktoresp.com/webevents/ 2 B
318 B 516ms
110ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://497-itq-712.mktoresp.com/webevents/visitWebPage?_mchNc=1665778742045&_mchCn=&_mchId=497-ITQ-712&_mchTk=_mch-hp.com-1665778742044-21519&_mchHo=threatresearch.ext.hp.com&_mchPo=&_mchRu=%2Fmagniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates%2F&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Fri, 14 Oct 2022 20:19:02 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: afb18f52-2b29-4427-a948-1dd2ea9a4fda

GET
H2 200 united_states.gif
www8.hp.com/content/dam/hpit-aem-globalnav/flags/ 296 B
488 B 40ms
38ms Image
image/webp 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www8.hp.com/content/dam/hpit-aem-globalnav/flags/united_states.gif
Requested by: Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-122-24-60.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: 848f5ae901a6db38f9cdb30ad9d2908962b6bad10c6ca2239cc9e5c73040fb2b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:02 GMT
last-modified: Tue, 06 Oct 2020 21:30:45 GMT
server: Akamai Image Manager
etag: "253-5ad18c2b4c340"
content-type: image/webp
access-control-allow-origin: *
cache-control: private, no-transform, max-age=43200
content-length: 296
expires: Sat, 15 Oct 2022 08:19:02 GMT

GET
H2 200 footericons.woff
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/ 8 KB
4 KB 62ms
61ms Font
application/x-font-woff 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/footericons.woff

Requested by

Host: www8.hp.com
URL: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.f1fd8c989ac7be868d381a8c81046d13.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-122-24-60.deploy.static.akamaitechnologies.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2 /

Resource Hash

140b71e7ee1bc50ac88eacc4d1baf755e3799a112cfc8e1dae02ae0f14f26ead

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.f1fd8c989ac7be868d381a8c81046d13.css
Origin: https://threatresearch.ext.hp.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-dispatcher: dispatcher1eastus2
date: Fri, 14 Oct 2022 20:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: globalnav
content-length: 3860
last-modified: Mon, 17 Aug 2020 19:53:28 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2
etag: "2088-5ad181fce7e00-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-font-woff
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 15 Oct 2022 20:19:02 GMT

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 84 B
386 B 127ms
126ms Script
text/javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=ad48c3c3759e4f42c5a5d96cd7ea1ba0&_biz_h=-1906410348&cdn_o=a&jsVer=4.22.08.11
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6711) /
Resource Hash: 6d22e660ead72f14b0aa8e3dfc8de1da35f17e3559b489e00692f15f50faa1a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-type: text/javascript; charset=utf-8
date: Fri, 14 Oct 2022 20:19:01 GMT
cache-control: private, must-revalidate, max-age=21600
server: ECS (frb/6711)
etag: EFEDFBC3
content-length: 84
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 54ms
22ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=938823424&t=pageview&_s=1&dl=https%3A%2F%2Fthreatresearch.ext.hp.com%2Fmagniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates%2F&ul=en-us&de=UTF-8&dt=Magniber%20Ransomware%20Adopts%20JavaScript%2C%20Targeting%20Home%20Users%20with%20Fake%20Software%20Updates%20%7C%20HP%20Wolf%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=920515402&gjid=1664646083&cid=1873515711.1665778742&tid=UA-197588716-1&_gid=665091566.1665778742&_r=1&gtm=2ouaa0&did=dZGIzZG&gdid=dZGIzZG&z=1224104443

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatresearch.ext.hp.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 14 Oct 2022 20:19:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatresearch.ext.hp.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 50ms
22ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=938823424&t=pageview&_s=1&dl=https%3A%2F%2Fthreatresearch.ext.hp.com%2Fmagniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates%2F&ul=en-us&de=UTF-8&dt=Magniber%20Ransomware%20Adopts%20JavaScript%2C%20Targeting%20Home%20Users%20with%20Fake%20Software%20Updates%20%7C%20HP%20Wolf%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAACAAI~&jid=1753114807&gjid=1085514051&cid=1873515711.1665778742&tid=UA-31745238-1&_gid=665091566.1665778742&_r=1&gtm=2ouaa0&did=dZGIzZG&gdid=dZGIzZG&z=72624447

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatresearch.ext.hp.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 14 Oct 2022 20:19:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatresearch.ext.hp.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 latest_icons.woff
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/ 1 KB
1 KB 505ms
505ms Font
application/x-font-woff 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/latest_icons.woff

Requested by

Host: www8.hp.com
URL: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.f1fd8c989ac7be868d381a8c81046d13.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-122-24-60.deploy.static.akamaitechnologies.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2 /

Resource Hash

7a156f2f864432042b65e6a619f067bca03c7eaf855a7dcce14166f2f77a3487

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.f1fd8c989ac7be868d381a8c81046d13.css
Origin: https://threatresearch.ext.hp.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-dispatcher: dispatcher2eastus2
date: Fri, 14 Oct 2022 20:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: globalnav
content-length: 839
last-modified: Mon, 17 Aug 2020 19:53:28 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2
etag: "5a4-5ad181fce7e00-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-font-woff
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 15 Oct 2022 20:19:02 GMT

GET
H2 200 mu.js Show response
www.hp.com/cma/ng/lib/exceptions/ 81 KB
33 KB 28ms
27ms Script
text/javascript 2a02:26f0:1700:11::b856:6799
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hp.com/cma/ng/lib/exceptions/mu.js

Requested by

Host: www.hp.com
URL: https://www.hp.com/cma/ng/lib/exceptions/privacy-banner.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:11::b856:6799 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

313ebff24b77dfe493e1b55ac6555590022812fa66b69b74f55cb91cc64a570d

Security Headers

Name	Value
Strict-Transport-Security	max-age=600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=600
server: Apache
akamai-grn: , , 0.996656b8.1665778742.18282835
etag: "5ea4b65727540"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=7200
accept-ranges: bytes
content-length: 33378
expires: Fri, 14 Oct 2022 22:19:02 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
448 B 87ms
28ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-31745238-1&cid=1873515711.1665778742&jid=1753114807&gjid=1085514051&_gid=665091566.1665778742&_u=YEDAAUABAAAAACAAI~&z=1414358008

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatresearch.ext.hp.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 14 Oct 2022 20:19:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://threatresearch.ext.hp.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
8 KB 87ms
35ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.hp.com
URL: https://www.hp.com/cma/ng/lib/exceptions/mu.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 14 Oct 2022 20:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: zvDmpz9S9y5z1XhncmOZ/w==
age: 4962
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 7151
x-ms-lease-status: unlocked
last-modified: Thu, 13 Oct 2022 06:44:41 GMT
server: cloudflare
etag: 0x8DAACE667EC63AC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 7c81ff50-801e-00a9-5bd7-de0d0e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75a301f46c059237-FRA

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 83ms
41ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-31745238-1&cid=1873515711.1665778742&jid=1753114807&_u=YEDAAUABAAAAACAAI~&z=455868959

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Oct 2022 20:19:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 83ms
42ms Image
image/gif 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-31745238-1&cid=1873515711.1665778742&jid=1753114807&_u=YEDAAUABAAAAACAAI~&z=455868959

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 14 Oct 2022 20:19:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 d8197f25-dce3-4110-addb-f3ffbe70bcbd.json Show response
cdn.cookielaw.org/consent/d8197f25-dce3-4110-addb-f3ffbe70bcbd/ 9 KB
3 KB 99ms
64ms XHR
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/d8197f25-dce3-4110-addb-f3ffbe70bcbd/d8197f25-dce3-4110-addb-f3ffbe70bcbd.json

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70740fd659ff7312c18f2ac69a8818e068eb334fedc8c9ecae6c91d07e5caf6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 14 Oct 2022 20:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: w1LCHNgoHVSn0mwEzBSBgw==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2618
x-ms-lease-status: unlocked
last-modified: Thu, 13 Oct 2022 14:18:05 GMT
server: cloudflare
etag: 0x8DAAD25BF1BAD67
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 96c3b8d4-401e-001e-080f-df020b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75a301f4dd5f904e-FRA
expires: Sat, 15 Oct 2022 00:19:02 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 182 B
384 B 82ms
47ms XHR
application/json 2606:4700:4400::6812:2962
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2962 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd9308db31181fde13aca740757dcb439baf71d731011a87da483a28faae444f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://threatresearch.ext.hp.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:19:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 75a301f5890b90e6-FRA
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.39.0/ 372 KB
89 KB 30ms
30ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ba033e6cb25fa6e20186d6d8113cc3821028b7891c93eebe671b75f6eebc3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 14 Oct 2022 20:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Zp/CcrZmK7hQ2S6c/t9Tpw==
age: 3657
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 90454
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:31:04 GMT
server: cloudflare
etag: 0x8DA87805EB35DE2
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a98cb099-e01e-0171-4a83-b9ec8a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75a301f5ce6a9237-FRA

GET
H2 200 en-us.json Show response
cdn.cookielaw.org/consent/d8197f25-dce3-4110-addb-f3ffbe70bcbd/2ffc5d35-9d42-4c18-af7e-57156873e421/ 268 KB
47 KB 64ms
63ms Fetch
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/d8197f25-dce3-4110-addb-f3ffbe70bcbd/2ffc5d35-9d42-4c18-af7e-57156873e421/en-us.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a5fea18f2eaa8bf88f4719462c94c90d03f8cb03fdcf9aa0d76b98c2c651e9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 14 Oct 2022 20:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-md5: 9C3c4hFq8idooPzONEGQ9Q==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 47740
x-ms-lease-status: unlocked
last-modified: Thu, 13 Oct 2022 14:18:52 GMT
server: cloudflare
etag: 0x8DAAD25DB093810
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 202c71d8-401e-003c-6c11-df6c3d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75a301f6281f904e-FRA
expires: Sat, 15 Oct 2022 00:19:02 GMT

GET
H2 200 exparrow.ttf
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/ 1 KB
919 B 31ms
31ms Font
application/x-font-ttf 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/exparrow.ttf

Requested by

Host: www8.hp.com
URL: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.f1fd8c989ac7be868d381a8c81046d13.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-122-24-60.deploy.static.akamaitechnologies.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2 /

Resource Hash

d94db9ce60ff8e6a0e1dcdab83ff6d1f60dd5c28b50d8f027f5fe268f87fa5ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.f1fd8c989ac7be868d381a8c81046d13.css
Origin: https://threatresearch.ext.hp.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-dispatcher: dispatcher1eastus2
date: Fri, 14 Oct 2022 20:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: globalnav
content-length: 585
last-modified: Mon, 17 Aug 2020 19:53:28 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2
etag: "420-5ad181fce7e00-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 15 Oct 2022 20:19:02 GMT

GET
H2 200 close.ttf
www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/ 1 KB
927 B 31ms
31ms Font
application/x-font-ttf 104.122.24.60
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-css/resources/fonts/close.ttf

Requested by

Host: www8.hp.com
URL: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.f1fd8c989ac7be868d381a8c81046d13.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.122.24.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-122-24-60.deploy.static.akamaitechnologies.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2 /

Resource Hash

7d2949d827d3f71a1a610d17034a34844cc3f2169cb8ce1c4b28665316bc0c0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www8.hp.com/etc.clientlibs/HPIT-AEM-GLOBALNAV/clientlibs-globalnav/clientlib-hpi-hf-r-css.f1fd8c989ac7be868d381a8c81046d13.css
Origin: https://threatresearch.ext.hp.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-dispatcher: dispatcher1eastus2-cm-3
date: Fri, 14 Oct 2022 20:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: globalnav
content-length: 589
last-modified: Mon, 17 Aug 2020 19:53:28 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) Communique/4.3.2
etag: "414-5ad181fce7e00-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Sat, 15 Oct 2022 20:19:02 GMT

GET
H2 200 otCenterRounded.json Show response
cdn.cookielaw.org/scripttemplates/6.39.0/assets/ 9 KB
3 KB 49ms
49ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otCenterRounded.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d94edd219d965011aa7c423435675f8fc3aba340d1d2a45840c88592b922dbf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 14 Oct 2022 20:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Qf6Hj+Kf+u3YI1ZamXkcOw==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2612
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:30:56 GMT
server: cloudflare
etag: 0x8DA878059EDB228
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f8e8749e-401e-0051-0278-b9c613000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75a301f72a66904e-FRA

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/6.39.0/assets/v2/ 63 KB
14 KB 53ms
52ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/v2/otPcTab.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cc5068304cfb22bbddb5a9800f7c59d843824381ad7183f89291ae41a6d09b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 14 Oct 2022 20:19:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: PpYet/3D+UMQBHrd1SR49w==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 13981
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:30:58 GMT
server: cloudflare
etag: 0x8DA87805B3CBC97
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 8ec6017a-d01e-0150-6978-b981bb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75a301f72a6a904e-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.39.0/assets/ 22 KB
5 KB 25ms
25ms Fetch
text/css 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.39.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.39.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 14 Oct 2022 20:19:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: B55i3ZY9miZIaUrwjufy0w==
age: 3323
x-ms-lease-status: unlocked
last-modified: Fri, 26 Aug 2022 16:31:09 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: a97584b3-e01e-0171-6b78-b9ec8a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 75a301f72a6c904e-FRA

GET
H2 200 hp_logo.gif
cdn.cookielaw.org/logos/4abb22ef-0e20-458e-be93-e351ad21c465/a3f73d0e-a0d6-4b32-9444-47fc97baefe0/ 1 KB
1 KB 44ms
43ms Image
application/octet-stream 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/4abb22ef-0e20-458e-be93-e351ad21c465/a3f73d0e-a0d6-4b32-9444-47fc97baefe0/hp_logo.gif

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54ed90f80a10bef5bb9ca48da0a4a97cd75dff3c1fcf220ba3335dcf9aeb576e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 14 Oct 2022 20:19:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: v7jYSLqzJ+a4UzP7TytjRg==
age: 3119
content-length: 1118
x-ms-lease-status: unlocked
last-modified: Wed, 19 Feb 2020 08:36:03 GMT
server: cloudflare
etag: 0x8D7B516C14BEE48
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: 7e11a767-701e-0052-5cd0-11c514000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75a301f7d9da9237-FRA

GET
H2 200 poweredBy_ot_logo.svg
cdn.cookielaw.org/logos/static/ 3 KB
2 KB 25ms
25ms Image
image/svg+xml 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg

Requested by

Host: threatresearch.ext.hp.com
URL: https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://threatresearch.ext.hp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 14 Oct 2022 20:19:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: LpuayL42jB78xRllx0vkOw==
age: 3070
x-ms-lease-status: unlocked
last-modified: Thu, 13 Oct 2022 06:44:50 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 77d69591-601e-008a-04d3-de62c5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 75a301f7d9dd9237-FRA

Verdicts & Comments Add Verdict or Comment

317 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.hp.com/content/dam/sites/worldwide/dems/search/support	1969-12-31 23:59:59	Name: aka_client_code Value: DE-de
www.hp.com/us-en/scripts/framework/jquery/v-1-8	1969-12-31 23:59:59	Name: aka_client_code Value: DE-de
www.hp.com/cma/ng/lib/exceptions	1969-12-31 23:59:59	Name: aka_client_code Value: DE-de
threatresearch.ext.hp.com/	1970-01-20 06:43:00	Name: ppwp_wp_session Value: b2a059ad4b8ce540d37135b3b15391a1%7C%7C1665780539%7C%7C1665780179
.hp.com/	1970-01-20 15:28:34	Name: _biz_uid Value: ad48c3c3759e4f42c5a5d96cd7ea1ba0
.hp.com/	1970-01-20 06:43:00	Name: _biz_sid Value: 46a1cd
.hp.com/	1970-01-20 15:28:34	Name: _biz_nA Value: 1
.bizible.com/	1970-01-20 15:28:34	Name: _BUID Value: ad48c3c3759e4f42c5a5d96cd7ea1ba0
.hp.com/	1970-01-20 16:18:58	Name: _mkto_trk Value: id:497-ITQ-712&token:_mch-hp.com-1665778742044-21519
.bizibly.com/	1970-01-20 15:28:34	Name: _BUID Value: 66d32ebc9e8f55914a88b229a877d81e
.hp.com/	1970-01-20 15:28:34	Name: _biz_pendingA Value: %5B%5D
.hp.com/	1970-01-20 16:18:58	Name: _ga Value: GA1.2.1873515711.1665778742
.hp.com/	1970-01-20 06:44:25	Name: _gid Value: GA1.2.665091566.1665778742
.hp.com/	1970-01-20 06:42:58	Name: _gat_gtag_UA_197588716_1 Value: 1
.hp.com/	1970-01-20 06:42:58	Name: _gat_gtag_UA_31745238_1 Value: 1
.hp.com/	1969-12-31 23:59:59	Name: dcm_s Value: 1665778742271.84657812
.hp.com/	1970-01-20 15:28:34	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.hp.com/	1970-01-20 15:28:34	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Fri+Oct+14+2022+20%3A19%3A03+GMT%2B0000+(GMT)&version=6.39.0&isIABGlobal=false&hosts=&consentId=d86027b1-3023-4874-b597-94e6c65edd70&interactionCount=0&landingPath=https%3A%2F%2Fthreatresearch.ext.hp.com%2Fmagniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates%2F&groups=1%3A1%2C2%3A0%2C3%3A0%2C4%3A0
.hp.com/	1970-01-20 15:28:34	Name: hpeuck_prefs Value: 1000
.hp.com/	1970-01-20 15:28:34	Name: hpeuck_answ Value: 0
threatresearch.ext.hp.com/	1969-12-31 23:59:59	Name: s_p_cnt Value: 1
threatresearch.ext.hp.com/	1969-12-31 23:59:59	Name: hp_pv1_prefs Value: 1000

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

497-itq-712.mktoresp.com
cdn.bizible.com
cdn.bizibly.com
cdn.cookielaw.org
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
hp.com
munchkin.marketo.net
stats.g.doubleclick.net
threatresearch.ext.hp.com
use.fontawesome.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.hp.com
www8.hp.com
104.122.24.60
15.73.192.108
152.195.15.58
192.124.249.59
192.28.144.124
23.45.104.85
2606:4700:4400::6812:2962
2606:4700::6810:9540
2606:4700:e2::ac40:840f
2a00:1450:4001:80e::200e
2a00:1450:4001:810::2003
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::2008
2a00:1450:4001:82b::200a
2a00:1450:4001:830::2004
2a00:1450:400c:c0c::9a
2a02:26f0:1700:11::b856:6799
00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
03e062c8df89efc8bb5788f310d45c12f7f1dbb2329bba5cc127292a14689429
044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908
04b7e0e82e49247408274fb7bb56b942d8d3e5b8233fe00590b22411e390d237
072d2a46607c107cdd7f20d3e5410963b281151df62444ad775ade8361cfa6cc
08de3edfa1e71b1c4ddc7fde8cbdad1e98a05222d7fdf1f9321313d821d20cfa
0925ff0405f3cdb2fa37bbd7fe7431e77451c294cf8b2e28c9497a18dc7894a9
0a3364d1f00ceab070910d588e47e47a584e60e0dc2b235270195f8bbf5a36d1
0a4e5a184816d1a7d02aef64b08929cdc9e75657382b77aeeb7fa5decd975dd8
0ad75b71fbe2be4806d58d482067535f7789abfda5e4eaa18971278e30c70f3e
0c54a2b60a83d5b02034550c173617b744d53f0ba29d5747425f80f359d107c7
0cc5068304cfb22bbddb5a9800f7c59d843824381ad7183f89291ae41a6d09b8
0da4791b446818516f710c51707081aec7b23a7c5212fc0b2629c973210136a4
0db4581da25e31921f01cc132b22a55b140c1b6e4291dbe0b74e18cbc1499b54
0df6356a9dd9333fe8a139307f90de62efc5bba4dcb4e8007be03e596f4c2f77
0e19faf0a539d09a276473d2e2b1604a7343e56557f1c1b06b3c6f227ac4db9c
0f5e9e83ad407689dddf4694f0a45ec08a3baf6bf8c529b6fb4b37cecffe9fbe
100c3577372983a9ae444d3a1fcecec6525dae128e75a396bf38bd23eb972c5c
11181d395c0be8cd6705515ab1e773e64dadf2eb342badf535ebe21d3825897f
11f4df8462b2edc6add3928ab5f30dcab77f69c29c0e175b1888f4cb6275823c
140b71e7ee1bc50ac88eacc4d1baf755e3799a112cfc8e1dae02ae0f14f26ead
146a1dd527f3be2370720144eb77fb0d4213e4e0c7fe51ee5d46a1dbf08ca84b
14d05a8eaa240594562514e267d5dc4578cbb84a27b020345334c2a335fa2242
192a450bdc8200b9df998cd74c4295d01acd74430375452983b4de474375829d
196bed4faf0fe38b89a496b1f41319b2a8077263f85819f8ad42933e0a2e2e52
19e2b8ef435756c4dc18bc450f4ec0fbe6db2ceb7b99a7d656877bc49eb342ec
23263a19c0dc4b29036a56f858a2b6f915ea0e415ed7c46071a071f170626c88
233cb2b905dec5df68df039e52e26980f674880fee51a8f6b7f75486760f1f3e
240b702419d6c39ecc4896f0132ccfc9bc517e9aef0c782d99580e0c678b47d5
24719977091e8bcc0071cf9d6515c874e8c2f1b96695367c1141aeba7710e1c8
2b2c2f9810fbe4d8643c2f6b9359daa7dd67b78cffa63e6746202c76d068547e
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e52dea09005063c3ff69fc36c11c7008b8efa5d4a97e38e7161ffaf0b0aedb6
2e65f5c3b3b4c402074c19dee3d24d6bc02a8a86b19c8c992a4a6e78b254b2cd
313ebff24b77dfe493e1b55ac6555590022812fa66b69b74f55cb91cc64a570d
3647d841b21197b1efa74e92c861a3bf4cebef0f9a33f5a4c0ea276d74c768b0
3668f6d335416599574fb1f336cbd2b9bb2f8fcff63e63a9ca3b68df4d0c6165
3701f4ae604d8fccb4ddca393e076a456aebfb06c1a9d94c1c13089293f55716
370c8c8b69b06cb4193000e87c36d9efb2d55dcf1ef270cdea0ecc47d1aa3a61
3e6131330963c472b950b8aaf544ba3829735b8ccb103d614ba7793e3a786550
3ff29527b86595610b0b3281abfbf51f6e38c7d9c1afa8e877ea993a2e8cd799
4120c62c25cd2f9d7f5155aaf84f772c08e18dd1be19e39ed0d866d3916bedce
42c9bbf0bfd51db9c2f857c01784e8be555ac102a251f51823fd6b25960ccc12
443ba0af7a7ed827223c7fb3c008c02b9ff1d651b6492e9c270378b07d9f6008
4463996b808a043a2091ce400b56adcdb7407264272e6d2e389075e143e1c901
44af15434fdaccbc4aa6895eaecd5f4f128eb8f270cbc95fe32b4cc89048a89f
45a6eea93903fe37410887ca5eb4605572ecfaf1968387365ec9ed9331a36487
46af13bd348d946968c6bd1c844dccbca02856ecdcaa8dcb35969e99d1399562
4834aa58000857ce42bdc4ae2322104fbbb5c0e96a7dbd4deab73900ae9d23a7
49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a
4cb4122592bfa905b2f19c491d0beb0f47a6e609694998e2f002e5e5d403b521
4d96f425504cc4fe41bd1e2db4f6d6920d7734def158bca7be95f919a0e9d849
4e620643345f952994fb284b328e186fa2c7fac3b4f45ebcf2b9fad38376baba
4ea735c25bb36d6130e169c43dd545f9ab091b791672b1538046ebedef3308f6
501c8b7edd85aa5b93a52254d40cf04d754018292b113caf7f76441701d30a0a
527d982dd4e2527fafe888adec2c719929a6476b2106952464a65ea02dee7893
54ed90f80a10bef5bb9ca48da0a4a97cd75dff3c1fcf220ba3335dcf9aeb576e
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
568f1348a060326db6e1cf816b7beff8a5bf6ba2b57f3d11d58639ff969b6f3e
56ad6f73cd42c34973f5903add0b80f25ab64da518ab7b779a5d62b0f8f71d2e
578332cd14c1c8f1c9ea7cc966ca50ae73945b7de3055e07f06dc099d4feeee0
579683e317a76a9a6758e42680b394e80957cbdd2863c25abac9a875852abfc7
5a4f9b81ce5e4dc3bb3fa525cd250753923aa7474a9d5bbf8801048a3fb10c24
5b94f9b79c70240108f19250c9e8dc6c7c705c977ec455298e5ef474b1c2f193
5c569522330e4e6b040229701ae98650839c5baa9912e15f821ffef8341187f5
5c9203860ae657336596c738730f9d362e00bb9948a0f581fb074270c328e26b
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
5d9e229dde2a12fae04e5a3e85eb93f8ef6a7541c0384152901b4d9dec29ef29
5dc4132c6d0e42b159c7574181aaa98129b445c3f9569548c61d36873f8d23b2
5f030eda75a32de3b4f63e28a38e83642b8a723c84ae73bf3726b85cd411bfee
61e7bb6d0210c308eb1f6153f18b4063eb715fde885b7d20b4d209d3fcb5a217
62855a25508bf218a96a1179788320756ce0ae0346a586cca1fc5a6b5e7a4668
65347e16a9383e200a2e32223e7471f8add0c899f24ddee20bca454c6f7de583
68a1b82779788f93c7b77702d5fef83c9f8dfc089f72beb4d7629f5d4ade180b
68bec0121363230f259b5abcfe8287100777c0e3b3d7bfb619d18273a6aa4728
6afaae08a9346fc9ca891d0d80f8483905c1421bca9f918506150566d3912e9a
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f
6d22e660ead72f14b0aa8e3dfc8de1da35f17e3559b489e00692f15f50faa1a6
6eb52a97833a253a404e06ef580bfc474b9883681a2e7abf223b1a9434201bae
6fb8431490c9315912f9a21925bc4d22adc2f1ef0603ed574a4756485ef96f00
70740fd659ff7312c18f2ac69a8818e068eb334fedc8c9ecae6c91d07e5caf6d
709432d669fa084fba23a097defbdecc8097a07717c30ac6f915314bf2a05933
760fe5e9d4fdf4fe5962edc3926816d8051faf168aa36ea467cdf7a80e09ede2
7a109bbaf31b60ea0c1182758f73e7e2050aeabc9d37913ebc0c72030a48cf23
7a156f2f864432042b65e6a619f067bca03c7eaf855a7dcce14166f2f77a3487
7c356a9d56062296d80aaa7faa72446bedb5e783aa6a9c557e1efddaa6055258
7c4dcab706e6bf67c64df89d3f5e137cb19efa293771613f511aff1ad563a6df
7ce6eb9cd7f07b424c34ee977214503668ae5e137d07b3fe0a37373e57686ebf
7d2949d827d3f71a1a610d17034a34844cc3f2169cb8ce1c4b28665316bc0c0a
7e897fa456239969c47e613580d34626e02d4bca60b714611c304bc25b023ae9
80669a9bb1655e529ea0f150945f879706df8fc3957bc1c02d07cdbb6862f60b
80e9a74251b9a8f1f7e72a0ea7cbd8905e4777b931e92b09f545087161fa0b37
824881cb24a4442381024afdf51da2932d717bb59cb549edc4cad3e00394bdce
82532cb95499ad6077354f833dc75ea9b60bc71e36556c642b9af35fe8fed673
828ef7357ef25a04a505c7f21b1418620b4c13faec1ac0d562e2127400c751fb
836e98f92408ccb7250927acef9b494fbacc18678ef18888f835101557bddd37
848f5ae901a6db38f9cdb30ad9d2908962b6bad10c6ca2239cc9e5c73040fb2b
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
893ed74f27210911877234fad64cae770cf4af4b2b9b2c75b80d401c43f281d1
89f36cfc523365e8e04be143bfc8c74d3775a0eb3caf5993fa23832c227f66c7
8a7ccc64792c0d1df7f339ce17da572bc616c0d56bc935fbe9641b5d24bfa266
8b625a6ed2cfde39e761f2e9fc10ad83f2d4305c942471f911fcff9e4bb98808
8c2230e1348d437f591bf23a319992999e4869ab9aef142861ae206b05ec1be4
8da3130463864da4b9e900c389edfa7488c93fca573e18766e9660a7b721aea2
919fecd4dc7f498339d04030c87de7f4db63cc2f08be69148562b14dc3a415a6
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc
93a897eedca2d924b738067a03528933e4eb07d4c2f78d65276b6576b7f4d370
93d5f2281324f8a87ce2bdf811d8d1fd5ca4781618754a490a0fce0f166d479c
9808e9a37df4741d8a212c739cae654d1e935e3d3f9251c9eef6be7bb24b1eab
980aba21181e373e49d5e2602223454f0bb78ccb263eabcfb850abb14ad8c904
990f2544353261a345a25a88644c6b30411fdbb6163358bf8872787908e275e6
991629886a291eccc8075fd7858d143337b13c6810ab214071000e1d2954b688
9a0a34bc67f5d3623591214473ac2d449be18a8ce1cb5e531b185ef22a09b31f
9a19f69eb87e131998e91350c4eb6f55a44de97614261b1af11694576949ac39
9a2d11b76feb7a9e531a9d055fae88e495017645e5c823a010c818a7744b2c45
9a5fea18f2eaa8bf88f4719462c94c90d03f8cb03fdcf9aa0d76b98c2c651e9e
9db372bd5a5d506904ce7fda178ece352bfe33dd38292f8d398e613eb4a7968a
a1323bcfc774c0eca14adb6af88eac4bf5a2f4ab1779f49a427e04704395f086
a1e265af7b140bf70ba7a061b8ddee61e32ced0c50d985f0b05cdfe061112cb5
a26bbb2fb16ca3717c4690a816e25c43be2ad4fcb45adb878b3c98b6b01fbeb9
a3bee7ffc1e0104eef9846229b8d875f7125fcbb23fc6930ef2f830c28741bbc
a537306122d97954096b0591324fdc7f3d8b54a518b20e30714459b3584e6782
a75e8ab5771af0ea36e62f66d3edbe0ec14657b04e87bf99a46a891e652c1add
a81c390548502ac446b8c2eabdc6ea07a8bc43b23e206a9c232d3ceaef3cae9a
a8706f9a07813ae80582404c482cba9754150066c9f04ffcdcd9e549632d16be
abc9faa4970e07db7d506d6b2a98e4c86223be305c7541ced54ea2e15f99a76e
af810e2b2886d81e6225b34eb2391f15be48f95f5ce80bd04f7b25b6e15eb7c8
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b062f2232e3094e4cfbd9543fdf9f043d560f92f8f064813e7a71f80b35ce1fa
b16f7ee66e29b27d1f14719cefc0e67211523787cc1729be52322583175d0cec
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b66b53112e230d6a90572fd4af0506b89a3021fedad6e9395ad85dc7a3b32094
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b8e78b48acc08ce31457aff168d6fb2c814d51a8739a97693cdba585d60f5b35
bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0
bc7b145a0eb35703d5ce10b9204920b9d09e4454bc2288addc9ed5142862f9cd
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bd6def1ae1509946499390f95acaa1fd39a76452c8312f165d2bc0b791c9e0ef
bf3722b93fa395dc556c14f331f86a9d5e31fa813e46f0cfcb8afd19fae33034
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c2b41a498e43fd7a47b985f4099dd1bcb6635550bd8ac0cbb4fa3d8c8099c802
c3ef28a4f156c353239b74328046126175c702be2d89b9a24c8527a8b53ee0e4
c85d4f64101e48851e2a89069e50aefd6aeb901c535c7aa39986903d4baf1353
c8c066c331d08eaf858338789a0499c5ad85cfc6325d7685ea8a9463750d8684
c9bf057820b3b0223c468e08beb0d41a12b451e224308149bc05f0d4a607fcab
c9f426305c9ba18d2b7594d3328050da20fa9db95661bd0af22c99c3ef90b101
cb56816d72e7289b2aab8ba19bd1bdb4708cbbc7e70d7f38f9138a4dd10215a5
cce83fa2c5096e414c0e32c9fc07ba011e2f4d67a51f9c4155651122329ec0dc
d048af27682e7811ddf8a3be2684b8446f5c16c4fb39141567913ac8aac28fc0
d075070aee6fff82f826766497e5141a38f5ae89ec2d91600c7ba9da58191e35
d3d1fc3b726f87e9440670838b6d33dc22ee1c854274724b27de90be75d1069c
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969
d4b731780a88b0460aaf90b4066295ab0fe28376547d5a843f5d66b00d958a62
d68605f97c0c27101ea06a1276a2e55c2bf65f0e07e8e0c11be145addde1344b
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
d8c519e27f603a4eb131526c2a93cdade281348b8efc845a1007e9a29ffdfef4
d94db9ce60ff8e6a0e1dcdab83ff6d1f60dd5c28b50d8f027f5fe268f87fa5ef
d94edd219d965011aa7c423435675f8fc3aba340d1d2a45840c88592b922dbf2
da360ca7e83587e1bd7c15be023c50be227e22ac5322d0b405585ddd4d542952
daf181ab9ead5372eefb6fe5d87704d7abdbfa6c09e4c79a2a2f688c6fac5ada
db0fe819895d07af230d0f21f183ae4c9ecdec27664f004c6ac8844deaf55adc
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de5ba330570616401d1840de0075059a65e62280b8d2524334be84290f43a4d7
e0ba033e6cb25fa6e20186d6d8113cc3821028b7891c93eebe671b75f6eebc3f
e19a0e64789068d756a1b250084e54bb0ef77da66685e3dd9eafdc9a71ea1406
e640c9b93c95d5e94af0c9bb3db9daa081aedc4c396a96361d6478b6f21244cc
e8b416c2f2a14bb138209a5ce434802a742d3de53ce668445485e5423efa1fb2
ea2dd31704608166bfd31e6c1b54027061ea568cd9aa1163656843a5907ac45d
eb6481e44617b3e40d345b2df5e20965503b4ab87c9346a43894f93a601ccde7
ee991e02add6bbe26b55d521d8f83e94031eb9f9f636b30756d4e3fc09a3cff4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2d424362aca158ad49da19b48c212e687fbed93ece9fed06fcf8871f5f64c5f
f5d85763e1976cdb524069c423644c66fd5e7399a4a4c090c4d7d6e187c502e5
f9060ef4ed91de78998d5f9b15592b736dd9b62f02ecae043dffd6ebca7dd894
f975207e21041e251c165009f22311cc20b0acf1477d309fd62538beb50e0eb6
fa34de993dea91eb0120c3745378192fa1177ba8ec5772e08632318d1d5e1267
fb6bcf7d9261064812fe1b4d2b59b8c8ca52b7d0c522746ba9cec2dc01b3a7d4
fb84c55756f2946fd5d5c6c6d3f7a62079c1d7a7123b6c817832835e82b3270c
fd9308db31181fde13aca740757dcb439baf71d731011a87da483a28faae444f
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

threatresearch.ext.hp.com Open in urlscan Pro 192.124.249.59 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

187 Requests

99 %HTTPS

65 %IPv6

15 Domains

18 Subdomains

17 IPs

3 Countries

12492 kBTransfer

17950 kBSize

22 Cookies

207 Outgoing links

Redirected requests

187 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

threatresearch.ext.hp.com Open in urlscan Pro
192.124.249.59 Public Scan

Screenshot
Live screenshot

Full Image

187
Requests

99 %
HTTPS

65 %
IPv6

15
Domains

18
Subdomains

17
IPs

3
Countries

12492 kB
Transfer

17950 kB
Size

22
Cookies

187 HTTP transactions
0 data transactions