howtoremove.guide Open in urlscan Pro
2606:4700:30::681c:123e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://howtoremove.guide/musecador-backdoor/
Submission: On January 05 via api (January 5th 2020, 10:51:08 am UTC) from US

Summary HTTP 64 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 11 domains to perform 64 HTTP transactions. The main IP is 2606:4700:30::681c:123e, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is howtoremove.guide.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on September 5th 2019. Valid for: 6 months.

This is the only time howtoremove.guide was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
48	2606:4700:30:... 2606:4700:30::681c:123e	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:821::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:4001:820::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
2	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
2	147.75.85.25 147.75.85.25	54825 (PACKET) (PACKET - Packet Host)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	147.75.85.119 147.75.85.119	54825 (PACKET) (PACKET - Packet Host)
1	2a00:1450:400... 2a00:1450:4001:824::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:817::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
64	12

48 2606:4700:30::681c:123e (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

howtoremove.guide	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:816::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.75.85.25 (Parsippany, United States)

ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-9

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.85.119 (Parsippany, United States)

ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-2

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	howtoremove.guide howtoremove.guide	511 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	72 KB
3	googleapis.com ajax.googleapis.com fonts.googleapis.com	63 KB
3	wp.com s0.wp.com stats.wp.com pixel.wp.com	6 KB
2	gstatic.com fonts.gstatic.com	25 KB
2	bing.com bat.bing.com	7 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
1	google.de www.google.de	109 B
1	google.com 1 redirects www.google.com	180 B
1	doubleclick.net 1 redirects stats.g.doubleclick.net	160 B
1	googletagmanager.com www.googletagmanager.com	27 KB
64	11

	Domain	Requested by
48	howtoremove.guide	howtoremove.guide
2	fonts.gstatic.com	howtoremove.guide
2	bat.bing.com	howtoremove.guide
2	ajax.googleapis.com	howtoremove.guide
2	www.google-analytics.com	1 redirects www.googletagmanager.com
1	vars.hotjar.com	static.hotjar.com
1	pixel.wp.com	howtoremove.guide
1	fonts.googleapis.com	howtoremove.guide
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	howtoremove.guide
1	stats.wp.com	howtoremove.guide
1	s0.wp.com	howtoremove.guide
1	www.google.de	howtoremove.guide
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	www.googletagmanager.com	howtoremove.guide
64	16

This site contains links to these domains. Also see Links.

Domain
www.enigmasoftware.com
www.facebook.com

Subject Issuer	Validity	Valid
sni172402.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-09-05` - `2020-03-13`	6 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
www.google.de GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
*.wp.com Go Daddy Secure Certificate Authority - G2	`2018-04-10` - `2020-05-11`	2 years	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
static.hotjar.com Let's Encrypt Authority X3	`2019-12-05` - `2020-03-04`	3 months	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
script.hotjar.com Let's Encrypt Authority X3	`2019-12-05` - `2020-03-04`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-12-03` - `2020-02-25`	3 months	crt.sh
vars.hotjar.com Let's Encrypt Authority X3	`2019-12-05` - `2020-03-04`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://howtoremove.guide/musecador-backdoor/
Frame ID: 3D3027F76343497543C078EC35339A0C
Requests: 63 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-b736908ce6b0e933fad3a2e45df61b38.html
Frame ID: B0F796186D3C29A6FCD960A5CDEF37A5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
html /<link[^>]+s\d+\.wp\.com/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
html /<link[^>]+s\d+\.wp\.com/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
html /<link[^>]+s\d+\.wp\.com/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

64
Requests

100 %
HTTPS

71 %
IPv6

11
Domains

16
Subdomains

12
IPs

3
Countries

730 kB
Transfer

2410 kB
Size

10
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: http://www.enigmasoftware.com/spyhunter5-eula/
Title: EULA

Search URL Search Domain Scan URL

URL: http://www.enigmasoftware.com/spyhunter5-threat-assessment-criteria/
Title: Threat Assessment Criteria

Search URL Search Domain Scan URL

URL: http://www.enigmasoftware.com/enigmasoft-privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.enigmasoftware.com/spyhunter5-eula/
Title: EULA

Search URL Search Domain Scan URL

URL: https://www.enigmasoftware.com/spyhunter5-threat-assessment-criteria/
Title: Threat Assessment Criteria

Search URL Search Domain Scan URL

URL: https://www.enigmasoftware.com/enigmasoft-privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.facebook.com/howtoremove.guide

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=338255473&t=pageview&_s=1&dl=https%3A%2F%2Fhowtoremove.guide%2Fmusecador-backdoor%2F&ul=en-us&de=UTF-8&dt=Musecador%20Backdoor%20Malware%20Removal&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=240484540&gjid=2130394568&cid=1736469609.1578221450&tid=UA-58850874-1&_gid=1271307640.1578221450&_r=1&gtm=2ouc61&z=624457437 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-58850874-1&cid=1736469609.1578221450&jid=240484540&_gid=1271307640.1578221450&gjid=2130394568&_v=j79&z=624457437 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58850874-1&cid=1736469609.1578221450&jid=240484540&_v=j79&z=624457437 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58850874-1&cid=1736469609.1578221450&jid=240484540&_v=j79&z=624457437&slf_rd=1&random=1867260556

64 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
howtoremove.guide/musecador-backdoor/ 105 KB
23 KB 633ms
552ms Document
text/html 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b4d24b5daef3c3abeb1da1fbe707c7d8a5a6828512c4e2774eb442e506600c7

Request headers

:method: GET
:authority: howtoremove.guide
:scheme: https
:path: /musecador-backdoor/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User: ?1

Response headers

status: 200
date: Sun, 05 Jan 2020 10:50:49 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d5d129e3807e645f3c7115e3e3b2b7a391578221449; expires=Tue, 04-Feb-20 10:50:49 GMT; path=/; domain=.howtoremove.guide; HttpOnly; SameSite=Lax
vary: User-Agent,Accept-Encoding
last-modified: Sat, 04 Jan 2020 21:41:34 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
expires: Mon, 29 Oct 1923 20:30:00 GMT
pragma: no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5504e4b86a8c26dc-FRA
content-encoding: br

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 73 KB
27 KB 25ms
21ms Script
application/javascript 2a00:1450:4001:821::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-58850874-1

Requested by

Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

83fa4482b59afeb10475b5e2289a97de6f040de620673d0d021f13ef09e6d8ee

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
last-modified: Sun, 05 Jan 2020 09:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27814
x-xss-protection: 0
expires: Sun, 05 Jan 2020 10:50:49 GMT

GET
H2 200 hr9nt.css
howtoremove.guide/wp-content/cache/wpfc-minified/jy0m80dx/ 36 KB
6 KB 22ms
18ms Stylesheet
text/css 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/jy0m80dx/hr9nt.css
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9990e178a9a493df48f18194c2e517ef8ac18b8c748ec9a61f3316c5c5a16973

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:55 GMT
server: cloudflare
age: 54411
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bbfc5b26dc-FRA
expires: max-age=A10368000, public

GET
H2 200 hr9nt.css
howtoremove.guide/wp-content/cache/wpfc-minified/draloll9/ 25 KB
4 KB 23ms
20ms Stylesheet
text/css 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/draloll9/hr9nt.css
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c54db8f673127cab8c417279bdadfd7240f2e0b1cae7398f642a76ff98402b8b

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:55 GMT
server: cloudflare
age: 54411
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bbfc5c26dc-FRA
expires: max-age=A10368000, public

GET
H2 200 hr9nt.css
howtoremove.guide/wp-content/cache/wpfc-minified/d4g57qwl/ 166 KB
30 KB 21ms
17ms Stylesheet
text/css 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/d4g57qwl/hr9nt.css
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a953e6db712c51f469c51a734a6afd2f19ff3d85bd76cb8e10386f17bc67212

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:55 GMT
server: cloudflare
age: 54411
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bbfc5d26dc-FRA
expires: max-age=A10368000, public

GET
H2 200 hr9nt.css
howtoremove.guide/wp-content/cache/wpfc-minified/8ht3nt3t/ 7 KB
1 KB 19ms
16ms Stylesheet
text/css 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/8ht3nt3t/hr9nt.css
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6298d396cccc9ca39096f88aac14f37f6bd4cc401fc2c68a971e0ed67873eb7

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:55 GMT
server: cloudflare
age: 54411
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bbfc5e26dc-FRA
expires: max-age=A10368000, public

GET
H2 200 hr9nt.css
howtoremove.guide/wp-content/cache/wpfc-minified/6zopwlzy/ 70 KB
12 KB 16ms
13ms Stylesheet
text/css 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/6zopwlzy/hr9nt.css
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b945514f832f3ee6c35708088abe1b5e6f63466f172c37a4f4ea463b9ed7f425

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:55 GMT
server: cloudflare
age: 54411
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bbfc5f26dc-FRA
expires: max-age=A10368000, public

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 5ms
5ms Script
text/javascript 2a00:1450:4001:816::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-58850874-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 4355
date: Sun, 05 Jan 2020 09:38:14 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Sun, 05 Jan 2020 11:38:14 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=338255473&t=pageview&_s=1&dl=https%3A%2F%2Fhowtoremove.guide%2Fmusecador-backdoor%2F&ul=en-us&de=UTF-8&dt=Musecador%20Backdoor%20Malware%20Re...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-58850874-1&cid=1736469609.1578221450&jid=240484540&_gid=1271307640.1578221450&gjid=2130394568&_v=j79&z=624457437
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58850874-1&cid=1736469609.1578221450&jid=240484540&_v=j79&z=624457437
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58850874-1&cid=1736469609.1578221450&jid=240484540&_v=j79&z=624457437&slf_rd=1&random=1867260556

42 B
109 B

19ms
19ms

Image
image/gif

2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58850874-1&cid=1736469609.1578221450&jid=240484540&_v=j79&z=624457437&slf_rd=1&random=1867260556

Requested by

Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Jan 2020 10:50:49 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 05 Jan 2020 10:50:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-58850874-1&cid=1736469609.1578221450&jid=240484540&_v=j79&z=624457437&slf_rd=1&random=1867260556
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 howtoremove-logo-250-px.png
howtoremove.guide/wp-content/uploads/2018/09/ 2 KB
2 KB 18ms
17ms Image
image/png 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2018/09/howtoremove-logo-250-px.png
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6b4b18fd3288e812f724fc2b45a26d942c5bbbd7435c3ce020528bb5e251495

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Wed, 06 Nov 2019 00:34:42 GMT
server: cloudflare
age: 54411
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcacc026dc-FRA
content-length: 1565
expires: max-age=A10368000, public

GET
H2 200 Musecador.png
howtoremove.guide/wp-content/uploads/2019/10/ 12 KB
12 KB 526ms
520ms Image
image/png 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2019/10/Musecador.png
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30848d6881c9b5545fcecf8af5beae00ddd009106b305bd754f5658d955b9c57

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:50 GMT
cf-cache-status: MISS
last-modified: Tue, 03 Dec 2019 09:59:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdcdb26dc-FRA
content-length: 12425
expires: max-age=A10368000, public

GET
H2 200 Step1.png
howtoremove.guide/wp-content/uploads/2015/10/ 625 B
724 B 33ms
29ms Image
image/png 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2015/10/Step1.png
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 741e69d344b17d8e1585118bbc77049c9cbfe80d9db94a06798b67484498ddb9

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Wed, 18 Nov 2015 05:56:43 GMT
server: cloudflare
age: 53286
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdcdc26dc-FRA
content-length: 625
expires: max-age=A10368000, public

GET
H2 200 Step2.png
howtoremove.guide/wp-content/uploads/2015/10/ 652 B
742 B 18ms
14ms Image
image/png 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2015/10/Step2.png
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63def165e78b7397cb5376f80bd6694db62b514240de93e59db0458f8750a245

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Wed, 18 Nov 2015 00:57:03 GMT
server: cloudflare
age: 53286
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdcdd26dc-FRA
content-length: 652
expires: max-age=A10368000, public

GET
H2 200 button-download-anim-red.gif
howtoremove.guide/wp-content/uploads/2017/04/ 6 KB
6 KB 22ms
18ms Image
image/gif 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2017/04/button-download-anim-red.gif
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28791d8ebd7a4c6a1a61fbdb92651489f332a7b58505c21544ba1c1e90d12eac

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Wed, 12 Sep 2018 09:19:02 GMT
server: cloudflare
age: 53286
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdcde26dc-FRA
content-length: 6518
expires: max-age=A10368000, public

GET
H2 200 malware-start-taskbar.jpg
howtoremove.guide/wp-content/uploads/2015/05/ 35 KB
35 KB 26ms
22ms Image
image/jpeg 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2015/05/malware-start-taskbar.jpg
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e53ba03cbe327b1c8f6fad1c548741985bce74616edacc447125b8e7567f4250

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Mon, 16 Nov 2015 23:18:53 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdcdf26dc-FRA
content-length: 36172
expires: max-age=A10368000, public

GET
H2 200 blank.gif
howtoremove.guide/wp-content/plugins/wp-fastest-cache-premium/pro/images/ 43 B
129 B 31ms
27ms Image
image/gif 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/plugins/wp-fastest-cache-premium/pro/images/blank.gif
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Tue, 03 Sep 2019 09:21:25 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdce026dc-FRA
content-length: 43
expires: max-age=A10368000, public

GET
H2 200 Step3.png
howtoremove.guide/wp-content/uploads/2015/10/ 669 B
759 B 35ms
31ms Image
image/png 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2015/10/Step3.png
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc8d2b0e33413f04664ff47dd127949659e4adf2fcf6d2f7a086e28d07a8d2fe

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Wed, 18 Nov 2015 08:58:23 GMT
server: cloudflare
age: 53286
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdce126dc-FRA
content-length: 669
expires: max-age=A10368000, public

GET
H2 200 appwiz.jpg
howtoremove.guide/wp-content/uploads/2015/04/ 17 KB
17 KB 23ms
20ms Image
image/jpeg 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2015/04/appwiz.jpg
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a44ce4e2c69ef3f74fddd202717c0a69bbc9587ec801b8263642d29fd8db0a9

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Thu, 19 Nov 2015 04:01:52 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdce226dc-FRA
content-length: 17144
expires: max-age=A10368000, public

GET
H2 200 virus-removal12.png
howtoremove.guide/wp-content/uploads/2015/05/ 12 KB
12 KB 26ms
23ms Image
image/png 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2015/05/virus-removal12.png
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f1df6d7c4e6123055e6de9ff74f8e7b91e85878ebfe23c1d5a69b17332db6a2

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Mon, 16 Nov 2015 23:29:53 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdce326dc-FRA
content-length: 11947
expires: max-age=A10368000, public

GET
H2 200 Step4.png
howtoremove.guide/wp-content/uploads/2015/10/ 649 B
734 B 27ms
24ms Image
image/png 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2015/10/Step4.png
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 708fe35abcb87d933c186c6a5c4df3b8bb796909873087b809a25c391a22ed81

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Tue, 17 Nov 2015 19:59:24 GMT
server: cloudflare
age: 53286
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdce426dc-FRA
content-length: 649
expires: max-age=A10368000, public

GET
H2 200 download-aimated.gif
howtoremove.guide/wp-content/uploads/2016/01/ 2 KB
2 KB 22ms
20ms Image
image/gif 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2016/01/download-aimated.gif
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 982bcb63dd0f10cef369708181a47a1f09eb9f309c117ca6b883f72a97a78bba

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Wed, 06 Nov 2019 04:35:05 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdce526dc-FRA
content-length: 1572
expires: max-age=A10368000, public

GET
H2 200 msconfig_opt.png
howtoremove.guide/wp-content/uploads/2015/07/ 13 KB
13 KB 31ms
28ms Image
image/png 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2015/07/msconfig_opt.png
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 764db3da5129a614d5588ebd5cbf54478160a73aa54030cb02039b0de61046b7

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Mon, 16 Nov 2015 21:39:00 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdce626dc-FRA
content-length: 13148
expires: max-age=A10368000, public

GET
H2 200 hosts_opt-1.png
howtoremove.guide/wp-content/uploads/2015/07/ 15 KB
15 KB 26ms
24ms Image
image/png 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2015/07/hosts_opt-1.png
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6042e7730c557fac2f92dbfb736fe18b417d2efbe278596c1949f3772d52870c

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Mon, 16 Nov 2015 16:00:08 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdce726dc-FRA
content-length: 15162
expires: max-age=A10368000, public

GET
H2 200 Step5.png
howtoremove.guide/wp-content/uploads/2015/10/ 648 B
733 B 25ms
23ms Image
image/png 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2015/10/Step5.png
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea655666bcf8047a1913568ef18316a6fe4aba6553420647d4568ec5a2d9cb47

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Tue, 17 Nov 2015 20:01:04 GMT
server: cloudflare
age: 53286
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdce826dc-FRA
content-length: 648
expires: max-age=A10368000, public

GET
H2 200 devicepx-jetpack.js Show response
s0.wp.com/wp-content/js/ 10 KB
3 KB 50ms
16ms Script
application/x-javascript 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=202001
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f32d41f2099a0be20e6b57c5e0d1b71c079d3e1345827b0f5c5b97c6e5e3f78d

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: gzip
server: nginx
etag: W/"5867460b-52b6"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
x-ac: 3.ams _dfw
expires: Mon, 28 Dec 2020 01:21:01 GMT

GET
H2 200 trjs.php Show response
howtoremove.guide/tr/ 3 KB
1 KB 580ms
569ms Script
text/html 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/tr/trjs.php
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / PHP/7.0.33
Resource Hash: d58fdd941fce7c4be4306fed351ff5fff077ea8872525f65e054b87e03c8579a

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:50 GMT
content-encoding: br
x-nginx-cache: 0
server: cloudflare
x-powered-by: PHP/7.0.33
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 200
cache-control: max-age=172800, no-cache
cf-ray: 5504e4bcccd126dc-FRA
cf-cache-status: DYNAMIC
expires: Tue, 07 Jan 2020 10:50:50 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
29 KB 33ms
12ms Script
text/javascript 2a00:1450:4001:821::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 21 Nov 2019 18:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3861908
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 Nov 2020 18:05:41 GMT

GET
H2 200 hr9nv.js Show response
howtoremove.guide/wp-content/cache/wpfc-minified/16q5t6y/ 95 KB
32 KB 31ms
21ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/16q5t6y/hr9nv.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4b93c4bf2b89b74fcf9bddb62936cd9a61e851621c1294431e0ab6566c4b311

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:57 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcccd226dc-FRA
expires: max-age=A10368000, public

GET
H2 200 hr9nv.js Show response
howtoremove.guide/wp-content/cache/wpfc-minified/2nfxf6u3/ 10 KB
4 KB 38ms
28ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/2nfxf6u3/hr9nv.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e55b3eb87c0e9919a7cabc425bb80b76e87ab7fcfcb5f1f067260307d6c81715

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:57 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcccd326dc-FRA
expires: max-age=A10368000, public

GET
H2 200 hr9nv.js Show response
howtoremove.guide/wp-content/cache/wpfc-minified/lmqzkis2/ 5 KB
1 KB 26ms
17ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/lmqzkis2/hr9nv.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd1d91d5b68a451a3d3ecc513c41e8d3d49ce6ed725b926d8516798de028ca97

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:57 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcccd426dc-FRA
expires: max-age=A10368000, public

GET
H2 200 hr9nv.js Show response
howtoremove.guide/wp-content/cache/wpfc-minified/2coqbnd/ 5 KB
1 KB 22ms
14ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/2coqbnd/hr9nv.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b82eefb6a4f332f80cf77897057def50d542447398557c6be322d86a3ebe613b

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:57 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcccd526dc-FRA
expires: max-age=A10368000, public

GET
H2 200 hr9nv.js Show response
howtoremove.guide/wp-content/cache/wpfc-minified/7lj14tk4/ 3 KB
659 B 26ms
18ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/7lj14tk4/hr9nv.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 433ffcc0cea20a562b416529be9c34da6812c7a4d33c0d969cfb6cb40d3d2253

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:57 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcdcd626dc-FRA
expires: max-age=A10368000, public

GET
H2 200 tutorial.js Show response
howtoremove.guide/lang_tutorials/ 983 B
472 B 36ms
28ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/lang_tutorials/tutorial.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc4525c6303e02af87f2e74b059690e7ea513c3a079b747645b8682b1cc3000e

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Jun 2017 10:14:36 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcdcd726dc-FRA
expires: max-age=A10368000, public

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.3/ 94 KB
33 KB 24ms
6ms Script
text/javascript 2a00:1450:4001:821::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js

Requested by

Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 21 Nov 2019 04:04:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3912369
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 33507
x-xss-protection: 0
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 Nov 2020 04:04:40 GMT

GET
H2 200 jquery.min.js Show response
howtoremove.guide/scan/uploadify/ 91 KB
32 KB 36ms
29ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/scan/uploadify/jquery.min.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36d635600376463647a6f84da4525c3f9ed3e112429a7b313fae147f97258d18

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 21 Nov 2016 13:11:04 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcdcd826dc-FRA
expires: max-age=A10368000, public

GET
H2 200 jquery.uploadifive.js Show response
howtoremove.guide/scan/uploadify/ 45 KB
7 KB 41ms
34ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/scan/uploadify/jquery.uploadifive.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50cf352b12db846a09c42382adefb45a4a854930fc6fc9e616c18996ed6c8aad

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 02 May 2017 07:46:35 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcdcd926dc-FRA
expires: max-age=A10368000, public

GET
H2 200 featherlight.min.js Show response
howtoremove.guide/scan/featherlight/ 7 KB
3 KB 34ms
28ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/scan/featherlight/featherlight.min.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a90cf3096f0484638bf44f773e201704c8732154a979a7b9a5c4a4c8c7a1edf

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 21 Nov 2016 13:11:06 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcdcda26dc-FRA
expires: max-age=A10368000, public

GET
H2 200 trjsevents.php Show response
howtoremove.guide/tr/ 520 KB
16 KB 1155ms
1154ms Script
text/html 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/tr/trjsevents.php
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / PHP/7.0.33
Resource Hash: 8443b9732e397b14dea5c589ee86dcabdf15cda8e36800025ae705f3a4a14aba

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:50 GMT
content-encoding: br
x-nginx-cache: 0
server: cloudflare
x-powered-by: PHP/7.0.33
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 200
cache-control: max-age=172800, no-cache
cf-ray: 5504e4bcdceb26dc-FRA
cf-cache-status: DYNAMIC
expires: Tue, 07 Jan 2020 10:50:50 GMT

GET
H2 200 jquery.rateyo.min.js Show response
howtoremove.guide/tooltip/js/ 9 KB
4 KB 24ms
23ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/tooltip/js/jquery.rateyo.min.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1eb7257f746f95ff7aca4c451f60e9ecf7ef4b82461feb30c40f7fc313348617

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 26 Jan 2017 10:43:47 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcdcec26dc-FRA
expires: max-age=A10368000, public

GET
H2 200 tooltipster.bundle.min.js Show response
howtoremove.guide/tooltip/js/ 39 KB
10 KB 29ms
28ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/tooltip/js/tooltipster.bundle.min.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe2c149df0cbff9d71a735fbd47e39d9dd9a7a5957c439158e43b5a57c1cddd3

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 26 Jan 2017 10:43:48 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcdcee26dc-FRA
expires: max-age=A10368000, public

GET
H2 200 hr9nt.js Show response
howtoremove.guide/wp-content/cache/wpfc-minified/dhd7s8uu/ 3 KB
738 B 33ms
32ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/dhd7s8uu/hr9nt.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10c1feb11b7cd258ac7894d70e9a60dade6813cf21ca0167e0bd6890f8ff0c27

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:55 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcdcef26dc-FRA
expires: max-age=A10368000, public

GET
H2 200 hr9nt.js Show response
howtoremove.guide/wp-content/cache/wpfc-minified/ml8qtf42/ 108 KB
31 KB 28ms
27ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/ml8qtf42/hr9nt.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e52a768c330d1c64ed0b6ba071084b91cad33998872fe9cf8c0b50faf0670556

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:55 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcdcf126dc-FRA
expires: max-age=A10368000, public

GET
H2 200 hr9nt.js Show response
howtoremove.guide/wp-content/cache/wpfc-minified/d7zb45ga/ 2 KB
1 KB 28ms
27ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/d7zb45ga/hr9nt.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31cb76c05cbf5d71466f93078e8ba0f6e39cd92d0acc86d385b8cf2899963695

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:55 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcdcf326dc-FRA
expires: max-age=A10368000, public

GET
H2 200 hr9nt.js Show response
howtoremove.guide/wp-content/cache/wpfc-minified/8azmzaao/ 1 KB
695 B 31ms
30ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/8azmzaao/hr9nt.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:55 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcdcf526dc-FRA
expires: max-age=A10368000, public

GET
H2 200 hr9nt.js Show response
howtoremove.guide/wp-content/cache/wpfc-minified/kyk3jtwd/ 619 B
276 B 33ms
33ms Script
application/javascript 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/kyk3jtwd/hr9nt.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b7f7fe6da35877e6ae37261e201fb3032d3a221e594bbbf63a00cbb5d103c36

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 10 Dec 2019 09:00:55 GMT
server: cloudflare
age: 54410
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=10368000
cf-ray: 5504e4bcdcf826dc-FRA
expires: max-age=A10368000, public

GET
H2 200 e-202001.js Show response
stats.wp.com/ 9 KB
3 KB 49ms
17ms Script
application/x-javascript 192.0.76.3
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202001.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
expires: Wed, 30 Dec 2020 07:15:31 GMT

GET
H2 200 fontawesome-webfont.woff2
howtoremove.guide/wp-content/themes/voice/css/fonts/ 75 KB
76 KB 17ms
17ms Font
application/font-woff2 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/wp-content/themes/voice/css/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://howtoremove.guide/wp-content/cache/wpfc-minified/d4g57qwl/hr9nt.css
Origin: https://howtoremove.guide

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Wed, 12 Dec 2018 11:04:45 GMT
server: cloudflare
age: 54409
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/font-woff2
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bcdcfb26dc-FRA
content-length: 77160
expires: max-age=A10368000, public

GET
H2 200 preloader.gif
howtoremove.guide/scan/featherlight/ 10 KB
10 KB 10ms
10ms Image
image/gif 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/scan/featherlight/preloader.gif
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: baa4db2b6ea05ae46b10dd65c641ad5b00b8b55eee4119c40f6ec524b5add6fb

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Wed, 15 Aug 2018 13:16:42 GMT
server: cloudflare
age: 54347
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bd8d5226dc-FRA
content-length: 10290
expires: max-age=A10368000, public

GET
H2 200 clamav_logo.png
howtoremove.guide/scan/av_logos/ 40 KB
40 KB 11ms
11ms Image
image/png 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/scan/av_logos/clamav_logo.png
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dee17d8c162954f149f8ee46f5680a2c73e0e1407f484f6fcea30825c0475c2a

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Wed, 15 Aug 2018 13:16:54 GMT
server: cloudflare
age: 54347
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bd8d5326dc-FRA
content-length: 41138
expires: max-age=A10368000, public

GET
H2 200 avg_logo.png
howtoremove.guide/scan/av_logos/ 27 KB
27 KB 12ms
12ms Image
image/png 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/scan/av_logos/avg_logo.png
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1722d90bd2178c6bd190bd1154d45d45b29edee517c3b8b8c4900ba379aec97

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Wed, 15 Aug 2018 13:16:50 GMT
server: cloudflare
age: 54347
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bd8d5426dc-FRA
content-length: 27549
expires: max-age=A10368000, public

GET
H2 200 maldet_logo.png
howtoremove.guide/scan/av_logos/ 15 KB
15 KB 11ms
11ms Image
image/png 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/scan/av_logos/maldet_logo.png
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3f783706ab8710206c4c15e7fb718a32e1b4b9aad7092c288d3a5ad6a97d768

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:49 GMT
cf-cache-status: HIT
last-modified: Wed, 15 Aug 2018 13:16:57 GMT
server: cloudflare
age: 54347
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4bd8d5726dc-FRA
content-length: 15377
expires: max-age=A10368000, public

POST
H2 200 trproxy.php Show response
howtoremove.guide/tr/ 0
324 B 573ms
572ms XHR
text/html 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/tr/trproxy.php
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/tr/trjs.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / PHP/7.0.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
Origin: https://howtoremove.guide
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sun, 05 Jan 2020 10:50:50 GMT
content-encoding: br
x-nginx-cache: 0
server: cloudflare
x-powered-by: PHP/7.0.33
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 200
cache-control: no-store, no-cache, must-revalidate, no-cache
cf-ray: 5504e4c06ee526dc-FRA
cf-cache-status: DYNAMIC
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 hotjar-414354.js Show response
static.hotjar.com/c/ 5 KB
2 KB 70ms
24ms Script
application/javascript 147.75.85.25
Packet Host

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-414354.js?sv=6

Requested by

Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.75.85.25 Parsippany, United States, ASN54825 (PACKET - Packet Host, Inc., US),

Reverse DNS

pkt-ams-k1-9

Software

openresty /

Resource Hash

a4ace901fe650833de207360e75c319413da2c6f705d74d2dadc5f05740f6f07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript
section-io-tag: hotjar
age: 28
status: 200
access-control-max-age: 600
section-io-cache: Hit
content-length: 1951
x-cache-hit: 1
server: openresty
x-frame-options: SAMEORIGIN
etag: W/2bdc400980047e172974b2fa8821cee3
vary: Accept-Encoding
section-io-origin-status: 304
access-control-allow-origin: *
cache-control: max-age=60
section-io-origin-time-seconds: 0.081
accept-ranges: bytes
section-io-id: 026e6bfb152f99e44e4bc39cf61520f7

GET
H2 200 bat.js Show response
bat.bing.com/ 23 KB
7 KB 29ms
29ms Script
application/javascript 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:50 GMT
content-encoding: gzip
last-modified: Tue, 10 Sep 2019 18:57:28 GMT
x-msedge-ref: Ref A: 41A9BE9D7C5143F2A081A063CFC5696D Ref B: FRAEDGE0411 Ref C: 2020-01-05T10:50:50Z
access-control-allow-origin: *
etag: "09c5197968d51:0"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7148

GET
H2 204 0
bat.bing.com/action/ 0
93 B 28ms
28ms Image
text/plain 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5321256&Ver=2&mid=d8d6688e-e46e-2efe-a1db-b1b8daf3b07f&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Musecador%20Backdoor%20Malware%20Removal&p=https%3A%2F%2Fhowtoremove.guide%2Fmusecador-backdoor%2F&r=&evt=pageLoad&msclkid=N&rn=298765
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Sun, 05 Jan 2020 10:50:50 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: C7D17A38D1504AF2BF990D6B24D3B846 Ref B: FRAEDGE0411 Ref C: 2020-01-05T10:50:50Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.297b225e0b92ebb96f25.js Show response
script.hotjar.com/ 399 KB
70 KB 67ms
23ms Script
application/javascript 147.75.85.119
Packet Host

General

Check archive.org

Show headers Download Go to

Full URL: https://script.hotjar.com/modules.297b225e0b92ebb96f25.js
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-414354.js?sv=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.85.119 Parsippany, United States, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS: pkt-ams-k1-2
Software: /
Resource Hash: 22c9a8794bf1aaa708de201b175d9646730455c0c1d93ee6aaccfc107c1c931b

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:51 GMT
content-encoding: br
content-type: application/javascript
age: 1369780
status: 200
section-io-cache: Hit
content-length: 71091
last-modified: Fri, 20 Dec 2019 14:18:08 GMT
etag: "7931ada42a878715cd638bda9c462ac3"
vary: Accept-Encoding
section-io-origin-status: 200
access-control-allow-origin: *
cache-control: max-age=31536000
section-io-origin-time-seconds: 0.024
accept-ranges: bytes
section-io-id: 78d20d85609a2900af6e2daf9a96947c

GET
H2 200 rating_over.gif
howtoremove.guide/wp-content/plugins/wp-postratings/images/stars_crystal/ 1009 B
1 KB 14ms
13ms Image
image/gif 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/plugins/wp-postratings/images/stars_crystal/rating_over.gif
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4cc3dfa1061aedf2533cf134f9d584568bc41a25090fb7ce77c5cdbec6c37e6

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:51 GMT
cf-cache-status: HIT
last-modified: Tue, 03 Sep 2019 09:28:27 GMT
server: cloudflare
age: 54411
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: max-age=10368000
accept-ranges: bytes
cf-ray: 5504e4c4e97a26dc-FRA
content-length: 1009
expires: max-age=A10368000, public

GET
H2 200 css
fonts.googleapis.com/ 2 KB
601 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:824::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Slab%3A400&subset=latin%2Clatin-ext&ver=2.8.3

Requested by

Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

c9f60c986e4943d1fe8f1a95f30c12583128e51634d63e33179b66be5e435682

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://howtoremove.guide/musecador-backdoor/
Origin: https://howtoremove.guide

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sun, 05 Jan 2020 10:50:51 GMT
server: ESF
access-control-allow-origin: *
date: Sun, 05 Jan 2020 10:50:51 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Sun, 05 Jan 2020 10:50:51 GMT

GET
H2 200 / Show response
howtoremove.guide/musecador-backdoor/ 3 KB
1 KB 406ms
405ms XHR
application/json 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://howtoremove.guide/musecador-backdoor/?relatedposts=1

Requested by

Host: howtoremove.guide
URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/16q5t6y/hr9nv.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / PHP/7.0.33

Resource Hash

e6fac5bcdf7c1c8a9a5c566a58fa6a19eeff5515a9ddb8692e954a4bf4aa3ab0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://howtoremove.guide/musecador-backdoor/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Sun, 05 Jan 2020 10:50:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: PHP/7.0.33
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-pingback: https://howtoremove.guide/xmlrpc.php
content-type: application/json; charset=utf-8
status: 200
cache-control: max-age=172800
cf-ray: 5504e4c5098626dc-FRA
vary: Accept-Encoding
expires: Tue, 07 Jan 2020 10:50:51 GMT

POST
H2 200 trproxy.php Show response
howtoremove.guide/tr/ 0
137 B 174ms
174ms XHR
text/html 2606:4700:30::681c:123e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://howtoremove.guide/tr/trproxy.php
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/tr/trjsevents.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:123e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / PHP/7.0.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
Origin: https://howtoremove.guide
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sun, 05 Jan 2020 10:50:51 GMT
content-encoding: br
x-nginx-cache: 0
server: cloudflare
x-powered-by: PHP/7.0.33
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 200
cache-control: no-store, no-cache, must-revalidate, no-cache
cf-ray: 5504e4c539a326dc-FRA
cf-cache-status: DYNAMIC
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
115 B 16ms
15ms Image
image/gif 192.0.76.3
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A7.6.1&blog=83235491&post=113891&tz=-5&srv=howtoremove.guide&host=howtoremove.guide&ref=&fcp=889&rand=0.45470283482219487
Requested by: Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://howtoremove.guide/musecador-backdoor/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status: 200
date: Sun, 05 Jan 2020 10:50:51 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2RlV9Su1cai.woff
fonts.gstatic.com/s/robotoslab/v10/ 15 KB
15 KB 6ms
5ms Font
font/woff 2a00:1450:4001:817::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v10/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2RlV9Su1cai.woff

Requested by

Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

4f2def19eaf72a71513ee206dec1344d158d8c1990c7accbed55910444767640

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto+Slab%3A400&subset=latin%2Clatin-ext&ver=2.8.3
Origin: https://howtoremove.guide

Response headers

date: Fri, 22 Nov 2019 01:54:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 14 Nov 2019 22:02:23 GMT
server: sffe
age: 3833757
content-type: font/woff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 15172
x-xss-protection: 0
expires: Sat, 21 Nov 2020 01:54:54 GMT

GET
H2 200 BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISma2RlV9Su1caiTVo.woff
fonts.gstatic.com/s/robotoslab/v10/ 10 KB
10 KB 8ms
7ms Font
font/woff 2a00:1450:4001:817::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v10/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISma2RlV9Su1caiTVo.woff

Requested by

Host: howtoremove.guide
URL: https://howtoremove.guide/musecador-backdoor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

b39bb3c7f417a58e12ad16efadec428c7080145e5e43299119fab2ce792e7d96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto+Slab%3A400&subset=latin%2Clatin-ext&ver=2.8.3
Origin: https://howtoremove.guide

Response headers

date: Thu, 19 Dec 2019 18:23:00 GMT
x-content-type-options: nosniff
last-modified: Thu, 14 Nov 2019 22:01:47 GMT
server: sffe
age: 1441671
content-type: font/woff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 9896
x-xss-protection: 0
expires: Fri, 18 Dec 2020 18:23:00 GMT

GET
H2 200 box-b736908ce6b0e933fad3a2e45df61b38.html
vars.hotjar.com/ Frame B0F7 0
0 72ms
24ms Document
text/html 147.75.85.25
Packet Host

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-b736908ce6b0e933fad3a2e45df61b38.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-414354.js?sv=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.85.25 Parsippany, United States, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS: pkt-ams-k1-9
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-b736908ce6b0e933fad3a2e45df61b38.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://howtoremove.guide/musecador-backdoor/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://howtoremove.guide/musecador-backdoor/

Response headers

status: 200
date: Sun, 05 Jan 2020 10:50:51 GMT
content-type: text/html
content-length: 808
last-modified: Tue, 17 Dec 2019 11:49:59 GMT
etag: "ed7551919779fd07dbfe6d776c643379"
cache-control: max-age=31536000
content-encoding: br
section-io-origin-status: 200
section-io-origin-time-seconds: 0.096
age: 1551579
vary: Accept-Encoding
section-io-cache: Hit
accept-ranges: bytes
section-io-id: b57611d318d81976c4df97939dcb14cd

Verdicts & Comments Add Verdict or Comment

96 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.howtoremove.guide/	1970-01-19 14:56:19	Name: _hjid Value: bce7510b-dfa8-47d3-a618-7b6baf8189ea
howtoremove.guide/	1970-01-19 15:09:17	Name: pll_language Value: en
howtoremove.guide/	1969-12-31 23:59:59	Name: PHPSESSID Value: ckpc9uquma6aee441lnt3tt0h1
howtoremove.guide/	1970-01-19 06:32:27	Name: HTRMV Value: 1aa7ab75fe99c037b5f25575478cf68a
.howtoremove.guide/	1970-01-19 06:25:07	Name: _gid Value: GA1.2.1271307640.1578221450
.howtoremove.guide/	1970-01-19 06:23:41	Name: _gat_gtag_UA_58850874_1 Value: 1
howtoremove.guide/musecador-backdoor	1970-01-19 15:09:17	Name: HTRMV Value: 1aa7ab75fe99c037b5f25575478cf68a
.howtoremove.guide/	1970-01-19 23:54:53	Name: _ga Value: GA1.2.1736469609.1578221450
.howtoremove.guide/	1970-01-19 07:06:53	Name: __cfduid Value: d5d129e3807e645f3c7115e3e3b2b7a391578221449
howtoremove.guide/musecador-backdoor	1970-01-19 06:25:07	Name: top_trojanv10_auto_impression Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://howtoremove.guide/wp-content/cache/wpfc-minified/2nfxf6u3/hr9nv.js(Line 1) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
bat.bing.com
fonts.googleapis.com
fonts.gstatic.com
howtoremove.guide
pixel.wp.com
s0.wp.com
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
stats.wp.com
vars.hotjar.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
147.75.85.119
147.75.85.25
192.0.76.3
192.0.77.32
2606:4700:30::681c:123e
2620:1ec:c11::200
2a00:1450:4001:816::200e
2a00:1450:4001:817::2003
2a00:1450:4001:820::2004
2a00:1450:4001:821::2008
2a00:1450:4001:821::200a
2a00:1450:4001:824::200a
2a00:1450:4001:825::2003
2a00:1450:400c:c00::9c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0b4d24b5daef3c3abeb1da1fbe707c7d8a5a6828512c4e2774eb442e506600c7
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
10c1feb11b7cd258ac7894d70e9a60dade6813cf21ca0167e0bd6890f8ff0c27
1a90cf3096f0484638bf44f773e201704c8732154a979a7b9a5c4a4c8c7a1edf
1eb7257f746f95ff7aca4c451f60e9ecf7ef4b82461feb30c40f7fc313348617
1f1df6d7c4e6123055e6de9ff74f8e7b91e85878ebfe23c1d5a69b17332db6a2
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
22c9a8794bf1aaa708de201b175d9646730455c0c1d93ee6aaccfc107c1c931b
28791d8ebd7a4c6a1a61fbdb92651489f332a7b58505c21544ba1c1e90d12eac
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
30848d6881c9b5545fcecf8af5beae00ddd009106b305bd754f5658d955b9c57
31cb76c05cbf5d71466f93078e8ba0f6e39cd92d0acc86d385b8cf2899963695
36d635600376463647a6f84da4525c3f9ed3e112429a7b313fae147f97258d18
3a953e6db712c51f469c51a734a6afd2f19ff3d85bd76cb8e10386f17bc67212
433ffcc0cea20a562b416529be9c34da6812c7a4d33c0d969cfb6cb40d3d2253
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f2def19eaf72a71513ee206dec1344d158d8c1990c7accbed55910444767640
50cf352b12db846a09c42382adefb45a4a854930fc6fc9e616c18996ed6c8aad
5a44ce4e2c69ef3f74fddd202717c0a69bbc9587ec801b8263642d29fd8db0a9
6042e7730c557fac2f92dbfb736fe18b417d2efbe278596c1949f3772d52870c
63def165e78b7397cb5376f80bd6694db62b514240de93e59db0458f8750a245
708fe35abcb87d933c186c6a5c4df3b8bb796909873087b809a25c391a22ed81
741e69d344b17d8e1585118bbc77049c9cbfe80d9db94a06798b67484498ddb9
764db3da5129a614d5588ebd5cbf54478160a73aa54030cb02039b0de61046b7
83fa4482b59afeb10475b5e2289a97de6f040de620673d0d021f13ef09e6d8ee
8443b9732e397b14dea5c589ee86dcabdf15cda8e36800025ae705f3a4a14aba
982bcb63dd0f10cef369708181a47a1f09eb9f309c117ca6b883f72a97a78bba
9990e178a9a493df48f18194c2e517ef8ac18b8c748ec9a61f3316c5c5a16973
9b7f7fe6da35877e6ae37261e201fb3032d3a221e594bbbf63a00cbb5d103c36
a4ace901fe650833de207360e75c319413da2c6f705d74d2dadc5f05740f6f07
a6b4b18fd3288e812f724fc2b45a26d942c5bbbd7435c3ce020528bb5e251495
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721
b39bb3c7f417a58e12ad16efadec428c7080145e5e43299119fab2ce792e7d96
b4b93c4bf2b89b74fcf9bddb62936cd9a61e851621c1294431e0ab6566c4b311
b82eefb6a4f332f80cf77897057def50d542447398557c6be322d86a3ebe613b
b945514f832f3ee6c35708088abe1b5e6f63466f172c37a4f4ea463b9ed7f425
baa4db2b6ea05ae46b10dd65c641ad5b00b8b55eee4119c40f6ec524b5add6fb
bc8d2b0e33413f04664ff47dd127949659e4adf2fcf6d2f7a086e28d07a8d2fe
bd1d91d5b68a451a3d3ecc513c41e8d3d49ce6ed725b926d8516798de028ca97
c54db8f673127cab8c417279bdadfd7240f2e0b1cae7398f642a76ff98402b8b
c6298d396cccc9ca39096f88aac14f37f6bd4cc401fc2c68a971e0ed67873eb7
c9f60c986e4943d1fe8f1a95f30c12583128e51634d63e33179b66be5e435682
d1722d90bd2178c6bd190bd1154d45d45b29edee517c3b8b8c4900ba379aec97
d3f783706ab8710206c4c15e7fb718a32e1b4b9aad7092c288d3a5ad6a97d768
d4cc3dfa1061aedf2533cf134f9d584568bc41a25090fb7ce77c5cdbec6c37e6
d58fdd941fce7c4be4306fed351ff5fff077ea8872525f65e054b87e03c8579a
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dc4525c6303e02af87f2e74b059690e7ea513c3a079b747645b8682b1cc3000e
dee17d8c162954f149f8ee46f5680a2c73e0e1407f484f6fcea30825c0475c2a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e52a768c330d1c64ed0b6ba071084b91cad33998872fe9cf8c0b50faf0670556
e53ba03cbe327b1c8f6fad1c548741985bce74616edacc447125b8e7567f4250
e55b3eb87c0e9919a7cabc425bb80b76e87ab7fcfcb5f1f067260307d6c81715
e6fac5bcdf7c1c8a9a5c566a58fa6a19eeff5515a9ddb8692e954a4bf4aa3ab0
ea655666bcf8047a1913568ef18316a6fe4aba6553420647d4568ec5a2d9cb47
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f32d41f2099a0be20e6b57c5e0d1b71c079d3e1345827b0f5c5b97c6e5e3f78d
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
fe2c149df0cbff9d71a735fbd47e39d9dd9a7a5957c439158e43b5a57c1cddd3

howtoremove.guide Open in urlscan Pro 2606:4700:30::681c:123e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

64 Requests

100 %HTTPS

71 %IPv6

11 Domains

16 Subdomains

12 IPs

3 Countries

730 kBTransfer

2410 kBSize

10 Cookies

7 Outgoing links

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

howtoremove.guide Open in urlscan Pro
2606:4700:30::681c:123e Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

100 %
HTTPS

71 %
IPv6

11
Domains

16
Subdomains

12
IPs

3
Countries

730 kB
Transfer

2410 kB
Size

10
Cookies

64 HTTP transactions
0 data transactions