urlscan.io logo urlscan.io
SecurityTrails logo

removemalware.vir.us.com Open in urlscan Pro
2606:4700:30::6812:3ca8  Public Scan

Go To Rescan Add Verdict Report
URL: https://removemalware.vir.us.com/
Submission: On December 19 via manual from KR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 23 HTTP transactions. The main IP is 2606:4700:30::6812:3ca8, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is removemalware.vir.us.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on December 13th 2018. Valid for: 6 months.
This is the only time removemalware.vir.us.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
21 2606:4700:30:... 13335 (CLOUDFLAR...)
1 1 2606:4700:30:... 13335 (CLOUDFLAR...)
2 104.20.2.47 13335 (CLOUDFLAR...)
23 2
Apex Domain
Subdomains		 Transfer
22 us.com
removemalware.vir.us.com
437 KB
2 statcounter.com
www.statcounter.com
c.statcounter.com
11 KB
23 2
Domain Requested by
22 removemalware.vir.us.com 1 redirects removemalware.vir.us.com
1 c.statcounter.com removemalware.vir.us.com
1 www.statcounter.com removemalware.vir.us.com
23 3

This site contains no links.

Subject Issuer Validity Valid
sni167899.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2018-12-13 -
2019-06-21		 6 months crt.sh
*.statcounter.com
Go Daddy Secure Certificate Authority - G2		 2018-01-16 -
2019-01-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://removemalware.vir.us.com/
Frame ID: 7DF126FB4DE310DD5E334D6D4C118563
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i
  • script /\/wp-includes\//i
  • meta generator /WordPress( [\d.]+)?/i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i
  • script /\/wp-includes\//i
  • meta generator /WordPress( [\d.]+)?/i
Overall confidence: 100%
Detected patterns
  • headers server /cloudflare/i
Overall confidence: 50%
Detected patterns
  • env /^head$/i
Overall confidence: 100%
Detected patterns
  • env /^twemoji$/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Page Statistics

23
Requests

100 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

448 kB
Transfer

646 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • http://removemalware.vir.us.com/wp-content/uploads/sites/15/Affiliate-Disclaimer-Korean.jpg HTTP 301
  • https://removemalware.vir.us.com/wp-content/uploads/sites/15/Affiliate-Disclaimer-Korean.jpg

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
removemalware.vir.us.com/ 		69 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / PHP/5.6.39
Resource Hash
31fdc097a74b0b900f2c54da69f89d85f6269638851d945821d3edc869c5e18b

Request headers

:method
GET
:authority
removemalware.vir.us.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Wed, 19 Dec 2018 05:39:08 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=da1a8fc9d5fbd03ffbe2c37d48ab768e81545197948; expires=Thu, 19-Dec-19 05:39:08 GMT; path=/; domain=.vir.us.com; HttpOnly; Secure
x-powered-by
PHP/5.6.39
x-cache-handler
wp
last-modified
Fri, 14 Dec 2018 13:19:49 GMT
vary
Accept-Encoding
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
48b786e89d5ec2bf-FRA
content-encoding
br
styles.css
removemalware.vir.us.com/wp-content/plugins/contact-form-7/includes/css/ 		2 KB
716 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.5
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a559ba07f12aeda335ca811bb96b6f57b555815a835fe5f86ad6e7f166190e6d

Request headers

:path
/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.5
pragma
no-cache
cookie
__cfduid=da1a8fc9d5fbd03ffbe2c37d48ab768e81545197948
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 15 Nov 2018 09:57:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=14400
cf-ray
48b786ecd879c2bf-FRA
expires
Wed, 19 Dec 2018 09:39:08 GMT
style.css
removemalware.vir.us.com/wp-content/themes/bicubic/ 		29 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/wp-content/themes/bicubic/style.css?ver=4.9.9
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
079908a3be1b5b92914c15ef15f9cbf5c65ae0c4391369398920d81aa9842400

Request headers

:path
/wp-content/themes/bicubic/style.css?ver=4.9.9
pragma
no-cache
cookie
__cfduid=da1a8fc9d5fbd03ffbe2c37d48ab768e81545197948
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 25 Jul 2017 04:20:34 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=14400
cf-ray
48b786ecd87bc2bf-FRA
expires
Wed, 19 Dec 2018 09:39:09 GMT
jquery.js
removemalware.vir.us.com/wp-includes/js/jquery/ 		95 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e

Request headers

:path
/wp-includes/js/jquery/jquery.js?ver=1.12.4
pragma
no-cache
cookie
__cfduid=da1a8fc9d5fbd03ffbe2c37d48ab768e81545197948
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 02 Sep 2016 11:00:16 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=14400
cf-ray
48b786ecd87cc2bf-FRA
expires
Wed, 19 Dec 2018 09:39:09 GMT
jquery-migrate.min.js
removemalware.vir.us.com/wp-includes/js/jquery/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

:path
/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
pragma
no-cache
cookie
__cfduid=da1a8fc9d5fbd03ffbe2c37d48ab768e81545197948
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 02 Sep 2016 11:00:16 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=14400
cf-ray
48b786ecd87dc2bf-FRA
expires
Wed, 19 Dec 2018 09:39:09 GMT
scripts.js
removemalware.vir.us.com/wp-content/themes/bicubic/js/ 		13 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/wp-content/themes/bicubic/js/scripts.js?ver=4.9.9
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ef3fa1e4d68b6fd5b536b7aac4c9dffcbaa9a6d47ec2824cdbda94a2e1c5702

Request headers

:path
/wp-content/themes/bicubic/js/scripts.js?ver=4.9.9
pragma
no-cache
cookie
__cfduid=da1a8fc9d5fbd03ffbe2c37d48ab768e81545197948
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 25 Jul 2017 04:20:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=14400
cf-ray
48b786ecd87ec2bf-FRA
expires
Wed, 19 Dec 2018 09:39:09 GMT
jquery.placeholder.js
removemalware.vir.us.com/wp-content/themes/bicubic/js/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/wp-content/themes/bicubic/js/jquery.placeholder.js?ver=4.9.9
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
692b0b9af74edb1bf61b0114eab03ae5049e79398ae5c214523e016cad91cab0

Request headers

:path
/wp-content/themes/bicubic/js/jquery.placeholder.js?ver=4.9.9
pragma
no-cache
cookie
__cfduid=da1a8fc9d5fbd03ffbe2c37d48ab768e81545197948
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 25 Jul 2017 04:20:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=14400
cf-ray
48b786ecd880c2bf-FRA
expires
Wed, 19 Dec 2018 09:39:09 GMT
korean-download.jpg
removemalware.vir.us.com/wp-content/uploads/sites/15/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://removemalware.vir.us.com/wp-content/uploads/sites/15/korean-download.jpg
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a47ccefbe47ac194bb1c5eb118c5e0a24f03dd716b1f9aae050fe85ca3e057e

Request headers

:path
/wp-content/uploads/sites/15/korean-download.jpg
pragma
no-cache
cookie
__cfduid=da1a8fc9d5fbd03ffbe2c37d48ab768e81545197948
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:08 GMT
cf-cache-status
HIT
last-modified
Fri, 28 Jul 2017 05:59:24 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
48b786ecd882c2bf-FRA
content-length
24121
expires
Wed, 19 Dec 2018 09:39:08 GMT
windows-compatible.png
removemalware.vir.us.com/wp-content/uploads/sites/15/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://removemalware.vir.us.com/wp-content/uploads/sites/15/windows-compatible.png
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d1e57b05d4583ad2657bb4af806481c14c6896fd41cfe73231be72946d4158a

Request headers

:path
/wp-content/uploads/sites/15/windows-compatible.png
pragma
no-cache
cookie
__cfduid=da1a8fc9d5fbd03ffbe2c37d48ab768e81545197948
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:08 GMT
cf-cache-status
HIT
last-modified
Fri, 28 Jul 2017 05:59:29 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
48b786ecd883c2bf-FRA
content-length
19574
expires
Wed, 19 Dec 2018 09:39:08 GMT
images222.jpg
removemalware.vir.us.com/wp-content/uploads/sites/15/ 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://removemalware.vir.us.com/wp-content/uploads/sites/15/images222.jpg
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a10a6dcc5143e309ba637a38e4f7697dafba3f7e07206b7056234fb6e094663d

Request headers

:path
/wp-content/uploads/sites/15/images222.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
cf-cache-status
HIT
last-modified
Thu, 21 Jun 2018 11:13:15 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=14400
set-cookie
__cfduid=d5a8e9059b3edb8402654255e82d039961545197949; expires=Thu, 19-Dec-19 05:39:09 GMT; path=/; domain=.vir.us.com; HttpOnly; Secure
accept-ranges
bytes
cf-ray
48b786f0faeac2bf-FRA
content-length
24053
expires
Wed, 19 Dec 2018 09:39:09 GMT
Buy-Now-Korean.png
removemalware.vir.us.com/wp-content/uploads/sites/15/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://removemalware.vir.us.com/wp-content/uploads/sites/15/Buy-Now-Korean.png
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
52712817012ab6f5402376bccaf5d87bdc3b3c902d1768eedfe95defd86f9830

Request headers

:path
/wp-content/uploads/sites/15/Buy-Now-Korean.png
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
cf-cache-status
HIT
last-modified
Fri, 28 Jul 2017 05:59:18 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=14400
set-cookie
__cfduid=d5a8e9059b3edb8402654255e82d039961545197949; expires=Thu, 19-Dec-19 05:39:09 GMT; path=/; domain=.vir.us.com; HttpOnly; Secure
accept-ranges
bytes
cf-ray
48b786f0faedc2bf-FRA
content-length
15780
expires
Wed, 19 Dec 2018 09:39:09 GMT
Affiliate-Disclaimer-Korean.jpg
removemalware.vir.us.com/wp-content/uploads/sites/15/
Redirect Chain
  • http://removemalware.vir.us.com/wp-content/uploads/sites/15/Affiliate-Disclaimer-Korean.jpg
  • https://removemalware.vir.us.com/wp-content/uploads/sites/15/Affiliate-Disclaimer-Korean.jpg
95 KB
95 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://removemalware.vir.us.com/wp-content/uploads/sites/15/Affiliate-Disclaimer-Korean.jpg
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2cc7186a9190f2ead83e1d7fc76316f12a75ca5389ac0a294c975fa2d2ca19f

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
cf-cache-status
HIT
last-modified
Fri, 28 Jul 2017 05:59:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
48b786f11b46c2bf-FRA
content-length
97000
expires
Wed, 19 Dec 2018 09:39:09 GMT

Redirect headers

Date
Wed, 19 Dec 2018 05:39:09 GMT
Server
cloudflare
Vary
Accept-Encoding
Location
https://removemalware.vir.us.com/wp-content/uploads/sites/15/Affiliate-Disclaimer-Korean.jpg
Cache-Control
max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
CF-RAY
48b786f104502342-FRA
Expires
Wed, 19 Dec 2018 06:39:09 GMT
wp-emoji-release.min.js
removemalware.vir.us.com/wp-includes/js/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.9
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2458b9fd9089fdcb9de317093e004ef3a65597dc68b9adfdeb15a7c9968d0d5

Request headers

:path
/wp-includes/js/wp-emoji-release.min.js?ver=4.9.9
pragma
no-cache
cookie
__cfduid=d5a8e9059b3edb8402654255e82d039961545197949
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:10 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 03 Aug 2018 01:16:02 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=14400
cf-ray
48b786f10b17c2bf-FRA
expires
Wed, 19 Dec 2018 09:39:10 GMT
email-decode.min.js
removemalware.vir.us.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
833 B 		Script
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

:path
/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma
no-cache
cookie
__cfduid=da1a8fc9d5fbd03ffbe2c37d48ab768e81545197948
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:08 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Tue, 18 Dec 2018 11:44:22 GMT
server
cloudflare
etag
W/"5c18dd96-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
cache-control
max-age=172800 public
cf-ray
48b786ecf8cfc2bf-FRA
expires
Fri, 21 Dec 2018 05:39:08 GMT
counter.js
www.statcounter.com/counter/ 		28 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.statcounter.com/counter/counter.js
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.20.2.47 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
58c7edea7429f960e3cc03b3452b271fcab02ac139ac6026d62e38191b1cafa1

Request headers

Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 04 Dec 2018 15:56:10 GMT
server
cloudflare
etag
W/"5c06a39a-71d1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
public, max-age=43200
cf-ray
48b786f15e07642d-FRA
expires
Wed, 19 Dec 2018 17:39:09 GMT
scripts.js
removemalware.vir.us.com/wp-content/plugins/contact-form-7/includes/js/ 		14 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.5
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2abe34835f5555333edccab5786c3fb72eb1755110f38d2fdb2c0ae7ed4db6ed

Request headers

:path
/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.5
pragma
no-cache
cookie
__cfduid=da1a8fc9d5fbd03ffbe2c37d48ab768e81545197948
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 15 Nov 2018 09:57:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=14400
cf-ray
48b786ecf8d4c2bf-FRA
expires
Wed, 19 Dec 2018 09:39:09 GMT
wp-embed.min.js
removemalware.vir.us.com/wp-includes/js/ 		1 KB
717 B 		Script
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/wp-includes/js/wp-embed.min.js?ver=4.9.9
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7

Request headers

:path
/wp-includes/js/wp-embed.min.js?ver=4.9.9
pragma
no-cache
cookie
__cfduid=da1a8fc9d5fbd03ffbe2c37d48ab768e81545197948
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 13 Dec 2018 03:16:11 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=14400
cf-ray
48b786ed08eac2bf-FRA
expires
Wed, 19 Dec 2018 09:39:09 GMT
sprites.png
removemalware.vir.us.com/wp-content/themes/bicubic/image/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://removemalware.vir.us.com/wp-content/themes/bicubic/image/sprites.png
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3fa798e389fd8c5371186d5237dd216ed9bcc4ecc46bd16edefe11560629647

Request headers

:path
/wp-content/themes/bicubic/image/sprites.png
pragma
no-cache
cookie
__cfduid=d5a8e9059b3edb8402654255e82d039961545197949
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/wp-content/themes/bicubic/style.css?ver=4.9.9
:scheme
https
:method
GET
Referer
https://removemalware.vir.us.com/wp-content/themes/bicubic/style.css?ver=4.9.9
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
cf-cache-status
HIT
last-modified
Tue, 25 Jul 2017 04:20:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
48b786f23e43c2bf-FRA
content-length
3722
expires
Wed, 19 Dec 2018 09:39:09 GMT
OpenSans-Bold.woff
removemalware.vir.us.com/wp-content/themes/bicubic/fonts/opensans/ 		69 KB
69 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/wp-content/themes/bicubic/fonts/opensans/OpenSans-Bold.woff
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7421955915ef288826f549be704f7d35c085f14f7748dffc152bc49908e078e

Request headers

:path
/wp-content/themes/bicubic/fonts/opensans/OpenSans-Bold.woff
pragma
no-cache
cookie
__cfduid=d5a8e9059b3edb8402654255e82d039961545197949
origin
https://removemalware.vir.us.com
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/wp-content/themes/bicubic/style.css?ver=4.9.9
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://removemalware.vir.us.com/wp-content/themes/bicubic/style.css?ver=4.9.9
Origin
https://removemalware.vir.us.com

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
cf-cache-status
HIT
last-modified
Tue, 25 Jul 2017 04:20:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
font/woff
status
200
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
48b786f23e4ec2bf-FRA
content-length
70188
expires
Wed, 19 Dec 2018 09:39:09 GMT
DroidSans.woff
removemalware.vir.us.com/wp-content/themes/bicubic/fonts/droidsans/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/wp-content/themes/bicubic/fonts/droidsans/DroidSans.woff
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8025cbbee5a56bfc1381d4b55ce586f11d8ddf3210ac5606c7c861dd955f5252

Request headers

:path
/wp-content/themes/bicubic/fonts/droidsans/DroidSans.woff
pragma
no-cache
cookie
__cfduid=d5a8e9059b3edb8402654255e82d039961545197949
origin
https://removemalware.vir.us.com
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/wp-content/themes/bicubic/style.css?ver=4.9.9
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://removemalware.vir.us.com/wp-content/themes/bicubic/style.css?ver=4.9.9
Origin
https://removemalware.vir.us.com

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
cf-cache-status
HIT
last-modified
Tue, 25 Jul 2017 04:20:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
font/woff
status
200
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
48b786f23e50c2bf-FRA
content-length
26348
expires
Wed, 19 Dec 2018 09:39:09 GMT
DroidSans-Bold.woff
removemalware.vir.us.com/wp-content/themes/bicubic/fonts/droidsans/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/wp-content/themes/bicubic/fonts/droidsans/DroidSans-Bold.woff
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3be6890a759d272f5edd30d0f67197486b80021212e9c32647fb8795dcee46f1

Request headers

:path
/wp-content/themes/bicubic/fonts/droidsans/DroidSans-Bold.woff
pragma
no-cache
cookie
__cfduid=d5a8e9059b3edb8402654255e82d039961545197949
origin
https://removemalware.vir.us.com
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/wp-content/themes/bicubic/style.css?ver=4.9.9
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://removemalware.vir.us.com/wp-content/themes/bicubic/style.css?ver=4.9.9
Origin
https://removemalware.vir.us.com

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
cf-cache-status
HIT
last-modified
Tue, 25 Jul 2017 04:20:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
font/woff
status
200
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
48b786f2af35c2bf-FRA
content-length
27552
expires
Wed, 19 Dec 2018 09:39:09 GMT
t.php
c.statcounter.com/ 		49 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.statcounter.com/t.php?sc_project=11599168&java=1&security=59175fcc&u1=DA7529A7D7BE4FBC4FA9E0ADB245BB03&sc_random=0.9880833604831054&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1600&h=1200&camefrom=&u=https%3A//removemalware.vir.us.com/&t=%EA%B0%80%EC%9D%B4%EB%93%9C%20%EC%97%90%20%EC%A0%9C%EA%B1%B0%20%EC%9C%88%EB%8F%84%EC%9A%B0%20%EC%8A%A4%ED%8C%8C%EC%9D%B4%EC%9B%A8%EC%96%B4%20%EC%99%84%EC%A0%84%ED%9E%88&sc_snum=1&sess=4ea83c&p=0&invisible=1
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.20.2.47 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer
https://removemalware.vir.us.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Wed, 19 Dec 2018 05:39:10 GMT
server
cloudflare
p3p
policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
status
200
cf-ray
48b786f2de8d642d-FRA
content-length
49
expires
Mon, 26 Jul 1997 05:00:00 GMT
OpenSans-Regular.woff
removemalware.vir.us.com/wp-content/themes/bicubic/fonts/opensans/ 		66 KB
66 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://removemalware.vir.us.com/wp-content/themes/bicubic/fonts/opensans/OpenSans-Regular.woff
Requested by
Host: removemalware.vir.us.com
URL: https://removemalware.vir.us.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::6812:3ca8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4aed9fbbd39fe7dc06dc6a8a379464ea80557eda4d7390220e3a8483d085253

Request headers

:path
/wp-content/themes/bicubic/fonts/opensans/OpenSans-Regular.woff
pragma
no-cache
cookie
__cfduid=d5a8e9059b3edb8402654255e82d039961545197949; sc_is_visitor_unique=rx11599168.1545197950.DA7529A7D7BE4FBC4FA9E0ADB245BB03.1.1.1.1.1.1.1.1.1
origin
https://removemalware.vir.us.com
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
removemalware.vir.us.com
referer
https://removemalware.vir.us.com/wp-content/themes/bicubic/style.css?ver=4.9.9
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://removemalware.vir.us.com/wp-content/themes/bicubic/style.css?ver=4.9.9
Origin
https://removemalware.vir.us.com

Response headers

date
Wed, 19 Dec 2018 05:39:09 GMT
cf-cache-status
HIT
last-modified
Tue, 25 Jul 2017 04:20:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
font/woff
status
200
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
48b786f2ffccc2bf-FRA
content-length
67524
expires
Wed, 19 Dec 2018 09:39:09 GMT

Verdicts & Comments Add Verdict or Comment

116 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| _wpemojiSettings undefined| $ function| jQuery function| CreateFileInput function| createInputAttr function| CreateSelect number| sc_project number| sc_invisible string| sc_security object| wpcf7 object| wp number| sc_width number| sc_height string| sc_referer number| sc_unique number| sc_returning number| sc_returns number| sc_error number| sc_remove number| sc_cls number| sc_inv string| sc_os string| sc_title string| sc_url string| sc_base_dir string| sc_click_dir string| sc_link_back_start string| sc_link_back_end string| sc_security_code string| sc_http_url string| sc_host string| sc_dc string| sc_alt_text string| sc_counter_size number| sc_prerendering string| sc_uuid string| sc_uuid_q string| sc_unique_returning string| sc_sp function| _sc_strip_tags function| _sc_sanitiseTags function| _sc_validateTags function| getTagString function| isValidEventName undefined| _statcounter_pending object| _statcounter number| sc_script_num object| _sc_imgs string| sc_pageview_tag_string number| _sc_project_int object| _sc_epoch_now number| _sc_epoch_days number| _sc_days_elapsed number| _sc_fix_threshold number| _sc_fix_min_threshold boolean| _sc_apply_mar_2017_fixes number| clickstat_done number| clickstat_project string| clickstat_security string| dlext string| ltype string| second object| dl object| lnk object| domsec string| host_name object| host_splitted string| domain string| host_split string| lnklocal_mask object| lnklocal object| anchors object| anchor undefined| original_click undefined| s undefined| bs undefined| head undefined| ps undefined| pe undefined| params undefined| plist undefined| body undefined| insert undefined| final_body undefined| ev_head undefined| ev_params undefined| ev_sep undefined| sc_i undefined| ev_foot undefined| ev_final string| sc_gsyn_pattern string| sc_gsyn_pattern2 undefined| sc_px undefined| sc_py undefined| sc_existing function| sc_none function| sc_delay function| sc_clickstat_call function| sc_adsense_click function| sc_adsense_init function| sc_getmouse function| sc_findy function| sc_findx function| sc_exitpage string| sc_doc_loc object| myRE object| sc_date number| sc_time number| sc_time_difference string| cookie_value object| expiration number| sc_call object| twemoji

2 Cookies

Domain/Path Name / Value
.removemalware.vir.us.com/ Name: sc_is_visitor_unique
Value: rx11599168.1545197950.DA7529A7D7BE4FBC4FA9E0ADB245BB03.1.1.1.1.1.1.1.1.1
.vir.us.com/ Name: __cfduid
Value: d5a8e9059b3edb8402654255e82d039961545197949

1 Console Messages

Source Level URL
Text
console-api log URL: https://removemalware.vir.us.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.statcounter.com
removemalware.vir.us.com
www.statcounter.com
104.20.2.47
2606:4700:30::6812:3ca8
2606:4700:30::6812:3da8
079908a3be1b5b92914c15ef15f9cbf5c65ae0c4391369398920d81aa9842400
1a47ccefbe47ac194bb1c5eb118c5e0a24f03dd716b1f9aae050fe85ca3e057e
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2abe34835f5555333edccab5786c3fb72eb1755110f38d2fdb2c0ae7ed4db6ed
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
31fdc097a74b0b900f2c54da69f89d85f6269638851d945821d3edc869c5e18b
3be6890a759d272f5edd30d0f67197486b80021212e9c32647fb8795dcee46f1
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
52712817012ab6f5402376bccaf5d87bdc3b3c902d1768eedfe95defd86f9830
58c7edea7429f960e3cc03b3452b271fcab02ac139ac6026d62e38191b1cafa1
5ef3fa1e4d68b6fd5b536b7aac4c9dffcbaa9a6d47ec2824cdbda94a2e1c5702
692b0b9af74edb1bf61b0114eab03ae5049e79398ae5c214523e016cad91cab0
7d1e57b05d4583ad2657bb4af806481c14c6896fd41cfe73231be72946d4158a
8025cbbee5a56bfc1381d4b55ce586f11d8ddf3210ac5606c7c861dd955f5252
a10a6dcc5143e309ba637a38e4f7697dafba3f7e07206b7056234fb6e094663d
a2cc7186a9190f2ead83e1d7fc76316f12a75ca5389ac0a294c975fa2d2ca19f
a559ba07f12aeda335ca811bb96b6f57b555815a835fe5f86ad6e7f166190e6d
d2458b9fd9089fdcb9de317093e004ef3a65597dc68b9adfdeb15a7c9968d0d5
d7421955915ef288826f549be704f7d35c085f14f7748dffc152bc49908e078e
e3fa798e389fd8c5371186d5237dd216ed9bcc4ecc46bd16edefe11560629647
f4aed9fbbd39fe7dc06dc6a8a379464ea80557eda4d7390220e3a8483d085253
fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e