malwarecomplaints.info Open in urlscan Pro
2606:4700:3032::681c:92 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Submission: On September 25 via manual (September 25th 2020, 5:18:45 pm UTC) from US

Summary HTTP 18 Redirects Links 4 Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3032::681c:92, located in United States and belongs to CLOUDFLARENET, US. The main domain is malwarecomplaints.info.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 10th 2020. Valid for: a year.

This is the only time malwarecomplaints.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
14	2606:4700:303... 2606:4700:3032::681c:92		13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:81a::2008		15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::ac43:4a0c		13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:821::200e		15169 (GOOGLE) (GOOGLE)
18	4

14 2606:4700:3032::681c:92 (United States)

ASN13335 (CLOUDFLARENET, US)

malwarecomplaints.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4a0c (United States)

ASN13335 (CLOUDFLARENET, US)

howtoremove.guide	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	malwarecomplaints.info malwarecomplaints.info	431 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	howtoremove.guide howtoremove.guide	15 KB
1	googletagmanager.com www.googletagmanager.com	36 KB
18	4

	Domain	Requested by
14	malwarecomplaints.info	malwarecomplaints.info
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	howtoremove.guide	malwarecomplaints.info
1	www.googletagmanager.com	malwarecomplaints.info
18	4

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
pinterest.com
www.linkedin.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-10` - `2021-08-10`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Frame ID: 1F5BD3CE820E93274065513F14078B08
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

18
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

501 kB
Transfer

1764 kB
Size

4
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer/sharer.php?u=https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/link/?url=https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Title: Share on Pinterest

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Title: Share on LinkedIn

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
malwarecomplaints.info/backdoor-win-darkcheese-malware/ 110 KB
21 KB 558ms
521ms Document
text/html 2606:4700:3032::681c:92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3db72f4eec04ec54137171821910cf5c7b063869f5628b48a7c04f4085369b70

Request headers

:method: GET
:authority: malwarecomplaints.info
:scheme: https
:path: /backdoor-win-darkcheese-malware/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 25 Sep 2020 17:18:24 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d5a2a01eb6ab370760356fc6605df31c61601054303; expires=Sun, 25-Oct-20 17:18:23 GMT; path=/; domain=.malwarecomplaints.info; HttpOnly; SameSite=Lax
vary: X-Forwarded-Proto,Accept-Encoding
last-modified: Fri, 25 Sep 2020 15:51:08 GMT
referrer-policy: no-referrer-when-downgrade
cf-cache-status: DYNAMIC
cf-request-id: 0567defe9e00000eb758333200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5d8667776a470eb7-FRA
content-encoding: br

GET
H2 200 14f77.css
malwarecomplaints.info/wp-content/cache/minify/ 526 KB
79 KB 34ms
33ms Stylesheet
text/css 2606:4700:3032::681c:92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malwarecomplaints.info/wp-content/cache/minify/14f77.css
Requested by: Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3c47dc7f7c5b739ecf8f86b76a4f2422fdc959de19c6dc24e97d22dea58dee7

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:24 GMT
content-encoding: br
cf-cache-status: HIT
age: 363748
status: 200
cf-request-id: 0567df00ac00000eb75834d200000001
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 20 Sep 2020 12:51:35 GMT
server: cloudflare
etag: W/"15021-5afbe31ad7f8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31451739
cf-ray: 5d86677aab420eb7-FRA
expires: Mon, 20 Sep 2021 12:51:35 GMT

GET
H2 200 c4db2.css
malwarecomplaints.info/wp-content/cache/minify/ 60 KB
11 KB 15ms
14ms Stylesheet
text/css 2606:4700:3032::681c:92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malwarecomplaints.info/wp-content/cache/minify/c4db2.css
Requested by: Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe4492015af3f9a40f39613c6e3750fc5e6d72bad2461f2a3bb1df07de62f40d

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:24 GMT
content-encoding: br
cf-cache-status: HIT
age: 33338
status: 200
cf-request-id: 0567df00ac00000eb75834e200000001
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Sep 2020 13:53:41 GMT
server: cloudflare
etag: W/"2cf9-5b00f87267d33"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31470655
cf-ray: 5d86677aab450eb7-FRA
expires: Fri, 24 Sep 2021 13:53:41 GMT

GET
H2 200 d8c13.css
malwarecomplaints.info/wp-content/cache/minify/ 101 KB
42 KB 19ms
19ms Stylesheet
text/css 2606:4700:3032::681c:92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malwarecomplaints.info/wp-content/cache/minify/d8c13.css
Requested by: Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c6009d22a86344adaaabbb0222679675a79780c8a9f30ea1ee53df33824a0da

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:24 GMT
content-encoding: br
cf-cache-status: HIT
age: 7129
status: 200
cf-request-id: 0567df00ad00000eb75834f200000001
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 25 Sep 2020 13:11:28 GMT
server: cloudflare
etag: W/"b001-5b0230dfd4b77"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31528313
cf-ray: 5d86677aab470eb7-FRA
expires: Sat, 25 Sep 2021 13:11:28 GMT

GET
H2 200 37d5d.js Show response
malwarecomplaints.info/wp-content/cache/minify/ 612 KB
174 KB 48ms
48ms Script
application/x-javascript 2606:4700:3032::681c:92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malwarecomplaints.info/wp-content/cache/minify/37d5d.js
Requested by: Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6a543ad2db990cdaf1d1b6c9e5257652de5062b378af8b76b9763a2475b7c9c

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:24 GMT
content-encoding: br
cf-cache-status: HIT
age: 7129
status: 200
cf-request-id: 0567df00ad00000eb758350200000001
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Sep 2020 13:35:02 GMT
server: cloudflare
etag: W/"2d26d-5b00f4468a9b7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31443326
cf-ray: 5d86677aab480eb7-FRA
expires: Fri, 24 Sep 2021 13:35:02 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 45ms
45ms Script
application/javascript 2a00:1450:4001:81a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-108912001-1

Requested by

Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6119cc5f6369d2e84147a7e3e298b444b6e4da637dc2d90d66f3e23c3fa7a850

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:24 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36404
x-xss-protection: 0
last-modified: Fri, 25 Sep 2020 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 25 Sep 2020 17:18:24 GMT

GET
H2 200 wp-emoji-release.min.js Show response
malwarecomplaints.info/wp-includes/js/ 14 KB
5 KB 397ms
397ms Script
application/x-javascript 2606:4700:3032::681c:92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malwarecomplaints.info/wp-includes/js/wp-emoji-release.min.js?ver=5.5.1
Requested by: Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:24 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
cf-cache-status: MISS
last-modified: Mon, 15 Jun 2020 23:34:26 GMT
server: cloudflare
etag: W/"37a6-5a827de0ae480-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
cf-ray: 5d86677b2c880eb7-FRA
cf-request-id: 0567df00fa00000eb758359200000001
expires: Sat, 25 Sep 2021 17:18:24 GMT

GET
H2 200 2a307.js Show response
malwarecomplaints.info/wp-content/cache/minify/ 51 KB
18 KB 17ms
16ms Script
application/x-javascript 2606:4700:3032::681c:92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malwarecomplaints.info/wp-content/cache/minify/2a307.js
Requested by: Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aea7166ca4ec7d35cdce41a7a4cbf7a2b5312279779880188d25ace4faba4fde

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:24 GMT
content-encoding: br
cf-cache-status: HIT
age: 7129
status: 200
cf-request-id: 0567df00d500000eb758354200000001
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Sep 2020 13:35:01 GMT
server: cloudflare
etag: W/"4764-5b00f445cd66c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31443325
cf-ray: 5d86677aebec0eb7-FRA
expires: Fri, 24 Sep 2021 13:35:01 GMT

GET
H2 200 68e92.js Show response
malwarecomplaints.info/wp-content/cache/minify/ 2 KB
652 B 14ms
13ms Script
application/x-javascript 2606:4700:3032::681c:92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malwarecomplaints.info/wp-content/cache/minify/68e92.js
Requested by: Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fc2845d22c09928ba9dae73f657a21ede05bed89a42efafe1028bcbe4ee499b

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:24 GMT
content-encoding: br
cf-cache-status: HIT
age: 363747
status: 200
cf-request-id: 0567df00d500000eb758355200000001
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 20 Sep 2020 13:02:48 GMT
server: cloudflare
etag: W/"21d-5afbe59c0d65c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31452410
cf-ray: 5d86677aebf00eb7-FRA
expires: Mon, 20 Sep 2021 13:02:48 GMT

GET
H2 200 59b37.js Show response
malwarecomplaints.info/wp-content/cache/minify/ 66 KB
18 KB 18ms
17ms Script
application/x-javascript 2606:4700:3032::681c:92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malwarecomplaints.info/wp-content/cache/minify/59b37.js
Requested by: Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffb8236f9e9cc17fcc69ffc6186fb15ba2cf7532044751340af084bfc9da3f79

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:24 GMT
content-encoding: br
cf-cache-status: HIT
age: 7129
status: 200
cf-request-id: 0567df00d500000eb758356200000001
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 25 Sep 2020 13:11:28 GMT
server: cloudflare
etag: W/"4b2c-5b0230e02027a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31528313
cf-ray: 5d86677aebf20eb7-FRA
expires: Sat, 25 Sep 2021 13:11:28 GMT

GET
H2 200 ekko-font.woff
malwarecomplaints.info/wp-content/themes/ekko/core/assets/fonts/ 25 KB
15 KB 38ms
38ms Font
application/font-woff 2606:4700:3032::681c:92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malwarecomplaints.info/wp-content/themes/ekko/core/assets/fonts/ekko-font.woff
Requested by: Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/wp-content/cache/minify/d8c13.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20d42ee48282833ecad65efbe9718df113374d5b5a0683a7cc2655f63bb24eca

Request headers

Origin: https://malwarecomplaints.info
Referer: https://malwarecomplaints.info/wp-content/cache/minify/d8c13.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:24 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
cf-cache-status: HIT
server: cloudflare
age: 7128
etag: W/"639c-5acad8c1a1f77-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
content-type: application/font-woff
status: 200
cache-control: max-age=31536000
cf-ray: 5d86677b7d3b0eb7-FRA
cf-request-id: 0567df012900000eb75835c200000001
expires: Sat, 25 Sep 2021 15:19:36 GMT

GET
H2 200 Backdoor.Win_.DARKCHEESE.jpg
malwarecomplaints.info/wp-content/uploads/2020/09/ 28 KB
28 KB 523ms
521ms Image
image/jpeg 2606:4700:3032::681c:92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://malwarecomplaints.info/wp-content/uploads/2020/09/Backdoor.Win_.DARKCHEESE.jpg
Requested by: Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9792883d9335ffa4c4ebea2a5523c1e795dc0b714b005a9793cfd387aac5786

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:25 GMT
cf-cache-status: MISS
status: 200
content-length: 28683
cf-request-id: 0567df01f900000eb758369200000001
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 25 Sep 2020 13:21:30 GMT
server: cloudflare
etag: "700b-5b02331dd5da7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 5d86677cc8a50eb7-FRA
expires: Sat, 25 Sep 2021 17:18:25 GMT

GET
H2 200 task-manager-win-10.png
malwarecomplaints.info/wp-content/uploads/2017/01/ 15 KB
15 KB 510ms
509ms Image
image/png 2606:4700:3032::681c:92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://malwarecomplaints.info/wp-content/uploads/2017/01/task-manager-win-10.png
Requested by: Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d875256a2e037db0db61aa00f21f39a03f6ba2bd63606611e5f99aae4f76d55b

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:25 GMT
cf-cache-status: MISS
status: 200
content-length: 15454
cf-request-id: 0567df01f900000eb75836a200000001
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 06 Jul 2020 10:36:23 GMT
server: cloudflare
etag: "3c5e-5a9c3723aec84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 5d86677cc8a70eb7-FRA
expires: Sat, 25 Sep 2021 17:18:25 GMT

GET
H2 200 hosts_opt-1.png
howtoremove.guide/wp-content/uploads/2015/07/ 14 KB
15 KB 36ms
12ms Image
image/webp 2606:4700:20::ac43:4a0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://howtoremove.guide/wp-content/uploads/2015/07/hosts_opt-1.png
Requested by: Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6586d4972da26d4d8b47265f8f6f9175f2100385e825a017914eb988be6a84b2

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:24 GMT
cf-cache-status: HIT
age: 13103
cf-polished: origFmt=png, origSize=15162
status: 200
content-disposition: inline; filename="hosts_opt-1.webp"
content-length: 14642
cf-request-id: 0567df0210000005d0f8b18200000001
last-modified: Mon, 16 Nov 2015 16:00:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: max-age=A10368000, public
cache-control: public, max-age=10368000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 5d86677cee3905d0-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 msconfig.png
malwarecomplaints.info/wp-content/uploads/2017/01/ 4 KB
4 KB 412ms
412ms Image
image/png 2606:4700:3032::681c:92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://malwarecomplaints.info/wp-content/uploads/2017/01/msconfig.png
Requested by: Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::681c:92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f5383cbffd6d7181cbee974d10950a330091f752e210297457a69e3e79eecb6

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:25 GMT
cf-cache-status: MISS
status: 200
content-length: 3979
cf-request-id: 0567df01f900000eb75836b200000001
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 06 Jul 2020 10:36:11 GMT
server: cloudflare
etag: "f8b-5a9c3717f8c8a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 5d86677cc8a80eb7-FRA
expires: Sat, 25 Sep 2021 17:18:25 GMT

GET
H2 200 refill Show response
malwarecomplaints.info/wp-json/contact-form-7/v1/contact-forms/7773/ 2 B
419 B 1447ms
1447ms XHR
application/json 2606:4700:3032::681c:92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarecomplaints.info/wp-json/contact-form-7/v1/contact-forms/7773/refill

Requested by

Host: malwarecomplaints.info
URL: https://malwarecomplaints.info/wp-content/cache/minify/37d5d.js

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::681c:92 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.2.33

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 17:18:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-powered-by: PHP/7.2.33
status: 200
vary: Origin,X-Forwarded-Proto,Accept-Encoding
cf-request-id: 0567df023400000eb75836e200000001
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
referrer-policy: no-referrer-when-downgrade
x-robots-tag: noindex
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
allow: GET
content-type: application/json; charset=UTF-8
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=31536000
cf-ray: 5d86677d29b60eb7-FRA
link: <https://malwarecomplaints.info/wp-json/>; rel="https://api.w.org/"
expires: Sat, 25 Sep 2021 17:18:24 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-108912001-1

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 164
date: Fri, 25 Sep 2020 17:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Fri, 25 Sep 2020 19:15:40 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
399 B 40ms
13ms XHR
text/plain 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&a=1232138766&t=pageview&_s=1&dl=https%3A%2F%2Fmalwarecomplaints.info%2Fbackdoor-win-darkcheese-malware%2F&ul=en-us&de=UTF-8&dt=Backdoor.Win.DARKCHEESE%20Malware%20-%20How%20to%20Remove&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=176340196&gjid=963444469&cid=1907530786.1601054305&tid=UA-108912001-1&_gid=1068909869.1601054305&_r=1&gtm=2ou9g1&z=1950973249

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://malwarecomplaints.info/backdoor-win-darkcheese-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Sep 2020 17:18:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://malwarecomplaints.info
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes string| ajaxurl object| _wpemojiSettings undefined| $ function| jQuery object| jQuery1124017319335535814706 object| gsapVersions object| tpGS object| punchgs object| RSANYID object| RSANYID_sliderID function| _ function| SaveAsPDFPdfcrowd function| setREVStartSize function| gtag object| dataLayer object| wpcf7 function| PhotoSwipe function| PhotoSwipeUI_Default object| qpprFrontData object| ctcc_vars function| catapultSetCookie function| catapultReadCookie function| catapultDeleteCookie function| catapultAcceptCookies function| ctccCloseNotification function| ctccFirstPage function| scrollEvent function| is_touch_device object| ak_js object| commentForm undefined| replyRowContainer undefined| children function| SmoothScroll object| classie object| addComment object| wp number| viewportTop object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData object| twemoji

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.malwarecomplaints.info/	1970-01-19 12:45:40	Name: _gid Value: GA1.2.1068909869.1601054305
			.malwarecomplaints.info/	1970-01-19 12:44:14	Name: _gat_gtag_UA_108912001_1 Value: 1
			.malwarecomplaints.info/	1970-01-20 06:15:26	Name: _ga Value: GA1.2.1907530786.1601054305
			.malwarecomplaints.info/	1970-01-19 13:27:26	Name: __cfduid Value: d5a2a01eb6ab370760356fc6605df31c61601054303

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

howtoremove.guide
malwarecomplaints.info
www.google-analytics.com
www.googletagmanager.com
2606:4700:20::ac43:4a0c
2606:4700:3032::681c:92
2a00:1450:4001:81a::2008
2a00:1450:4001:821::200e
20d42ee48282833ecad65efbe9718df113374d5b5a0683a7cc2655f63bb24eca
2c6009d22a86344adaaabbb0222679675a79780c8a9f30ea1ee53df33824a0da
3db72f4eec04ec54137171821910cf5c7b063869f5628b48a7c04f4085369b70
3fc2845d22c09928ba9dae73f657a21ede05bed89a42efafe1028bcbe4ee499b
4f5383cbffd6d7181cbee974d10950a330091f752e210297457a69e3e79eecb6
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
6119cc5f6369d2e84147a7e3e298b444b6e4da637dc2d90d66f3e23c3fa7a850
6586d4972da26d4d8b47265f8f6f9175f2100385e825a017914eb988be6a84b2
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e
aea7166ca4ec7d35cdce41a7a4cbf7a2b5312279779880188d25ace4faba4fde
d875256a2e037db0db61aa00f21f39a03f6ba2bd63606611e5f99aae4f76d55b
d9792883d9335ffa4c4ebea2a5523c1e795dc0b714b005a9793cfd387aac5786
f3c47dc7f7c5b739ecf8f86b76a4f2422fdc959de19c6dc24e97d22dea58dee7
f6a543ad2db990cdaf1d1b6c9e5257652de5062b378af8b76b9763a2475b7c9c
fe4492015af3f9a40f39613c6e3750fc5e6d72bad2461f2a3bb1df07de62f40d
ffb8236f9e9cc17fcc69ffc6186fb15ba2cf7532044751340af084bfc9da3f79