Report - quangcao.differentia.ru/

Report Overview

Visitedpublic

2024-12-13 14:10:27

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
quangcao.differentia.ru	unknown	2019-05-29	2024-07-04	2024-09-23	751 B	1.4 kB	35.212.43.152
static.kryptoslogicsinkhole.com	unknown	2017-12-04	2018-10-17	2024-12-12	356 B	3.6 kB	104.21.77.90
web.archive.org	35459	1995-12-14	2012-05-30	2024-12-08	2.2 kB	19 kB	207.241.237.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-12-13 14:10:03	low	35.212.43.152	Client IP	ET MALWARE Known Sinkhole Response Kryptos Logic
2024-12-13 14:10:13	low	35.212.43.152	Client IP	ET MALWARE Known Sinkhole Response Kryptos Logic

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

GET quangcao.differentia.ru/

35.212.43.152

200 OK

607 B

URL User Request GET HTTP

quangcao.differentia.ru/

IP / ASN

35.212.43.152

#15169 GOOGLE

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (607), with no line terminators

First Seen2023-05-18

Last Seen2025-08-01

Times Seen1582

Size607 B (607 bytes)

MD5d9fdb2d2f2440ac3c3a0786a83e6b69a

SHA17d7735147b217acaa670f7ff6262b70ab7f4ecea

SHA2565b17494a74770d5abe918c36e8dfc10a4ff0f46451cdbe19d779d19baf8e6385

Detections

Analyzer	Verdict	Alert
suricata	low	ET MALWARE Known Sinkhole Response Kryptos Logic

HTTP Headers

GET / HTTP/1.1
Host: quangcao.differentia.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 13 Dec 2024 14:10:03 GMT
Content-Length: 607
Content-Type: text/html; charset=utf-8

GET static.kryptoslogicsinkhole.com/style.css

104.21.77.90

200 OK

2.8 kB

URL GET HTTP

static.kryptoslogicsinkhole.com/style.css

IP / ASN

104.21.77.90

#13335 CLOUDFLARENET

Requested byhttp://quangcao.differentia.ru/

Resource Info

File typeASCII text, with very long lines (11916), with no line terminators

First Seen2024-08-22

Last Seen2025-08-01

Times Seen682

Size2.8 kB (2790 bytes)

MD5022514dc4e2464b24cceffb7c58007ba

SHA1f0ada4f1681137b0c032e0a5f019c1d96e9d18bd

SHA256d9ec1dde3901f824532fef2e2cafbc4dd04bbc6074cdfeb77bd25f925637341c

HTTP Headers

GET /style.css HTTP/1.1
Host: static.kryptoslogicsinkhole.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://quangcao.differentia.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 13 Dec 2024 14:10:03 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FU%2F2Ml%2FtAxEhPY8v9s%2FxB3CEQm5pWuDQYwccvSiGSVjysAsuW2SIdMiZBlE0HdKcexOgihnsZt3wcDseGp4ARIwaFvbdop%2F75tPxnxwzrDfvPEqTofNX3D8Q9uevHj6DXJp%2FZEJnxjGHtWz%2BjNodr8QF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8f1689122c5856c0-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=496&min_rtt=496&rtt_var=248&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=358&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

GET quangcao.differentia.ru/favicon.ico

35.212.43.152

200 OK

607 B

URL GET HTTP

quangcao.differentia.ru/favicon.ico

IP / ASN

35.212.43.152

#15169 GOOGLE

Requested byhttp://quangcao.differentia.ru/

Resource Info

File typeHTML document, ASCII text, with very long lines (607), with no line terminators

First Seen2023-05-18

Last Seen2025-08-01

Times Seen1582

Size607 B (607 bytes)

MD5d9fdb2d2f2440ac3c3a0786a83e6b69a

SHA17d7735147b217acaa670f7ff6262b70ab7f4ecea

SHA2565b17494a74770d5abe918c36e8dfc10a4ff0f46451cdbe19d779d19baf8e6385

Detections

Analyzer	Verdict	Alert
suricata	low	ET MALWARE Known Sinkhole Response Kryptos Logic

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: quangcao.differentia.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://quangcao.differentia.ru/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 13 Dec 2024 14:10:03 GMT
Content-Length: 607
Content-Type: text/html; charset=utf-8

GET web.archive.org/web/20230110081707cs_/https://fonts.googleapis.com/css?family=Montserrat|Open+Sans

207.241.237.3

302 Found

0 B

URL GET HTTPS

web.archive.org/web/20230110081707cs_/https://fonts.googleapis.com/css?family=Montserrat|Open+Sans

IP / ASN

207.241.237.3

#7941 INTERNET-ARCHIVE

Requested byhttp://quangcao.differentia.ru/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5689073

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoDaddy.com, Inc.

Subject*.archive.org

FingerprintF3:44:18:A3:B3:28:34:6F:7C:29:7E:B9:F5:2F:32:49:EA:B0:CD:CA

ValiditySat, 23 Dec 2023 14:17:22 GMT - Thu, 23 Jan 2025 14:17:22 GMT

HTTP Headers

GET /web/20230110081707cs_/https://fonts.googleapis.com/css?family=Montserrat|Open+Sans HTTP/1.1
Host: web.archive.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://static.kryptoslogicsinkhole.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Fri, 13 Dec 2024 14:10:04 GMT
content-type: text/plain; charset=utf-8
content-length: 0
x-archive-redirect-reason: found capture at 20230110074513
location: https://web.archive.org/web/20230110074513cs_/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans
x-app-server: wwwb-app28
x-ts: 302
x-tr: 360
server-timing: captures_list;dur=1.336357, exclusion.robots;dur=0.058090, exclusion.robots.policy;dur=0.042189, esindex;dur=0.018235, cdx.remote;dur=10.872893, LoadShardBlock;dur=214.108814, PetaboxLoader3.datanode;dur=185.254278, TR;dur=0,Tw;dur=0,Tc;dur=1, MISS
x-location: All
x-rl: 1
x-na: 0
x-page-cache: MISS
x-nid: -
referrer-policy: no-referrer-when-downgrade
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

GET web.archive.org/web/20230110074513im_/https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

207.241.237.3

302 Found

0 B

URL GET HTTPS

web.archive.org/web/20230110074513im_/https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

IP / ASN

207.241.237.3

#7941 INTERNET-ARCHIVE

Requested byhttp://quangcao.differentia.ru/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5689073

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoDaddy.com, Inc.

Subject*.archive.org

FingerprintF3:44:18:A3:B3:28:34:6F:7C:29:7E:B9:F5:2F:32:49:EA:B0:CD:CA

ValiditySat, 23 Dec 2023 14:17:22 GMT - Thu, 23 Jan 2025 14:17:22 GMT

HTTP Headers

GET /web/20230110074513im_/https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: web.archive.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://quangcao.differentia.ru
DNT: 1
Connection: keep-alive
Referer: https://web.archive.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Fri, 13 Dec 2024 14:10:08 GMT
content-type: text/plain; charset=utf-8
content-length: 0
x-archive-redirect-reason: found capture at 20230110074548
location: https://web.archive.org/web/20230110074548im_/https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
x-app-server: wwwb-app204
x-ts: 302
x-tr: 2304
server-timing: captures_list;dur=2.290972, exclusion.robots;dur=0.026863, exclusion.robots.policy;dur=0.016335, esindex;dur=0.012252, cdx.remote;dur=28.502252, LoadShardBlock;dur=2148.574013, PetaboxLoader3.datanode;dur=179.572176, TR;dur=0,Tw;dur=0,Tc;dur=0, MISS
x-location: All
x-rl: 1
x-na: 0
x-page-cache: MISS
x-nid: -
referrer-policy: no-referrer-when-downgrade
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

GET web.archive.org/web/20230110074513im_/https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

207.241.237.3

302 Found

0 B

URL GET HTTPS

web.archive.org/web/20230110074513im_/https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

IP / ASN

207.241.237.3

#7941 INTERNET-ARCHIVE

Requested byhttp://quangcao.differentia.ru/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5689073

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoDaddy.com, Inc.

Subject*.archive.org

FingerprintF3:44:18:A3:B3:28:34:6F:7C:29:7E:B9:F5:2F:32:49:EA:B0:CD:CA

ValiditySat, 23 Dec 2023 14:17:22 GMT - Thu, 23 Jan 2025 14:17:22 GMT

HTTP Headers

GET /web/20230110074513im_/https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1
Host: web.archive.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://quangcao.differentia.ru
DNT: 1
Connection: keep-alive
Referer: https://web.archive.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx
date: Fri, 13 Dec 2024 14:10:08 GMT
content-type: text/plain; charset=utf-8
content-length: 0
x-archive-redirect-reason: found capture at 20230110065622
location: https://web.archive.org/web/20230110065622im_/https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
x-app-server: wwwb-app216
x-ts: 302
x-tr: 2359
server-timing: captures_list;dur=0.876561, exclusion.robots;dur=0.039373, exclusion.robots.policy;dur=0.024585, esindex;dur=0.018207, cdx.remote;dur=59.070263, LoadShardBlock;dur=2222.358325, PetaboxLoader3.datanode;dur=227.925047, TR;dur=0,Tw;dur=0,Tc;dur=1, MISS
x-location: All
x-rl: 1
x-na: 0
x-page-cache: MISS
x-nid: -
referrer-policy: no-referrer-when-downgrade
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2

GET web.archive.org/web/20230110074513cs_/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans

207.241.237.3

200 OK

13 kB

URL GET HTTPS

web.archive.org/web/20230110074513cs_/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans

IP / ASN

207.241.237.3

#7941 INTERNET-ARCHIVE

Requested byhttp://quangcao.differentia.ru/

Resource Info

File typegzip compressed data, max speed, from Unix

First Seen2024-12-13

Last Seen2024-12-13

Times Seen1

Size13 kB (13226 bytes)

MD54df41c41877321881e81ea42b4c56345

SHA1bc5d985f9f678188f45ceeaa6da77e7216f156aa

SHA25693dbf2b8344d687f925fb710c97b38e81cc0f6248fc3087e15cc6a6919bf954e

Certificate Info

IssuerGoDaddy.com, Inc.

Subject*.archive.org

FingerprintF3:44:18:A3:B3:28:34:6F:7C:29:7E:B9:F5:2F:32:49:EA:B0:CD:CA

ValiditySat, 23 Dec 2023 14:17:22 GMT - Thu, 23 Jan 2025 14:17:22 GMT

HTTP Headers

GET /web/20230110074513cs_/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans HTTP/1.1
Host: web.archive.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://static.kryptoslogicsinkhole.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 13 Dec 2024 14:10:05 GMT
content-type: text/css; charset=utf-8
x-archive-orig-access-control-allow-origin: *
x-archive-orig-timing-allow-origin: *
x-archive-orig-link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-archive-orig-strict-transport-security: max-age=31536000
x-archive-orig-expires: Tue, 10 Jan 2023 07:45:13 GMT
x-archive-orig-date: Tue, 10 Jan 2023 07:45:13 GMT
x-archive-orig-cache-control: private, max-age=86400, stale-while-revalidate=604800
x-archive-orig-last-modified: Tue, 10 Jan 2023 07:04:47 GMT
x-archive-orig-cross-origin-opener-policy: same-origin-allow-popups
x-archive-orig-cross-origin-resource-policy: cross-origin
x-archive-orig-server: ESF
x-archive-orig-x-xss-protection: 0
x-archive-orig-x-frame-options: SAMEORIGIN
x-archive-orig-x-content-type-options: nosniff
x-archive-orig-alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-archive-orig-transfer-encoding: chunked
x-archive-guessed-content-type: text/css
x-archive-guessed-charset: utf-8
x-archive-orig-content-encoding: gzip
memento-datetime: Tue, 10 Jan 2023 07:45:13 GMT
link: <https://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans>; rel="original", <https://web.archive.org/web/timemap/link/https://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans>; rel="timemap"; type="application/link-format", <https://web.archive.org/web/https://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans>; rel="timegate", <https://web.archive.org/web/20130704224143/http://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans>; rel="first memento"; datetime="Thu, 04 Jul 2013 22:41:43 GMT", <https://web.archive.org/web/20230110073356/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans>; rel="prev memento"; datetime="Tue, 10 Jan 2023 07:33:56 GMT", <https://web.archive.org/web/20230110074513/https://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans>; rel="memento"; datetime="Tue, 10 Jan 2023 07:45:13 GMT", <https://web.archive.org/web/20230110121405/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans>; rel="next memento"; datetime="Tue, 10 Jan 2023 12:14:05 GMT", <https://web.archive.org/web/20241212192058/https://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans>; rel="last memento"; datetime="Thu, 12 Dec 2024 19:20:58 GMT"
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org
x-archive-src: spn2-20230110085606/spn2-20230110071910-wwwb-spn19.us.archive.org-8005.warc.gz
x-app-server: wwwb-app217
x-ts: 200
x-tr: 1468
server-timing: captures_list;dur=3.504442, exclusion.robots;dur=0.163050, exclusion.robots.policy;dur=0.101404, esindex;dur=0.065815, cdx.remote;dur=125.890275, LoadShardBlock;dur=930.735098, PetaboxLoader3.datanode;dur=750.332888, load_resource;dur=162.257399, PetaboxLoader3.resolve;dur=147.467459, TR;dur=0,Tw;dur=0,Tc;dur=1, MISS
x-location: All
x-rl: 1
x-na: 0
x-page-cache: MISS
x-nid: -
referrer-policy: no-referrer-when-downgrade
permissions-policy: interest-cohort=()
content-encoding: gzip
X-Firefox-Spdy: h2