| GET quangcao.differentia.ru/ |  35.212.43.152 | 200 OK | 607 B |
URL User Request GET HTTP/1.1IP35.212.43.152:80
File typeHTML document, ASCII text, with very long lines (607), with no line terminators Hashd9fdb2d2f2440ac3c3a0786a83e6b69a 7d7735147b217acaa670f7ff6262b70ab7f4ecea 5b17494a74770d5abe918c36e8dfc10a4ff0f46451cdbe19d779d19baf8e6385
| NIDS | Severity | Alert |
|---|
| suricata | low | ET MALWARE Known Sinkhole Response Kryptos Logic |
GET / HTTP/1.1
Host: quangcao.differentia.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 13 Dec 2024 14:10:03 GMT
Content-Length: 607
Content-Type: text/html; charset=utf-8
|
|
| GET static.kryptoslogicsinkhole.com/style.css |  104.21.77.90 | 200 OK | 2.8 kB |
URL GET HTTP/1.1static.kryptoslogicsinkhole.com/style.css IP104.21.77.90:80
Requested byhttp://quangcao.differentia.ru/
File typeASCII text, with very long lines (11916), with no line terminators Hash022514dc4e2464b24cceffb7c58007ba f0ada4f1681137b0c032e0a5f019c1d96e9d18bd d9ec1dde3901f824532fef2e2cafbc4dd04bbc6074cdfeb77bd25f925637341c
GET /style.css HTTP/1.1
Host: static.kryptoslogicsinkhole.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://quangcao.differentia.ru/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 13 Dec 2024 14:10:03 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FU%2F2Ml%2FtAxEhPY8v9s%2FxB3CEQm5pWuDQYwccvSiGSVjysAsuW2SIdMiZBlE0HdKcexOgihnsZt3wcDseGp4ARIwaFvbdop%2F75tPxnxwzrDfvPEqTofNX3D8Q9uevHj6DXJp%2FZEJnxjGHtWz%2BjNodr8QF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8f1689122c5856c0-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
server-timing: cfL4;desc="?proto=TCP&rtt=496&min_rtt=496&rtt_var=248&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=358&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
|
|
| GET quangcao.differentia.ru/favicon.ico | 35.212.43.152 | 200 OK | 607 B |
URL GET HTTP/1.1quangcao.differentia.ru/favicon.ico IP35.212.43.152:80
Requested byhttp://quangcao.differentia.ru/
File typeHTML document, ASCII text, with very long lines (607), with no line terminators Hashd9fdb2d2f2440ac3c3a0786a83e6b69a 7d7735147b217acaa670f7ff6262b70ab7f4ecea 5b17494a74770d5abe918c36e8dfc10a4ff0f46451cdbe19d779d19baf8e6385
| NIDS | Severity | Alert |
|---|
| suricata | low | ET MALWARE Known Sinkhole Response Kryptos Logic |
GET /favicon.ico HTTP/1.1
Host: quangcao.differentia.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://quangcao.differentia.ru/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 13 Dec 2024 14:10:03 GMT
Content-Length: 607
Content-Type: text/html; charset=utf-8
|
|
| GET web.archive.org/web/20230110081707cs_/https://fonts.googleapis.com/css?family=Montserrat|Open+Sans | 207.241.237.3 | 302 Found | 0 B |
URL GET HTTP/2web.archive.org/web/20230110081707cs_/https://fonts.googleapis.com/css?family=Montserrat|Open+Sans IP207.241.237.3:443 ASN#7941 INTERNET-ARCHIVE
Requested byhttp://quangcao.differentia.ru/ CertificateIssuerGoDaddy.com, Inc. Subject*.archive.org FingerprintF3:44:18:A3:B3:28:34:6F:7C:29:7E:B9:F5:2F:32:49:EA:B0:CD:CA ValiditySat, 23 Dec 2023 14:17:22 GMT - Thu, 23 Jan 2025 14:17:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /web/20230110081707cs_/https://fonts.googleapis.com/css?family=Montserrat|Open+Sans HTTP/1.1
Host: web.archive.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://static.kryptoslogicsinkhole.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Fri, 13 Dec 2024 14:10:04 GMT
content-type: text/plain; charset=utf-8
content-length: 0
x-archive-redirect-reason: found capture at 20230110074513
location: https://web.archive.org/web/20230110074513cs_/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans
x-app-server: wwwb-app28
x-ts: 302
x-tr: 360
server-timing: captures_list;dur=1.336357, exclusion.robots;dur=0.058090, exclusion.robots.policy;dur=0.042189, esindex;dur=0.018235, cdx.remote;dur=10.872893, LoadShardBlock;dur=214.108814, PetaboxLoader3.datanode;dur=185.254278, TR;dur=0,Tw;dur=0,Tc;dur=1, MISS
x-location: All
x-rl: 1
x-na: 0
x-page-cache: MISS
x-nid: -
referrer-policy: no-referrer-when-downgrade
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2
|
|
| GET web.archive.org/web/20230110074513im_/https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 | 207.241.237.3 | 302 Found | 0 B |
URL GET HTTP/2web.archive.org/web/20230110074513im_/https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 IP207.241.237.3:443 ASN#7941 INTERNET-ARCHIVE
Requested byhttp://quangcao.differentia.ru/ CertificateIssuerGoDaddy.com, Inc. Subject*.archive.org FingerprintF3:44:18:A3:B3:28:34:6F:7C:29:7E:B9:F5:2F:32:49:EA:B0:CD:CA ValiditySat, 23 Dec 2023 14:17:22 GMT - Thu, 23 Jan 2025 14:17:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /web/20230110074513im_/https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: web.archive.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://quangcao.differentia.ru
DNT: 1
Connection: keep-alive
Referer: https://web.archive.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 13 Dec 2024 14:10:08 GMT
content-type: text/plain; charset=utf-8
content-length: 0
x-archive-redirect-reason: found capture at 20230110074548
location: https://web.archive.org/web/20230110074548im_/https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
x-app-server: wwwb-app204
x-ts: 302
x-tr: 2304
server-timing: captures_list;dur=2.290972, exclusion.robots;dur=0.026863, exclusion.robots.policy;dur=0.016335, esindex;dur=0.012252, cdx.remote;dur=28.502252, LoadShardBlock;dur=2148.574013, PetaboxLoader3.datanode;dur=179.572176, TR;dur=0,Tw;dur=0,Tc;dur=0, MISS
x-location: All
x-rl: 1
x-na: 0
x-page-cache: MISS
x-nid: -
referrer-policy: no-referrer-when-downgrade
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2
|
|
| GET web.archive.org/web/20230110074513im_/https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 | 207.241.237.3 | 302 Found | 0 B |
URL GET HTTP/2web.archive.org/web/20230110074513im_/https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 IP207.241.237.3:443 ASN#7941 INTERNET-ARCHIVE
Requested byhttp://quangcao.differentia.ru/ CertificateIssuerGoDaddy.com, Inc. Subject*.archive.org FingerprintF3:44:18:A3:B3:28:34:6F:7C:29:7E:B9:F5:2F:32:49:EA:B0:CD:CA ValiditySat, 23 Dec 2023 14:17:22 GMT - Thu, 23 Jan 2025 14:17:22 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /web/20230110074513im_/https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1
Host: web.archive.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://quangcao.differentia.ru
DNT: 1
Connection: keep-alive
Referer: https://web.archive.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Fri, 13 Dec 2024 14:10:08 GMT
content-type: text/plain; charset=utf-8
content-length: 0
x-archive-redirect-reason: found capture at 20230110065622
location: https://web.archive.org/web/20230110065622im_/https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
x-app-server: wwwb-app216
x-ts: 302
x-tr: 2359
server-timing: captures_list;dur=0.876561, exclusion.robots;dur=0.039373, exclusion.robots.policy;dur=0.024585, esindex;dur=0.018207, cdx.remote;dur=59.070263, LoadShardBlock;dur=2222.358325, PetaboxLoader3.datanode;dur=227.925047, TR;dur=0,Tw;dur=0,Tc;dur=1, MISS
x-location: All
x-rl: 1
x-na: 0
x-page-cache: MISS
x-nid: -
referrer-policy: no-referrer-when-downgrade
permissions-policy: interest-cohort=()
X-Firefox-Spdy: h2
|
|
| GET web.archive.org/web/20230110074513cs_/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans | 207.241.237.3 | 200 OK | 13 kB |
URL GET HTTP/2web.archive.org/web/20230110074513cs_/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans IP207.241.237.3:443 ASN#7941 INTERNET-ARCHIVE
Requested byhttp://quangcao.differentia.ru/ CertificateIssuerGoDaddy.com, Inc. Subject*.archive.org FingerprintF3:44:18:A3:B3:28:34:6F:7C:29:7E:B9:F5:2F:32:49:EA:B0:CD:CA ValiditySat, 23 Dec 2023 14:17:22 GMT - Thu, 23 Jan 2025 14:17:22 GMT
File typegzip compressed data, max speed, from Unix Hash4df41c41877321881e81ea42b4c56345 bc5d985f9f678188f45ceeaa6da77e7216f156aa 93dbf2b8344d687f925fb710c97b38e81cc0f6248fc3087e15cc6a6919bf954e
GET /web/20230110074513cs_/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans HTTP/1.1
Host: web.archive.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://static.kryptoslogicsinkhole.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 13 Dec 2024 14:10:05 GMT
content-type: text/css; charset=utf-8
x-archive-orig-access-control-allow-origin: *
x-archive-orig-timing-allow-origin: *
x-archive-orig-link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-archive-orig-strict-transport-security: max-age=31536000
x-archive-orig-expires: Tue, 10 Jan 2023 07:45:13 GMT
x-archive-orig-date: Tue, 10 Jan 2023 07:45:13 GMT
x-archive-orig-cache-control: private, max-age=86400, stale-while-revalidate=604800
x-archive-orig-last-modified: Tue, 10 Jan 2023 07:04:47 GMT
x-archive-orig-cross-origin-opener-policy: same-origin-allow-popups
x-archive-orig-cross-origin-resource-policy: cross-origin
x-archive-orig-server: ESF
x-archive-orig-x-xss-protection: 0
x-archive-orig-x-frame-options: SAMEORIGIN
x-archive-orig-x-content-type-options: nosniff
x-archive-orig-alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-archive-orig-transfer-encoding: chunked
x-archive-guessed-content-type: text/css
x-archive-guessed-charset: utf-8
x-archive-orig-content-encoding: gzip
memento-datetime: Tue, 10 Jan 2023 07:45:13 GMT
link: <https://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans>; rel="original", <https://web.archive.org/web/timemap/link/https://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans>; rel="timemap"; type="application/link-format", <https://web.archive.org/web/https://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans>; rel="timegate", <https://web.archive.org/web/20130704224143/http://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans>; rel="first memento"; datetime="Thu, 04 Jul 2013 22:41:43 GMT", <https://web.archive.org/web/20230110073356/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans>; rel="prev memento"; datetime="Tue, 10 Jan 2023 07:33:56 GMT", <https://web.archive.org/web/20230110074513/https://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans>; rel="memento"; datetime="Tue, 10 Jan 2023 07:45:13 GMT", <https://web.archive.org/web/20230110121405/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans>; rel="next memento"; datetime="Tue, 10 Jan 2023 12:14:05 GMT", <https://web.archive.org/web/20241212192058/https://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans>; rel="last memento"; datetime="Thu, 12 Dec 2024 19:20:58 GMT"
content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org
x-archive-src: spn2-20230110085606/spn2-20230110071910-wwwb-spn19.us.archive.org-8005.warc.gz
x-app-server: wwwb-app217
x-ts: 200
x-tr: 1468
server-timing: captures_list;dur=3.504442, exclusion.robots;dur=0.163050, exclusion.robots.policy;dur=0.101404, esindex;dur=0.065815, cdx.remote;dur=125.890275, LoadShardBlock;dur=930.735098, PetaboxLoader3.datanode;dur=750.332888, load_resource;dur=162.257399, PetaboxLoader3.resolve;dur=147.467459, TR;dur=0,Tw;dur=0,Tc;dur=1, MISS
x-location: All
x-rl: 1
x-na: 0
x-page-cache: MISS
x-nid: -
referrer-policy: no-referrer-when-downgrade
permissions-policy: interest-cohort=()
content-encoding: gzip
X-Firefox-Spdy: h2
|
|