{"report_id":"aee44c88-3d58-4aa3-bf79-290d244664fe","version":6,"status":"done","tags":[],"date":"2024-12-13T14:10:27Z","url":{"schema":"http","addr":"quangcao.differentia.ru/","fqdn":"quangcao.differentia.ru","domain":"differentia.ru","tld":"ru"},"ip":{"addr":"35.212.64.89","port":0,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"quangcao.differentia.ru/","fqdn":"quangcao.differentia.ru","domain":"differentia.ru","tld":"ru"},"title":"Sinkholed by Kryptos Logic"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-21T14:10:27Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"quangcao.differentia.ru","ip":{"addr":"35.212.43.152","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2019-05-29","domain_rank":0,"first_seen":"2024-07-04T13:11:18Z","last_seen":"2024-09-23T14:50:12Z","alert_count":2,"request_count":2,"received_data":1444,"sent_data":751,"comment":"","tags":null,"fingerprints":null},{"fqdn":"static.kryptoslogicsinkhole.com","ip":{"addr":"104.21.77.90","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-12-04","domain_rank":0,"first_seen":"2018-10-17T12:30:20Z","last_seen":"2024-12-12T20:50:43.329177Z","alert_count":0,"request_count":1,"received_data":3593,"sent_data":356,"comment":"","tags":null,"fingerprints":null},{"fqdn":"web.archive.org","ip":{"addr":"207.241.237.3","port":443,"asn":7941,"as":"INTERNET-ARCHIVE","country":"United States","country_code":"US"},"domain_registered":"1995-12-14","domain_rank":35459,"first_seen":"2012-05-30T06:47:17Z","last_seen":"2024-12-08T03:22:44.847352Z","alert_count":0,"request_count":4,"received_data":19059,"sent_data":2246,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-13T14:10:03Z","timestamp":1734099003,"ip_dst":{"addr":"172.18.0.18","port":54322,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"35.212.43.152","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"severity":"low","alert":"ET MALWARE Known Sinkhole Response Kryptos Logic","source":"{\"timestamp\":\"2024-12-13T14:10:03.387615+0000\",\"flow_id\":1949937704823102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"35.212.43.152\",\"src_port\":80,\"dest_ip\":\"172.18.0.18\",\"dest_port\":54322,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031515,\"rev\":2,\"signature\":\"ET MALWARE Known Sinkhole Response Kryptos Logic\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_01_12\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2021_01_12\"]}},\"http\":{\"hostname\":\"quangcao.differentia.ru\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":607},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":607,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":1093,\"bytes_toclient\":1720,\"start\":\"2024-12-13T14:10:02.911678+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-12-13T14:10:13Z","timestamp":1734099013,"ip_dst":{"addr":"172.18.0.18","port":54322,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"35.212.43.152","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"severity":"low","alert":"ET MALWARE Known Sinkhole Response Kryptos Logic","source":"{\"timestamp\":\"2024-12-13T14:10:13.503026+0000\",\"flow_id\":1949937704823102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"35.212.43.152\",\"src_port\":80,\"dest_ip\":\"172.18.0.18\",\"dest_port\":54322,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031515,\"rev\":2,\"signature\":\"ET MALWARE Known Sinkhole Response Kryptos Logic\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_01_12\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2021_01_12\"]}},\"http\":{\"hostname\":\"quangcao.differentia.ru\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://quangcao.differentia.ru/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":607},\"files\":[{\"filename\":\"/favicon.ico\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":607,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":5,\"bytes_toserver\":1225,\"bytes_toclient\":1786,\"start\":\"2024-12-13T14:10:02.911678+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"quangcao.differentia.ru/","fqdn":"quangcao.differentia.ru","domain":"differentia.ru","tld":"ru"},"ip":{"addr":"35.212.43.152","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-13T14:10:02.914Z","timestamp":1734099002914,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: quangcao.differentia.ru\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 13 Dec 2024 14:10:03 GMT\r\nContent-Length: 607\r\nContent-Type: text/html; charset=utf-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":607,"size_decoded":607,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (607), with no line terminators","md5":"d9fdb2d2f2440ac3c3a0786a83e6b69a","sha1":"7d7735147b217acaa670f7ff6262b70ab7f4ecea","sha256":"5b17494a74770d5abe918c36e8dfc10a4ff0f46451cdbe19d779d19baf8e6385","sha512":"6a82e4fef26c69cfb44205200c42a0994d612c21ad133e0a36da4d10e9d949b648060e178f812ea5dabbbc800eec1404c6c70a8bcab86a82cb4ee6e4d9069ed6","ssdeep":"","tlshash":"c9f0a2b7c5c4a01a0be34a605930f359b4d7a32dd6565a582ef4939c4bd8dc489d3108","first_seen":"2023-05-18T10:37:51Z","last_seen":"2026-05-18T00:07:08.180355Z","times_seen":2528,"resource_available":true,"data":null}},"time_used":286,"timings":{"blocked":93,"dns":1,"connect":95,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-13T14:10:03Z","timestamp":1734099003,"ip_dst":{"addr":"172.18.0.18","port":54322,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"35.212.43.152","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"severity":"low","alert":"ET MALWARE Known Sinkhole Response Kryptos Logic","source":"{\"timestamp\":\"2024-12-13T14:10:03.387615+0000\",\"flow_id\":1949937704823102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"35.212.43.152\",\"src_port\":80,\"dest_ip\":\"172.18.0.18\",\"dest_port\":54322,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031515,\"rev\":2,\"signature\":\"ET MALWARE Known Sinkhole Response Kryptos Logic\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_01_12\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2021_01_12\"]}},\"http\":{\"hostname\":\"quangcao.differentia.ru\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":607},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":607,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":5,\"pkts_toclient\":4,\"bytes_toserver\":1093,\"bytes_toclient\":1720,\"start\":\"2024-12-13T14:10:02.911678+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"static.kryptoslogicsinkhole.com/style.css","fqdn":"static.kryptoslogicsinkhole.com","domain":"kryptoslogicsinkhole.com","tld":"com"},"ip":{"addr":"104.21.77.90","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://quangcao.differentia.ru/","date":"2024-12-13T14:10:03.205Z","timestamp":1734099003205,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: static.kryptoslogicsinkhole.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://quangcao.differentia.ru/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 13 Dec 2024 14:10:03 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=FU%2F2Ml%2FtAxEhPY8v9s%2FxB3CEQm5pWuDQYwccvSiGSVjysAsuW2SIdMiZBlE0HdKcexOgihnsZt3wcDseGp4ARIwaFvbdop%2F75tPxnxwzrDfvPEqTofNX3D8Q9uevHj6DXJp%2FZEJnxjGHtWz%2BjNodr8QF\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 8f1689122c5856c0-OSL\r\nContent-Encoding: gzip\r\nalt-svc: h2=\":443\"; ma=60\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=496\u0026min_rtt=496\u0026rtt_var=248\u0026sent=1\u0026recv=3\u0026lost=0\u0026retrans=0\u0026sent_bytes=0\u0026recv_bytes=358\u0026delivery_rate=0\u0026cwnd=249\u0026unsent_bytes=0\u0026cid=0000000000000000\u0026ts=0\u0026x=0\"\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2790,"size_decoded":11916,"mime_type":"text/css","magic":"ASCII text, with very long lines (11916), with no line terminators","md5":"022514dc4e2464b24cceffb7c58007ba","sha1":"f0ada4f1681137b0c032e0a5f019c1d96e9d18bd","sha256":"d9ec1dde3901f824532fef2e2cafbc4dd04bbc6074cdfeb77bd25f925637341c","sha512":"3f14585151da56243b979d7db2fd8c2f8e1c83dae1fd1cf6be3edccc4cb4ef47be24cb863fe6db8498ee9476aef9164fcc1861dde1afffd9892052057a40f3a7","ssdeep":"192:AYFfnlEkQznWBkQvzxcnsaOlVg8lsegwtN9n+u:hxlEkQokQvzzZ+u","tlshash":"993233761812114ce1339a15a7d57aed0a3cc112e5230ddfb347662f4bd73ed22ea78a","first_seen":"2024-08-22T01:34:23Z","last_seen":"2026-05-18T00:07:08.182664Z","times_seen":1629,"resource_available":true,"data":null}},"time_used":109,"timings":{"blocked":26,"dns":28,"connect":1,"send":0,"wait":53,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"quangcao.differentia.ru/favicon.ico","fqdn":"quangcao.differentia.ru","domain":"differentia.ru","tld":"ru"},"ip":{"addr":"35.212.43.152","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://quangcao.differentia.ru/","date":"2024-12-13T14:10:03.293Z","timestamp":1734099003293,"http_version":"HTTP/1.1","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: quangcao.differentia.ru\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://quangcao.differentia.ru/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 13 Dec 2024 14:10:03 GMT\r\nContent-Length: 607\r\nContent-Type: text/html; charset=utf-8\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":607,"size_decoded":607,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (607), with no line terminators","md5":"d9fdb2d2f2440ac3c3a0786a83e6b69a","sha1":"7d7735147b217acaa670f7ff6262b70ab7f4ecea","sha256":"5b17494a74770d5abe918c36e8dfc10a4ff0f46451cdbe19d779d19baf8e6385","sha512":"6a82e4fef26c69cfb44205200c42a0994d612c21ad133e0a36da4d10e9d949b648060e178f812ea5dabbbc800eec1404c6c70a8bcab86a82cb4ee6e4d9069ed6","ssdeep":"","tlshash":"c9f0a2b7c5c4a01a0be34a605930f359b4d7a32dd6565a582ef4939c4bd8dc489d3108","first_seen":"2023-05-18T10:37:51Z","last_seen":"2026-05-18T00:07:08.180355Z","times_seen":2528,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-13T14:10:13Z","timestamp":1734099013,"ip_dst":{"addr":"172.18.0.18","port":54322,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"35.212.43.152","port":80,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"severity":"low","alert":"ET MALWARE Known Sinkhole Response Kryptos Logic","source":"{\"timestamp\":\"2024-12-13T14:10:13.503026+0000\",\"flow_id\":1949937704823102,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"35.212.43.152\",\"src_port\":80,\"dest_ip\":\"172.18.0.18\",\"dest_port\":54322,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031515,\"rev\":2,\"signature\":\"ET MALWARE Known Sinkhole Response Kryptos Logic\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_01_12\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2021_01_12\"]}},\"http\":{\"hostname\":\"quangcao.differentia.ru\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://quangcao.differentia.ru/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":607},\"files\":[{\"filename\":\"/favicon.ico\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":607,\"tx_id\":1}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":5,\"bytes_toserver\":1225,\"bytes_toclient\":1786,\"start\":\"2024-12-13T14:10:02.911678+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.archive.org/web/20230110081707cs_/https://fonts.googleapis.com/css?family=Montserrat|Open+Sans","fqdn":"web.archive.org","domain":"archive.org","tld":"org"},"ip":{"addr":"207.241.237.3","port":443,"asn":7941,"as":"INTERNET-ARCHIVE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://quangcao.differentia.ru/","date":"2024-12-13T14:10:03.296Z","timestamp":1734099003296,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.archive.org","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Sat, 23 Dec 2023 14:17:22 GMT","end":"Thu, 23 Jan 2025 14:17:22 GMT"},"fingerprint":{"sha1":"F3:44:18:A3:B3:28:34:6F:7C:29:7E:B9:F5:2F:32:49:EA:B0:CD:CA","sha256":"68:7B:99:33:48:09:04:10:67:77:19:5B:B7:71:A0:7E:17:39:10:69:28:88:04:AB:23:9F:CE:CA:A3:CC:CC:94"}}},"request":{"raw":"GET /web/20230110081707cs_/https://fonts.googleapis.com/css?family=Montserrat|Open+Sans HTTP/1.1\r\nHost: web.archive.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://static.kryptoslogicsinkhole.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Fri, 13 Dec 2024 14:10:04 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\nx-archive-redirect-reason: found capture at 20230110074513\r\nlocation: https://web.archive.org/web/20230110074513cs_/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans\r\nx-app-server: wwwb-app28\r\nx-ts: 302\r\nx-tr: 360\r\nserver-timing: captures_list;dur=1.336357, exclusion.robots;dur=0.058090, exclusion.robots.policy;dur=0.042189, esindex;dur=0.018235, cdx.remote;dur=10.872893, LoadShardBlock;dur=214.108814, PetaboxLoader3.datanode;dur=185.254278, TR;dur=0,Tw;dur=0,Tc;dur=1, MISS\r\nx-location: All\r\nx-rl: 1\r\nx-na: 0\r\nx-page-cache: MISS\r\nx-nid: -\r\nreferrer-policy: no-referrer-when-downgrade\r\npermissions-policy: interest-cohort=()\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-19T04:11:19.543651Z","times_seen":15421934,"resource_available":true,"data":null}},"time_used":1269,"timings":{"blocked":371,"dns":32,"connect":165,"send":0,"wait":526,"receive":1,"ssl":172},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.archive.org/web/20230110074513im_/https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2","fqdn":"web.archive.org","domain":"archive.org","tld":"org"},"ip":{"addr":"207.241.237.3","port":443,"asn":7941,"as":"INTERNET-ARCHIVE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://quangcao.differentia.ru/","date":"2024-12-13T14:10:06.050Z","timestamp":1734099006050,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.archive.org","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Sat, 23 Dec 2023 14:17:22 GMT","end":"Thu, 23 Jan 2025 14:17:22 GMT"},"fingerprint":{"sha1":"F3:44:18:A3:B3:28:34:6F:7C:29:7E:B9:F5:2F:32:49:EA:B0:CD:CA","sha256":"68:7B:99:33:48:09:04:10:67:77:19:5B:B7:71:A0:7E:17:39:10:69:28:88:04:AB:23:9F:CE:CA:A3:CC:CC:94"}}},"request":{"raw":"GET /web/20230110074513im_/https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1\r\nHost: web.archive.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://quangcao.differentia.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.archive.org/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Fri, 13 Dec 2024 14:10:08 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\nx-archive-redirect-reason: found capture at 20230110074548\r\nlocation: https://web.archive.org/web/20230110074548im_/https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2\r\nx-app-server: wwwb-app204\r\nx-ts: 302\r\nx-tr: 2304\r\nserver-timing: captures_list;dur=2.290972, exclusion.robots;dur=0.026863, exclusion.robots.policy;dur=0.016335, esindex;dur=0.012252, cdx.remote;dur=28.502252, LoadShardBlock;dur=2148.574013, PetaboxLoader3.datanode;dur=179.572176, TR;dur=0,Tw;dur=0,Tc;dur=0, MISS\r\nx-location: All\r\nx-rl: 1\r\nx-na: 0\r\nx-page-cache: MISS\r\nx-nid: -\r\nreferrer-policy: no-referrer-when-downgrade\r\npermissions-policy: interest-cohort=()\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-19T04:11:19.543651Z","times_seen":15421934,"resource_available":true,"data":null}},"time_used":2470,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2470,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.archive.org/web/20230110074513im_/https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2","fqdn":"web.archive.org","domain":"archive.org","tld":"org"},"ip":{"addr":"207.241.237.3","port":443,"asn":7941,"as":"INTERNET-ARCHIVE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://quangcao.differentia.ru/","date":"2024-12-13T14:10:06.045Z","timestamp":1734099006045,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.archive.org","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Sat, 23 Dec 2023 14:17:22 GMT","end":"Thu, 23 Jan 2025 14:17:22 GMT"},"fingerprint":{"sha1":"F3:44:18:A3:B3:28:34:6F:7C:29:7E:B9:F5:2F:32:49:EA:B0:CD:CA","sha256":"68:7B:99:33:48:09:04:10:67:77:19:5B:B7:71:A0:7E:17:39:10:69:28:88:04:AB:23:9F:CE:CA:A3:CC:CC:94"}}},"request":{"raw":"GET /web/20230110074513im_/https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1\r\nHost: web.archive.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: http://quangcao.differentia.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.archive.org/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Fri, 13 Dec 2024 14:10:08 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\nx-archive-redirect-reason: found capture at 20230110065622\r\nlocation: https://web.archive.org/web/20230110065622im_/https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2\r\nx-app-server: wwwb-app216\r\nx-ts: 302\r\nx-tr: 2359\r\nserver-timing: captures_list;dur=0.876561, exclusion.robots;dur=0.039373, exclusion.robots.policy;dur=0.024585, esindex;dur=0.018207, cdx.remote;dur=59.070263, LoadShardBlock;dur=2222.358325, PetaboxLoader3.datanode;dur=227.925047, TR;dur=0,Tw;dur=0,Tc;dur=1, MISS\r\nx-location: All\r\nx-rl: 1\r\nx-na: 0\r\nx-page-cache: MISS\r\nx-nid: -\r\nreferrer-policy: no-referrer-when-downgrade\r\npermissions-policy: interest-cohort=()\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-19T04:11:19.543651Z","times_seen":15421934,"resource_available":true,"data":null}},"time_used":2525,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2525,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.archive.org/web/20230110074513cs_/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans","fqdn":"web.archive.org","domain":"archive.org","tld":"org"},"ip":{"addr":"207.241.237.3","port":443,"asn":7941,"as":"INTERNET-ARCHIVE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://quangcao.differentia.ru/","date":"2024-12-13T14:10:04.204Z","timestamp":1734099004204,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.archive.org","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Sat, 23 Dec 2023 14:17:22 GMT","end":"Thu, 23 Jan 2025 14:17:22 GMT"},"fingerprint":{"sha1":"F3:44:18:A3:B3:28:34:6F:7C:29:7E:B9:F5:2F:32:49:EA:B0:CD:CA","sha256":"68:7B:99:33:48:09:04:10:67:77:19:5B:B7:71:A0:7E:17:39:10:69:28:88:04:AB:23:9F:CE:CA:A3:CC:CC:94"}}},"request":{"raw":"GET /web/20230110074513cs_/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans HTTP/1.1\r\nHost: web.archive.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://static.kryptoslogicsinkhole.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 13 Dec 2024 14:10:05 GMT\r\ncontent-type: text/css; charset=utf-8\r\nx-archive-orig-access-control-allow-origin: *\r\nx-archive-orig-timing-allow-origin: *\r\nx-archive-orig-link: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nx-archive-orig-strict-transport-security: max-age=31536000\r\nx-archive-orig-expires: Tue, 10 Jan 2023 07:45:13 GMT\r\nx-archive-orig-date: Tue, 10 Jan 2023 07:45:13 GMT\r\nx-archive-orig-cache-control: private, max-age=86400, stale-while-revalidate=604800\r\nx-archive-orig-last-modified: Tue, 10 Jan 2023 07:04:47 GMT\r\nx-archive-orig-cross-origin-opener-policy: same-origin-allow-popups\r\nx-archive-orig-cross-origin-resource-policy: cross-origin\r\nx-archive-orig-server: ESF\r\nx-archive-orig-x-xss-protection: 0\r\nx-archive-orig-x-frame-options: SAMEORIGIN\r\nx-archive-orig-x-content-type-options: nosniff\r\nx-archive-orig-alt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000,h3-Q050=\":443\"; ma=2592000,h3-Q046=\":443\"; ma=2592000,h3-Q043=\":443\"; ma=2592000,quic=\":443\"; ma=2592000; v=\"46,43\"\r\nx-archive-orig-transfer-encoding: chunked\r\nx-archive-guessed-content-type: text/css\r\nx-archive-guessed-charset: utf-8\r\nx-archive-orig-content-encoding: gzip\r\nmemento-datetime: Tue, 10 Jan 2023 07:45:13 GMT\r\nlink: \u003chttps://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans\u003e; rel=\"original\", \u003chttps://web.archive.org/web/timemap/link/https://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans\u003e; rel=\"timemap\"; type=\"application/link-format\", \u003chttps://web.archive.org/web/https://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans\u003e; rel=\"timegate\", \u003chttps://web.archive.org/web/20130704224143/http://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans\u003e; rel=\"first memento\"; datetime=\"Thu, 04 Jul 2013 22:41:43 GMT\", \u003chttps://web.archive.org/web/20230110073356/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans\u003e; rel=\"prev memento\"; datetime=\"Tue, 10 Jan 2023 07:33:56 GMT\", \u003chttps://web.archive.org/web/20230110074513/https://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans\u003e; rel=\"memento\"; datetime=\"Tue, 10 Jan 2023 07:45:13 GMT\", \u003chttps://web.archive.org/web/20230110121405/https://fonts.googleapis.com/css?family=Montserrat%7COpen+Sans\u003e; rel=\"next memento\"; datetime=\"Tue, 10 Jan 2023 12:14:05 GMT\", \u003chttps://web.archive.org/web/20241212192058/https://fonts.googleapis.com/css?family=Montserrat%257COpen+Sans\u003e; rel=\"last memento\"; datetime=\"Thu, 12 Dec 2024 19:20:58 GMT\"\r\ncontent-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org\r\nx-archive-src: spn2-20230110085606/spn2-20230110071910-wwwb-spn19.us.archive.org-8005.warc.gz\r\nx-app-server: wwwb-app217\r\nx-ts: 200\r\nx-tr: 1468\r\nserver-timing: captures_list;dur=3.504442, exclusion.robots;dur=0.163050, exclusion.robots.policy;dur=0.101404, esindex;dur=0.065815, cdx.remote;dur=125.890275, LoadShardBlock;dur=930.735098, PetaboxLoader3.datanode;dur=750.332888, load_resource;dur=162.257399, PetaboxLoader3.resolve;dur=147.467459, TR;dur=0,Tw;dur=0,Tc;dur=1, MISS\r\nx-location: All\r\nx-rl: 1\r\nx-na: 0\r\nx-page-cache: MISS\r\nx-nid: -\r\nreferrer-policy: no-referrer-when-downgrade\r\npermissions-policy: interest-cohort=()\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13226,"size_decoded":13226,"mime_type":"text/css; charset=utf-8","magic":"gzip compressed data, max speed, from Unix","md5":"4df41c41877321881e81ea42b4c56345","sha1":"bc5d985f9f678188f45ceeaa6da77e7216f156aa","sha256":"93dbf2b8344d687f925fb710c97b38e81cc0f6248fc3087e15cc6a6919bf954e","sha512":"ee5df888e3674e3d3fe11fffdc90b02886212f09d1864378e6ddb183f103b242f6f6a26f7b831883d42705e5a6f1b1a5728e89358a81bd5f91cd49ab8f8b0655","ssdeep":"192:8IIEdFujQky3C+6UekvnsQxFGyZppVpFiCL3fLt9M3bY1n3MInk3N/b42LVM73Sx:vIEdKons50AQncIqxbHquQAgafb19TT","tlshash":"7f52c08c0140526ecd3dff7ef63f93b262847880650e644a116bef7558b21aadf35a4b","first_seen":"2024-12-13T14:10:28.304694Z","last_seen":"2024-12-13T14:10:28.304694Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1638,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1638,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}