Report - descarga.ink/engineeringsoftware/87/

Report Overview

Submitted URL
descarga.ink/engineeringsoftware/87/
IP
107.189.31.193
ASN
#53667 PONYNET
Submitted
2024-05-04 22:50:23
Access
public
Website Title
(1) New Message!
Final URL
descarga.ink/engineeringsoftware/87/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
descarga.ink	unknown	unknown	No data	No data	4.4 kB	82 kB	107.189.31.193
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	412 B	1.5 kB	142.250.74.132
sarcasticnotarycontrived.com	unknown	2022-08-11	2022-08-11	2024-03-23	1.3 kB	61 kB	172.240.108.84
threeinvincible.com	unknown	2024-04-30	2024-05-02	2024-05-02	5.4 kB	12 kB	172.240.253.132
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2024-05-03	2.4 kB	22 kB	188.114.97.1
decisivewade.com	unknown	2024-04-29	2024-04-30	2024-05-03	2.7 kB	5.9 kB	172.240.108.84
www.gstatic.com	unknown	2008-02-11	2016-07-26	2024-05-04	474 B	207 kB	142.250.74.35
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-04	416 B	1.8 kB	142.250.74.106
static.pdn-1.com	60531	2016-06-27	2016-07-23	2024-04-30	405 B	5.2 kB	23.36.76.160
engineeringsoftware.net	348710	2020-11-16	2020-11-16	2024-03-07	505 B	14 kB	107.189.31.193
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-04	676 B	1.9 kB	143.204.53.97
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-04	1.3 kB	1.3 kB	52.29.105.35
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-03	407 B	28 kB	172.67.180.87
xml-v4.clouback-1.online	unknown	2024-04-24	2024-05-01	2024-05-01	442 B	5.0 kB	173.239.53.32
inconveniencemimic.com	unknown	2024-04-29	2024-04-30	2024-04-30	485 B	467 B	172.240.127.234
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-05-04	411 B	327 B	192.243.59.12
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-04	441 B	106 kB	45.133.44.9
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-04	1.5 kB	847 B	192.243.59.13
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-04	1.0 kB	33 kB	216.58.207.227
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2024-05-02	485 B	1.6 kB	45.133.44.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	inconveniencemimic.com	Sinkholed
2024-05-04	medium	decisivewade.com	Sinkholed
2024-05-04	medium	decisivewade.com	Sinkholed
2024-05-04	medium	threeinvincible.com	Sinkholed
2024-05-04	medium	threeinvincible.com	Sinkholed
2024-05-04	medium	unseenreport.com	Sinkholed
2024-05-04	medium	threeinvincible.com	Sinkholed
2024-05-04	medium	threeinvincible.com	Sinkholed
2024-05-04	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-18
Pretty URL capaciousdrewreligion.com/advertisers.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 12:48:01 Times Seen37785269 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	3.3 kB	2024-05-05	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 00:50:30 Last Seen2024-05-05 00:50:30 Times Seen1 Hash e29a485bbf6a751843b5a7f4b1dceb1c 14d695a0f8bdab9f0167dfbdab66d393345db4e4 97ada985c506ad358195937d143dd432cb17a749481d4658c81478f3763afe62 Loading...

	www.google.com/recaptcha/api.js?ver=6.5.2	850 B	2024-04-24	2024-05-08
Pretty URL www.google.com/recaptcha/api.js?ver=6.5.2 IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 09:35:35 Last Seen2024-05-08 15:55:32 Times Seen1408 Hash ee87fd4035a91d937ff13613982b4170 e897502e3a58c6be2b64da98474f0d405787f5f7 7649b605b4f35666df5cbcbb03597306d9215f53f61c2a097f085fa39af9859f Loading...

	sarcasticnotarycontrived.com/36/e4/80/36e480f9b5da9023529bccefc295338f.js	45 kB	2024-05-05	2024-05-05
Pretty URL sarcasticnotarycontrived.com/36/e4/80/36e480f9b5da9023529bccefc295338f.js IP 172.240.108.84 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 00:50:31 Last Seen2024-05-05 00:50:31 Times Seen2 Hash b348e8b4a4589c084cd0a387e2a9db15 2d27991f7c5e488c444e71ac894b2d6fab060bea ed44a70a24a3788a5b19bce4e80b24e66817a8c56530d6016c834702a7cfc3ae Loading...

	sarcasticnotarycontrived.com/ddf5f5874497be5818268b53a898151e/invoke.js	31 kB	2024-05-05	2024-05-05
Pretty URL sarcasticnotarycontrived.com/ddf5f5874497be5818268b53a898151e/invoke.js IP 172.240.108.84 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 00:50:31 Last Seen2024-05-05 00:50:31 Times Seen2 Hash 1f53d0dd384f4b72b80153e0951b1ad1 4eb4a9ca4010ba3dfa1bb2c602d8802edde8ec7e 7f25209e8f6b642419039db1fb958e75359d9741102df47df1f3bb9ff7cc77f8 Loading...

	descarga.ink/engineeringsoftware/87/	3.2 kB	2024-05-05	2024-05-05
Pretty URL descarga.ink/engineeringsoftware/87/ IP 107.189.31.193 ASN #53667 PONYNET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-05 00:50:31 Last Seen2024-05-05 00:50:31 Times Seen1 Hash a71b9b7cb49e58871403230daa73b977 0ba005fc4ae528e55a9336c526e7c3cc4ef43c04 4f203a2ca85da4b454a5f6a4dffcf28e256398e85cbd869cb51fd4f9ebd3db4b Loading...

	descarga.ink/wp-content/themes/generatepress/assets/js/navigation-search.min.js?ver=3.4.0	2.1 kB	2024-02-14	2024-05-11
Pretty URL descarga.ink/wp-content/themes/generatepress/assets/js/navigation-search.min.js?ver=3.4.0 IP 107.189.31.193 ASN #53667 PONYNET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-14 08:52:53 Last Seen2024-05-11 23:25:25 Times Seen28 Hash d803bf6d0044d45f7a6dda2aec3fd1db b21e343b695d6ccc8a9122036f6d3a04c304f79b 07b22512394b6fe16bd285c017731e78759c4cda65c809240e49def78fba53a7 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 172.67.180.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	unknown	145 B	2024-05-05	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 00:50:31 Last Seen2024-05-05 00:50:31 Times Seen1 Hash b41a4e0f12fe14b2e517efd8483c93d5 1446a865bbf5be85daf83a8c63a74a15582dae42 f895702bfab531bca2dc631ce835110ebc43e07d3742ac8369af626781e3f526 Loading...

	descarga.ink/engineeringsoftware/87/	139 B	2024-05-05	2024-05-05
Pretty URL descarga.ink/engineeringsoftware/87/ IP 107.189.31.193 ASN #53667 PONYNET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-05 00:50:31 Last Seen2024-05-05 00:50:31 Times Seen1 Hash c856d146a6bea4b4e1cfdfbd6a2a419b 847d220beb80208ae0a2fcad94a6fd85af476b2b 6b3d4d1f8564421d365577176a48691a9cf37d42dad29720034dcb136c612d7a Loading...

	descarga.ink/engineeringsoftware/87/	260 B	2023-03-07	2024-05-18
Pretty URL descarga.ink/engineeringsoftware/87/ IP 107.189.31.193 ASN #53667 PONYNET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:19 Last Seen2024-05-18 04:40:35 Times Seen2604 Hash 9b78b28b396646badfc6017235ee4be9 18103240bf0cb760cdf7febc628b56b8fca44319 215f517010a20f2f4c55d34dd3c574568bd0fb83662f0b915ddb6561f97c3904 Loading...

	descarga.ink/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2	19 kB	2024-03-13	2024-05-18
Pretty URL descarga.ink/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2 IP 107.189.31.193 ASN #53667 PONYNET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-13 16:02:37 Last Seen2024-05-18 12:00:39 Times Seen5074 Hash b976b651932bfd25b9ddb5b7693d88a7 7fcb7cb5c11227f9213b1e08a07d0212209e1432 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3 Loading...

	unknown	196 B	2024-05-05	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 00:50:31 Last Seen2024-05-05 00:50:31 Times Seen1 Hash ed7943b5b3ea84c311f397c920455d0e 75507dba3de2e20bd71779f14ef2336caf550912 73a97995cf609bb332d242e564082189cb2ad64be2604315e481dc716f1ab87c Loading...

	descarga.ink/engineeringsoftware/87/	117 B	2023-03-07	2024-05-08
Pretty URL descarga.ink/engineeringsoftware/87/ IP 107.189.31.193 ASN #53667 PONYNET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:08:09 Last Seen2024-05-08 13:11:34 Times Seen62 Hash 4ea0e15c156404308c5be0f0cef0775e fb6b3978a0dd6fc5283672844b2e901a19609987 bc0ae1163bb12d06d3fa974dc791ec57814025552603b941c6adba51f7b0ffe3 Loading...

	www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js	518 kB	2024-04-24	2024-05-15
Pretty URL www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 09:18:30 Last Seen2024-05-15 19:10:18 Times Seen9003 Hash e2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b Loading...

	unknown	601 B	2024-05-05	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 00:50:31 Last Seen2024-05-05 00:50:31 Times Seen1 Hash 15bb372529fe8fe6b2f2f06a1783d9b8 84b7c2ef31d63cf49b41b7ed0830268de097a7bb 0003cd42a44f5e92a655d4fbbb1cf3c138c6fdb872562c534eae035d54e38715 Loading...

	sarcasticnotarycontrived.com/ff/b9/27/ffb927d8765a7c99005c03149b95119e.js	84 kB	2024-05-05	2024-05-05
Pretty URL sarcasticnotarycontrived.com/ff/b9/27/ffb927d8765a7c99005c03149b95119e.js IP 172.240.108.84 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 00:50:31 Last Seen2024-05-05 00:50:31 Times Seen2 Hash c8c831efa190cbb86abd91f94123610a f1a6571a76e3a1f5176916a65278fc3b3e285009 dcaab89d1a77314ee534456130b22e5a6f6855cae9dac06315dcbc0a1337428e Loading...

		Size	First Seen	Last Seen
	#1 Eval - fc5f1ae5f15cbea9340ea270b7b76c87	2.1 kB	2024-05-05	2024-05-05
Pretty Observations First Seen2024-05-05 00:50:31 Last Seen2024-05-05 00:50:31 Times Seen1 Hash fc5f1ae5f15cbea9340ea270b7b76c87 c81141f2d8e2d32bf0ca03e4db64d6010ab7296c 2f9df69a77563910fdd4199bd11b12e762bceb4ee7bb3a7bcf2333b47ca8366b Loading...

HTTP Transactions (42)

URL IP Response Size

descarga.ink/wp-includes/css/dist/block-library/style.min.css?ver=6.5.2

107.189.31.193

200 OK

14 kB

URL GET HTTP/3
descarga.ink/wp-includes/css/dist/block-library/style.min.css?ver=6.5.2
IP
107.189.31.193:443
ASN
#53667 PONYNET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectdescarga.ink
Fingerprint00:8A:3C:75:4A:06:E2:E1:15:2B:DD:B2:C9:FE:12:58:03:16:FD:8B
ValidityThu, 07 Mar 2024 20:22:33 GMT - Wed, 05 Jun 2024 20:22:32 GMT

File type
ASCII text, with very long lines (59701)
Size
14 kB (14071 bytes)
Hash
51a8390b47aa0582cf2d9c96c5addee2
b16a640874025d085c38119a1a02a3460f83f2de
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.5.2 HTTP/1.1
Host: descarga.ink
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/engineeringsoftware/87/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 22:49:57 GMT
content-type: text/css
last-modified: Sat, 27 Apr 2024 12:08:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 14071
date: Sat, 04 May 2024 22:49:57 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=157680000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
serversignature: Off
servertokens: Prod
x-permitted-cross-domain-policies: master-only
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

descarga.ink/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0

107.189.31.193

200 OK

4.4 kB

URL GET HTTP/3
descarga.ink/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0
IP
107.189.31.193:443
ASN
#53667 PONYNET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectdescarga.ink
Fingerprint00:8A:3C:75:4A:06:E2:E1:15:2B:DD:B2:C9:FE:12:58:03:16:FD:8B
ValidityThu, 07 Mar 2024 20:22:33 GMT - Wed, 05 Jun 2024 20:22:32 GMT

File type
ASCII text, with very long lines (19564), with no line terminators
Size
4.4 kB (4416 bytes)
Hash
867585929ee8b21749cdefa675d9aa11
afbd7bc967068d4e804641f4b1df78ab37417144
bc3b2c1e618a27e485095a3c0db20da5ba2fbfaf3b872ccd6ca35cb19eb37b5d

HTTP Headers

GET /wp-content/themes/generatepress/assets/css/main.min.css?ver=3.4.0 HTTP/1.1
Host: descarga.ink
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/engineeringsoftware/87/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 22:49:57 GMT
content-type: text/css
last-modified: Wed, 13 Mar 2024 22:42:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4416
date: Sat, 04 May 2024 22:49:57 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=157680000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
serversignature: Off
servertokens: Prod
x-permitted-cross-domain-policies: master-only

descarga.ink/wp-content/themes/generatepress_child/style.css?ver=1710369755

107.189.31.193

200 OK

143 B

URL GET HTTP/3
descarga.ink/wp-content/themes/generatepress_child/style.css?ver=1710369755
IP
107.189.31.193:443
ASN
#53667 PONYNET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectdescarga.ink
Fingerprint00:8A:3C:75:4A:06:E2:E1:15:2B:DD:B2:C9:FE:12:58:03:16:FD:8B
ValidityThu, 07 Mar 2024 20:22:33 GMT - Wed, 05 Jun 2024 20:22:32 GMT

File type
ASCII text, with CRLF line terminators
Size
143 B (143 bytes)
Hash
492327f0d88ad2d055581d06770af6e2
5298ca7b326e86185ed8a29c66fd46ef356d6e84
f22691711c373a3444980cc32ab028fa86dad687c1b386e14847a47ce8b88e73

HTTP Headers

GET /wp-content/themes/generatepress_child/style.css?ver=1710369755 HTTP/1.1
Host: descarga.ink
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/engineeringsoftware/87/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 22:49:57 GMT
content-type: text/css
last-modified: Wed, 13 Mar 2024 22:42:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 143
date: Sat, 04 May 2024 22:49:57 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=157680000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
serversignature: Off
servertokens: Prod
x-permitted-cross-domain-policies: master-only

descarga.ink/wp-content/themes/generatepress/assets/js/navigation-search.min.js?ver=3.4.0

107.189.31.193

200 OK

673 B

URL GET HTTP/3
descarga.ink/wp-content/themes/generatepress/assets/js/navigation-search.min.js?ver=3.4.0
IP
107.189.31.193:443
ASN
#53667 PONYNET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectdescarga.ink
Fingerprint00:8A:3C:75:4A:06:E2:E1:15:2B:DD:B2:C9:FE:12:58:03:16:FD:8B
ValidityThu, 07 Mar 2024 20:22:33 GMT - Wed, 05 Jun 2024 20:22:32 GMT

File type
JavaScript source, ASCII text, with very long lines (2141), with no line terminators
Size
673 B (673 bytes)
Hash
d803bf6d0044d45f7a6dda2aec3fd1db
b21e343b695d6ccc8a9122036f6d3a04c304f79b
07b22512394b6fe16bd285c017731e78759c4cda65c809240e49def78fba53a7

HTTP Headers

GET /wp-content/themes/generatepress/assets/js/navigation-search.min.js?ver=3.4.0 HTTP/1.1
Host: descarga.ink
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/engineeringsoftware/87/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 22:49:57 GMT
content-type: application/javascript
last-modified: Wed, 13 Mar 2024 22:42:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 673
date: Sat, 04 May 2024 22:49:57 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=157680000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
serversignature: Off
servertokens: Prod
x-permitted-cross-domain-policies: master-only

www.google.com/recaptcha/api.js?ver=6.5.2

142.250.74.132

200 OK

1.0 kB

URL GET HTTP/2
www.google.com/recaptcha/api.js?ver=6.5.2
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99
ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT

File type
gzip compressed data
Size
1.0 kB (1025 bytes)
Hash
a1a76d9947adf38d1d452dd972f2b144
067446a067a6132172a484ec2d2f0917f4e82905
5a70a2d859ee2fbb5b47fb3e5096c339cf074b6183003cd4309d80bcdacc5d67

HTTP Headers

GET /recaptcha/api.js?ver=6.5.2 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Sat, 04 May 2024 22:49:57 GMT
date: Sat, 04 May 2024 22:49:57 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

engineeringsoftware.net/wp-content/uploads/2020/12/cropped-engineeringsoftware.net-logo-black-1.png

107.189.31.193

200 OK

13 kB

URL GET HTTP/2
engineeringsoftware.net/wp-content/uploads/2020/12/cropped-engineeringsoftware.net-logo-black-1.png
IP
107.189.31.193:443
ASN
#53667 PONYNET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectengineeringsoftware.net
Fingerprint59:AD:43:58:BD:53:47:9E:32:8E:AA:A9:61:87:11:27:E4:23:D4:C7
ValiditySat, 04 May 2024 17:47:17 GMT - Fri, 02 Aug 2024 17:47:16 GMT

File type
PNG image data, 300 x 67, 8-bit/color RGBA, non-interlaced
Size
13 kB (13174 bytes)
Hash
42254774cf089455b3548e3121531745
376a7cd39f04df1ba12ded8b7b5dde79d41e2253
732b7aa32a3cf628dcb9d76a50bc160bd8e3b1e911d5aaa7a09c419827a1c9d2

HTTP Headers

GET /wp-content/uploads/2020/12/cropped-engineeringsoftware.net-logo-black-1.png HTTP/1.1
Host: engineeringsoftware.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=10368000,public,public
expires: Sun, 01 Sep 2024 22:49:57 GMT
content-type: image/png
last-modified: Wed, 11 Oct 2023 15:56:18 GMT
accept-ranges: bytes
content-length: 13174
date: Sat, 04 May 2024 22:49:57 GMT
vary: Accept-Encoding,Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=157680000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
serversignature: Off
servertokens: Prod
x-permitted-cross-domain-policies: master-only
content-security-policy: upgrade-insecure-requests;
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

sarcasticnotarycontrived.com/ddf5f5874497be5818268b53a898151e/invoke.js

172.240.108.84

200 OK

12 kB

URL GET HTTP/1.1
sarcasticnotarycontrived.com/ddf5f5874497be5818268b53a898151e/invoke.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subject*.sarcasticnotarycontrived.com
Fingerprint10:5B:4C:2C:01:5E:16:45:2D:08:5B:5A:77:61:29:AA:A7:90:63:40
ValidityTue, 02 Apr 2024 07:02:01 GMT - Mon, 01 Jul 2024 07:02:00 GMT

File type
JavaScript source, ASCII text, with very long lines (31289), with no line terminators
Size
12 kB (11843 bytes)
Hash
1f53d0dd384f4b72b80153e0951b1ad1
4eb4a9ca4010ba3dfa1bb2c602d8802edde8ec7e
7f25209e8f6b642419039db1fb958e75359d9741102df47df1f3bb9ff7cc77f8

HTTP Headers

GET /ddf5f5874497be5818268b53a898151e/invoke.js HTTP/1.1
Host: sarcasticnotarycontrived.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 22:49:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c6de7f8c29c14798ee0067dfd3bead0d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

sarcasticnotarycontrived.com/36/e4/80/36e480f9b5da9023529bccefc295338f.js

172.240.108.84

200 OK

16 kB

URL GET HTTP/1.1
sarcasticnotarycontrived.com/36/e4/80/36e480f9b5da9023529bccefc295338f.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subject*.sarcasticnotarycontrived.com
Fingerprint10:5B:4C:2C:01:5E:16:45:2D:08:5B:5A:77:61:29:AA:A7:90:63:40
ValidityTue, 02 Apr 2024 07:02:01 GMT - Mon, 01 Jul 2024 07:02:00 GMT

File type
JavaScript source, ASCII text, with very long lines (45337), with no line terminators
Size
16 kB (16016 bytes)
Hash
b348e8b4a4589c084cd0a387e2a9db15
2d27991f7c5e488c444e71ac894b2d6fab060bea
ed44a70a24a3788a5b19bce4e80b24e66817a8c56530d6016c834702a7cfc3ae

HTTP Headers

GET /36/e4/80/36e480f9b5da9023529bccefc295338f.js HTTP/1.1
Host: sarcasticnotarycontrived.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 22:49:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=1; expires=Wed, 08 May 2024 01:49:58 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 41c6da07ec34446120993c10d40f88ff
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

sarcasticnotarycontrived.com/ff/b9/27/ffb927d8765a7c99005c03149b95119e.js

172.240.108.84

200 OK

31 kB

URL GET HTTP/1.1
sarcasticnotarycontrived.com/ff/b9/27/ffb927d8765a7c99005c03149b95119e.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subject*.sarcasticnotarycontrived.com
Fingerprint10:5B:4C:2C:01:5E:16:45:2D:08:5B:5A:77:61:29:AA:A7:90:63:40
ValidityTue, 02 Apr 2024 07:02:01 GMT - Mon, 01 Jul 2024 07:02:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30627 bytes)
Hash
c8c831efa190cbb86abd91f94123610a
f1a6571a76e3a1f5176916a65278fc3b3e285009
dcaab89d1a77314ee534456130b22e5a6f6855cae9dac06315dcbc0a1337428e

HTTP Headers

GET /ff/b9/27/ffb927d8765a7c99005c03149b95119e.js HTTP/1.1
Host: sarcasticnotarycontrived.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 22:49:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 06178b56da5daffce77e4d0a8357482f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
691c3f87e4fe41a736328d3c71e2dbdc
fd76f455b38ba18f00a6fb81e3585201eb3c43f6
8ac709de568d48e4c9e64b75afa6cd3fed58e2cf0c21e823af01ab342e6794b9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 22:49:58 GMT
Last-Modified: Sat, 04 May 2024 22:03:47 GMT
Server: ECAcc (ska/F6D2)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: R1hb3IbIvE2aBN_u1l71L0ZB4nJOrKS8RGRx0ro_fsm--ProccBnUg==
Age: 2771

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
e6e0d455268c77d5eb9c3ab712a9766f
621d3f9c2d869d232e1c9d33435f528c4b4d6b05
2c409991cb35524fefb6f0f74b4076be593a3b430497704de4e076edc80673e4

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://descarga.ink
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 22:49:58 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://descarga.ink
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=e5dbc7fd-edd8-4173-882c-e61a3692f99d:2:1; expires=Tue, 02 May 2034 22:49:58 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
691c3f87e4fe41a736328d3c71e2dbdc
fd76f455b38ba18f00a6fb81e3585201eb3c43f6
8ac709de568d48e4c9e64b75afa6cd3fed58e2cf0c21e823af01ab342e6794b9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 22:49:58 GMT
Last-Modified: Sat, 04 May 2024 22:31:48 GMT
Server: ECAcc (ska/F756)
X-Cache: Miss from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hADwlH5-F46dkzBkOOBqxoHKA0cPNv15NQWb025J1YwYhNyjf5OBQA==
Age: 1091

descarga.ink/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2

107.189.31.193

200 OK

4.7 kB

URL GET HTTP/3
descarga.ink/wp-includes/js/wp-emoji-release.min.js?ver=6.5.2
IP
107.189.31.193:443
ASN
#53667 PONYNET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectdescarga.ink
Fingerprint00:8A:3C:75:4A:06:E2:E1:15:2B:DD:B2:C9:FE:12:58:03:16:FD:8B
ValidityThu, 07 Mar 2024 20:22:33 GMT - Wed, 05 Jun 2024 20:22:32 GMT

File type
JavaScript source, ASCII text, with very long lines (15752)
Size
4.7 kB (4676 bytes)
Hash
b976b651932bfd25b9ddb5b7693d88a7
7fcb7cb5c11227f9213b1e08a07d0212209e1432
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.5.2 HTTP/1.1
Host: descarga.ink
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/engineeringsoftware/87/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 22:49:58 GMT
content-type: application/javascript
last-modified: Sat, 27 Apr 2024 12:08:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4676
date: Sat, 04 May 2024 22:49:58 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=157680000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
serversignature: Off
servertokens: Prod
x-permitted-cross-domain-policies: master-only

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ee08af0b939e0775afc5196672216645
76d1eac5cfd0232e1f673e6ac87ab8ba86bc786e
8878706d5f08b9b85b0032400e4b5cc72216483967bc9b484f26d1e9721103bc

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://descarga.ink
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 22:49:58 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://descarga.ink
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=d2a8d6d2-4fa8-46c1-94fa-a293b2b175b7:2:1; expires=Tue, 02 May 2034 22:49:58 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
4bbe6a5d16c2973248e6cd68755a9ca9
7a078d16f7bebf69e9bac82f436ebf60a1833f24
688d4314df11ec6f27da9d7e75a8007951a0b8d3a9f6cb1c0a3304783915f809

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://descarga.ink
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 22:49:58 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://descarga.ink
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=e60037ff-0c60-45d9-b2b9-631a5b3cb57c:1:1; expires=Tue, 02 May 2034 22:49:58 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

inconveniencemimic.com/pixel/purst?dl=0&th=0&sc=0&rs=1460&rd=1460&fd=974&bv=24.5.6485&tmpl=70

172.240.127.234

200 OK

0 B

URL GET HTTP/1.1
inconveniencemimic.com/pixel/purst?dl=0&th=0&sc=0&rs=1460&rd=1460&fd=974&bv=24.5.6485&tmpl=70
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectinconveniencemimic.com
FingerprintAF:84:31:F6:C9:08:AA:86:11:4D:BF:62:E5:2A:DB:57:5B:6E:E2:36
ValidityMon, 29 Apr 2024 08:23:14 GMT - Sun, 28 Jul 2024 08:23:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1460&rd=1460&fd=974&bv=24.5.6485&tmpl=70 HTTP/1.1
Host: inconveniencemimic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 22:49:59 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

capaciousdrewreligion.com/advertisers.js

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC
ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 22:49:59 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c69c4c1f96f07cbc015d412d5a196cb6
Strict-Transport-Security: max-age=0; includeSubdomains

decisivewade.com/watch.1692510195982.js?key=ddf5f5874497be5818268b53a898151e&kw=%5B%22download%22%2C%22autocad%22%2C%222014%22%2C%22free%22%2C%22and%22%2C%22full%22%2C%22by%22%2C%22mega%22%2C%22and%22%2C%22mediafire%22%2C%22%E2%80%93%22%2C%22descarga%22%2C%22ink%22%5D&refer=https%3A%2F%2Fdescarga.ink%2Fengineeringsoftware%2F87%2F&tz=0&dev=e&res=14.2071&uuid=e60037ff-0c60-45d9-b2b9-631a5b3cb57c%3A1%3A1

172.240.108.84

307 Temporary Redirect

0 B

URL GET HTTP/1.1
decisivewade.com/watch.1692510195982.js?key=ddf5f5874497be5818268b53a898151e&kw=%5B%22download%22%2C%22autocad%22%2C%222014%22%2C%22free%22%2C%22and%22%2C%22full%22%2C%22by%22%2C%22mega%22%2C%22and%22%2C%22mediafire%22%2C%22%E2%80%93%22%2C%22descarga%22%2C%22ink%22%5D&refer=https%3A%2F%2Fdescarga.ink%2Fengineeringsoftware%2F87%2F&tz=0&dev=e&res=14.2071&uuid=e60037ff-0c60-45d9-b2b9-631a5b3cb57c%3A1%3A1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectdecisivewade.com
Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C
ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1692510195982.js?key=ddf5f5874497be5818268b53a898151e&kw=%5B%22download%22%2C%22autocad%22%2C%222014%22%2C%22free%22%2C%22and%22%2C%22full%22%2C%22by%22%2C%22mega%22%2C%22and%22%2C%22mediafire%22%2C%22%E2%80%93%22%2C%22descarga%22%2C%22ink%22%5D&refer=https%3A%2F%2Fdescarga.ink%2Fengineeringsoftware%2F87%2F&tz=0&dev=e&res=14.2071&uuid=e60037ff-0c60-45d9-b2b9-631a5b3cb57c%3A1%3A1 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://descarga.ink
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sat, 04 May 2024 22:49:59 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://descarga.ink
Access-Control-Allow-Origin: https://descarga.ink
Access-Control-Allow-Credentials: true
Location: https://decisivewade.com/watch.1692510195982.js?dev=e&key=ddf5f5874497be5818268b53a898151e&kw=%5B%22download%22%2C%22autocad%22%2C%222014%22%2C%22free%22%2C%22and%22%2C%22full%22%2C%22by%22%2C%22mega%22%2C%22and%22%2C%22mediafire%22%2C%22%E2%80%93%22%2C%22descarga%22%2C%22ink%22%5D&pst=1714863059&refer=https%3A%2F%2Fdescarga.ink%2Fengineeringsoftware%2F87%2F&res=14.2071&rmtc=t&shu=b192caab02d29671af3530bc5a832bf5a80ae6c9be5011633d2e9eaeb79257d5b6281bfeeacad579336b16a23e66e4917a3362ac73fcc785259aaa1c9547f4cf1f0164ad2f5d86317a2a9faf3eaadd317b21b0ac9ff2b0dd14ff0cbb18fbb501&tz=0&uuid=e60037ff-0c60-45d9-b2b9-631a5b3cb57c%3A1%3A1
Set-Cookie: u_pl=22673903; expires=Sun, 05 May 2024 22:49:59 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY3MzkwMywiayI6ImRkZjVmNTg3NDQ5N2JlNTgxODI2OGI1M2E4OTgxNTFlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjU4MDQzLCJwaWQiOjE1NDUyOSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiZTk3cDByZWhpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZGVzY2FyZ2EuaW5rL2VuZ2luZWVyaW5nc29mdHdhcmUvODcvIiwiYXIiOltdfX0.PY2IA8Ms8zUg99q654C_R5VKiwNVhSPy8D30x4FNUxw; expires=Sat, 04 May 2024 22:50:59 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c082cf87f73c8f6511069a6c2c7670d1
Strict-Transport-Security: max-age=0; includeSubdomains

decisivewade.com/watch.1692510195982.js?dev=e&key=ddf5f5874497be5818268b53a898151e&kw=%5B%22download%22%2C%22autocad%22%2C%222014%22%2C%22free%22%2C%22and%22%2C%22full%22%2C%22by%22%2C%22mega%22%2C%22and%22%2C%22mediafire%22%2C%22%E2%80%93%22%2C%22descarga%22%2C%22ink%22%5D&pst=1714863059&refer=https%3A%2F%2Fdescarga.ink%2Fengineeringsoftware%2F87%2F&res=14.2071&rmtc=t&shu=b192caab02d29671af3530bc5a832bf5a80ae6c9be5011633d2e9eaeb79257d5b6281bfeeacad579336b16a23e66e4917a3362ac73fcc785259aaa1c9547f4cf1f0164ad2f5d86317a2a9faf3eaadd317b21b0ac9ff2b0dd14ff0cbb18fbb501&tz=0&uuid=e60037ff-0c60-45d9-b2b9-631a5b3cb57c%3A1%3A1

172.240.108.84

200 OK

2.1 kB

URL GET HTTP/1.1
decisivewade.com/watch.1692510195982.js?dev=e&key=ddf5f5874497be5818268b53a898151e&kw=%5B%22download%22%2C%22autocad%22%2C%222014%22%2C%22free%22%2C%22and%22%2C%22full%22%2C%22by%22%2C%22mega%22%2C%22and%22%2C%22mediafire%22%2C%22%E2%80%93%22%2C%22descarga%22%2C%22ink%22%5D&pst=1714863059&refer=https%3A%2F%2Fdescarga.ink%2Fengineeringsoftware%2F87%2F&res=14.2071&rmtc=t&shu=b192caab02d29671af3530bc5a832bf5a80ae6c9be5011633d2e9eaeb79257d5b6281bfeeacad579336b16a23e66e4917a3362ac73fcc785259aaa1c9547f4cf1f0164ad2f5d86317a2a9faf3eaadd317b21b0ac9ff2b0dd14ff0cbb18fbb501&tz=0&uuid=e60037ff-0c60-45d9-b2b9-631a5b3cb57c%3A1%3A1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectdecisivewade.com
Fingerprint97:80:1A:96:16:58:D9:94:6D:24:84:45:32:59:8C:44:59:0F:B7:8C
ValidityMon, 29 Apr 2024 12:47:45 GMT - Sun, 28 Jul 2024 12:47:44 GMT

File type
JavaScript source, ASCII text, with very long lines (2650)
Size
2.1 kB (2107 bytes)
Hash
055e19bfc7b8630cc4a883fd751e6b10
1dad6170039397433bab969f99f5eb8cfe6fb623
04d2d30405fd6ad8ece53d9c35b4638db5daab32dd71df455c0b2102842c2a5b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1692510195982.js?dev=e&key=ddf5f5874497be5818268b53a898151e&kw=%5B%22download%22%2C%22autocad%22%2C%222014%22%2C%22free%22%2C%22and%22%2C%22full%22%2C%22by%22%2C%22mega%22%2C%22and%22%2C%22mediafire%22%2C%22%E2%80%93%22%2C%22descarga%22%2C%22ink%22%5D&pst=1714863059&refer=https%3A%2F%2Fdescarga.ink%2Fengineeringsoftware%2F87%2F&res=14.2071&rmtc=t&shu=b192caab02d29671af3530bc5a832bf5a80ae6c9be5011633d2e9eaeb79257d5b6281bfeeacad579336b16a23e66e4917a3362ac73fcc785259aaa1c9547f4cf1f0164ad2f5d86317a2a9faf3eaadd317b21b0ac9ff2b0dd14ff0cbb18fbb501&tz=0&uuid=e60037ff-0c60-45d9-b2b9-631a5b3cb57c%3A1%3A1 HTTP/1.1
Host: decisivewade.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://descarga.ink
Referer: https://descarga.ink/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22673903; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY3MzkwMywiayI6ImRkZjVmNTg3NDQ5N2JlNTgxODI2OGI1M2E4OTgxNTFlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjU4MDQzLCJwaWQiOjE1NDUyOSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiZTk3cDByZWhpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZGVzY2FyZ2EuaW5rL2VuZ2luZWVyaW5nc29mdHdhcmUvODcvIiwiYXIiOltdfX0.PY2IA8Ms8zUg99q654C_R5VKiwNVhSPy8D30x4FNUxw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 22:49:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://descarga.ink
Access-Control-Allow-Origin: https://descarga.ink
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=e60037ff-0c60-45d9-b2b9-631a5b3cb57c:1:1; expires=Sat, 11 May 2024 22:49:59 GMT; secure; SameSite=None
iprc9c9c4527ffb3160df8e616e83161a3f0=3569808; expires=Sun, 05 May 2024 02:49:59 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 22:49:59 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 22:49:59 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sun, 05 May 2024 22:49:59 GMT; secure; SameSite=None
uncs23=1; expires=Sun, 05 May 2024 22:49:59 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3ee620229a4ac5ebc2cf6115fae9baef
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

threeinvincible.com/sbar.json?key=36e480f9b5da9023529bccefc295338f&psid=CF-3448_1&uuid=e5dbc7fd-edd8-4173-882c-e61a3692f99d%3A2%3A1

172.240.253.132

200 OK

9.1 kB

URL GET HTTP/1.1
threeinvincible.com/sbar.json?key=36e480f9b5da9023529bccefc295338f&psid=CF-3448_1&uuid=e5dbc7fd-edd8-4173-882c-e61a3692f99d%3A2%3A1
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectthreeinvincible.com
Fingerprint80:A7:5B:F8:68:36:7B:02:02:07:18:D1:59:E5:E8:BF:94:77:25:84
ValidityTue, 30 Apr 2024 15:27:42 GMT - Mon, 29 Jul 2024 15:27:41 GMT

File type
JSON text data
Size
9.1 kB (9130 bytes)
Hash
26107cea6b1e76b1bb2b1906c792114b
73609816d03a56edd7792c531007d3649f19169d
ebb9e59afdf3125e450a0736912ec6a16ffd6093e90136827f7973ba07f89f6e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=36e480f9b5da9023529bccefc295338f&psid=CF-3448_1&uuid=e5dbc7fd-edd8-4173-882c-e61a3692f99d%3A2%3A1 HTTP/1.1
Host: threeinvincible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://descarga.ink
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 22:49:59 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://descarga.ink
Access-Control-Allow-Origin: https://descarga.ink
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22673900; expires=Sun, 05 May 2024 22:49:59 GMT; secure; SameSite=None
uid_id2=e5dbc7fd-edd8-4173-882c-e61a3692f99d:2:1; expires=Sat, 11 May 2024 22:49:59 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 22:49:59 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 22:49:59 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 05 May 2024 22:49:59 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 05 May 2024 22:49:59 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0288babe0be415ed994bae41e4ab7285
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

descarga.ink/wp-content/uploads/2023/03/favicon.png

107.189.31.193

200 OK

5.0 kB

URL GET HTTP/3
descarga.ink/wp-content/uploads/2023/03/favicon.png
IP
107.189.31.193:443
ASN
#53667 PONYNET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectdescarga.ink
Fingerprint00:8A:3C:75:4A:06:E2:E1:15:2B:DD:B2:C9:FE:12:58:03:16:FD:8B
ValidityThu, 07 Mar 2024 20:22:33 GMT - Wed, 05 Jun 2024 20:22:32 GMT

File type
PNG image data, 128 x 128, 8-bit colormap, non-interlaced
Size
5.0 kB (4957 bytes)
Hash
05a51b2feeeef41cbaeb8d6ef5762b75
89b8a5810e315880625556b6973b0c30b4056e4e
1c0043e04e381e96c509d617f9bfe79260575d2e52a23a3047ca756c2a50e3e4

HTTP Headers

GET /wp-content/uploads/2023/03/favicon.png HTTP/1.1
Host: descarga.ink
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/engineeringsoftware/87/
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=e60037ff-0c60-45d9-b2b9-631a5b3cb57c%3A1%3A1; sb_main_36e480f9b5da9023529bccefc295338f=1; sb_count_36e480f9b5da9023529bccefc295338f=1; pp_main_ffb927d8765a7c99005c03149b95119e=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 22:49:59 GMT
content-type: image/png
last-modified: Wed, 13 Mar 2024 22:42:35 GMT
accept-ranges: bytes
content-length: 4957
date: Sat, 04 May 2024 22:49:59 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=157680000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
serversignature: Off
servertokens: Prod
x-permitted-cross-domain-policies: master-only

descarga.ink/wp-content/uploads/2023/03/favicon.png

107.189.31.193

200 OK

5.0 kB

URL GET HTTP/3
descarga.ink/wp-content/uploads/2023/03/favicon.png
IP
107.189.31.193:443
ASN
#53667 PONYNET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectdescarga.ink
Fingerprint00:8A:3C:75:4A:06:E2:E1:15:2B:DD:B2:C9:FE:12:58:03:16:FD:8B
ValidityThu, 07 Mar 2024 20:22:33 GMT - Wed, 05 Jun 2024 20:22:32 GMT

File type
PNG image data, 128 x 128, 8-bit colormap, non-interlaced
Size
5.0 kB (4957 bytes)
Hash
05a51b2feeeef41cbaeb8d6ef5762b75
89b8a5810e315880625556b6973b0c30b4056e4e
1c0043e04e381e96c509d617f9bfe79260575d2e52a23a3047ca756c2a50e3e4

HTTP Headers

GET /wp-content/uploads/2023/03/favicon.png HTTP/1.1
Host: descarga.ink
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/engineeringsoftware/87/
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=e60037ff-0c60-45d9-b2b9-631a5b3cb57c%3A1%3A1; sb_main_36e480f9b5da9023529bccefc295338f=1; sb_count_36e480f9b5da9023529bccefc295338f=1; pp_main_ffb927d8765a7c99005c03149b95119e=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 22:49:59 GMT
content-type: image/png
last-modified: Wed, 13 Mar 2024 22:42:35 GMT
accept-ranges: bytes
content-length: 4957
date: Sat, 04 May 2024 22:49:59 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=157680000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
serversignature: Off
servertokens: Prod
x-permitted-cross-domain-policies: master-only

threeinvincible.com/ren.gif?sid=H4sIAAAAAAAC%2F4xSX2gc1Re%2Bk19efiiCUp9EGNxaVNzNzOzu7ExrCTZpSmxsSho1ItjeuffO5nbvzB3vndnZ5EGKBembqz4UfJqcTVpb6z98EdQim4IPgULWpxXMg8%2BCD0LBPsmuweiTPS%2FnHL4D5%2Fu%2Bc97dyPaQAxkezr4s17kQeKpescxnVmz7mLnA46xjdjz3vFs7Zqr2Ud%2BtWM%2BapxhpySnHsi3LtmxzjisWys7UCASe3PLtim9Vak7Frtego%2F7d68wAjQ2g7T30GHA6mLxjHAJO%2BhBHX8wy3Upl8vzJKBM4lQra9PorcSuWeQzRQRkqA8L4%2Bv40SL07dxtkvDWmC7L992DAB8j44TYE8fV9khC0N8c8AwEshoA%2BBHm7D0z0geM%2BEHkZON1FAITCmUWIo2tnpMrx2l8oHqEDNHnvd%2BD5AE3%2BfAji6LMTgnfMc1JkKZexhk5YAO%2F0gTf7kGTbkK5PAM%2B3gaTvAKd30dS9BYijzUUtJHA6PMzqNCCNkJYZpV65ZjeqZc9zSJm5Nq66vhP6Ph0bxHkfeNgHwbqA9QRk2oCMG5CFBmSJAREdmsS27YZFCbY8n5AqbbDApZaNG6GNbcv1ICMjDV1Iky4Q0QWiLkGiLkGLvz9AxuQpUNn3oFcL0NQAnSJo0wJyhiDXCHKMIOcI8hRB3i62qNCOLq5RobPA3s%2FOfq4WPZk2N%2FCWTJssRoBVFxQtNpI99OjIReP1P36FFhuaVZfVPCv0gzrFvuVU644fEMJC4vj1atULQfMbM3Plaq3mnbeB6wnA2oB1PkCN3WOQ8AGaeGMDArwNWmwD4Y8Dzp4EnBeAVwtYj29RpglWTVzhcQuoLCBJJyFdMzbEHnpifNDZC9eAkZ3pTx%2FJuwghIKqARBVwkd9B0BRXeksyR5tLMtfoy8Uk5RFfx6Njn0txytDN02wtl4rOz%2BrujRfJCBiVt5aZThdwTHnc1OiTE5xSpuakIgx9N69fY8HZTK%2BeyFScJQtnZ%2Bbmo0QxrbmM%2B4D5bucFIHyAHv5pZfzFT9%2F9P3C1DSobvrSapok%2BOjXViUS5XasQIbMAk1bZrshY8JhNEcFJa5ofby5FM%2Fna6bcWnsvPW0eS43bDrnmu4%2Ft%2BZWSzXYUo25nuvXn%2Fwkg0l30gyeWPS6X5mcUzpdJw5T8XpatZFMSYiwdZdoRHzfQ4JzK%2BUSotzy8vnCyVvvrlo%2BK3r98zpRbyqPkqVpqJz0ul2ZPnZpbmzy7Pj3k8tZgkFKdMmZSnqYnjlLe5ynSiZFPhyIy3t0AnO2g%2FQEsEShz0QWJA%2FiC%2BJbzDHkhKTznBzvTKh%2Bm3F9%2B%2BD4IjEOxgHw4K0P%2Fog4O6p3A2PGzXrYBiOywHOPDLtbDByp5jBWXPwizwiEtDx%2BopzIsNfQWaagJwehniqIC2KqAtCsCiCzr7Xy9N1M70j9VxQCAmeoFQE5uBUOKD8VMP0OmrN0HzodmoVi3s%2BnW70cCsEdQcL3RtirFTcx3XxVVI9SB0v7n6JwAAAP%2F%2FAQAA%2F%2F%2Bct7%2BcDwYAAA%3D%3D

172.240.253.132

200 OK

7 B

URL GET HTTP/1.1
threeinvincible.com/ren.gif?sid=H4sIAAAAAAAC%2F4xSX2gc1Re%2Bk19efiiCUp9EGNxaVNzNzOzu7ExrCTZpSmxsSho1ItjeuffO5nbvzB3vndnZ5EGKBembqz4UfJqcTVpb6z98EdQim4IPgULWpxXMg8%2BCD0LBPsmuweiTPS%2FnHL4D5%2Fu%2Bc97dyPaQAxkezr4s17kQeKpescxnVmz7mLnA46xjdjz3vFs7Zqr2Ud%2BtWM%2BapxhpySnHsi3LtmxzjisWys7UCASe3PLtim9Vak7Frtego%2F7d68wAjQ2g7T30GHA6mLxjHAJO%2BhBHX8wy3Upl8vzJKBM4lQra9PorcSuWeQzRQRkqA8L4%2Bv40SL07dxtkvDWmC7L992DAB8j44TYE8fV9khC0N8c8AwEshoA%2BBHm7D0z0geM%2BEHkZON1FAITCmUWIo2tnpMrx2l8oHqEDNHnvd%2BD5AE3%2BfAji6LMTgnfMc1JkKZexhk5YAO%2F0gTf7kGTbkK5PAM%2B3gaTvAKd30dS9BYijzUUtJHA6PMzqNCCNkJYZpV65ZjeqZc9zSJm5Nq66vhP6Ph0bxHkfeNgHwbqA9QRk2oCMG5CFBmSJAREdmsS27YZFCbY8n5AqbbDApZaNG6GNbcv1ICMjDV1Iky4Q0QWiLkGiLkGLvz9AxuQpUNn3oFcL0NQAnSJo0wJyhiDXCHKMIOcI8hRB3i62qNCOLq5RobPA3s%2FOfq4WPZk2N%2FCWTJssRoBVFxQtNpI99OjIReP1P36FFhuaVZfVPCv0gzrFvuVU644fEMJC4vj1atULQfMbM3Plaq3mnbeB6wnA2oB1PkCN3WOQ8AGaeGMDArwNWmwD4Y8Dzp4EnBeAVwtYj29RpglWTVzhcQuoLCBJJyFdMzbEHnpifNDZC9eAkZ3pTx%2FJuwghIKqARBVwkd9B0BRXeksyR5tLMtfoy8Uk5RFfx6Njn0txytDN02wtl4rOz%2BrujRfJCBiVt5aZThdwTHnc1OiTE5xSpuakIgx9N69fY8HZTK%2BeyFScJQtnZ%2Bbmo0QxrbmM%2B4D5bucFIHyAHv5pZfzFT9%2F9P3C1DSobvrSapok%2BOjXViUS5XasQIbMAk1bZrshY8JhNEcFJa5ofby5FM%2Fna6bcWnsvPW0eS43bDrnmu4%2Ft%2BZWSzXYUo25nuvXn%2Fwkg0l30gyeWPS6X5mcUzpdJw5T8XpatZFMSYiwdZdoRHzfQ4JzK%2BUSotzy8vnCyVvvrlo%2BK3r98zpRbyqPkqVpqJz0ul2ZPnZpbmzy7Pj3k8tZgkFKdMmZSnqYnjlLe5ynSiZFPhyIy3t0AnO2g%2FQEsEShz0QWJA%2FiC%2BJbzDHkhKTznBzvTKh%2Bm3F9%2B%2BD4IjEOxgHw4K0P%2Fog4O6p3A2PGzXrYBiOywHOPDLtbDByp5jBWXPwizwiEtDx%2BopzIsNfQWaagJwehniqIC2KqAtCsCiCzr7Xy9N1M70j9VxQCAmeoFQE5uBUOKD8VMP0OmrN0HzodmoVi3s%2BnW70cCsEdQcL3RtirFTcx3XxVVI9SB0v7n6JwAAAP%2F%2FAQAA%2F%2F%2Bct7%2BcDwYAAA%3D%3D
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectthreeinvincible.com
Fingerprint80:A7:5B:F8:68:36:7B:02:02:07:18:D1:59:E5:E8:BF:94:77:25:84
ValidityTue, 30 Apr 2024 15:27:42 GMT - Mon, 29 Jul 2024 15:27:41 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F4xSX2gc1Re%2Bk19efiiCUp9EGNxaVNzNzOzu7ExrCTZpSmxsSho1ItjeuffO5nbvzB3vndnZ5EGKBembqz4UfJqcTVpb6z98EdQim4IPgULWpxXMg8%2BCD0LBPsmuweiTPS%2FnHL4D5%2Fu%2Bc97dyPaQAxkezr4s17kQeKpescxnVmz7mLnA46xjdjz3vFs7Zqr2Ud%2BtWM%2BapxhpySnHsi3LtmxzjisWys7UCASe3PLtim9Vak7Frtego%2F7d68wAjQ2g7T30GHA6mLxjHAJO%2BhBHX8wy3Upl8vzJKBM4lQra9PorcSuWeQzRQRkqA8L4%2Bv40SL07dxtkvDWmC7L992DAB8j44TYE8fV9khC0N8c8AwEshoA%2BBHm7D0z0geM%2BEHkZON1FAITCmUWIo2tnpMrx2l8oHqEDNHnvd%2BD5AE3%2BfAji6LMTgnfMc1JkKZexhk5YAO%2F0gTf7kGTbkK5PAM%2B3gaTvAKd30dS9BYijzUUtJHA6PMzqNCCNkJYZpV65ZjeqZc9zSJm5Nq66vhP6Ph0bxHkfeNgHwbqA9QRk2oCMG5CFBmSJAREdmsS27YZFCbY8n5AqbbDApZaNG6GNbcv1ICMjDV1Iky4Q0QWiLkGiLkGLvz9AxuQpUNn3oFcL0NQAnSJo0wJyhiDXCHKMIOcI8hRB3i62qNCOLq5RobPA3s%2FOfq4WPZk2N%2FCWTJssRoBVFxQtNpI99OjIReP1P36FFhuaVZfVPCv0gzrFvuVU644fEMJC4vj1atULQfMbM3Plaq3mnbeB6wnA2oB1PkCN3WOQ8AGaeGMDArwNWmwD4Y8Dzp4EnBeAVwtYj29RpglWTVzhcQuoLCBJJyFdMzbEHnpifNDZC9eAkZ3pTx%2FJuwghIKqARBVwkd9B0BRXeksyR5tLMtfoy8Uk5RFfx6Njn0txytDN02wtl4rOz%2BrujRfJCBiVt5aZThdwTHnc1OiTE5xSpuakIgx9N69fY8HZTK%2BeyFScJQtnZ%2Bbmo0QxrbmM%2B4D5bucFIHyAHv5pZfzFT9%2F9P3C1DSobvrSapok%2BOjXViUS5XasQIbMAk1bZrshY8JhNEcFJa5ofby5FM%2Fna6bcWnsvPW0eS43bDrnmu4%2Ft%2BZWSzXYUo25nuvXn%2Fwkg0l30gyeWPS6X5mcUzpdJw5T8XpatZFMSYiwdZdoRHzfQ4JzK%2BUSotzy8vnCyVvvrlo%2BK3r98zpRbyqPkqVpqJz0ul2ZPnZpbmzy7Pj3k8tZgkFKdMmZSnqYnjlLe5ynSiZFPhyIy3t0AnO2g%2FQEsEShz0QWJA%2FiC%2BJbzDHkhKTznBzvTKh%2Bm3F9%2B%2BD4IjEOxgHw4K0P%2Fog4O6p3A2PGzXrYBiOywHOPDLtbDByp5jBWXPwizwiEtDx%2BopzIsNfQWaagJwehniqIC2KqAtCsCiCzr7Xy9N1M70j9VxQCAmeoFQE5uBUOKD8VMP0OmrN0HzodmoVi3s%2BnW70cCsEdQcL3RtirFTcx3XxVVI9SB0v7n6JwAAAP%2F%2FAQAA%2F%2F%2Bct7%2BcDwYAAA%3D%3D HTTP/1.1
Host: threeinvincible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Cookie: u_pl=22673900; uid_id2=e5dbc7fd-edd8-4173-882c-e61a3692f99d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 22:49:59 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 387d8174fe6d69666544f6b8ec8854e5
Strict-Transport-Security: max-age=0; includeSubdomains

www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js

142.250.74.35

200 OK

206 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
JavaScript source, ASCII text, with very long lines (631)
Size
206 kB (205803 bytes)
Hash
e2e79d6b927169d9e0e57e3baecc0993
1299473950b2999ba0b7f39bd5e4a60eafd1819d
231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b

HTTP Headers

GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://descarga.ink
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:11 GMT
expires: Fri, 02 May 2025 01:56:11 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 248028
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png

45.133.44.9

200 OK

106 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced
Size
106 kB (105910 bytes)
Hash
a36b92bb68d9b579458560ba9b94862a
782d2932ccd3a56e5aad1cca7e6e7fb4a3cf23d6
9de12cf85ad80cae34d8bdaeb59169d75e3bd4f8b931ec90ea2c3be166647c0e

HTTP Headers

GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 22:49:59 GMT
content-type: image/png
content-length: 105910
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Mon, 06 May 2024 22:49:59 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/rtb/msngr_1/social-media/instagram/1/img/number.png

188.114.97.1

200 OK

1.1 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/rtb/msngr_1/social-media/instagram/1/img/number.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 43 x 43, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1138 bytes)
Hash
9e4414e85c588bf7db195e49c02ab2bb
09254e79b255f1b2dfe45adbbe44583a4b433782
0b977ec6e7cf5d35df03cd3a8041f5f523f5d4059ac67c152c0a7b613e20b762

HTTP Headers

GET /sb/notifications/rtb/msngr_1/social-media/instagram/1/img/number.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 22:49:59 GMT
content-type: image/png
content-length: 1138
last-modified: Fri, 19 Jan 2024 14:28:03 GMT
etag: "65aa86f3-472"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 368989
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LMsXKJwDjkWC39FPJcu3SMqiQGVPYsJwbwp1v7KMH3B%2FfuDn%2BfQnfKCx%2F8lzzsEEs307vVB5Lm2QKOAriSD%2BqiGfks%2FQImrP%2FVzkGRvRrPro%2BoqDNLJn1Us5bJFENYigy%2FhAHIZTv92K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ec0c150a2fb4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/rtb/msngr_1/social-media/instagram/1/img/close.png

188.114.97.1

200 OK

6.3 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/rtb/msngr_1/social-media/instagram/1/img/close.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 500 x 500, 8-bit gray+alpha, non-interlaced
Size
6.3 kB (6318 bytes)
Hash
79d4fc0209580bf8b6a7190bd944f9e5
7377bfc3095b86ac5d220c5052d9b9f7a44e5506
39724e1379deb5afe7ea9139a57b6e9ada37d9db28302083b23c941ebf40b8d1

HTTP Headers

GET /sb/notifications/rtb/msngr_1/social-media/instagram/1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 22:49:59 GMT
content-type: image/png
content-length: 6318
last-modified: Fri, 19 Jan 2024 14:28:03 GMT
etag: "65aa86f3-18ae"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 368989
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=phLRdsbDS5ew6Xsn7AYGR%2BzPDDFf%2FWBLPYMjBQybHsFLCPkCOGJ%2BrdzaL7KyMjFiy9bGG7Ehfc1o87NqUADmpJN%2BUpzBSDt1LBML%2FnIpKEK5XvrhL%2FN0nli8bIyCodxHND6BlbB7Kg6B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ec0c150a35b4f9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
1.2 kB (1188 bytes)
Hash
d7f194b9ecb48cc1f7732aa11f657af8
78bf4b130952a61d8c6c199b28ba35e75efc5521
5d1db349bd4390728870488442f17c7eb56399a95005b3d423dc2dfdce5c0454

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 22:50:00 GMT
date: Sat, 04 May 2024 22:50:00 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/rtb/msngr_1/social-media/instagram/1/css/animate.css

188.114.97.1

200 OK

5.4 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/rtb/msngr_1/social-media/instagram/1/css/animate.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
5.4 kB (5372 bytes)
Hash
3d4123dbfb33d27a5cfdfcfa91df6783
e7d0eeeec54b848f0bc3da8685fa3bc88429d660
cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887

HTTP Headers

GET /sb/notifications/rtb/msngr_1/social-media/instagram/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://descarga.ink
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 22:50:00 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:28:03 GMT
etag: W/"65aa86f3-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jGbh4QLHcFl7b4Eoe2kz%2BrDPBCX5YrkTpQZgQfIAXezEeTO%2BEnhRXDh5X8EGqwcTS1%2FZQ5xNY40a5ZSfAZbOTHTBC2Q%2Bt9TY1ea58%2BHaDL822sKH673whw4OCKvBTBf7NA3ESde7cwhe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ec0c150afa56ba-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

172.67.180.87

200 OK

28 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
172.67.180.87:443
ASN
#13335 CLOUDFLARENET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27461 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 22:49:58 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 99c9c5c34e645c2016cb6c06a70589f7
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 22:49:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FGB2ONBAC74zvXxob4DDUPzfl1hU0nHX8R2VGY6kTQUvo5XaH67vS1K3hPE2RVEMYciYDt2N%2BELzq6D4YsDJQjp6ujalAC88HqiTBtWqfkSste8v%2F6OSOeFiLIt%2BRLmcljL%2FO5pJiHcFKUvVuHHOYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ec0c0caf55712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=e60037ff-0c60-45d9-b2b9-631a5b3cb57c&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=ffb927d8765a7c99005c03149b95119e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22

192.243.59.13

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=e60037ff-0c60-45d9-b2b9-631a5b3cb57c&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=ffb927d8765a7c99005c03149b95119e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=e60037ff-0c60-45d9-b2b9-631a5b3cb57c&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=ffb927d8765a7c99005c03149b95119e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 22:50:00 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 14b897e2115dea07a5f884421d0ae061
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/notifications/rtb/msngr_1/social-media/instagram/1/js/script.js

188.114.97.1

200 OK

190 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/rtb/msngr_1/social-media/instagram/1/js/script.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
190 B (190 bytes)
Hash
5ca8c1679ba9453cfa512e01d6fec9c5
45628341eb20e4acee5e812d3b2dfc8f23962daf
520a0196a18cbe656f7382a02ec828125e68bdac511b9ebe2bf27f31e262d037

HTTP Headers

GET /sb/notifications/rtb/msngr_1/social-media/instagram/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://descarga.ink
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 22:50:00 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:28:03 GMT
etag: W/"65aa86f3-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kUw9ufybiJGdKSNUFlWsHUTOFxknG5%2F56%2F%2F5t7mryaeVbvE6nHmmaWLshgKh2ljtzHNphLoPyDouErZo0wun4CvXrNGeD0wiVRqz14o5zUanZodUjQqen1X9kBPWvSdMDSEmdXR0CjlF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ec0c150af456ba-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://descarga.ink
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 248100
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.pdn-1.com/n159/ad/192x192_SBUJJe3A.jpg

23.36.76.160

200 OK

4.8 kB

URL GET HTTP/1.1
static.pdn-1.com/n159/ad/192x192_SBUJJe3A.jpg
IP
23.36.76.160:443
ASN
#20940 Akamai International B.V.

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectstatic.pdn-1.com
Fingerprint92:4B:0C:C7:10:81:E6:CE:3F:3E:2A:E1:77:DA:5F:50:71:B3:36:97
ValidityMon, 25 Mar 2024 20:12:40 GMT - Sun, 23 Jun 2024 20:12:39 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
4.8 kB (4805 bytes)
Hash
4d6c90e12273df0bb20192091bb6e037
a4387afe6d3c11f104af2d09c533fd8f775ebf20
7b5f9fbfe3f23164cc1fb1ff332a0e38300fe887ee7b5f7287bdaa0c1b9283c2

HTTP Headers

GET /n159/ad/192x192_SBUJJe3A.jpg HTTP/1.1
Host: static.pdn-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: image/jpeg
Content-Length: 4805
Last-Modified: Wed, 17 Apr 2024 10:15:08 GMT
ETag: "661fa12c-12c5"
Accept-Ranges: bytes
Cache-Control: max-age=86357
Expires: Sun, 05 May 2024 22:49:17 GMT
Date: Sat, 04 May 2024 22:50:00 GMT
Connection: keep-alive
X-Forward-Proto: http
CDN-Origin-Protocol: HTTP

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://descarga.ink
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 May 2024 09:28:37 GMT
expires: Sun, 04 May 2025 09:28:37 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 48083
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

threeinvincible.com/impr.gif?sid=H4sIAAAAAAAC%2F4xST2hc1Re%2BL79sfiiCUlciPJxaVJzJe%2FP3vdYSbNKU2NiUNGpEsL3%2F3uR27nv3ee978yZZSLEg3TnqouDq5UzS2lr%2F4UZQi0wKLgKFjKsRzMK14EIo2JXMGIyu7Nmcc%2Fg%2BON%2F5znl3I91DZUjxcPZltS6kxFO1kmM%2Fs%2BK6x%2BwFEaUdu%2BPVz9erx2zdPurXS86z9ilOW2qq7LiO4zquPSc0D1RnagSCiG%2F5bsl3StVyya1VoaP%2F3ZvUAoMtYO099BgINpi8Yx0CQfsQhV%2FMctNKVPz8yTCVOFEa2uz6K1ErUlkE4UEZaAuC6Po%2BG5TZnbsNKtoaywXV%2FptIxABZP9wGEl3fFwmkvTnWSSTwCAh7CLJ2H7jsg8B9oOoyCLaLACiDM4sQhdfOKJ3htb9QPEIHaPLe7yCyAZr8%2BRBE4WcnpOjY55RME6EiA50gB9Hpg2j2IU63IVmfAJFtA03eAcHuoql7CxCFm4tGKhBseJjXGKGNgBU5Y16x6jYqRc8r0yKvu7hS98uB77OxQUL0QQR9kLwL2ExAaixIhQVpYEEaWxCyoU1d1204jGLH8ymtsAYndea4uBG42HXqHqR0tEMXkrgLVHaB6ksQ60vQEu8PkDV5CnT6PZjVHAyzwCQI2iyHjCPIDIIMI8gEgixBkLXzLSZN2eTXmDQpcfdzeT9X8p5Kmht4SyVNHiHAugua5RvxHnp05KL1%2Bh%2B%2FQosP7UqdVz0n8EmNYd8pV2pln1DKA1r2a5WKF4ARN2bmipVq1TvvgjATgI0F62KAGrvHIBYDNPHGBhC8DUZuAxWPA06fBJzlgFdzWI9uMW4o1k1cElELmMohTiYhWbM25B56YnzQ2QvXgNOd6U8fyboIIaA6h1jncFHcQdCUV3pLKkObSyoz6MvFOBGhWMejY59LcMLRzdN8LVOazc%2Ba7o0X6QgYlbeWuUkWcMRE1DTokxOCMa7nlKYcfTdvXuPkbGpWT6Q6SuOFszNz82GsuTFCRX3AYrfzAlAxQA%2F%2FtDL%2B4qfv%2Fh%2BE3gadDl9aTZLYHJ2a6oSy2K6WqFQpwbRVdEsqkiLiU1QK2poWx5tL4Uy2dvqtheey886R%2BLjbcKtevez7fmlks1uBMN2Z7r15%2F8JoaaH6QOPLNwqF5fnlhZOFwle%2FfJT%2F9vV7tjJSHbVfxdpw%2BXmhMHvy3MzS%2FNnl%2BcUzhcLwqcU4Zjjh2mYiSWwcJaItdGpirZoah3a0vfVxoTA%2FMyav%2FKf0ZDUNSYSFfBD5R0TYTI4LqiIw8Q7aDzAKgZYHPYktyB7Et1h0%2BAMN7uky2Zle%2BTD59uLb90EKBJIfzMMkB%2FOPnhzUPY3T4WG35hCG3aBIMPGL1aDBi17ZIUXPwZx4tM6CstPTWOQb5go09QTg5DJEYQ5tnUNb5oBlF0z6v14S653pHyvjACInekTqiU0itfxg%2FNQDdPrqTTBiaFcc1iA84A3Cq7VqwCkjtRpxaEBJhXkehcQMgvo3V%2F8EAAD%2F%2FwEAAP%2F%2FEZRRWQ8GAAA%3D

172.240.253.132

200 OK

7 B

URL GET HTTP/1.1
threeinvincible.com/impr.gif?sid=H4sIAAAAAAAC%2F4xST2hc1Re%2BL79sfiiCUlciPJxaVJzJe%2FP3vdYSbNKU2NiUNGpEsL3%2F3uR27nv3ee978yZZSLEg3TnqouDq5UzS2lr%2F4UZQi0wKLgKFjKsRzMK14EIo2JXMGIyu7Nmcc%2Fg%2BON%2F5znl3I91DZUjxcPZltS6kxFO1kmM%2Fs%2BK6x%2BwFEaUdu%2BPVz9erx2zdPurXS86z9ilOW2qq7LiO4zquPSc0D1RnagSCiG%2F5bsl3StVyya1VoaP%2F3ZvUAoMtYO099BgINpi8Yx0CQfsQhV%2FMctNKVPz8yTCVOFEa2uz6K1ErUlkE4UEZaAuC6Po%2BG5TZnbsNKtoaywXV%2FptIxABZP9wGEl3fFwmkvTnWSSTwCAh7CLJ2H7jsg8B9oOoyCLaLACiDM4sQhdfOKJ3htb9QPEIHaPLe7yCyAZr8%2BRBE4WcnpOjY55RME6EiA50gB9Hpg2j2IU63IVmfAJFtA03eAcHuoql7CxCFm4tGKhBseJjXGKGNgBU5Y16x6jYqRc8r0yKvu7hS98uB77OxQUL0QQR9kLwL2ExAaixIhQVpYEEaWxCyoU1d1204jGLH8ymtsAYndea4uBG42HXqHqR0tEMXkrgLVHaB6ksQ60vQEu8PkDV5CnT6PZjVHAyzwCQI2iyHjCPIDIIMI8gEgixBkLXzLSZN2eTXmDQpcfdzeT9X8p5Kmht4SyVNHiHAugua5RvxHnp05KL1%2Bh%2B%2FQosP7UqdVz0n8EmNYd8pV2pln1DKA1r2a5WKF4ARN2bmipVq1TvvgjATgI0F62KAGrvHIBYDNPHGBhC8DUZuAxWPA06fBJzlgFdzWI9uMW4o1k1cElELmMohTiYhWbM25B56YnzQ2QvXgNOd6U8fyboIIaA6h1jncFHcQdCUV3pLKkObSyoz6MvFOBGhWMejY59LcMLRzdN8LVOazc%2Ba7o0X6QgYlbeWuUkWcMRE1DTokxOCMa7nlKYcfTdvXuPkbGpWT6Q6SuOFszNz82GsuTFCRX3AYrfzAlAxQA%2F%2FtDL%2B4qfv%2Fh%2BE3gadDl9aTZLYHJ2a6oSy2K6WqFQpwbRVdEsqkiLiU1QK2poWx5tL4Uy2dvqtheey886R%2BLjbcKtevez7fmlks1uBMN2Z7r15%2F8JoaaH6QOPLNwqF5fnlhZOFwle%2FfJT%2F9vV7tjJSHbVfxdpw%2BXmhMHvy3MzS%2FNnl%2BcUzhcLwqcU4Zjjh2mYiSWwcJaItdGpirZoah3a0vfVxoTA%2FMyav%2FKf0ZDUNSYSFfBD5R0TYTI4LqiIw8Q7aDzAKgZYHPYktyB7Et1h0%2BAMN7uky2Zle%2BTD59uLb90EKBJIfzMMkB%2FOPnhzUPY3T4WG35hCG3aBIMPGL1aDBi17ZIUXPwZx4tM6CstPTWOQb5go09QTg5DJEYQ5tnUNb5oBlF0z6v14S653pHyvjACInekTqiU0itfxg%2FNQDdPrqTTBiaFcc1iA84A3Cq7VqwCkjtRpxaEBJhXkehcQMgvo3V%2F8EAAD%2F%2FwEAAP%2F%2FEZRRWQ8GAAA%3D
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectthreeinvincible.com
Fingerprint80:A7:5B:F8:68:36:7B:02:02:07:18:D1:59:E5:E8:BF:94:77:25:84
ValidityTue, 30 Apr 2024 15:27:42 GMT - Mon, 29 Jul 2024 15:27:41 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F4xST2hc1Re%2BL79sfiiCUlciPJxaVJzJe%2FP3vdYSbNKU2NiUNGpEsL3%2F3uR27nv3ee978yZZSLEg3TnqouDq5UzS2lr%2F4UZQi0wKLgKFjKsRzMK14EIo2JXMGIyu7Nmcc%2Fg%2BON%2F5znl3I91DZUjxcPZltS6kxFO1kmM%2Fs%2BK6x%2BwFEaUdu%2BPVz9erx2zdPurXS86z9ilOW2qq7LiO4zquPSc0D1RnagSCiG%2F5bsl3StVyya1VoaP%2F3ZvUAoMtYO099BgINpi8Yx0CQfsQhV%2FMctNKVPz8yTCVOFEa2uz6K1ErUlkE4UEZaAuC6Po%2BG5TZnbsNKtoaywXV%2FptIxABZP9wGEl3fFwmkvTnWSSTwCAh7CLJ2H7jsg8B9oOoyCLaLACiDM4sQhdfOKJ3htb9QPEIHaPLe7yCyAZr8%2BRBE4WcnpOjY55RME6EiA50gB9Hpg2j2IU63IVmfAJFtA03eAcHuoql7CxCFm4tGKhBseJjXGKGNgBU5Y16x6jYqRc8r0yKvu7hS98uB77OxQUL0QQR9kLwL2ExAaixIhQVpYEEaWxCyoU1d1204jGLH8ymtsAYndea4uBG42HXqHqR0tEMXkrgLVHaB6ksQ60vQEu8PkDV5CnT6PZjVHAyzwCQI2iyHjCPIDIIMI8gEgixBkLXzLSZN2eTXmDQpcfdzeT9X8p5Kmht4SyVNHiHAugua5RvxHnp05KL1%2Bh%2B%2FQosP7UqdVz0n8EmNYd8pV2pln1DKA1r2a5WKF4ARN2bmipVq1TvvgjATgI0F62KAGrvHIBYDNPHGBhC8DUZuAxWPA06fBJzlgFdzWI9uMW4o1k1cElELmMohTiYhWbM25B56YnzQ2QvXgNOd6U8fyboIIaA6h1jncFHcQdCUV3pLKkObSyoz6MvFOBGhWMejY59LcMLRzdN8LVOazc%2Ba7o0X6QgYlbeWuUkWcMRE1DTokxOCMa7nlKYcfTdvXuPkbGpWT6Q6SuOFszNz82GsuTFCRX3AYrfzAlAxQA%2F%2FtDL%2B4qfv%2Fh%2BE3gadDl9aTZLYHJ2a6oSy2K6WqFQpwbRVdEsqkiLiU1QK2poWx5tL4Uy2dvqtheey886R%2BLjbcKtevez7fmlks1uBMN2Z7r15%2F8JoaaH6QOPLNwqF5fnlhZOFwle%2FfJT%2F9vV7tjJSHbVfxdpw%2BXmhMHvy3MzS%2FNnl%2BcUzhcLwqcU4Zjjh2mYiSWwcJaItdGpirZoah3a0vfVxoTA%2FMyav%2FKf0ZDUNSYSFfBD5R0TYTI4LqiIw8Q7aDzAKgZYHPYktyB7Et1h0%2BAMN7uky2Zle%2BTD59uLb90EKBJIfzMMkB%2FOPnhzUPY3T4WG35hCG3aBIMPGL1aDBi17ZIUXPwZx4tM6CstPTWOQb5go09QTg5DJEYQ5tnUNb5oBlF0z6v14S653pHyvjACInekTqiU0itfxg%2FNQDdPrqTTBiaFcc1iA84A3Cq7VqwCkjtRpxaEBJhXkehcQMgvo3V%2F8EAAD%2F%2FwEAAP%2F%2FEZRRWQ8GAAA%3D HTTP/1.1
Host: threeinvincible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Cookie: u_pl=22673900; uid_id2=e5dbc7fd-edd8-4173-882c-e61a3692f99d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 22:50:00 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9f134a01ef0fb5a31d16bea097ceea95
Strict-Transport-Security: max-age=0; includeSubdomains

threeinvincible.com/pixel/sbs?c=1

172.240.253.132

200 OK

0 B

URL GET HTTP/1.1
threeinvincible.com/pixel/sbs?c=1
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectthreeinvincible.com
Fingerprint80:A7:5B:F8:68:36:7B:02:02:07:18:D1:59:E5:E8:BF:94:77:25:84
ValidityTue, 30 Apr 2024 15:27:42 GMT - Mon, 29 Jul 2024 15:27:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: threeinvincible.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Cookie: u_pl=22673900; uid_id2=e5dbc7fd-edd8-4173-882c-e61a3692f99d:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 22:50:00 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.barscreative1.com/sb/notifications/rtb/msngr_1/social-media/instagram/1/index.html

45.133.44.3

200 OK

1.2 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/notifications/rtb/msngr_1/social-media/instagram/1/index.html
IP
45.133.44.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3
ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT

File type
HTML document, ASCII text, with very long lines (1247), with no line terminators
Size
1.2 kB (1178 bytes)
Hash
d7e9bbdc14a6a43c585e317362083462
b534aa26ca00c609f983494f41e9d51324cf5922
c4d52e3945909d212f8f49c517f65dfe254cdd54e21d0e4ce12eb233aa73fcb4

HTTP Headers

GET /sb/notifications/rtb/msngr_1/social-media/instagram/1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://descarga.ink
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 22:49:59 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Fri, 19 Jan 2024 14:28:03 GMT
etag: W/"65aa86f3-49a"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sat, 04 May 2024 23:49:59 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/notifications/rtb/msngr_1/social-media/instagram/1/css/style.css

188.114.97.1

200 OK

5.0 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/notifications/rtb/msngr_1/social-media/instagram/1/css/style.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (5256), with no line terminators
Size
5.0 kB (4990 bytes)
Hash
20fc3575e1f60756b6fc80254e6949be
fa0debcf63ba783ca6aad97674fcb9c4ce823095
b594ebf5062e8f2f8e88dc97e9dc2a8343d3a8b1dcc09e3d9e97b1a84e296f9b

HTTP Headers

GET /sb/notifications/rtb/msngr_1/social-media/instagram/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://descarga.ink
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 22:50:00 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:28:03 GMT
etag: W/"65aa86f3-137e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jd1R9R2REk5XZrkxK6LIizeOf%2FDpU9JVZuNH93z%2B2btUzXW6qXJkUEJD4z8UBkZyJrXbs41v5PppIuIeO8%2Fwuk1ojQv2%2B6OHkFDa%2FH1dDCnSTb4p7XLl6pAmZkMLSOLyHtuV6XZlBdgf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ec0c150afd56ba-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

descarga.ink/engineeringsoftware/87/

107.189.31.193

200 OK

43 kB

URL User Request GET HTTP/2
descarga.ink/engineeringsoftware/87/
IP
107.189.31.193:443
ASN
#53667 PONYNET

Certificate
IssuerLet's Encrypt
Subjectdescarga.ink
Fingerprint00:8A:3C:75:4A:06:E2:E1:15:2B:DD:B2:C9:FE:12:58:03:16:FD:8B
ValidityThu, 07 Mar 2024 20:22:33 GMT - Wed, 05 Jun 2024 20:22:32 GMT

File type

Size
43 kB (43234 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /engineeringsoftware/87/ HTTP/1.1
Host: descarga.ink
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/7.4.33
content-type: text/html; charset=UTF-8
x-ua-compatible: IE=edge
link: <https://descarga.ink/wp-json/>; rel="https://api.w.org/", <https://descarga.ink/wp-json/wp/v2/posts/87>; rel="alternate"; type="application/json", <https://descarga.ink/?p=87>; rel=shortlink
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 22:49:57 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=157680000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
serversignature: Off
servertokens: Prod
x-permitted-cross-domain-policies: master-only
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

xml-v4.clouback-1.online/thumbnail?i=gRmCwyKqL*w_0&p=1714862999.235213&imgt=icon

173.239.53.32

302 Found

4.8 kB

URL GET HTTP/1.1
xml-v4.clouback-1.online/thumbnail?i=gRmCwyKqL*w_0&p=1714862999.235213&imgt=icon
IP
173.239.53.32:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subjectclouback-1.online
Fingerprint49:43:16:99:23:3B:84:3A:78:AF:92:AB:48:34:70:1F:61:2B:70:E2
ValidityWed, 24 Apr 2024 14:28:10 GMT - Tue, 23 Jul 2024 14:28:09 GMT

File type

Size
4.8 kB (4805 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /thumbnail?i=gRmCwyKqL*w_0&p=1714862999.235213&imgt=icon HTTP/1.1
Host: xml-v4.clouback-1.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 May 2024 22:50:00 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://static.pdn-1.com/n159/ad/192x192_SBUJJe3A.jpg

unseenreport.com/pxf.gif?uuid=e60037ff-0c60-45d9-b2b9-631a5b3cb57c&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36e480f9b5da9023529bccefc295338f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=e60037ff-0c60-45d9-b2b9-631a5b3cb57c&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36e480f9b5da9023529bccefc295338f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://descarga.ink/engineeringsoftware/87/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=e60037ff-0c60-45d9-b2b9-631a5b3cb57c&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=36e480f9b5da9023529bccefc295338f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://descarga.ink/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 22:50:00 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bd942d109c5875c5ca14ba09e0bc79cb
Strict-Transport-Security: max-age=0; includeSubdomains

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by