Report - mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Report Overview

Visitedpublic

2025-04-20 02:27:04

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2025-04-19	420 B	377 B	185.196.197.72
cdn.show-sb.com	unknown	2024-08-20	2024-08-31	2025-04-13	480 B	2.0 kB	172.67.170.115
obeseglobewimp.com	unknown	2025-03-03	2025-03-05	2025-04-16	443 B	113 kB	172.240.108.84
mexa.sh	337577	2019-08-22	2019-08-26	2025-04-16	14 kB	711 kB	188.114.96.1
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-04-16	461 B	830 B	172.64.146.234
cdn.storageimagedisplay.com	unknown	2024-09-13	2024-09-13	2025-04-19	964 B	21 kB	45.133.44.1
cdn.creative-stat1.com	unknown	2024-08-20	2024-08-27	2025-04-13	2.3 kB	187 kB	188.114.96.1
recordedthereby.com	unknown	2024-05-08	2024-05-08	2025-04-19	812 B	172 kB	185.196.197.72
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-04-16	1.1 kB	82 kB	142.250.178.99
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-04-16	430 B	17 kB	142.250.74.10
waisheph.com	74994	2020-11-23	2020-12-10	2025-04-17	3.4 kB	114 kB	139.45.197.119
invadedisheartentrail.com	unknown	2024-09-01	2024-10-22	2025-04-15	6.1 kB	4.0 kB	192.243.61.227
unseenreport.com	unknown	2022-03-30	2022-03-30	2025-04-19	1.5 kB	992 B	192.243.59.12
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-04-16	1.0 kB	663 kB	142.250.178.104
experttrafficcounter.com	unknown	2025-01-23	2025-01-24	2025-04-17	1.9 kB	1.3 kB	18.198.132.236
straightforwardaudition.com	unknown	2024-08-19	2025-04-11	2025-04-18	3.5 kB	51 kB	172.240.108.84

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-19	medium	recordedthereby.com	Sinkholed
2025-04-19	medium	straightforwardaudition.com	Sinkholed
2025-04-19	medium	invadedisheartentrail.com	Sinkholed
2025-04-19	medium	invadedisheartentrail.com	Sinkholed
2025-04-19	medium	straightforwardaudition.com	Sinkholed
2025-04-19	medium	invadedisheartentrail.com	Sinkholed
2025-04-19	medium	invadedisheartentrail.com	Sinkholed
2025-04-19	medium	capaciousdrewreligion.com	Sinkholed
2025-04-19	medium	unseenreport.com	Sinkholed
2025-04-19	medium	invadedisheartentrail.com	Sinkholed
2025-04-19	medium	straightforwardaudition.com	Sinkholed
2025-04-19	medium	invadedisheartentrail.com	Sinkholed
2025-04-19	medium	straightforwardaudition.com	Sinkholed
2025-04-19	medium	invadedisheartentrail.com	Sinkholed
2025-04-19	medium	straightforwardaudition.com	Sinkholed
2025-04-19	medium	straightforwardaudition.com	Sinkholed
2025-04-19	medium	recordedthereby.com	Sinkholed
2025-04-19	medium	straightforwardaudition.com	Sinkholed
2025-04-20	medium	obeseglobewimp.com	Sinkholed
2025-04-19	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (19)

	URL	From	Size	First Seen	Last Seen
	mexa.sh/js/jquery.paging.js	ScriptElement	19 kB	2023-03-07	2025-08-01
URL mexa.sh/js/jquery.paging.js IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-01 Times Seen 2849 Size 19 kB (19365 bytes) MD5 d7a2c1c7af2a004a6d68e1e55b1cfb46 SHA1 7fd6daa7076c30381880519ad06ef5639b19ee28 SHA256 c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6 Format Code Loading...

	obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js	ScriptElement	112 kB	2025-04-19	2025-04-20
URL obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js IP / ASN 172.240.108.84 #7979 SERVERS-COM Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-19 Last Seen 2025-04-20 Times Seen 2 Size 112 kB (111886 bytes) MD5 420f46da135666f3153e39f38c50aa19 SHA1 96afc07fce51bd913f5addf5b3194297982ae0c7 SHA256 9da74cf73c121e769a092199a73d204b2bac4d75b4c5c14cf7c2903a15b8b5aa Format Code Loading...

	mexa.sh/js/jquery.cookie.js	ScriptElement	3.1 kB	2023-03-07	2025-08-01
URL mexa.sh/js/jquery.cookie.js IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-01 Times Seen 2915 Size 3.1 kB (3121 bytes) MD5 ff14e4812b7f512e620b1ad35542bcfc SHA1 c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae SHA256 c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96 Format Code Loading...

	mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar	ScriptElement	261 B	2023-03-12	2025-07-27
URL mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-12 Last Seen 2025-07-27 Times Seen 97 Size 261 B (261 bytes) MD5 abbf34430edc9e4d913c44d8a48f2ae3 SHA1 dc9f6c9c0b7d020d8bc465365a4039daa8cbcc84 SHA256 f04d076aafba2a5adb1116793b34a04ef9da13f29838dd753bfd7ccfedcda8c9 Format Code Loading...

	waisheph.com/5/7359319	ScriptElement	108 kB	2025-04-20	2025-04-20
URL waisheph.com/5/7359319 IP / ASN 139.45.197.119 #9002 RETN Limited Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-20 Last Seen 2025-04-20 Times Seen 1 Size 108 kB (107566 bytes) MD5 69004056f6150e79f690d51bd9b4b024 SHA1 bde672f6db4c236d51b01d274f3ee25b362e758c SHA256 7ab5d741d9e9d7f5f2103815439e57e945a3b1d2660b3a991e69ee18be2f2295 Format Code Loading...

	www.googletagmanager.com/gtag/js?id=UA-79936000-1	ScriptElement	275 kB	2025-04-20	2025-04-20
URL www.googletagmanager.com/gtag/js?id=UA-79936000-1 IP / ASN 142.250.178.104 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-20 Last Seen 2025-04-20 Times Seen 1 Size 275 kB (274621 bytes) MD5 e42743bf3df7d1185af918b8f21e102e SHA1 3bfdd42fa034db3226db0c6c07cc8c2ad69c4967 SHA256 19e95823307640e571b57d795b7de69242be025f4b0f2fac5a0117e3b2364fcc Format Code Loading...

	straightforwardaudition.com/ce/95/e4/ce95e43f3553e10df4882fca51971c45.js	ScriptElement	33 kB	2025-04-20	2025-04-20
URL straightforwardaudition.com/ce/95/e4/ce95e43f3553e10df4882fca51971c45.js IP / ASN 172.240.108.84 #7979 SERVERS-COM Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-20 Last Seen 2025-04-20 Times Seen 1 Size 33 kB (32964 bytes) MD5 9d861694a0d8a87d1447b11d2ce72f62 SHA1 8d0550958c496464e24fe1938b484a089018408e SHA256 cec20d17125bbaf3e01df8ea6d3eb3e360fbd53aa76e0998e7eb15d8875acdd3 Format Code Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-08-02
URL www.google-analytics.com/analytics.js IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-04-11 Last Seen 2025-08-02 Times Seen 418959 Size 4.7 kB (4691 bytes) MD5 f24128d0c9cba7be2916c693427a3483 SHA1 1b6397d496ea896ebc2018b01b995cee4f166029 SHA256 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Format Code Loading...

	recordedthereby.com/sfp.js	ScriptElement	85 kB	2025-01-25	2025-06-27
URL recordedthereby.com/sfp.js IP / ASN 185.196.197.72 #39572 DataWeb Global Group B.V. Introduced by ScriptElement Embedded false Resource Info First Seen 2025-01-25 Last Seen 2025-06-27 Times Seen 2209 Size 85 kB (85380 bytes) MD5 108625937affa4b38bb17cea65510d72 SHA1 2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee SHA256 c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0 Format Code Loading...

	mexa.sh/js/paging.js	ScriptElement	1.7 kB	2023-03-08	2025-07-31
URL mexa.sh/js/paging.js IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-08 Last Seen 2025-07-31 Times Seen 704 Size 1.7 kB (1709 bytes) MD5 43e50aa00ad654da80af8f7936afd4c6 SHA1 fb5921b855cce329191077b7e93563029d703545 SHA256 e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657 Format Code Loading...

	mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar	ScriptElement	666 B	2023-03-12	2025-07-27
URL mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-12 Last Seen 2025-07-27 Times Seen 96 Size 666 B (666 bytes) MD5 3ff478c8f993edf7fcf9b0a556256ed5 SHA1 22391de1683e10171a05ac3453143ea297da9f3e SHA256 2840b85566767ff50901311c4a2c2545b5b29e94c8c3aaade614902a04dc45d7 Format Code Loading...

	mexa.sh/js/jquery-1.9.1.min.js	ScriptElement	93 kB	2023-03-07	2025-08-02
URL mexa.sh/js/jquery-1.9.1.min.js IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 18471 Size 93 kB (92629 bytes) MD5 397754ba49e9e0cf4e7c190da78dda05 SHA1 ae49e56999d82802727455f0ba83b63acd90a22b SHA256 c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Format Code Loading...

	mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar	ScriptElement	172 B	2025-04-20	2025-04-20
URL mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-20 Last Seen 2025-04-20 Times Seen 1 Size 172 B (172 bytes) MD5 7d4589e9bd85e11310fff3b316b19555 SHA1 f17a806b3bb11acff3f754736cdaa29f0872f220 SHA256 3edf0d230405b60b69b105995f0e9849d448caf2cd8c8dea716b3acbec145274 Format Code Loading...

	mexa.sh/tzmhriiukc6s/sandbox%20eval%20code		147 B	2023-04-11	2025-08-02
URL mexa.sh/tzmhriiukc6s/sandbox%20eval%20code IP / ASN 0.0.0.0 #0 Introduced by Embedded false Resource Info First Seen 2023-04-11 Last Seen 2025-08-02 Times Seen 419698 Size 147 B (147 bytes) MD5 92b651082ce234f66bb544e678befda3 SHA1 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 SHA256 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Format Code Loading...

	cdn.creative-stat1.com/sb/ssp/utility/live-message/3-2/js/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-08-02
URL cdn.creative-stat1.com/sb/ssp/utility/live-message/3-2/js/jquery.min.js IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 2977 Size 90 kB (89492 bytes) MD5 561acb3e541133bbdd2c0c19f8ee35a1 SHA1 ffd1353cf3f77d25f801c84d8208613eb0d3d548 SHA256 9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc Format Code Loading...

	mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar	ScriptElement	154 B	2023-03-12	2025-07-27
URL mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-12 Last Seen 2025-07-27 Times Seen 99 Size 154 B (154 bytes) MD5 c6b02bbb4255c747368479fd2e4300e5 SHA1 0a5cd83325ceaab81243a71c4ce359edf2d15c03 SHA256 8b9d20a60322347d585ec6209ba3e9e1bacc7a8aa14c7aa33f3549d10348614c Format Code Loading...

	www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e54g3za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316~103116025~103130495~103130497	ScriptElement	386 kB	2025-04-20	2025-04-20
URL www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e54g3za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316~103116025~103130495~103130497 IP / ASN 142.250.178.104 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-20 Last Seen 2025-04-20 Times Seen 1 Size 386 kB (386310 bytes) MD5 c1ee9c471b218d97fae5379a53866ef4 SHA1 a677be6862749d208bf03b65af10d377288beddc SHA256 23366860d0805946f53e3ed13b5e4f1a5d4477d36f403250f16eb1da57847c3e Format Code Loading...

	recordedthereby.com/sfp.js	ScriptElement	85 kB	2025-01-25	2025-06-27
URL recordedthereby.com/sfp.js IP / ASN 185.196.197.72 #39572 DataWeb Global Group B.V. Introduced by ScriptElement Embedded false Resource Info First Seen 2025-01-25 Last Seen 2025-06-27 Times Seen 2209 Size 85 kB (85380 bytes) MD5 108625937affa4b38bb17cea65510d72 SHA1 2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee SHA256 c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0 Format Code Loading...

	about:blank	ScriptElement	1.6 kB	2025-04-14	2025-06-03
URL about:blank IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2025-04-14 Last Seen 2025-06-03 Times Seen 15 Size 1.6 kB (1553 bytes) MD5 0eb53ad14fecf677e017c12898889d7b SHA1 21efe1c5bc66fe1c3597887c2745b59684a5437b SHA256 3add8f86dce7831f55876c5e8336aab2b4b0f88fbac222a74016a34340697b0e Format Code Loading...

HTTP Transactions (70)

URL IP Response Size

GET mexa.sh/images/navbar.png

188.114.96.1

200 OK

22 kB

URL

mexa.sh/images/navbar.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size22 kB (22290 bytes)

MD5e7c056eea6e071b1f5309d5db50c057a

SHA1833e979751da5fffe28b8761b322d16481a24c2e

SHA25634785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/navbar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 22290
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "5712-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1408
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c81adbb500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET recordedthereby.com/sfp.js

185.196.197.72

200 OK

85 kB

URL

recordedthereby.com/sfp.js

IP / ASN

185.196.197.72

#39572 DataWeb Global Group B.V.

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators

First Seen2025-01-25

Last Seen2025-06-27

Times Seen2209

Size85 kB (85380 bytes)

MD5108625937affa4b38bb17cea65510d72

SHA12c0f48e9efa3fb5554d1fa393b28d74d5339f9ee

SHA256c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0

Certificate Info

IssuerLet's Encrypt

Subjectrecordedthereby.com

Fingerprint19:45:8B:8A:1B:43:8F:CB:7D:D5:AA:7C:FF:FA:04:93:35:CA:9D:47

ValidityThu, 06 Mar 2025 21:25:47 GMT - Wed, 04 Jun 2025 21:25:46 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:44 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28255
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Host: recordedthereby.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: c66d8608b4269817b26236ef58e2555b
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET experttrafficcounter.com/stats

18.198.132.236

200 OK

40 B

URL

experttrafficcounter.com/stats

IP / ASN

18.198.132.236

#16509 AMAZON-02

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeASCII text, with no line terminators

First Seen2025-04-20

Last Seen2025-04-20

Times Seen1

Size40 B (40 bytes)

MD52a54ac91cbafd3580501b1a702be7311

SHA175d595c3c1efcd8b796bb3732f2c27dd49e1524e

SHA256e19285b775b1509398af1c65f2c891545406be0e643ba3644b43f53affff1833

Certificate Info

IssuerAmazon

Subjectexperttrafficcounter.com

FingerprintEE:A0:89:D0:CF:A2:E2:EC:50:6D:6C:20:D2:5A:BB:B9:8C:6E:3F:CC

ValidityThu, 23 Jan 2025 00:00:00 GMT - Sat, 21 Feb 2026 23:59:59 GMT

HTTP Headers

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Cookie: uid_id2=7ccd6393-be4c-48cc-9849-59cb8901cdd0:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:26:45 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mexa.sh
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.178.99

200 OK

40 kB

URL

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

IP / ASN

142.250.178.99

#15169 GOOGLE

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 40128, version 1.0

First Seen2025-01-08

Last Seen2025-08-02

Times Seen97599

Size40 kB (40128 bytes)

MD59a01b69183a9604ab3a439e388b30501

SHA18ed1d59003d0dbe6360481017b44665153665fbe

SHA25620b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

Certificate Info

IssuerGoogle Trust Services

Subject*.gstatic.com

Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80

ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Apr 2025 18:15:43 GMT
expires: Fri, 17 Apr 2026 18:15:43 GMT
cache-control: public, max-age=31536000
age: 202264
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.178.99

200 OK

40 kB

URL

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

IP / ASN

142.250.178.99

#15169 GOOGLE

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 40128, version 1.0

First Seen2025-01-08

Last Seen2025-08-02

Times Seen97599

Size40 kB (40128 bytes)

MD59a01b69183a9604ab3a439e388b30501

SHA18ed1d59003d0dbe6360481017b44665153665fbe

SHA25620b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

Certificate Info

IssuerGoogle Trust Services

Subject*.gstatic.com

Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80

ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Apr 2025 18:15:43 GMT
expires: Fri, 17 Apr 2026 18:15:43 GMT
cache-control: public, max-age=31536000
age: 202264
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET mexa.sh/js/paging.js

188.114.96.1

200 OK

1.7 kB

URL

mexa.sh/js/paging.js

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeHTML document, ASCII text

First Seen2023-03-08

Last Seen2025-07-31

Times Seen704

Size1.7 kB (1709 bytes)

MD543e50aa00ad654da80af8f7936afd4c6

SHA1fb5921b855cce329191077b7e93563029d703545

SHA256e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /js/paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: application/javascript
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:32 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 30
priority: u=2,i=?0
etag: W/"6ad-550b66e847e00"
content-encoding: br
cf-ray: 933132c589e3b500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/navicon3.png

188.114.96.1

200 OK

16 kB

URL

mexa.sh/images/navicon3.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size16 kB (15889 bytes)

MD5715335986af196b81f68fa792f5a7f53

SHA1b6b2f12993db399f86883315310869dccbd75ec5

SHA256aed030aceb42be1e4b98b63eaac7064b3cd6a08fa4806d967be6bd47c449b76f

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/navicon3.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 15889
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "3e11-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1409
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c5a9f6b500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET waisheph.com/5/7359319

139.45.197.119

200 OK

108 kB

URL

waisheph.com/5/7359319

IP / ASN

139.45.197.119

#9002 RETN Limited

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators

First Seen2025-04-20

Last Seen2025-04-20

Times Seen1

Size108 kB (107566 bytes)

MD569004056f6150e79f690d51bd9b4b024

SHA1bde672f6db4c236d51b01d274f3ee25b362e758c

SHA2567ab5d741d9e9d7f5f2103815439e57e945a3b1d2660b3a991e69ee18be2f2295

Certificate Info

IssuerLet's Encrypt

Subjectwaisheph.com

Fingerprint2F:DC:B5:CD:9D:81:2D:67:4D:2A:BF:A5:28:D4:1A:B9:F9:CE:C6:AC

ValidityFri, 11 Apr 2025 05:22:09 GMT - Thu, 10 Jul 2025 05:22:08 GMT

HTTP Headers

GET /5/7359319 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: application/javascript
x-trace-id: 6ce8b82b8a3cf98964e52358b137824f
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081b1a07efc4302f9157ec198f80b6f; expires=Mon, 20 Apr 2026 02:26:42 GMT; path=/; secure; SameSite=None
oaidts=1745116002; expires=Mon, 20 Apr 2026 02:26:42 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET mexa.sh/images/premium_download.png

188.114.96.1

200 OK

36 kB

URL

mexa.sh/images/premium_download.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen97

Size36 kB (35695 bytes)

MD575737b3b7b2586619b43ab184c2f95bf

SHA189878f4f4aafb8637e9e9c50eedbba12e1cb74eb

SHA256e05df009685a645cba141b9e0d534c8abd9b23ec997e0894e585702c73e04a5f

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/premium_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 35695
server: cloudflare
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "8b6f-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1409
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c86afcb500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

OPTIONS straightforwardaudition.com/pixel/pure

172.240.108.84

204 No Content

0 B

URL

straightforwardaudition.com/pixel/pure

IP / ASN

172.240.108.84

#7979 SERVERS-COM

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectstraightforwardaudition.com

Fingerprint03:17:64:F3:5F:29:6C:69:80:21:02:84:80:4E:0C:06:35:8D:EE:42

ValidityWed, 19 Feb 2025 02:53:12 GMT - Tue, 20 May 2025 02:53:11 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /pixel/pure HTTP/1.1
Host: straightforwardaudition.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:45 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET invadedisheartentrail.com/ren.gif?sid=H4sIAAAAAAAC_1RSz4scRRitnqwnBUkIXkSYgwcVd7Z7umd22hyCa0wIiUnIRhbJQaqrqmfLre7qVHVPT-YUDEgOHgZPeut9s8liDEH_AEFnAx4WBMfTHrIQ9C9QyFGkJwOj3-H70e9reN979cVucUwCFPTo2kd6JJWia52W23xrS6Zcl7Z55UbTc1vumeaWTLvBmeawTmbwnucHLfft5gXBdvRa2_Vc13O95nlpRKyHa3MUMnsUeq3QbQXtltcJMDT_n23hwFIHfHBMTkHy2at_xDch2RRp8v05YXdynb37YVIommuDAd__ON1JdZkiWbaxcRCn-4ttaDsj5OsGdLq_uAB6sFdfgEjOSOO1p4jS_QVNRIP7L5hGCiJFxF9GOZhCqCkknYLpu5D8NwIwjitXkSYPrmhT0tsvUFqjM7Ly_G_IckZWnp5GmjzeUHLY3NSqyKVOLYZxBTmcQvanyIoD5KMGZHkAln8OyX8la88vI032rlqlIfnRm-uM8a4f-quRCNhq0GNsNewF4WonZFEvdD3GuTuXSMZTKDEGtQ0U1kEhHRSxgyJzkPCjZuD2AuZRvxuHnK27AQ0CLiI37LVdl4ZsHQWr-Y-RZ2MwNQYzd5CZO9iRY5jiJ9jtCpY7sDnBgFcoBUFpCUpKUEqCMicoB9V9rmzbVg-4skXkLWp7Uf1qovP-Lr2v875ICagZw_BqT2a37F2w_MRkFNtLE10nGuUPNzZXu71gNfjUndCIV7vZMTlZi-x8-c_P2BFHTSbCjgj82O90fOG5PA56vXbMaMcL1z0WdGBlBWkboNbBqHb8nW-QyRkhY4KIHsCqAzB5ErR4A7SsQLcrjNL9RAxpy26D6wpZvoL8trOrjsnrc4c_eeVPCHZ49q9nFx6fHj0DMxUyU-Ez-YSgr-5NruuS7F3XpSU_XM1ymcgRrd3fzGkuTjy8JG6X2vCL5-z42_dZDdTtoxvC5pdpymXat-S7Dcm5MOe1YYL8eNFuiehaYbc3CpMW2eVrH5y_mGRGWCt1OgWt75neApMzcuolNn_Z7c0K0kxhigpJcUgWAakPwLI7sNmSv9UERi13osxBWVQT046WH5UkUGI506iC_c8cLfuJofXfVFa79h76pgGa30WaVBiYCgNVgaoxbHFikmfm8Ozv_jwQqcYkUqaxFymjvprLPCNbvzyBlUfNTjvyu71eV8RdHvvcb_s87LgiDGjYDcKgg9zOtlduin8DAAD__9zGXmzABAAA

192.243.61.227

200 OK

0 B

URL

invadedisheartentrail.com/ren.gif?sid=H4sIAAAAAAAC_1RSz4scRRitnqwnBUkIXkSYgwcVd7Z7umd22hyCa0wIiUnIRhbJQaqrqmfLre7qVHVPT-YUDEgOHgZPeut9s8liDEH_AEFnAx4WBMfTHrIQ9C9QyFGkJwOj3-H70e9reN979cVucUwCFPTo2kd6JJWia52W23xrS6Zcl7Z55UbTc1vumeaWTLvBmeawTmbwnucHLfft5gXBdvRa2_Vc13O95nlpRKyHa3MUMnsUeq3QbQXtltcJMDT_n23hwFIHfHBMTkHy2at_xDch2RRp8v05YXdynb37YVIommuDAd__ON1JdZkiWbaxcRCn-4ttaDsj5OsGdLq_uAB6sFdfgEjOSOO1p4jS_QVNRIP7L5hGCiJFxF9GOZhCqCkknYLpu5D8NwIwjitXkSYPrmhT0tsvUFqjM7Ly_G_IckZWnp5GmjzeUHLY3NSqyKVOLYZxBTmcQvanyIoD5KMGZHkAln8OyX8la88vI032rlqlIfnRm-uM8a4f-quRCNhq0GNsNewF4WonZFEvdD3GuTuXSMZTKDEGtQ0U1kEhHRSxgyJzkPCjZuD2AuZRvxuHnK27AQ0CLiI37LVdl4ZsHQWr-Y-RZ2MwNQYzd5CZO9iRY5jiJ9jtCpY7sDnBgFcoBUFpCUpKUEqCMicoB9V9rmzbVg-4skXkLWp7Uf1qovP-Lr2v875ICagZw_BqT2a37F2w_MRkFNtLE10nGuUPNzZXu71gNfjUndCIV7vZMTlZi-x8-c_P2BFHTSbCjgj82O90fOG5PA56vXbMaMcL1z0WdGBlBWkboNbBqHb8nW-QyRkhY4KIHsCqAzB5ErR4A7SsQLcrjNL9RAxpy26D6wpZvoL8trOrjsnrc4c_eeVPCHZ49q9nFx6fHj0DMxUyU-Ez-YSgr-5NruuS7F3XpSU_XM1ymcgRrd3fzGkuTjy8JG6X2vCL5-z42_dZDdTtoxvC5pdpymXat-S7Dcm5MOe1YYL8eNFuiehaYbc3CpMW2eVrH5y_mGRGWCt1OgWt75neApMzcuolNn_Z7c0K0kxhigpJcUgWAakPwLI7sNmSv9UERi13osxBWVQT046WH5UkUGI506iC_c8cLfuJofXfVFa79h76pgGa30WaVBiYCgNVgaoxbHFikmfm8Ozv_jwQqcYkUqaxFymjvprLPCNbvzyBlUfNTjvyu71eV8RdHvvcb_s87LgiDGjYDcKgg9zOtlduin8DAAD__9zGXmzABAAA

IP / ASN

192.243.61.227

#39572 DataWeb Global Group B.V.

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectinvadedisheartentrail.com

Fingerprint4C:E6:A1:D2:DA:AC:8F:7B:2B:57:87:F0:23:C5:B4:06:CD:6B:F8:CE

ValidityFri, 28 Feb 2025 21:32:05 GMT - Thu, 29 May 2025 21:32:04 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC_1RSz4scRRitnqwnBUkIXkSYgwcVd7Z7umd22hyCa0wIiUnIRhbJQaqrqmfLre7qVHVPT-YUDEgOHgZPeut9s8liDEH_AEFnAx4WBMfTHrIQ9C9QyFGkJwOj3-H70e9reN979cVucUwCFPTo2kd6JJWia52W23xrS6Zcl7Z55UbTc1vumeaWTLvBmeawTmbwnucHLfft5gXBdvRa2_Vc13O95nlpRKyHa3MUMnsUeq3QbQXtltcJMDT_n23hwFIHfHBMTkHy2at_xDch2RRp8v05YXdynb37YVIommuDAd__ON1JdZkiWbaxcRCn-4ttaDsj5OsGdLq_uAB6sFdfgEjOSOO1p4jS_QVNRIP7L5hGCiJFxF9GOZhCqCkknYLpu5D8NwIwjitXkSYPrmhT0tsvUFqjM7Ly_G_IckZWnp5GmjzeUHLY3NSqyKVOLYZxBTmcQvanyIoD5KMGZHkAln8OyX8la88vI032rlqlIfnRm-uM8a4f-quRCNhq0GNsNewF4WonZFEvdD3GuTuXSMZTKDEGtQ0U1kEhHRSxgyJzkPCjZuD2AuZRvxuHnK27AQ0CLiI37LVdl4ZsHQWr-Y-RZ2MwNQYzd5CZO9iRY5jiJ9jtCpY7sDnBgFcoBUFpCUpKUEqCMicoB9V9rmzbVg-4skXkLWp7Uf1qovP-Lr2v875ICagZw_BqT2a37F2w_MRkFNtLE10nGuUPNzZXu71gNfjUndCIV7vZMTlZi-x8-c_P2BFHTSbCjgj82O90fOG5PA56vXbMaMcL1z0WdGBlBWkboNbBqHb8nW-QyRkhY4KIHsCqAzB5ErR4A7SsQLcrjNL9RAxpy26D6wpZvoL8trOrjsnrc4c_eeVPCHZ49q9nFx6fHj0DMxUyU-Ez-YSgr-5NruuS7F3XpSU_XM1ymcgRrd3fzGkuTjy8JG6X2vCL5-z42_dZDdTtoxvC5pdpymXat-S7Dcm5MOe1YYL8eNFuiehaYbc3CpMW2eVrH5y_mGRGWCt1OgWt75neApMzcuolNn_Z7c0K0kxhigpJcUgWAakPwLI7sNmSv9UERi13osxBWVQT046WH5UkUGI506iC_c8cLfuJofXfVFa79h76pgGa30WaVBiYCgNVgaoxbHFikmfm8Ozv_jwQqcYkUqaxFymjvprLPCNbvzyBlUfNTjvyu71eV8RdHvvcb_s87LgiDGjYDcKgg9zOtlduin8DAAD__9zGXmzABAAA HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:46 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 31d0ee70b396c4af1b1a43396ab93801
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET experttrafficcounter.com/stats

18.198.132.236

200 OK

40 B

URL

experttrafficcounter.com/stats

IP / ASN

18.198.132.236

#16509 AMAZON-02

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeASCII text, with no line terminators

First Seen2025-04-20

Last Seen2025-04-20

Times Seen1

Size40 B (40 bytes)

MD52a54ac91cbafd3580501b1a702be7311

SHA175d595c3c1efcd8b796bb3732f2c27dd49e1524e

SHA256e19285b775b1509398af1c65f2c891545406be0e643ba3644b43f53affff1833

Certificate Info

IssuerAmazon

Subjectexperttrafficcounter.com

FingerprintEE:A0:89:D0:CF:A2:E2:EC:50:6D:6C:20:D2:5A:BB:B9:8C:6E:3F:CC

ValidityThu, 23 Jan 2025 00:00:00 GMT - Sat, 21 Feb 2026 23:59:59 GMT

HTTP Headers

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:26:44 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mexa.sh
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=7ccd6393-be4c-48cc-9849-59cb8901cdd0:2:1; expires=Wed, 18 Apr 2035 02:26:44 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET invadedisheartentrail.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fstyle.css&l=8924&fd=239

172.240.127.234

200 OK

0 B

URL

invadedisheartentrail.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fstyle.css&l=8924&fd=239

IP / ASN

172.240.127.234

#7979 SERVERS-COM

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectinvadedisheartentrail.com

Fingerprint4C:E6:A1:D2:DA:AC:8F:7B:2B:57:87:F0:23:C5:B4:06:CD:6B:F8:CE

ValidityFri, 28 Feb 2025 21:32:05 GMT - Thu, 29 May 2025 21:32:04 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fstyle.css&l=8924&fd=239 HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:46 GMT
Content-Length: 0
Connection: keep-alive
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET waisheph.com/?rb=o7PKnlB6gn2a6k7GqXJDSpsSkDKE96zYNG_jyDGtOY-X9yCeUfcrdnQxbyDY9vCpRe4_Z8AjeTOa5ySN7ouY6R5D8x1V5h7Z_ji_cW_6H6ISTyg-vm8UO16D9GNJnMBUSb7m5kWVAM-aV3xNy6FJPtY_vvJpBwCwuRJzWng5oM-B1FFsGM6Yq7tP7Pwwbdw02kOgDPMsaEpmpWjfPb9s3sFsxmmhZiR3bAinEgK2H2MlguzXFtsOlXC1uiMs7ytsNSuu-DOrBOPbbtAlKwPcIVYNi0c%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1126.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Ftzmhriiukc6s%2FGame-RJ01166703.part2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=llvmpipe&js_build=iclick-v1.1126.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=4c888770-3669-4e91-b97c-f047aac2d0b1&wasm=1&userId=0081b1a07efc4302f9157ec198f80b6f&m=link

139.45.197.119

200 OK

2.3 kB

URL

waisheph.com/?rb=o7PKnlB6gn2a6k7GqXJDSpsSkDKE96zYNG_jyDGtOY-X9yCeUfcrdnQxbyDY9vCpRe4_Z8AjeTOa5ySN7ouY6R5D8x1V5h7Z_ji_cW_6H6ISTyg-vm8UO16D9GNJnMBUSb7m5kWVAM-aV3xNy6FJPtY_vvJpBwCwuRJzWng5oM-B1FFsGM6Yq7tP7Pwwbdw02kOgDPMsaEpmpWjfPb9s3sFsxmmhZiR3bAinEgK2H2MlguzXFtsOlXC1uiMs7ytsNSuu-DOrBOPbbtAlKwPcIVYNi0c%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1126.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Ftzmhriiukc6s%2FGame-RJ01166703.part2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=llvmpipe&js_build=iclick-v1.1126.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=4c888770-3669-4e91-b97c-f047aac2d0b1&wasm=1&userId=0081b1a07efc4302f9157ec198f80b6f&m=link

IP / ASN

139.45.197.119

#9002 RETN Limited

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJSON text data

First Seen2025-04-20

Last Seen2025-04-20

Times Seen1

Size2.3 kB (2283 bytes)

MD507b9e4ec3d1d9af0246b6ae69840173a

SHA17ac0f977e73e2648795633653655c6cccf985616

SHA2564f7db279f82977594ce82098b3adbf38c7f23fd8b2fe1323e85341bc70f5bf49

Certificate Info

IssuerLet's Encrypt

Subjectwaisheph.com

Fingerprint2F:DC:B5:CD:9D:81:2D:67:4D:2A:BF:A5:28:D4:1A:B9:F9:CE:C6:AC

ValidityFri, 11 Apr 2025 05:22:09 GMT - Thu, 10 Jul 2025 05:22:08 GMT

HTTP Headers

GET /?rb=o7PKnlB6gn2a6k7GqXJDSpsSkDKE96zYNG_jyDGtOY-X9yCeUfcrdnQxbyDY9vCpRe4_Z8AjeTOa5ySN7ouY6R5D8x1V5h7Z_ji_cW_6H6ISTyg-vm8UO16D9GNJnMBUSb7m5kWVAM-aV3xNy6FJPtY_vvJpBwCwuRJzWng5oM-B1FFsGM6Yq7tP7Pwwbdw02kOgDPMsaEpmpWjfPb9s3sFsxmmhZiR3bAinEgK2H2MlguzXFtsOlXC1uiMs7ytsNSuu-DOrBOPbbtAlKwPcIVYNi0c%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1126.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Ftzmhriiukc6s%2FGame-RJ01166703.part2.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=llvmpipe&js_build=iclick-v1.1126.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=4c888770-3669-4e91-b97c-f047aac2d0b1&wasm=1&userId=0081b1a07efc4302f9157ec198f80b6f&m=link HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Cookie: OAID=0081b1a07efc4302f9157ec198f80b6f; oaidts=1745116002
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 20 Apr 2025 02:26:45 GMT
content-type: application/json
x-trace-id: 4cadf4663e753a12ba158cd37b7b4881
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0081b1a07efc4302f9157ec198f80b6f; expires=Mon, 20 Apr 2026 02:26:45 GMT; path=/; secure; SameSite=None
oaidts=1745116005; expires=Mon, 20 Apr 2026 02:26:45 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 27 Apr 2025 02:26:45 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET straightforwardaudition.com/sbar.json?key=ce95e43f3553e10df4882fca51971c45&abt=BS-684-4_0&uuid=7ccd6393-be4c-48cc-9849-59cb8901cdd0%3A2%3A1

172.240.108.84

200 OK

13 kB

URL

straightforwardaudition.com/sbar.json?key=ce95e43f3553e10df4882fca51971c45&abt=BS-684-4_0&uuid=7ccd6393-be4c-48cc-9849-59cb8901cdd0%3A2%3A1

IP / ASN

172.240.108.84

#7979 SERVERS-COM

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJSON text data

First Seen2025-04-20

Last Seen2025-04-20

Times Seen1

Size13 kB (12758 bytes)

MD58111125a8d6485d8d1135c397de95bc6

SHA103a5a136403f84af7d9222d2e8c24866ee7a879d

SHA256d5205f1ac163d3048238d369fdd998162befd5f31967046e553fa65b1efd4166

Certificate Info

IssuerLet's Encrypt

Subjectstraightforwardaudition.com

Fingerprint03:17:64:F3:5F:29:6C:69:80:21:02:84:80:4E:0C:06:35:8D:EE:42

ValidityWed, 19 Feb 2025 02:53:12 GMT - Tue, 20 May 2025 02:53:11 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=ce95e43f3553e10df4882fca51971c45&abt=BS-684-4_0&uuid=7ccd6393-be4c-48cc-9849-59cb8901cdd0%3A2%3A1 HTTP/1.1
Host: straightforwardaudition.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:45 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
custom-referer: https://mexa.sh
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
set-cookie: uid_id2=7ccd6393-be4c-48cc-9849-59cb8901cdd0:2:1; expires=Sun, 27 Apr 2025 02:26:45 GMT; path=/; secure; SameSite=None
pdhtkv=true; expires=Mon, 21 Apr 2025 02:26:45 GMT; path=/; secure; SameSite=None
uncs=1; expires=Mon, 21 Apr 2025 02:26:45 GMT; path=/; secure; SameSite=None
pdhtkv29=true; expires=Mon, 21 Apr 2025 02:26:45 GMT; path=/; secure; SameSite=None
uncs29=1; expires=Mon, 21 Apr 2025 02:26:45 GMT; path=/; secure; SameSite=None
u_pl26017473=1; expires=Mon, 21 Apr 2025 02:26:45 GMT; path=/; secure; SameSite=None
slecce95e43f3553e10df4882fca51971c45=[5836004,5752772]; expires=Sun, 20 Apr 2025 02:26:50 GMT; path=/; secure; SameSite=None
x-envoy-upstream-service-time: 233
Host: straightforwardaudition.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 8a93aff2b1957d70a56b9dc8168e8aa4
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.10

200 OK

17 kB

URL

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

IP / ASN

142.250.74.10

#15169 GOOGLE

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeASCII text, with very long lines (1572)

First Seen2025-01-09

Last Seen2025-07-17

Times Seen705

Size17 kB (16755 bytes)

MD5079d175a37af415fe31b05b4ee3f0c6d

SHA1e14b499ae075d1437a3d19c061ce5c47e70ebaf9

SHA2569407ac88551e3046045786d43d427ded47b0133ac0acb85f8604743885d06d4b

Certificate Info

IssuerGoogle Trust Services

Subjectupload.video.google.com

Fingerprint06:13:4C:49:F4:23:BB:58:C3:31:41:0E:F9:E0:C5:EF:74:A9:0C:67

ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 20 Apr 2025 02:26:46 GMT
date: Sun, 20 Apr 2025 02:26:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET invadedisheartentrail.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fanimate.css&l=78693&fd=210

192.243.61.227

200 OK

0 B

URL

invadedisheartentrail.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fanimate.css&l=78693&fd=210

IP / ASN

192.243.61.227

#39572 DataWeb Global Group B.V.

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectinvadedisheartentrail.com

Fingerprint4C:E6:A1:D2:DA:AC:8F:7B:2B:57:87:F0:23:C5:B4:06:CD:6B:F8:CE

ValidityFri, 28 Feb 2025 21:32:05 GMT - Thu, 29 May 2025 21:32:04 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fanimate.css&l=78693&fd=210 HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:46 GMT
Content-Length: 0
Connection: keep-alive
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET mexa.sh/js/jquery.paging.js

188.114.96.1

200 OK

19 kB

URL

mexa.sh/js/jquery.paging.js

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJavaScript source, ASCII text

First Seen2023-03-07

Last Seen2025-08-01

Times Seen2849

Size19 kB (19365 bytes)

MD5d7a2c1c7af2a004a6d68e1e55b1cfb46

SHA17fd6daa7076c30381880519ad06ef5639b19ee28

SHA256c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /js/jquery.paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: application/javascript
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:32 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 30
priority: u=2,i=?0
etag: W/"4ba5-550b66e847e00"
content-encoding: br
cf-ray: 933132c579dcb500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET my.rtmark.net/gid.js?userId=0081b1a07efc4302f9157ec198f80b6f

172.64.146.234

200 OK

65 B

URL

my.rtmark.net/gid.js?userId=0081b1a07efc4302f9157ec198f80b6f

IP / ASN

172.64.146.234

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJSON text data

First Seen2025-04-20

Last Seen2025-04-20

Times Seen1

Size65 B (65 bytes)

MD5f9997e92a85f2b8585dc7b5e809b88d5

SHA177890e3a0024216977f5cb8972e76a8fd66bacd6

SHA256dace7ed2fb035e47eb005fb0b53716af9c75e7fbc55701835cf413250103b720

Certificate Info

IssuerGoogle Trust Services

Subjectmy.rtmark.net

Fingerprint03:52:6A:BD:35:83:43:81:AF:25:BB:A3:26:97:D1:78:25:73:A4:C9

ValidityTue, 04 Mar 2025 10:39:32 GMT - Mon, 02 Jun 2025 11:39:29 GMT

HTTP Headers

GET /gid.js?userId=0081b1a07efc4302f9157ec198f80b6f HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:26:43 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mexa.sh
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0081b1a07efc4302f9157ec198f80b6f; expires=Mon, 20 Apr 2026 02:26:43 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 933132cd299556ab-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mexa.sh/tzmhriiukc6s/favicon.ico

188.114.96.1

302 Found

14 kB

URL

mexa.sh/tzmhriiukc6s/favicon.ico

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size14 kB (14113 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /tzmhriiukc6s/favicon.ico HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english; _ga_SBML259V1V=GS1.1.1745116004.1.0.1745116004.0.0.0; _ga=GA1.1.202770690.1745116004
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Sun, 20 Apr 2025 02:26:44 GMT
content-length: 0
location: https://mexa.sh/tzmhriiukc6s
server: cloudflare
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
priority: u=6,i=?0
cf-ray: 933132d41f6ab500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET cdn.storageimagedisplay.com/si/df/9b/22/df9b22b15aa60f8a7f156d036d2d74010bcdcf7c84226088ef82ac0d6ee5fc15.png

45.133.44.1

200 OK

12 kB

URL

cdn.storageimagedisplay.com/si/df/9b/22/df9b22b15aa60f8a7f156d036d2d74010bcdcf7c84226088ef82ac0d6ee5fc15.png

IP / ASN

45.133.44.1

#39572 DataWeb Global Group B.V.

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 192x192, components 3

First Seen2025-03-08

Last Seen2025-05-19

Times Seen19

Size12 kB (12304 bytes)

MD5277f496a855bfd3066475eafbc34289d

SHA1bc00f608be58e658776a54a9b19914e2a6381380

SHA256022e29a7b31852e024be27a0660f72cec13f7ea76a246cd049060b505eabad6d

Certificate Info

IssuerLet's Encrypt

Subjectcdn.storageimagedisplay.com

Fingerprint44:32:60:54:16:79:8E:ED:60:B9:DD:B2:36:7C:B0:DC:CC:F5:B5:5C

ValidityWed, 12 Mar 2025 02:33:05 GMT - Tue, 10 Jun 2025 02:33:04 GMT

HTTP Headers

GET /si/df/9b/22/df9b22b15aa60f8a7f156d036d2d74010bcdcf7c84226088ef82ac0d6ee5fc15.png HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:26:46 GMT
content-type: image/png
content-length: 12304
server: nginx/1.21.6
last-modified: Mon, 03 Mar 2025 21:00:28 GMT
etag: "67c6186c-3010"
expires: Tue, 22 Apr 2025 02:26:46 GMT
cache-control: max-age=172800
x-cdn-host-id: ah0543
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET cdn.creative-stat1.com/sb/ssp/utility/live-message/3-2/js/jquery.min.js

188.114.96.1

200 OK

90 kB

URL

cdn.creative-stat1.com/sb/ssp/utility/live-message/3-2/js/jquery.min.js

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65451)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen2977

Size90 kB (89492 bytes)

MD5561acb3e541133bbdd2c0c19f8ee35a1

SHA1ffd1353cf3f77d25f801c84d8208613eb0d3d548

SHA2569fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc

Certificate Info

IssuerGoogle Trust Services

Subjectcreative-stat1.com

Fingerprint0B:D7:09:43:6C:42:76:92:3B:8C:0E:15:43:A3:A3:AC:94:B2:C2:CB

ValiditySun, 13 Apr 2025 21:34:38 GMT - Sat, 12 Jul 2025 22:33:20 GMT

HTTP Headers

GET /sb/ssp/utility/live-message/3-2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:26:46 GMT
content-type: application/javascript
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:43 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 345440
etag: W/"65aa84ff-15d94"
content-encoding: br
cf-ray: 933132e02b4c7129-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET invadedisheartentrail.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fjs%2Fscript.js&l=1173&fd=263

192.243.61.227

200 OK

0 B

URL

invadedisheartentrail.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fjs%2Fscript.js&l=1173&fd=263

IP / ASN

192.243.61.227

#39572 DataWeb Global Group B.V.

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectinvadedisheartentrail.com

Fingerprint4C:E6:A1:D2:DA:AC:8F:7B:2B:57:87:F0:23:C5:B4:06:CD:6B:F8:CE

ValidityFri, 28 Feb 2025 21:32:05 GMT - Thu, 29 May 2025 21:32:04 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fjs%2Fscript.js&l=1173&fd=263 HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:46 GMT
Content-Length: 0
Connection: keep-alive
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET mexa.sh/js/jquery-1.9.1.min.js

188.114.96.1

200 OK

93 kB

URL

mexa.sh/js/jquery-1.9.1.min.js

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32089)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen18471

Size93 kB (92629 bytes)

MD5397754ba49e9e0cf4e7c190da78dda05

SHA1ae49e56999d82802727455f0ba83b63acd90a22b

SHA256c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /js/jquery-1.9.1.min.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: application/javascript
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:32 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 30
priority: u=2,i=?0
etag: W/"169d5-550b66e847e00"
content-encoding: br
cf-ray: 933132c579d7b500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET capaciousdrewreligion.com/advertisers.js

185.196.197.72

200 OK

0 B

URL

capaciousdrewreligion.com/advertisers.js

IP / ASN

185.196.197.72

#39572 DataWeb Global Group B.V.

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectcapaciousdrewreligion.com

FingerprintF2:06:B4:93:08:6A:C2:08:91:7D:7A:22:BE:44:FF:74:BE:CC:0C:2E

ValidityMon, 03 Mar 2025 21:07:24 GMT - Sun, 01 Jun 2025 21:07:23 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:44 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: cffbe1d89f21a71bcc2a140fa77f54cf
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET unseenreport.com/pxf.gif?uuid=7ccd6393-be4c-48cc-9849-59cb8901cdd0&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=ce95e43f3553e10df4882fca51971c45&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2

192.243.59.12

200 OK

0 B

URL

unseenreport.com/pxf.gif?uuid=7ccd6393-be4c-48cc-9849-59cb8901cdd0&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=ce95e43f3553e10df4882fca51971c45&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2

IP / ASN

192.243.59.12

#39572 DataWeb Global Group B.V.

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subject*.unseenreport.com

FingerprintE0:4C:2E:29:FF:E3:0A:E7:2C:96:4B:AD:13:1B:9D:AB:A0:91:35:A7

ValidityTue, 18 Mar 2025 22:26:47 GMT - Mon, 16 Jun 2025 22:26:46 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=7ccd6393-be4c-48cc-9849-59cb8901cdd0&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=ce95e43f3553e10df4882fca51971c45&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 20 Apr 2025 02:26:46 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: unseenreport.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 6173f1f05c138fdfec0accc1a3ee0cae
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET mexa.sh/images/no211.png

188.114.96.1

200 OK

720 B

URL

mexa.sh/images/no211.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen97

Size720 B (720 bytes)

MD55508fda2890fd7f0368dcb662b600dd8

SHA11bcb3a7bfbb7d9085116d57ff120929628d68440

SHA2564412e2285d723b472c86f2bd2ecc0b8009d26eea38d3a906d7bce0e512677726

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/no211.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 720
server: cloudflare
last-modified: Mon, 26 Aug 2019 15:38:33 GMT
etag: "2d0-59106f2ce7040"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1409
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c5ca09b500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/navicon6.png

188.114.96.1

200 OK

1.2 kB

URL

mexa.sh/images/navicon6.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size1.2 kB (1175 bytes)

MD591f3dc42cd20fcc67b1f9e4d026ae636

SHA14eb701d8acffe7471ca14183d83fdc8e5d57bec5

SHA256a9a1670e3a3b68ddead344606fe60843fc01d9cb439094ad9f813a5b6f072659

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/navicon6.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 1175
server: cloudflare
last-modified: Fri, 11 Jun 2021 12:43:51 GMT
etag: "497-5c47cdc166fc0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1409
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c5a9f8b500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/navbara.png

188.114.96.1

200 OK

22 kB

URL

mexa.sh/images/navbara.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size22 kB (22290 bytes)

MD5e7c056eea6e071b1f5309d5db50c057a

SHA1833e979751da5fffe28b8761b322d16481a24c2e

SHA25634785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/navbara.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:43 GMT
content-type: image/png
content-length: 22290
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5712-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1409
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132d04df2b500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET invadedisheartentrail.com/impr.gif?sid=H4sIAAAAAAAC_1RSz4scRRitnqwnBUkIXkSYgwcVd7Z7umd22hyCa0wIiUnIRhbJQaqrqmfLre7qVHVPT-YUDEgOHgZPeut9s8liDEH_AEFnAx4WBMfTHrIQ9C9QyFGkJwOj3-H70e9reN979cVucUwCFPTo2kd6JJWia52W23xrS6Zcl7Z55UbTc1vumeaWTLvBmeawTmbwnucHLfft5gXBdvRa2_Vc13O95nlpRKyHa3MUMnsUeq3QbQXtltcJMDT_n23hwFIHfHBMTkHy2at_xDch2RRp8v05YXdynb37YVIommuDAd__ON1JdZkiWbaxcRCn-4ttaDsj5OsGdLq_uAB6sFdfgEjOSOO1p4jS_QVNRIP7L5hGCiJFxF9GOZhCqCkknYLpu5D8NwIwjitXkSYPrmhT0tsvUFqjM7Ly_G_IckZWnp5GmjzeUHLY3NSqyKVOLYZxBTmcQvanyIoD5KMGZHkAln8OyX8la88vI032rlqlIfnRm-uM8a4f-quRCNhq0GNsNewF4WonZFEvdD3GuTuXSMZTKDEGtQ0U1kEhHRSxgyJzkPCjZuD2AuZRvxuHnK27AQ0CLiI37LVdl4ZsHQWr-Y-RZ2MwNQYzd5CZO9iRY5jiJ9jtCpY7sDnBgFcoBUFpCUpKUEqCMicoB9V9rmzbVg-4skXkLWp7Uf1qovP-Lr2v875ICagZw_BqT2a37F2w_MRkFNtLE10nGuUPNzZXu71gNfjUndCIV7vZMTlZi-x8-c_P2BFHTSbCjgj82O90fOG5PA56vXbMaMcL1z0WdGBlBWkboNbBqHb8nW-QyRkhY4KIHsCqAzB5ErR4A7SsQLcrjNL9RAxpy26D6wpZvoL8trOrjsnrc4c_eeVPCHZ49q9nFx6fHj0DMxUyU-Ez-YSgr-5NruuS7F3XpSU_XM1ymcgRrd3fzGkuTjy8JG6X2vCL5-z42_dZDdTtoxvC5pdpymXat-S7Dcm5MOe1YYL8eNFuiehaYbc3CpMW2eVrH5y_mGRGWCt1OgWt75neApMzcuolNn_Z7c0K0kxhigpJcUgWAakPwLI7sNmSv9UERi13osxBWVQT046WH5UkUGI506iC_c8cLfuJofXfVFa79h76pgGa30WaVBiYCgNVgaoxbHFikmfm8Ozv_jwQqcYkUqaxFymjvprLPCNbvzyBlUfN2Bdt5rq99a7n92Lh-QFncacXhLxLXd8XyO1se-Wm-DcAAP__IK7OssAEAAA=

192.243.61.227

200 OK

0 B

URL

invadedisheartentrail.com/impr.gif?sid=H4sIAAAAAAAC_1RSz4scRRitnqwnBUkIXkSYgwcVd7Z7umd22hyCa0wIiUnIRhbJQaqrqmfLre7qVHVPT-YUDEgOHgZPeut9s8liDEH_AEFnAx4WBMfTHrIQ9C9QyFGkJwOj3-H70e9reN979cVucUwCFPTo2kd6JJWia52W23xrS6Zcl7Z55UbTc1vumeaWTLvBmeawTmbwnucHLfft5gXBdvRa2_Vc13O95nlpRKyHa3MUMnsUeq3QbQXtltcJMDT_n23hwFIHfHBMTkHy2at_xDch2RRp8v05YXdynb37YVIommuDAd__ON1JdZkiWbaxcRCn-4ttaDsj5OsGdLq_uAB6sFdfgEjOSOO1p4jS_QVNRIP7L5hGCiJFxF9GOZhCqCkknYLpu5D8NwIwjitXkSYPrmhT0tsvUFqjM7Ly_G_IckZWnp5GmjzeUHLY3NSqyKVOLYZxBTmcQvanyIoD5KMGZHkAln8OyX8la88vI032rlqlIfnRm-uM8a4f-quRCNhq0GNsNewF4WonZFEvdD3GuTuXSMZTKDEGtQ0U1kEhHRSxgyJzkPCjZuD2AuZRvxuHnK27AQ0CLiI37LVdl4ZsHQWr-Y-RZ2MwNQYzd5CZO9iRY5jiJ9jtCpY7sDnBgFcoBUFpCUpKUEqCMicoB9V9rmzbVg-4skXkLWp7Uf1qovP-Lr2v875ICagZw_BqT2a37F2w_MRkFNtLE10nGuUPNzZXu71gNfjUndCIV7vZMTlZi-x8-c_P2BFHTSbCjgj82O90fOG5PA56vXbMaMcL1z0WdGBlBWkboNbBqHb8nW-QyRkhY4KIHsCqAzB5ErR4A7SsQLcrjNL9RAxpy26D6wpZvoL8trOrjsnrc4c_eeVPCHZ49q9nFx6fHj0DMxUyU-Ez-YSgr-5NruuS7F3XpSU_XM1ymcgRrd3fzGkuTjy8JG6X2vCL5-z42_dZDdTtoxvC5pdpymXat-S7Dcm5MOe1YYL8eNFuiehaYbc3CpMW2eVrH5y_mGRGWCt1OgWt75neApMzcuolNn_Z7c0K0kxhigpJcUgWAakPwLI7sNmSv9UERi13osxBWVQT046WH5UkUGI506iC_c8cLfuJofXfVFa79h76pgGa30WaVBiYCgNVgaoxbHFikmfm8Ozv_jwQqcYkUqaxFymjvprLPCNbvzyBlUfN2Bdt5rq99a7n92Lh-QFncacXhLxLXd8XyO1se-Wm-DcAAP__IK7OssAEAAA=

IP / ASN

192.243.61.227

#39572 DataWeb Global Group B.V.

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectinvadedisheartentrail.com

Fingerprint4C:E6:A1:D2:DA:AC:8F:7B:2B:57:87:F0:23:C5:B4:06:CD:6B:F8:CE

ValidityFri, 28 Feb 2025 21:32:05 GMT - Thu, 29 May 2025 21:32:04 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC_1RSz4scRRitnqwnBUkIXkSYgwcVd7Z7umd22hyCa0wIiUnIRhbJQaqrqmfLre7qVHVPT-YUDEgOHgZPeut9s8liDEH_AEFnAx4WBMfTHrIQ9C9QyFGkJwOj3-H70e9reN979cVucUwCFPTo2kd6JJWia52W23xrS6Zcl7Z55UbTc1vumeaWTLvBmeawTmbwnucHLfft5gXBdvRa2_Vc13O95nlpRKyHa3MUMnsUeq3QbQXtltcJMDT_n23hwFIHfHBMTkHy2at_xDch2RRp8v05YXdynb37YVIommuDAd__ON1JdZkiWbaxcRCn-4ttaDsj5OsGdLq_uAB6sFdfgEjOSOO1p4jS_QVNRIP7L5hGCiJFxF9GOZhCqCkknYLpu5D8NwIwjitXkSYPrmhT0tsvUFqjM7Ly_G_IckZWnp5GmjzeUHLY3NSqyKVOLYZxBTmcQvanyIoD5KMGZHkAln8OyX8la88vI032rlqlIfnRm-uM8a4f-quRCNhq0GNsNewF4WonZFEvdD3GuTuXSMZTKDEGtQ0U1kEhHRSxgyJzkPCjZuD2AuZRvxuHnK27AQ0CLiI37LVdl4ZsHQWr-Y-RZ2MwNQYzd5CZO9iRY5jiJ9jtCpY7sDnBgFcoBUFpCUpKUEqCMicoB9V9rmzbVg-4skXkLWp7Uf1qovP-Lr2v875ICagZw_BqT2a37F2w_MRkFNtLE10nGuUPNzZXu71gNfjUndCIV7vZMTlZi-x8-c_P2BFHTSbCjgj82O90fOG5PA56vXbMaMcL1z0WdGBlBWkboNbBqHb8nW-QyRkhY4KIHsCqAzB5ErR4A7SsQLcrjNL9RAxpy26D6wpZvoL8trOrjsnrc4c_eeVPCHZ49q9nFx6fHj0DMxUyU-Ez-YSgr-5NruuS7F3XpSU_XM1ymcgRrd3fzGkuTjy8JG6X2vCL5-z42_dZDdTtoxvC5pdpymXat-S7Dcm5MOe1YYL8eNFuiehaYbc3CpMW2eVrH5y_mGRGWCt1OgWt75neApMzcuolNn_Z7c0K0kxhigpJcUgWAakPwLI7sNmSv9UERi13osxBWVQT046WH5UkUGI506iC_c8cLfuJofXfVFa79h76pgGa30WaVBiYCgNVgaoxbHFikmfm8Ozv_jwQqcYkUqaxFymjvprLPCNbvzyBlUfN2Bdt5rq99a7n92Lh-QFncacXhLxLXd8XyO1se-Wm-DcAAP__IK7OssAEAAA= HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:47 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 6595aca77c146e945b1f1a7afc0abbe8
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET experttrafficcounter.com/stats

18.198.132.236

200 OK

40 B

URL

experttrafficcounter.com/stats

IP / ASN

18.198.132.236

#16509 AMAZON-02

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeASCII text, with no line terminators

First Seen2025-04-20

Last Seen2025-04-20

Times Seen1

Size40 B (40 bytes)

MD52a54ac91cbafd3580501b1a702be7311

SHA175d595c3c1efcd8b796bb3732f2c27dd49e1524e

SHA256e19285b775b1509398af1c65f2c891545406be0e643ba3644b43f53affff1833

Certificate Info

IssuerAmazon

Subjectexperttrafficcounter.com

FingerprintEE:A0:89:D0:CF:A2:E2:EC:50:6D:6C:20:D2:5A:BB:B9:8C:6E:3F:CC

ValidityThu, 23 Jan 2025 00:00:00 GMT - Sat, 21 Feb 2026 23:59:59 GMT

HTTP Headers

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Cookie: uid_id2=7ccd6393-be4c-48cc-9849-59cb8901cdd0:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:26:45 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mexa.sh
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

POST straightforwardaudition.com/pixel/pure

172.240.127.234

200 OK

0 B

URL

straightforwardaudition.com/pixel/pure

IP / ASN

172.240.127.234

#7979 SERVERS-COM

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectstraightforwardaudition.com

Fingerprint03:17:64:F3:5F:29:6C:69:80:21:02:84:80:4E:0C:06:35:8D:EE:42

ValidityWed, 19 Feb 2025 02:53:12 GMT - Tue, 20 May 2025 02:53:11 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /pixel/pure HTTP/1.1
Host: straightforwardaudition.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 74
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:45 GMT
Content-Length: 0
Connection: keep-alive
Host: straightforwardaudition.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET mexa.sh/images/logo1_1x.png

188.114.96.1

200 OK

38 kB

URL

mexa.sh/images/logo1_1x.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 300 x 70, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size38 kB (38035 bytes)

MD5037f1c3e351f635f706eda54b812c40a

SHA18aa7dd796e3b41fdf3f523edf6a24995fc6ca8fa

SHA25630ef46dd068df61a603fa7a022c1aecd1a841c58d98fd1ceceea80ba342e8408

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/logo1_1x.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 38035
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "9493-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 30
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c599ecb500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/flags.png

188.114.96.1

200 OK

30 kB

URL

mexa.sh/images/flags.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 1248 x 11, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size30 kB (29723 bytes)

MD5df0a3afc77d0c08cdea27ac3a7b9620c

SHA18248d5c5e5eddeaa75a5a0b5490b58e0e61b6900

SHA256a38e9ae7d0318307be9b3c7aaccaf64e484d775fe9a507f850b9e4bfa314cf03

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/flags.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/style.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 29723
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "741b-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1408
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c81adcb500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

OPTIONS waisheph.com/wrr?z=7359319&p_rid=4c888770-3669-4e91-b97c-f047aac2d0b1&rb=o7PKnlB6gn2a6k7GqXJDSpsSkDKE96zYNG_jyDGtOY-X9yCeUfcrdnQxbyDY9vCpRe4_Z8AjeTOa5ySN7ouY6R5D8x1V5h7Z_ji_cW_6H6ISTyg-vm8UO16D9GNJnMBUSb7m5kWVAM-aV3xNy6FJPtY_vvJpBwCwuRJzWng5oM-B1FFsGM6Yq7tP7Pwwbdw02kOgDPMsaEpmpWjfPb9s3sFsxmmhZiR3bAinEgK2H2MlguzXFtsOlXC1uiMs7ytsNSuu-DOrBOPbbtAlKwPcIVYNi0c=&dmn=waisheph.com&userId=0081b1a07efc4302f9157ec198f80b6f

139.45.197.119

204 No Content

0 B

URL

waisheph.com/wrr?z=7359319&p_rid=4c888770-3669-4e91-b97c-f047aac2d0b1&rb=o7PKnlB6gn2a6k7GqXJDSpsSkDKE96zYNG_jyDGtOY-X9yCeUfcrdnQxbyDY9vCpRe4_Z8AjeTOa5ySN7ouY6R5D8x1V5h7Z_ji_cW_6H6ISTyg-vm8UO16D9GNJnMBUSb7m5kWVAM-aV3xNy6FJPtY_vvJpBwCwuRJzWng5oM-B1FFsGM6Yq7tP7Pwwbdw02kOgDPMsaEpmpWjfPb9s3sFsxmmhZiR3bAinEgK2H2MlguzXFtsOlXC1uiMs7ytsNSuu-DOrBOPbbtAlKwPcIVYNi0c=&dmn=waisheph.com&userId=0081b1a07efc4302f9157ec198f80b6f

IP / ASN

139.45.197.119

#9002 RETN Limited

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectwaisheph.com

Fingerprint2F:DC:B5:CD:9D:81:2D:67:4D:2A:BF:A5:28:D4:1A:B9:F9:CE:C6:AC

ValidityFri, 11 Apr 2025 05:22:09 GMT - Thu, 10 Jul 2025 05:22:08 GMT

HTTP Headers

OPTIONS /wrr?z=7359319&p_rid=4c888770-3669-4e91-b97c-f047aac2d0b1&rb=o7PKnlB6gn2a6k7GqXJDSpsSkDKE96zYNG_jyDGtOY-X9yCeUfcrdnQxbyDY9vCpRe4_Z8AjeTOa5ySN7ouY6R5D8x1V5h7Z_ji_cW_6H6ISTyg-vm8UO16D9GNJnMBUSb7m5kWVAM-aV3xNy6FJPtY_vvJpBwCwuRJzWng5oM-B1FFsGM6Yq7tP7Pwwbdw02kOgDPMsaEpmpWjfPb9s3sFsxmmhZiR3bAinEgK2H2MlguzXFtsOlXC1uiMs7ytsNSuu-DOrBOPbbtAlKwPcIVYNi0c=&dmn=waisheph.com&userId=0081b1a07efc4302f9157ec198f80b6f HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sun, 20 Apr 2025 02:26:45 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET mexa.sh/images/regicon.png

188.114.96.1

200 OK

20 kB

URL

mexa.sh/images/regicon.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size20 kB (19508 bytes)

MD5363e2a7e57bf3cb4da7d113445cd676f

SHA115c3bba1a21d1543ee17ccd57a304f1efedca876

SHA256012602b63f0fb6df165120eddb63fd137f160b56be0185cbe59aa6731f994779

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/regicon.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 19508
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4c34-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1409
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c5a9fcb500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/frechar.png

188.114.96.1

200 OK

67 kB

URL

mexa.sh/images/frechar.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 120 x 144, 16-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen97

Size67 kB (66710 bytes)

MD57adab309ecff73216286b6d34b795e7c

SHA1f2791da7bcea6e23cb2ae8beb1724c6a003cb3c8

SHA2561b2f0a33a03b71c4f76186a368adb3ebacf73dde3b770fe30b93cb4a54188078

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/frechar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 66710
server: cloudflare
last-modified: Fri, 19 Jul 2024 07:38:56 GMT
etag: "10496-61d94c9aac4eb"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1409
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c81addb500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET cdn.creative-stat1.com/sb/ssp/utility/live-message/3-2/css/style.css

188.114.96.1

200 OK

8.9 kB

URL

cdn.creative-stat1.com/sb/ssp/utility/live-message/3-2/css/style.css

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeASCII text

First Seen2023-04-07

Last Seen2025-06-12

Times Seen108

Size8.9 kB (8924 bytes)

MD5b18a9447a8e3e64790d799319dea51f4

SHA182842eabdaefd732f11334737bcc9a6a97dc6e24

SHA2563f2720173a877452c610d469b4d573383fe56216ca74ee9f0074ba3545822d8c

Certificate Info

IssuerGoogle Trust Services

Subjectcreative-stat1.com

Fingerprint0B:D7:09:43:6C:42:76:92:3B:8C:0E:15:43:A3:A3:AC:94:B2:C2:CB

ValiditySun, 13 Apr 2025 21:34:38 GMT - Sat, 12 Jul 2025 22:33:20 GMT

HTTP Headers

GET /sb/ssp/utility/live-message/3-2/css/style.css HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:26:46 GMT
content-type: text/css
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:43 GMT
etag: W/"65aa84ff-22dc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: HIT
age: 1535068
cf-ray: 933132dfcab8b529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn.creative-stat1.com/sb/ssp/utility/live-message/3-2/css/animate.css

188.114.96.1

200 OK

79 kB

URL

cdn.creative-stat1.com/sb/ssp/utility/live-message/3-2/css/animate.css

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeASCII text

First Seen2024-02-12

Last Seen2025-08-01

Times Seen2099

Size79 kB (78693 bytes)

MD55982c5377696d20476871062646b253f

SHA18bf2c93fa9ccc908f7df0fb7abb911bbac3e4242

SHA2564e23a6449e6ef4614f0107cecf5c9eda75d2041c7c71f4a55d45f2a7e75450f4

Certificate Info

IssuerGoogle Trust Services

Subjectcreative-stat1.com

Fingerprint0B:D7:09:43:6C:42:76:92:3B:8C:0E:15:43:A3:A3:AC:94:B2:C2:CB

ValiditySun, 13 Apr 2025 21:34:38 GMT - Sat, 12 Jul 2025 22:33:20 GMT

HTTP Headers

GET /sb/ssp/utility/live-message/3-2/css/animate.css HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:26:46 GMT
content-type: text/css
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:43 GMT
etag: W/"65aa84ff-13365"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: HIT
age: 144571
cf-ray: 933132dfaaaeb529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET invadedisheartentrail.com/pixel/sbs?c=1

172.240.127.234

200 OK

0 B

URL

invadedisheartentrail.com/pixel/sbs?c=1

IP / ASN

172.240.127.234

#7979 SERVERS-COM

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectinvadedisheartentrail.com

Fingerprint4C:E6:A1:D2:DA:AC:8F:7B:2B:57:87:F0:23:C5:B4:06:CD:6B:F8:CE

ValidityFri, 28 Feb 2025 21:32:05 GMT - Thu, 29 May 2025 21:32:04 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:47 GMT
Content-Length: 0
Connection: keep-alive
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET mexa.sh/js/jquery.cookie.js

188.114.96.1

200 OK

3.1 kB

URL

mexa.sh/js/jquery.cookie.js

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJavaScript source, ASCII text

First Seen2023-03-07

Last Seen2025-08-01

Times Seen2915

Size3.1 kB (3121 bytes)

MD5ff14e4812b7f512e620b1ad35542bcfc

SHA1c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae

SHA256c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /js/jquery.cookie.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: application/javascript
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:32 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 30
priority: u=2,i=?0
etag: W/"c31-550b66e847e00"
content-encoding: br
cf-ray: 933132c589e2b500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET straightforwardaudition.com/pixel/purst?dl=0&th=0&sc=0&rs=1768&rd=1768&fd=1041&bv=25.4.8067&tmpl=136

172.240.108.84

200 OK

0 B

URL

straightforwardaudition.com/pixel/purst?dl=0&th=0&sc=0&rs=1768&rd=1768&fd=1041&bv=25.4.8067&tmpl=136

IP / ASN

172.240.108.84

#7979 SERVERS-COM

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectstraightforwardaudition.com

Fingerprint03:17:64:F3:5F:29:6C:69:80:21:02:84:80:4E:0C:06:35:8D:EE:42

ValidityWed, 19 Feb 2025 02:53:12 GMT - Tue, 20 May 2025 02:53:11 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1768&rd=1768&fd=1041&bv=25.4.8067&tmpl=136 HTTP/1.1
Host: straightforwardaudition.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:44 GMT
Content-Length: 0
Connection: keep-alive
Host: straightforwardaudition.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET experttrafficcounter.com/stats

18.198.132.236

200 OK

40 B

URL

experttrafficcounter.com/stats

IP / ASN

18.198.132.236

#16509 AMAZON-02

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeASCII text, with no line terminators

First Seen2025-04-20

Last Seen2025-04-20

Times Seen1

Size40 B (40 bytes)

MD52a54ac91cbafd3580501b1a702be7311

SHA175d595c3c1efcd8b796bb3732f2c27dd49e1524e

SHA256e19285b775b1509398af1c65f2c891545406be0e643ba3644b43f53affff1833

Certificate Info

IssuerAmazon

Subjectexperttrafficcounter.com

FingerprintEE:A0:89:D0:CF:A2:E2:EC:50:6D:6C:20:D2:5A:BB:B9:8C:6E:3F:CC

ValidityThu, 23 Jan 2025 00:00:00 GMT - Sat, 21 Feb 2026 23:59:59 GMT

HTTP Headers

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Cookie: uid_id2=7ccd6393-be4c-48cc-9849-59cb8901cdd0:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:26:44 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mexa.sh
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

GET cdn.show-sb.com/sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html

172.67.170.115

200 OK

1.6 kB

URL

cdn.show-sb.com/sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html

IP / ASN

172.67.170.115

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeHTML document, ASCII text

First Seen2023-04-06

Last Seen2025-06-12

Times Seen96

Size1.6 kB (1558 bytes)

MD58b4ab9af156b6feeca7cfe0832f8b6b0

SHA128cdbd0cdf9eafb84e37435d830e62c21ccd7eea

SHA256466fec5d699b1bbc22b41c3f215d5d102eba63e2e7e73386ab561a12c4c4a0e0

Certificate Info

IssuerGoogle Trust Services

Subjectshow-sb.com

Fingerprint1D:98:CF:D5:11:E1:60:97:76:85:27:F9:55:AF:5E:13:60:3F:67:B7

ValidityMon, 14 Apr 2025 03:51:48 GMT - Sun, 13 Jul 2025 04:50:09 GMT

HTTP Headers

GET /sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html HTTP/1.1
Host: cdn.show-sb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:26:46 GMT
content-type: text/html
server: cloudflare
last-modified: Sat, 07 May 2022 03:21:27 GMT
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 933132dd0b9bb509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mexa.sh/images/navicon1.png

188.114.96.1

200 OK

18 kB

URL

mexa.sh/images/navicon1.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen101

Size18 kB (18288 bytes)

MD5ae9204e9914f4e3c5b146c488d5a1811

SHA1fe60b0cf1bbb856f93fca9183404d698e873f33e

SHA256f570af26ff118159a429ef1f0add1fa3431fe4ab22e15e80da0407e5bbac2125

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/navicon1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 18288
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4770-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 30
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c599f0b500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/yep_d.png

188.114.96.1

200 OK

15 kB

URL

mexa.sh/images/yep_d.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen97

Size15 kB (15222 bytes)

MD5662d1738accf3ec5f5c95a0e4896b232

SHA18b1907196139b8819ffd1a77b3b71d3872ca848f

SHA2562c3e1756a8ea4bb4fca505be1a11e169adf01017e5fecd3602f3895f1b4450c3

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/yep_d.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 15222
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3b76-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1409
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c5ca0ab500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e54g3za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316~103116025~103130495~103130497

142.250.178.104

200 OK

386 kB

URL

www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e54g3za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316~103116025~103130495~103130497

IP / ASN

142.250.178.104

#15169 GOOGLE

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJavaScript source, ASCII text, with very long lines (6129)

First Seen2025-04-20

Last Seen2025-04-20

Times Seen1

Size386 kB (386310 bytes)

MD5c1ee9c471b218d97fae5379a53866ef4

SHA1a677be6862749d208bf03b65af10d377288beddc

SHA25623366860d0805946f53e3ed13b5e4f1a5d4477d36f403250f16eb1da57847c3e

Certificate Info

IssuerGoogle Trust Services

Subject*.google-analytics.com

FingerprintB7:82:F3:C7:93:B0:60:B0:83:49:F8:74:0D:49:78:23:65:0B:37:01

ValidityMon, 31 Mar 2025 08:54:29 GMT - Mon, 23 Jun 2025 08:54:28 GMT

HTTP Headers

GET /gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e54g3za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316~103116025~103130495~103130497 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 20 Apr 2025 02:26:43 GMT
expires: Sun, 20 Apr 2025 02:26:43 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1055:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1055:0
report-to: {"group":"ascgcycc:1055:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1055:0"}],}
server: Google Tag Manager
content-length: 127056
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET mexa.sh/css_newTheme/style.css

188.114.96.1

200 OK

40 kB

URL

mexa.sh/css_newTheme/style.css

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeASCII text

First Seen2023-04-11

Last Seen2025-07-27

Times Seen101

Size40 kB (39810 bytes)

MD53c6420826cc1647abda78120299c0eb6

SHA1bf10714579e64ee828627f828695fe093c5b810f

SHA2563688ad50ef9e8944e982c4e017363d2454b84814b3a289af6dc9a341988180e7

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /css_newTheme/style.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: text/css
server: cloudflare
last-modified: Wed, 09 Aug 2017 05:59:44 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 85
priority: u=2,i=?0
etag: W/"9b82-5564bc956d400"
content-encoding: br
cf-ray: 933132c569d4b500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET www.googletagmanager.com/gtag/js?id=UA-79936000-1

142.250.178.104

200 OK

275 kB

URL

www.googletagmanager.com/gtag/js?id=UA-79936000-1

IP / ASN

142.250.178.104

#15169 GOOGLE

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJavaScript source, ASCII text, with very long lines (5436)

First Seen2025-04-20

Last Seen2025-04-20

Times Seen1

Size275 kB (274621 bytes)

MD5e42743bf3df7d1185af918b8f21e102e

SHA13bfdd42fa034db3226db0c6c07cc8c2ad69c4967

SHA25619e95823307640e571b57d795b7de69242be025f4b0f2fac5a0117e3b2364fcc

Certificate Info

IssuerGoogle Trust Services

Subject*.google-analytics.com

FingerprintB7:82:F3:C7:93:B0:60:B0:83:49:F8:74:0D:49:78:23:65:0B:37:01

ValidityMon, 31 Mar 2025 08:54:29 GMT - Mon, 23 Jun 2025 08:54:28 GMT

HTTP Headers

GET /gtag/js?id=UA-79936000-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 20 Apr 2025 02:26:42 GMT
expires: Sun, 20 Apr 2025 02:26:42 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1055:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1055:0
report-to: {"group":"ascgcycc:1055:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1055:0"}],}
server: Google Tag Manager
content-length: 95755
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET cdn.storageimagedisplay.com/si/1e/51/5a/1e515a072fdd9eac9aa801d1a1fe95b9476f9b56a33dcab904318ef5ac0ffccc.png

45.133.44.1

200 OK

7.9 kB

URL

cdn.storageimagedisplay.com/si/1e/51/5a/1e515a072fdd9eac9aa801d1a1fe95b9476f9b56a33dcab904318ef5ac0ffccc.png

IP / ASN

45.133.44.1

#39572 DataWeb Global Group B.V.

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 192x192, components 3

First Seen2025-03-08

Last Seen2025-05-19

Times Seen19

Size7.9 kB (7853 bytes)

MD58035104939c3dc913b105653dda6b1a4

SHA1603b75e576e60eb26c39a495c7d33946e7958403

SHA2568abdeda40d3cc036dee0b7e6d78f532962939c550d0dc00fe6be0a0eec6c1112

Certificate Info

IssuerLet's Encrypt

Subjectcdn.storageimagedisplay.com

Fingerprint44:32:60:54:16:79:8E:ED:60:B9:DD:B2:36:7C:B0:DC:CC:F5:B5:5C

ValidityWed, 12 Mar 2025 02:33:05 GMT - Tue, 10 Jun 2025 02:33:04 GMT

HTTP Headers

GET /si/1e/51/5a/1e515a072fdd9eac9aa801d1a1fe95b9476f9b56a33dcab904318ef5ac0ffccc.png HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:26:46 GMT
content-type: image/png
content-length: 7853
server: nginx/1.21.6
last-modified: Mon, 03 Mar 2025 21:00:51 GMT
etag: "67c61883-1ead"
expires: Tue, 22 Apr 2025 02:26:46 GMT
cache-control: max-age=172800
x-cdn-host-id: ah0543
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET mexa.sh/images/navicon2.png

188.114.96.1

200 OK

16 kB

URL

mexa.sh/images/navicon2.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size16 kB (16374 bytes)

MD586665a37cea72cd507ceb7e7282c74f8

SHA1f7707000a81a04f217ec9bd93995a0b9fc424037

SHA256ee6d96bdbf6cffc4e603a1845255d94861452f9132d400388c10c2b3d6fb3db1

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/navicon2.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 16374
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:33 GMT
etag: "3ff6-550b66e93c040"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1409
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c599f1b500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/.png

188.114.96.1

404 Not Found

3.3 kB

URL

mexa.sh/images/.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeHTML document, ASCII text

First Seen2023-09-24

Last Seen2025-07-27

Times Seen61

Size3.3 kB (3301 bytes)

MD5f3c091a2b91e7970fa4602d60103dc67

SHA1af5f70406fabc9e192b349e5aee7dc9a67d05f18

SHA2566e9e4b1516efd000e0f4b2ce737cb6b418c14f8b6029733c23853db1ed532f14

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: text/html; charset=utf-8
server: cloudflare
last-modified: Tue, 17 Dec 2019 16:49:23 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 85
priority: u=4,i=?0
content-encoding: br
cf-ray: 933132c81adab500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET invadedisheartentrail.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F18%2F52%2F6a%2F18526a6becad408914fcf53d946360f0%2F1651134763.html&l=1558&fd=216

172.240.127.234

200 OK

0 B

URL

invadedisheartentrail.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F18%2F52%2F6a%2F18526a6becad408914fcf53d946360f0%2F1651134763.html&l=1558&fd=216

IP / ASN

172.240.127.234

#7979 SERVERS-COM

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectinvadedisheartentrail.com

Fingerprint4C:E6:A1:D2:DA:AC:8F:7B:2B:57:87:F0:23:C5:B4:06:CD:6B:F8:CE

ValidityFri, 28 Feb 2025 21:32:05 GMT - Thu, 29 May 2025 21:32:04 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F18%2F52%2F6a%2F18526a6becad408914fcf53d946360f0%2F1651134763.html&l=1558&fd=216 HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:46 GMT
Content-Length: 0
Connection: keep-alive
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET mexa.sh/images/free_download.png

188.114.96.1

200 OK

32 kB

URL

mexa.sh/images/free_download.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen97

Size32 kB (32532 bytes)

MD546a5fd5732a87850dd58f70c8c870430

SHA19ae7b42ff28fd2129aa5e67057f9d4d198a717eb

SHA2569d83ca5cc56ca22555b7760e69827e4cb916ededbedf291e5d877f6e01219487

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/free_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 32532
server: cloudflare
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "7f14-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1409
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c81adfb500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

OPTIONS straightforwardaudition.com/pixel/pure

172.240.108.84

204 No Content

0 B

URL

straightforwardaudition.com/pixel/pure

IP / ASN

172.240.108.84

#7979 SERVERS-COM

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectstraightforwardaudition.com

Fingerprint03:17:64:F3:5F:29:6C:69:80:21:02:84:80:4E:0C:06:35:8D:EE:42

ValidityWed, 19 Feb 2025 02:53:12 GMT - Tue, 20 May 2025 02:53:11 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /pixel/pure HTTP/1.1
Host: straightforwardaudition.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:45 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

POST waisheph.com/wrr?z=7359319&p_rid=4c888770-3669-4e91-b97c-f047aac2d0b1&rb=o7PKnlB6gn2a6k7GqXJDSpsSkDKE96zYNG_jyDGtOY-X9yCeUfcrdnQxbyDY9vCpRe4_Z8AjeTOa5ySN7ouY6R5D8x1V5h7Z_ji_cW_6H6ISTyg-vm8UO16D9GNJnMBUSb7m5kWVAM-aV3xNy6FJPtY_vvJpBwCwuRJzWng5oM-B1FFsGM6Yq7tP7Pwwbdw02kOgDPMsaEpmpWjfPb9s3sFsxmmhZiR3bAinEgK2H2MlguzXFtsOlXC1uiMs7ytsNSuu-DOrBOPbbtAlKwPcIVYNi0c=&dmn=waisheph.com&userId=0081b1a07efc4302f9157ec198f80b6f

139.45.197.119

204 No Content

0 B

URL

IP / ASN

139.45.197.119

#9002 RETN Limited

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectwaisheph.com

Fingerprint2F:DC:B5:CD:9D:81:2D:67:4D:2A:BF:A5:28:D4:1A:B9:F9:CE:C6:AC

ValidityFri, 11 Apr 2025 05:22:09 GMT - Thu, 10 Jul 2025 05:22:08 GMT

HTTP Headers

POST /wrr?z=7359319&p_rid=4c888770-3669-4e91-b97c-f047aac2d0b1&rb=o7PKnlB6gn2a6k7GqXJDSpsSkDKE96zYNG_jyDGtOY-X9yCeUfcrdnQxbyDY9vCpRe4_Z8AjeTOa5ySN7ouY6R5D8x1V5h7Z_ji_cW_6H6ISTyg-vm8UO16D9GNJnMBUSb7m5kWVAM-aV3xNy6FJPtY_vvJpBwCwuRJzWng5oM-B1FFsGM6Yq7tP7Pwwbdw02kOgDPMsaEpmpWjfPb9s3sFsxmmhZiR3bAinEgK2H2MlguzXFtsOlXC1uiMs7ytsNSuu-DOrBOPbbtAlKwPcIVYNi0c=&dmn=waisheph.com&userId=0081b1a07efc4302f9157ec198f80b6f HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
content-type: application/json
Content-Length: 2594
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sun, 20 Apr 2025 02:26:45 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

POST straightforwardaudition.com/pixel/pure

172.240.108.84

200 OK

0 B

URL

straightforwardaudition.com/pixel/pure

IP / ASN

172.240.108.84

#7979 SERVERS-COM

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectstraightforwardaudition.com

Fingerprint03:17:64:F3:5F:29:6C:69:80:21:02:84:80:4E:0C:06:35:8D:EE:42

ValidityWed, 19 Feb 2025 02:53:12 GMT - Tue, 20 May 2025 02:53:11 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /pixel/pure HTTP/1.1
Host: straightforwardaudition.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 74
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:45 GMT
Content-Length: 0
Connection: keep-alive
Host: straightforwardaudition.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET cdn.creative-stat1.com/sb/ssp/utility/live-message/3-2/js/script.js

188.114.96.1

200 OK

1.2 kB

URL

cdn.creative-stat1.com/sb/ssp/utility/live-message/3-2/js/script.js

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJavaScript source, ASCII text

First Seen2023-04-07

Last Seen2025-06-12

Times Seen111

Size1.2 kB (1173 bytes)

MD55b2d2b601b5a039e20ea5ab29fb3c151

SHA12529d3e0ff0dd05741571d5d4125b287a0e42bd8

SHA2566f2a4a66a814381f315e0f71866f906b9635f6536ec3dbab6fb9e4a20a5d20ca

Certificate Info

IssuerGoogle Trust Services

Subjectcreative-stat1.com

Fingerprint0B:D7:09:43:6C:42:76:92:3B:8C:0E:15:43:A3:A3:AC:94:B2:C2:CB

ValiditySun, 13 Apr 2025 21:34:38 GMT - Sat, 12 Jul 2025 22:33:20 GMT

HTTP Headers

GET /sb/ssp/utility/live-message/3-2/js/script.js HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:26:46 GMT
content-type: application/javascript
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:43 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 144571
etag: W/"65aa84ff-495"
content-encoding: br
cf-ray: 933132e2bb6bb529-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mexa.sh/css_newTheme/main.css

188.114.96.1

200 OK

35 kB

URL

mexa.sh/css_newTheme/main.css

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeassembler source, ASCII text, with very long lines (1426)

First Seen2023-04-11

Last Seen2025-07-27

Times Seen102

Size35 kB (35326 bytes)

MD52f075bd8c1fed47ee1ebcaea76c5f036

SHA166e03118be7fa1415deebd13efa08362224f1ed9

SHA256eb10cdca88afebbb0b6af470c50a76cbabfc864193b0c535d93dcea81321c49e

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /css_newTheme/main.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: text/css
server: cloudflare
last-modified: Sun, 13 Jan 2019 07:31:45 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 85
priority: u=2,i=?0
etag: W/"89fe-57f51eb945a40"
content-encoding: br
cf-ray: 933132c569d5b500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/userin.png

188.114.96.1

200 OK

18 kB

URL

mexa.sh/images/userin.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size18 kB (18182 bytes)

MD5f7354ba97c4568ef41c764f1d5641336

SHA178041d1b15b6af69d015b1dff67bb9d2501fe325

SHA25671657baf0148a08ee00ee4b43ab8106c192c670b34f853817a64dcff40fe1eba

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/userin.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 18182
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4706-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1409
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c5a9fbb500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/download1.png

188.114.96.1

200 OK

24 kB

URL

mexa.sh/images/download1.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen97

Size24 kB (23553 bytes)

MD526b1df6a0077b0e57862d48f78ca6f62

SHA1c1333ea62ff83bc3ad7e5e79085a4e2054684106

SHA256118653ed567e17878bbc0f821c1858d8f2ea9a65a84a2e3dd8177d5393052b86

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/download1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 23553
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5c01-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1409
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c5ca07b500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET recordedthereby.com/sfp.js

185.196.197.72

200 OK

85 kB

URL

recordedthereby.com/sfp.js

IP / ASN

185.196.197.72

#39572 DataWeb Global Group B.V.

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators

First Seen2025-01-25

Last Seen2025-06-27

Times Seen2209

Size85 kB (85380 bytes)

MD5108625937affa4b38bb17cea65510d72

SHA12c0f48e9efa3fb5554d1fa393b28d74d5339f9ee

SHA256c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0

Certificate Info

IssuerLet's Encrypt

Subjectrecordedthereby.com

Fingerprint19:45:8B:8A:1B:43:8F:CB:7D:D5:AA:7C:FF:FA:04:93:35:CA:9D:47

ValidityThu, 06 Mar 2025 21:25:47 GMT - Wed, 04 Jun 2025 21:25:46 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:44 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28255
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Host: recordedthereby.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 95601c2d165c8a24134fdd825f7ec1d6
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET mexa.sh/tzmhriiukc6s

188.114.96.1

200 OK

14 kB

URL

mexa.sh/tzmhriiukc6s

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeHTML document, ASCII text, with very long lines (10963), with CRLF line terminators

First Seen2025-04-20

Last Seen2025-04-20

Times Seen1

Size14 kB (14113 bytes)

MD5d696c782d93d6e961c5b18083ba872e5

SHA12260d747ad37be82bcb6dcfeaf0496f4c410d3f7

SHA2560894e70a8da216eded26a3e99e806f2b5b17bf73394b145b05f1dededa3c02f8

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /tzmhriiukc6s HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
DNT: 1
Connection: keep-alive
Cookie: lang=english; _ga_SBML259V1V=GS1.1.1745116004.1.0.1745116004.0.0.0; _ga=GA1.1.202770690.1745116004; dom3ic8zudi28v8lr6fgphwffqoz0j6c=7ccd6393-be4c-48cc-9849-59cb8901cdd0%3A2%3A1; prefetchAd_7359319=true; pp_main_48eac25e15d2aeed70d260fa57ee3c42=1; sb_main_ce95e43f3553e10df4882fca51971c45=1; sb_count_ce95e43f3553e10df4882fca51971c45=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:46 GMT
content-type: text/html ; charset=UTF-8
server: cloudflare
expires: Sat, 19 Apr 2025 02:26:46 GMT
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
priority: u=6,i=?0
content-encoding: br
cf-ray: 933132dc5a88b500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/navicon5.png

188.114.96.1

200 OK

16 kB

URL

mexa.sh/images/navicon5.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size16 kB (15551 bytes)

MD5002d70c5e45c4d81587ca7d82dca6577

SHA1d830a98de6a02ca22933b9f24cadf848499419d3

SHA256de5ce08ee842e8f12bfcc0c14dde4bb1e3c2fb695d32a36122b859c7f42b39d3

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/navicon5.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 15551
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3cbf-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1409
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c5a9fab500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/premchar.png

188.114.96.1

200 OK

70 kB

URL

mexa.sh/images/premchar.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 120 x 142, 16-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen97

Size70 kB (69808 bytes)

MD5e3a6c4b647e9c8b789b17a98fb6d75f8

SHA1c7428a76951933962ef1d7400b37ba9ef91d6afd

SHA2560b96b573944cb4d34a5ee132b09eb322845c82a7ef1a3db0931927c336735d69

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /images/premchar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:26:42 GMT
content-type: image/png
content-length: 69808
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "110b0-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1409
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 933132c81adeb500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET straightforwardaudition.com/ce/95/e4/ce95e43f3553e10df4882fca51971c45.js

172.240.108.84

200 OK

33 kB

URL

straightforwardaudition.com/ce/95/e4/ce95e43f3553e10df4882fca51971c45.js

IP / ASN

172.240.108.84

#7979 SERVERS-COM

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32964), with no line terminators

First Seen2025-04-20

Last Seen2025-04-20

Times Seen1

Size33 kB (32964 bytes)

MD59d861694a0d8a87d1447b11d2ce72f62

SHA18d0550958c496464e24fe1938b484a089018408e

SHA256cec20d17125bbaf3e01df8ea6d3eb3e360fbd53aa76e0998e7eb15d8875acdd3

Certificate Info

IssuerLet's Encrypt

Subjectstraightforwardaudition.com

Fingerprint03:17:64:F3:5F:29:6C:69:80:21:02:84:80:4E:0C:06:35:8D:EE:42

ValidityWed, 19 Feb 2025 02:53:12 GMT - Tue, 20 May 2025 02:53:11 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ce/95/e4/ce95e43f3553e10df4882fca51971c45.js HTTP/1.1
Host: straightforwardaudition.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:44 GMT
Content-Type: application/javascript
Content-Length: 12686
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
set-cookie: 4b4e7ab587d59b22ad7bcd2439afc363_BS-684-4=0; expires=Sun, 20 Apr 2025 02:26:44 GMT; secure; SameSite=None
x-envoy-upstream-service-time: 4
Host: straightforwardaudition.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 5dd595adeb1b0ac0c305ce23d8636e4d
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET cdn.creative-stat1.com/sb/ssp/utility/live-message/3-2/img/close.png

188.114.96.1

200 OK

6.0 kB

URL

cdn.creative-stat1.com/sb/ssp/utility/live-message/3-2/img/close.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typePNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced

First Seen2023-04-05

Last Seen2025-08-02

Times Seen2656

Size6.0 kB (5982 bytes)

MD5c489ce2c491a22ee37a55e26a92dfd73

SHA12fa588ab09e94dd902e5bd24b48f98ad1949c9d6

SHA2561eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd

Certificate Info

IssuerGoogle Trust Services

Subjectcreative-stat1.com

Fingerprint0B:D7:09:43:6C:42:76:92:3B:8C:0E:15:43:A3:A3:AC:94:B2:C2:CB

ValiditySun, 13 Apr 2025 21:34:38 GMT - Sat, 12 Jul 2025 22:33:20 GMT

HTTP Headers

GET /sb/ssp/utility/live-message/3-2/img/close.png HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:26:46 GMT
content-type: image/png
content-length: 5982
server: cloudflare
accept-ranges: bytes
last-modified: Fri, 19 Jan 2024 14:19:43 GMT
etag: "65aa84ff-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 697370
cf-ray: 933132e02b4d7129-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

188.114.96.1

200 OK

14 kB

URL

mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (10909), with CRLF line terminators

First Seen2025-04-20

Last Seen2025-04-20

Times Seen1

Size14 kB (14059 bytes)

MD5fbeb45f29f561f3d5c96244dcf4267be

SHA1b7d7ebaed702b92c653c5203b13f4e51da477141

SHA25642bce9764fd07d96297fa453181269716c60ea0387bb1b2ac6f53b45c9988800

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0

ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

HTTP Headers

GET /tzmhriiukc6s/Game-RJ01166703.part2.rar HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:26:41 GMT
content-type: text/html ; charset=UTF-8
server: cloudflare
expires: Sat, 19 Apr 2025 02:26:41 GMT
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
content-encoding: br
set-cookie: lang=english; Path=/; Domain=mexa.sh
cf-ray: 933132c17a2a56c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js

172.240.108.84

200 OK

112 kB

URL

obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js

IP / ASN

172.240.108.84

#7979 SERVERS-COM

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators

First Seen2025-04-19

Last Seen2025-04-20

Times Seen2

Size112 kB (111886 bytes)

MD5420f46da135666f3153e39f38c50aa19

SHA196afc07fce51bd913f5addf5b3194297982ae0c7

SHA2569da74cf73c121e769a092199a73d204b2bac4d75b4c5c14cf7c2903a15b8b5aa

Certificate Info

IssuerLet's Encrypt

Subjectobeseglobewimp.com

Fingerprint2B:15:3C:49:E3:1F:CD:ED:DC:1D:2A:15:38:00:BC:58:19:D2:A1:59

ValidityMon, 03 Mar 2025 19:05:17 GMT - Sun, 01 Jun 2025 19:05:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js HTTP/1.1
Host: obeseglobewimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:26:42 GMT
Content-Type: application/javascript
Content-Length: 35278
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
set-cookie: 4b4e7ab587d59b22ad7bcd2439afc363_BS-624-popunder-new-3=1; expires=Sun, 20 Apr 2025 02:26:42 GMT; secure; SameSite=None
x-envoy-upstream-service-time: 5
Host: obeseglobewimp.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 4e7c2698aff65ed96bab27de4a2c6cb2
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET unseenreport.com/pxf.gif?uuid=7ccd6393-be4c-48cc-9849-59cb8901cdd0&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=48eac25e15d2aeed70d260fa57ee3c42&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2

192.243.59.12

200 OK

0 B

URL

unseenreport.com/pxf.gif?uuid=7ccd6393-be4c-48cc-9849-59cb8901cdd0&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=48eac25e15d2aeed70d260fa57ee3c42&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2

IP / ASN

192.243.59.12

#39572 DataWeb Global Group B.V.

Requested byhttps://mexa.sh/tzmhriiukc6s/Game-RJ01166703.part2.rar

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605971

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subject*.unseenreport.com

FingerprintE0:4C:2E:29:FF:E3:0A:E7:2C:96:4B:AD:13:1B:9D:AB:A0:91:35:A7

ValidityTue, 18 Mar 2025 22:26:47 GMT - Mon, 16 Jun 2025 22:26:46 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=7ccd6393-be4c-48cc-9849-59cb8901cdd0&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=48eac25e15d2aeed70d260fa57ee3c42&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 20 Apr 2025 02:26:46 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: unseenreport.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 4c3c6baad052687d15789a06a0873c55
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains