Report - mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Report Overview

Visitedpublic

2025-01-27 08:45:28

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mexa.sh	337577	2019-08-22	2019-08-26	2025-01-15	13 kB	736 kB	188.114.96.1
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-01-22	878 B	199 kB	142.250.74.136
waisheph.com	74994	2020-11-23	2020-12-10	2025-01-25	2.7 kB	48 kB	139.45.197.119
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-01-22	449 B	833 B	104.18.41.22

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed
2025-01-27	medium	mexa.sh	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	From	Size	First Seen	Last Seen
	mexa.sh/js/paging.js	ScriptElement	1.7 kB	2023-03-08	2025-07-31
URL mexa.sh/js/paging.js IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-08 Last Seen 2025-07-31 Times Seen 704 Size 1.7 kB (1709 bytes) MD5 43e50aa00ad654da80af8f7936afd4c6 SHA1 fb5921b855cce329191077b7e93563029d703545 SHA256 e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657 Format Code Loading...

	waisheph.com/5/7359319	ScriptElement	76 kB	2025-01-27	2025-01-27
URL waisheph.com/5/7359319 IP / ASN 139.45.197.119 #9002 RETN Limited Introduced by ScriptElement Embedded false Resource Info First Seen 2025-01-27 Last Seen 2025-01-27 Times Seen 1 Size 76 kB (76221 bytes) MD5 d257959e96ac1456b70351409816abcf SHA1 c98cae9c4ca49c303a467bed2c0031306f734751 SHA256 cc45f52d33e89bdc107579eba592135653ab3f24a5d8a39d65f7166ef5096558 Format Code Loading...

	mexa.sh/cj4a5v6tx9uq/sandbox%20eval%20code		147 B	2023-04-11	2025-08-02
URL mexa.sh/cj4a5v6tx9uq/sandbox%20eval%20code IP / ASN 0.0.0.0 #0 Introduced by Embedded false Resource Info First Seen 2023-04-11 Last Seen 2025-08-02 Times Seen 419774 Size 147 B (147 bytes) MD5 92b651082ce234f66bb544e678befda3 SHA1 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 SHA256 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Format Code Loading...

	mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip	ScriptElement	261 B	2023-03-12	2025-07-27
URL mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-12 Last Seen 2025-07-27 Times Seen 97 Size 261 B (261 bytes) MD5 abbf34430edc9e4d913c44d8a48f2ae3 SHA1 dc9f6c9c0b7d020d8bc465365a4039daa8cbcc84 SHA256 f04d076aafba2a5adb1116793b34a04ef9da13f29838dd753bfd7ccfedcda8c9 Format Code Loading...

	www.googletagmanager.com/gtag/js?id=UA-79936000-1	ScriptElement	237 kB	2025-01-27	2025-01-27
URL www.googletagmanager.com/gtag/js?id=UA-79936000-1 IP / ASN 142.250.74.136 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2025-01-27 Last Seen 2025-01-27 Times Seen 1 Size 237 kB (237382 bytes) MD5 e07b3bd050a9781f380e7ace9c77ecb8 SHA1 0f98fdeeb07f5e1de5b1bdb5e2ee331f2adcf709 SHA256 39d3379c2b7287525e29c6391ab85cc58c50a106237371088dc96286e2ede3cf Format Code Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-08-02
URL www.google-analytics.com/analytics.js IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2023-04-11 Last Seen 2025-08-02 Times Seen 419037 Size 4.7 kB (4691 bytes) MD5 f24128d0c9cba7be2916c693427a3483 SHA1 1b6397d496ea896ebc2018b01b995cee4f166029 SHA256 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Format Code Loading...

	www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e51n0za200	ScriptElement	339 kB	2025-01-27	2025-01-27
URL www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e51n0za200 IP / ASN 142.250.74.136 #15169 GOOGLE Introduced by ScriptElement Embedded false Resource Info First Seen 2025-01-27 Last Seen 2025-01-27 Times Seen 1 Size 339 kB (339363 bytes) MD5 4645e487cdbc8a3ba17820771dbad8b4 SHA1 2ade6a0ebe01a651254962758255c2f614996876 SHA256 3491f6e2ca9c300af52497980f30b18d01b18df90f72e8bd88943186b5063d58 Format Code Loading...

	mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip	ScriptElement	666 B	2023-03-12	2025-07-27
URL mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-12 Last Seen 2025-07-27 Times Seen 96 Size 666 B (666 bytes) MD5 3ff478c8f993edf7fcf9b0a556256ed5 SHA1 22391de1683e10171a05ac3453143ea297da9f3e SHA256 2840b85566767ff50901311c4a2c2545b5b29e94c8c3aaade614902a04dc45d7 Format Code Loading...

	mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip	ScriptElement	154 B	2023-03-12	2025-07-27
URL mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-12 Last Seen 2025-07-27 Times Seen 99 Size 154 B (154 bytes) MD5 c6b02bbb4255c747368479fd2e4300e5 SHA1 0a5cd83325ceaab81243a71c4ce359edf2d15c03 SHA256 8b9d20a60322347d585ec6209ba3e9e1bacc7a8aa14c7aa33f3549d10348614c Format Code Loading...

	unknown	ScriptElement	170 B	2025-01-27	2025-01-27
URL IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2025-01-27 Last Seen 2025-01-27 Times Seen 1 Size 170 B (170 bytes) MD5 b4793470322dbf881b064e3048cba511 SHA1 f0748bea525a383e6c503145418ddb9c39269878 SHA256 4e2332a9e0f4a2f49463fbab040ae5fe253195254e385aa620a40430913b350b Format Code Loading...

	mexa.sh/js/jquery-1.9.1.min.js	ScriptElement	93 kB	2023-03-07	2025-08-02
URL mexa.sh/js/jquery-1.9.1.min.js IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 18490 Size 93 kB (92629 bytes) MD5 397754ba49e9e0cf4e7c190da78dda05 SHA1 ae49e56999d82802727455f0ba83b63acd90a22b SHA256 c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Format Code Loading...

	mexa.sh/js/jquery.paging.js	ScriptElement	19 kB	2023-03-07	2025-08-02
URL mexa.sh/js/jquery.paging.js IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 2851 Size 19 kB (19365 bytes) MD5 d7a2c1c7af2a004a6d68e1e55b1cfb46 SHA1 7fd6daa7076c30381880519ad06ef5639b19ee28 SHA256 c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6 Format Code Loading...

	mexa.sh/js/jquery.cookie.js	ScriptElement	3.1 kB	2023-03-07	2025-08-02
URL mexa.sh/js/jquery.cookie.js IP / ASN 188.114.96.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 2916 Size 3.1 kB (3121 bytes) MD5 ff14e4812b7f512e620b1ad35542bcfc SHA1 c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae SHA256 c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96 Format Code Loading...

HTTP Transactions (34)

URL IP Response Size

GET mexa.sh/images/navicon3.png

188.114.96.1

200 OK

16 kB

URL

mexa.sh/images/navicon3.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size16 kB (15889 bytes)

MD5715335986af196b81f68fa792f5a7f53

SHA1b6b2f12993db399f86883315310869dccbd75ec5

SHA256aed030aceb42be1e4b98b63eaac7064b3cd6a08fa4806d967be6bd47c449b76f

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/navicon3.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 15889
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "3e11-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 942
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QYX3M0JLsO9DRb0gwyvBafkTvUR4tl%2FJwYr7TPu048Cpc1wllYCi%2BDCCVJSUbNgC51HxDi51Tp1rZUXY31jqM2eBEb77b0QCDZYCHDCB91hIrhoNOmxIezA6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbbe5b56c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4473&min_rtt=2189&rtt_var=2452&sent=34&recv=21&lost=0&retrans=0&sent_bytes=16118&recv_bytes=5012&delivery_rate=271344&cwnd=12000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=243&x=1", cfExtPri, cfHdrFlush;dur=6

GET mexa.sh/images/navicon6.png

188.114.96.1

200 OK

1.2 kB

URL

mexa.sh/images/navicon6.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size1.2 kB (1175 bytes)

MD591f3dc42cd20fcc67b1f9e4d026ae636

SHA14eb701d8acffe7471ca14183d83fdc8e5d57bec5

SHA256a9a1670e3a3b68ddead344606fe60843fc01d9cb439094ad9f813a5b6f072659

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/navicon6.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 1175
last-modified: Fri, 11 Jun 2021 12:43:51 GMT
etag: "497-5c47cdc166fc0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 942
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VNUBCM0rVgl%2BqB%2F7%2FVwOVuenezAeaTuJietnUfk8ow4G21vDMvn1LrK09TwILcPO5zLX%2FVKDplgoOdD7q6UoygIsk3dpXvdFE9B1IKLNJ80GEtzUXIZ6wC5b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbbe5e56c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4473&min_rtt=2189&rtt_var=2452&sent=34&recv=21&lost=0&retrans=0&sent_bytes=16118&recv_bytes=5012&delivery_rate=271344&cwnd=12000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=242&x=1", cfExtPri, cfHdrFlush;dur=7

GET mexa.sh/images/navicon5.png

188.114.96.1

200 OK

16 kB

URL

mexa.sh/images/navicon5.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size16 kB (15551 bytes)

MD5002d70c5e45c4d81587ca7d82dca6577

SHA1d830a98de6a02ca22933b9f24cadf848499419d3

SHA256de5ce08ee842e8f12bfcc0c14dde4bb1e3c2fb695d32a36122b859c7f42b39d3

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/navicon5.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 15551
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3cbf-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 942
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=acgKjjpwLnc8XSEmLAji6loIEOuFVd4Xt5aft%2BCojsZ0LhdOqEy6nJeKxUa8Y2mM5r%2FSR%2BsvOCAgPSxJjTiGFGRm%2FQOhISkD3UfsYAuhk5aG4pc1C30AT%2For"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbbe6156c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4473&min_rtt=2189&rtt_var=2452&sent=34&recv=21&lost=0&retrans=0&sent_bytes=16118&recv_bytes=5012&delivery_rate=271344&cwnd=12000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=243&x=1", cfExtPri, cfHdrFlush;dur=6

GET mexa.sh/images/regicon.png

188.114.96.1

200 OK

20 kB

URL

mexa.sh/images/regicon.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size20 kB (19508 bytes)

MD5363e2a7e57bf3cb4da7d113445cd676f

SHA115c3bba1a21d1543ee17ccd57a304f1efedca876

SHA256012602b63f0fb6df165120eddb63fd137f160b56be0185cbe59aa6731f994779

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/regicon.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 19508
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4c34-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 942
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KIXjlDVlBB71%2BthzjKvUNTa7JiXIFdAGl%2F7TGIUoMsv9iy0BIFsPEsz3PLthhDy0Yg8pOWiWblo5YRlE1HBT16Dp3ZyRiXe7P3nSsZyB7Gr9gUtQXiApvQfB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbce6656c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3339&min_rtt=1316&rtt_var=2306&sent=113&recv=26&lost=0&retrans=0&sent_bytes=100118&recv_bytes=6004&delivery_rate=13735532&cwnd=48000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=250&x=1", cfExtPri, cfHdrFlush;dur=4

GET mexa.sh/images/logo1_1x.png

188.114.96.1

200 OK

38 kB

URL

mexa.sh/images/logo1_1x.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 300 x 70, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size38 kB (38035 bytes)

MD5037f1c3e351f635f706eda54b812c40a

SHA18aa7dd796e3b41fdf3f523edf6a24995fc6ca8fa

SHA25630ef46dd068df61a603fa7a022c1aecd1a841c58d98fd1ceceea80ba342e8408

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/logo1_1x.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 38035
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "9493-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 942
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wS792b3fmhuXMnbg3yhg8mKErbv5LkgOxIUGhL0gATJ8bR5oVfl7gslHenmzwnu30N4IB2oleR3vCk0ALRKd6dr6fnbU61OjZFHlj%2FxkaCsI5upzdKj8NB%2FX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbae5656c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4238&min_rtt=2189&rtt_var=2310&sent=42&recv=23&lost=0&retrans=0&sent_bytes=25619&recv_bytes=5873&delivery_rate=51888&cwnd=12000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=246&x=1", cfExtPri, cfHdrFlush;dur=1

GET mexa.sh/images/navicon1.png

188.114.96.1

200 OK

18 kB

URL

mexa.sh/images/navicon1.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen101

Size18 kB (18288 bytes)

MD5ae9204e9914f4e3c5b146c488d5a1811

SHA1fe60b0cf1bbb856f93fca9183404d698e873f33e

SHA256f570af26ff118159a429ef1f0add1fa3431fe4ab22e15e80da0407e5bbac2125

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/navicon1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 18288
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4770-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 942
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eEcUVvOMwjziOgCmr31oqnNls3Jpc1BNnnSnzJK%2Fva4ti%2BqQcy%2FyozE%2FLW7th3lYPjbjB%2BY6Rkc5bLWPRVB%2FhK9LXRjFGqxNYE515ItfFwWCWEZ167taoxEA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbbe5856c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4473&min_rtt=2189&rtt_var=2452&sent=33&recv=20&lost=0&retrans=0&sent_bytes=16091&recv_bytes=4714&delivery_rate=271344&cwnd=12000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=240&x=1", cfExtPri, cfHdrFlush;dur=4

GET mexa.sh/images/navicon2.png

188.114.96.1

200 OK

16 kB

URL

mexa.sh/images/navicon2.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size16 kB (16374 bytes)

MD586665a37cea72cd507ceb7e7282c74f8

SHA1f7707000a81a04f217ec9bd93995a0b9fc424037

SHA256ee6d96bdbf6cffc4e603a1845255d94861452f9132d400388c10c2b3d6fb3db1

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/navicon2.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 16374
last-modified: Tue, 30 May 2017 04:42:33 GMT
etag: "3ff6-550b66e93c040"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 942
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UksiedSiK69UXSN%2BX7VZXfsyfLTnNmJreOkvND6Lx8aXgoV9%2BWFUzeOEkZc%2Fd5vIYEwbuggCWX%2FRjXbdnSPPJiMtArV6mkRhhWai8YAzEaqMv8pcNblyO8HC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbbe5a56c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4473&min_rtt=2189&rtt_var=2452&sent=33&recv=20&lost=0&retrans=0&sent_bytes=16091&recv_bytes=4714&delivery_rate=271344&cwnd=12000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=240&x=1", cfExtPri, cfHdrFlush;dur=8

GET mexa.sh/images/userin.png

188.114.96.1

200 OK

18 kB

URL

mexa.sh/images/userin.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size18 kB (18182 bytes)

MD5f7354ba97c4568ef41c764f1d5641336

SHA178041d1b15b6af69d015b1dff67bb9d2501fe325

SHA25671657baf0148a08ee00ee4b43ab8106c192c670b34f853817a64dcff40fe1eba

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/userin.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 18182
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4706-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 942
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EpdiPtYxzgMa0HpRWRWxVXzgxAD7S%2BByk9MFjENb3ze564xg5QvLiDMRumHifakXfn2NmULCPen3vCZqm6x5%2B2MJhuuPgdDQJVlpHbRsxNdBPFAOBasAxU9A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbbe6256c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4473&min_rtt=2189&rtt_var=2452&sent=34&recv=21&lost=0&retrans=0&sent_bytes=16118&recv_bytes=5012&delivery_rate=271344&cwnd=12000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=244&x=1", cfExtPri, cfHdrFlush;dur=5

GET mexa.sh/images/download1.png

188.114.96.1

200 OK

24 kB

URL

mexa.sh/images/download1.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen97

Size24 kB (23553 bytes)

MD526b1df6a0077b0e57862d48f78ca6f62

SHA1c1333ea62ff83bc3ad7e5e79085a4e2054684106

SHA256118653ed567e17878bbc0f821c1858d8f2ea9a65a84a2e3dd8177d5393052b86

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/download1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 23553
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5c01-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 688
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NFsxtl%2B1GRt%2BwiUd37mzL%2FqsDxTAgKNSm9LXq%2F70xEw39na96xcR%2FgMExWno7YNSegr1I1f%2FqDvgjAw1bsb60k1l8hDE1Iyv%2BGpdU70qbGgi%2FZhhOyPAb%2Bgs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbce6856c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3339&min_rtt=1316&rtt_var=2306&sent=113&recv=26&lost=0&retrans=0&sent_bytes=100118&recv_bytes=6004&delivery_rate=13735532&cwnd=48000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=253&x=1", cfExtPri, cfHdrFlush;dur=1

GET mexa.sh/images/no211.png

188.114.96.1

200 OK

720 B

URL

mexa.sh/images/no211.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen97

Size720 B (720 bytes)

MD55508fda2890fd7f0368dcb662b600dd8

SHA11bcb3a7bfbb7d9085116d57ff120929628d68440

SHA2564412e2285d723b472c86f2bd2ecc0b8009d26eea38d3a906d7bce0e512677726

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/no211.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 720
last-modified: Mon, 26 Aug 2019 15:38:33 GMT
etag: "2d0-59106f2ce7040"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 688
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FuHK8kI%2Fm133JcJPhlykXSTIcpREig1X%2B8boIh%2FFKvA3ZAaiP8%2FgVi9sV%2B8z1F4zK0zavWrBz6pWMezx%2BXvMdQC49SnpGX7XVAtZwDWSVwmORVK0eiQeE3yG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbce6956c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3169&min_rtt=1316&rtt_var=2068&sent=196&recv=27&lost=0&retrans=0&sent_bytes=196118&recv_bytes=6050&delivery_rate=11931047&cwnd=96000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=256&x=1", cfExtPri, cfHdrFlush;dur=4

GET mexa.sh/images/yep_d.png

188.114.96.1

200 OK

15 kB

URL

mexa.sh/images/yep_d.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen97

Size15 kB (15222 bytes)

MD5662d1738accf3ec5f5c95a0e4896b232

SHA18b1907196139b8819ffd1a77b3b71d3872ca848f

SHA2562c3e1756a8ea4bb4fca505be1a11e169adf01017e5fecd3602f3895f1b4450c3

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/yep_d.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 15222
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3b76-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 688
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zSECoEE9S1Wfkqb%2BptwNsjl6Ox5UbPdjd04O8TWJTwSRXFRjhXpr7LjSPi1r7fj93H5DvMBZdcN4tja90kDJQblv9uMPDR8JdFsmgRDfayjQiS92Asqc5DpK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbce6b56c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3169&min_rtt=1316&rtt_var=2068&sent=182&recv=27&lost=0&retrans=0&sent_bytes=180640&recv_bytes=6050&delivery_rate=11931047&cwnd=96000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=254&x=1", cfExtPri, cfHdrFlush;dur=6

GET mexa.sh/images/flags.png

188.114.96.1

200 OK

30 kB

URL

mexa.sh/images/flags.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 1248 x 11, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size30 kB (29723 bytes)

MD5df0a3afc77d0c08cdea27ac3a7b9620c

SHA18248d5c5e5eddeaa75a5a0b5490b58e0e61b6900

SHA256a38e9ae7d0318307be9b3c7aaccaf64e484d775fe9a507f850b9e4bfa314cf03

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/flags.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/style.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 29723
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "741b-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 942
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z51nvjQTSZwAShiEwWUVrpskcO%2BBRVyPxKagg5jcTMGN9KpEcKyQbffguD5h67X5RYcf6IH3R8F65t5EUAz%2F6T8JkoSEUsYAVQx2gsdpI2R21R0j654bAAjV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dc7eef56c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3875&min_rtt=1316&rtt_var=3333&sent=263&recv=37&lost=0&retrans=0&sent_bytes=262356&recv_bytes=8481&delivery_rate=2154306&cwnd=192000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=366&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/premchar.png

188.114.96.1

200 OK

70 kB

URL

mexa.sh/images/premchar.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 120 x 142, 16-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen97

Size70 kB (69808 bytes)

MD5e3a6c4b647e9c8b789b17a98fb6d75f8

SHA1c7428a76951933962ef1d7400b37ba9ef91d6afd

SHA2560b96b573944cb4d34a5ee132b09eb322845c82a7ef1a3db0931927c336735d69

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/premchar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 69808
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "110b0-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 688
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v3d7XWodQ6AUUrCN5Q9zDhmmb84xzIpvBtPmQkwJG%2BA1mjSVsmpS230sWZcKNaEqeoj5HGcfeewz8U04LaAZnp4CtoP77r%2BpFn0QVzRcnBG9bL%2FzdHsy8D8j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dc7ef356c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3875&min_rtt=1316&rtt_var=3333&sent=289&recv=37&lost=0&retrans=0&sent_bytes=293517&recv_bytes=8481&delivery_rate=2154306&cwnd=192000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=367&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/navbara.png

188.114.96.1

200 OK

22 kB

URL

mexa.sh/images/navbara.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size22 kB (22290 bytes)

MD5e7c056eea6e071b1f5309d5db50c057a

SHA1833e979751da5fffe28b8761b322d16481a24c2e

SHA25634785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/navbara.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 22290
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5712-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 942
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LdrFYd8BIfWT2CSSxqgrhkZFcxH%2FGQfcop5HFIF3QVVv%2FxxkyvXfzNCADXLocnwrE%2FjnCqB4TFMH6mT%2B37ttLEtQAx3MZweIb%2FXvjrv6FwXMhlJZNq79mh1j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dc7ef756c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3592&min_rtt=1316&rtt_var=3066&sent=350&recv=38&lost=0&retrans=0&sent_bytes=365821&recv_bytes=8526&delivery_rate=771531&cwnd=192000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=368&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/free_download.png

188.114.96.1

200 OK

32 kB

URL

mexa.sh/images/free_download.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen97

Size32 kB (32532 bytes)

MD546a5fd5732a87850dd58f70c8c870430

SHA19ae7b42ff28fd2129aa5e67057f9d4d198a717eb

SHA2569d83ca5cc56ca22555b7760e69827e4cb916ededbedf291e5d877f6e01219487

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/free_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 32532
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "7f14-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 688
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fvtEc27GfmlMEM3nEO6ftnH594nbSUerbsoMJYQNweWDFYswI0nsIlu8x6KHjZWxmQRKE1VNowhbeJOUIDBksPagZJ9kAiuRARL3arzWsbAfrJRZjnlOS9nh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dc7ef556c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3592&min_rtt=1316&rtt_var=3066&sent=360&recv=38&lost=0&retrans=0&sent_bytes=377821&recv_bytes=8526&delivery_rate=771531&cwnd=192000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=369&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/navbar.png

188.114.96.1

200 OK

22 kB

URL

mexa.sh/images/navbar.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen102

Size22 kB (22290 bytes)

MD5e7c056eea6e071b1f5309d5db50c057a

SHA1833e979751da5fffe28b8761b322d16481a24c2e

SHA25634785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/navbar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 22290
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "5712-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 942
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JsPD2wl%2FRlX0dDrsbvi3PM09q6UshiBcCokgdoNv3ubIFazTnTzyN6dEtTFCPJF%2BXheZGNzCBJCAwdi0urJbXQHAQGBSMBZHeCUWru7KizHlleorvB7czX5Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dc7eeb56c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3592&min_rtt=1316&rtt_var=3066&sent=399&recv=38&lost=0&retrans=0&sent_bytes=423433&recv_bytes=8526&delivery_rate=771531&cwnd=192000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=369&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/premium_download.png

188.114.96.1

200 OK

36 kB

URL

mexa.sh/images/premium_download.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen97

Size36 kB (35695 bytes)

MD575737b3b7b2586619b43ab184c2f95bf

SHA189878f4f4aafb8637e9e9c50eedbba12e1cb74eb

SHA256e05df009685a645cba141b9e0d534c8abd9b23ec997e0894e585702c73e04a5f

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/premium_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 35695
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "8b6f-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 688
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IC0iIaFdbDhm0AewhSbiILyT1PlJZtL3ENGRjhTw89cYSElFnUDoFpk%2By42aOGEecY7cEO%2F9Ln%2F4vQnbVcqB6VRbzBGBniZsnyanQikARY5DAXNWqLAdvzDX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dc7ef656c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3592&min_rtt=1316&rtt_var=3066&sent=419&recv=38&lost=0&retrans=0&sent_bytes=446980&recv_bytes=8526&delivery_rate=771531&cwnd=192000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=370&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/frechar.png

188.114.96.1

200 OK

67 kB

URL

mexa.sh/images/frechar.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typePNG image data, 120 x 144, 16-bit/color RGBA, non-interlaced

First Seen2023-05-01

Last Seen2025-07-27

Times Seen97

Size67 kB (66710 bytes)

MD57adab309ecff73216286b6d34b795e7c

SHA1f2791da7bcea6e23cb2ae8beb1724c6a003cb3c8

SHA2561b2f0a33a03b71c4f76186a368adb3ebacf73dde3b770fe30b93cb4a54188078

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/frechar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: image/png
content-length: 66710
last-modified: Fri, 19 Jul 2024 07:38:56 GMT
etag: "10496-61d94c9aac4eb"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 688
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mh6pzOsa7ARTt9TQdnoUpuXQOl2SNqetbQfkg6X%2F%2FaQVGsyZeBUh7cRU%2FQsYSeg2JeLQvC8eF1Usy1HAbILhZ3wYyh01N4ZQVahtHQPPckMlZvDHSE3MoY6e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dc7ef156c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3592&min_rtt=1316&rtt_var=3066&sent=442&recv=38&lost=0&retrans=0&sent_bytes=473556&recv_bytes=8526&delivery_rate=771531&cwnd=192000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=371&x=1", cfExtPri, cfHdrFlush;dur=5

GET www.googletagmanager.com/gtag/js?id=UA-79936000-1

142.250.74.136

200 OK

84 kB

URL

www.googletagmanager.com/gtag/js?id=UA-79936000-1

IP / ASN

142.250.74.136

#15169 GOOGLE

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typeJavaScript source, ASCII text, with very long lines (5268)

First Seen2025-01-27

Last Seen2025-01-27

Times Seen1

Size84 kB (84447 bytes)

MD5e07b3bd050a9781f380e7ace9c77ecb8

SHA10f98fdeeb07f5e1de5b1bdb5e2ee331f2adcf709

SHA25639d3379c2b7287525e29c6391ab85cc58c50a106237371088dc96286e2ede3cf

Certificate Info

IssuerGoogle Trust Services

Subject*.google-analytics.com

Fingerprint10:26:0A:38:A4:FD:1E:F0:80:EB:EE:D7:0A:8D:41:1D:CB:DB:54:82

ValidityMon, 06 Jan 2025 08:36:08 GMT - Mon, 31 Mar 2025 08:36:07 GMT

HTTP Headers

GET /gtag/js?id=UA-79936000-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 27 Jan 2025 08:45:02 GMT
expires: Mon, 27 Jan 2025 08:45:02 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 84447
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e51n0za200

142.250.74.136

200 OK

113 kB

URL

www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e51n0za200

IP / ASN

142.250.74.136

#15169 GOOGLE

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typeJavaScript source, ASCII text, with very long lines (5960)

First Seen2025-01-27

Last Seen2025-01-27

Times Seen1

Size113 kB (112676 bytes)

MD54645e487cdbc8a3ba17820771dbad8b4

SHA12ade6a0ebe01a651254962758255c2f614996876

SHA2563491f6e2ca9c300af52497980f30b18d01b18df90f72e8bd88943186b5063d58

Certificate Info

IssuerGoogle Trust Services

Subject*.google-analytics.com

Fingerprint10:26:0A:38:A4:FD:1E:F0:80:EB:EE:D7:0A:8D:41:1D:CB:DB:54:82

ValidityMon, 06 Jan 2025 08:36:08 GMT - Mon, 31 Mar 2025 08:36:07 GMT

HTTP Headers

GET /gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e51n0za200 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 27 Jan 2025 08:45:03 GMT
expires: Mon, 27 Jan 2025 08:45:03 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 112676
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET mexa.sh/cj4a5v6tx9uq/favicon.ico

188.114.96.1

302 Found

0 B

URL

mexa.sh/cj4a5v6tx9uq/favicon.ico

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5607286

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cj4a5v6tx9uq/favicon.ico HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Mon, 27 Jan 2025 08:45:03 GMT
content-length: 0
location: https://mexa.sh/cj4a5v6tx9uq
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pHzeHRC5nmQQOVr%2FGZ8IhhVGgjuqXwwnHEKpyS3rO6JIb48EaHjeWdpCMkdWtp3RshBjcH%2FnblF0RXeETOITTZ8AGJoRiZgvBuxJ2W218M7DCSqGuCzMrCkH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dde80456c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3973&min_rtt=1316&rtt_var=3548&sent=512&recv=42&lost=0&retrans=0&sent_bytes=555005&recv_bytes=8968&delivery_rate=938179&cwnd=276000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=802&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/.png

188.114.96.1

404 Not Found

846 B

URL

mexa.sh/images/.png

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typeHTML document, ASCII text

First Seen2023-09-24

Last Seen2025-07-27

Times Seen61

Size846 B (846 bytes)

MD5f3c091a2b91e7970fa4602d60103dc67

SHA1af5f70406fabc9e192b349e5aee7dc9a67d05f18

SHA2566e9e4b1516efd000e0f4b2ce737cb6b418c14f8b6029733c23853db1ed532f14

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: text/html; charset=utf-8
last-modified: Tue, 17 Dec 2019 16:49:23 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6tUwHz1OhCms2FPzGbB%2Fa1LyyCxfCcU9DF9zTOZvMnk1X6vfF%2B0Z1UktvEQCLkKgCgI96M4H%2B14NcmR3J1bnj0mPF6y8ZlKb1nhClwg7de8OobjHDHw4wpNZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dc6edc56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4303&min_rtt=1316&rtt_var=3851&sent=509&recv=40&lost=0&retrans=0&sent_bytes=553417&recv_bytes=8618&delivery_rate=5700682&cwnd=276000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=531&x=1", cfExtPri, cfHdrFlush;dur=0

GET waisheph.com/?rb=lKHnPGcZDc_DsbkH0YX-veU5yt49FdkqGqlue4dLn_f0AmMnGzfFxvzd_nX0KYLK4IUtWCGoU1G5DQvCL-XY1_AjXhPQfnDMhsdSnNomhrfwCCQaL5GuV2EfEyxubGEhpuI6nGAz--u_6VO4VKptFXX8YAxbRDhnLTgjvW8s7Ci3GIL4ZWZbthMuMUnD0F9YDfm2B3CD31MDEvwwhBhJt91DJXcsJHk03UQJ3rZjEGre7bauBBzS8BbqaUOjOBAaZ-TiP0qhTIY%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1059.2&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fcj4a5v6tx9uq%2FG-RJ01299953.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1059.2&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=30b5e8e6-84c0-41c2-8c3e-509aad0803f3&wasm=1&userId=00815e3cbfc64939e50d25c8cc2e601b&m=link

139.45.197.119

200 OK

2.7 kB

URL

waisheph.com/?rb=lKHnPGcZDc_DsbkH0YX-veU5yt49FdkqGqlue4dLn_f0AmMnGzfFxvzd_nX0KYLK4IUtWCGoU1G5DQvCL-XY1_AjXhPQfnDMhsdSnNomhrfwCCQaL5GuV2EfEyxubGEhpuI6nGAz--u_6VO4VKptFXX8YAxbRDhnLTgjvW8s7Ci3GIL4ZWZbthMuMUnD0F9YDfm2B3CD31MDEvwwhBhJt91DJXcsJHk03UQJ3rZjEGre7bauBBzS8BbqaUOjOBAaZ-TiP0qhTIY%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1059.2&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fcj4a5v6tx9uq%2FG-RJ01299953.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1059.2&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=30b5e8e6-84c0-41c2-8c3e-509aad0803f3&wasm=1&userId=00815e3cbfc64939e50d25c8cc2e601b&m=link

IP / ASN

139.45.197.119

#9002 RETN Limited

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typegzip compressed data, max speed, from Unix

First Seen2025-01-27

Last Seen2025-01-27

Times Seen1

Size2.7 kB (2711 bytes)

MD5318eebe961b86a995101a93d247a7bce

SHA1e3ce03b63bb46c84b8802dcfcbe77d4d53d9635c

SHA256074e546b8ebdd85ea2cf25637f2101004fb835ea13f184caa458c3e4c5d6571b

Certificate Info

IssuerLet's Encrypt

Subjectwaisheph.com

Fingerprint30:AF:A5:C7:3E:BA:46:88:53:69:78:5C:B8:06:7E:94:16:24:70:EF

ValidityTue, 21 Jan 2025 05:29:54 GMT - Mon, 21 Apr 2025 05:29:53 GMT

HTTP Headers

GET /?rb=lKHnPGcZDc_DsbkH0YX-veU5yt49FdkqGqlue4dLn_f0AmMnGzfFxvzd_nX0KYLK4IUtWCGoU1G5DQvCL-XY1_AjXhPQfnDMhsdSnNomhrfwCCQaL5GuV2EfEyxubGEhpuI6nGAz--u_6VO4VKptFXX8YAxbRDhnLTgjvW8s7Ci3GIL4ZWZbthMuMUnD0F9YDfm2B3CD31MDEvwwhBhJt91DJXcsJHk03UQJ3rZjEGre7bauBBzS8BbqaUOjOBAaZ-TiP0qhTIY%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1059.2&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fcj4a5v6tx9uq%2FG-RJ01299953.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1059.2&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=30b5e8e6-84c0-41c2-8c3e-509aad0803f3&wasm=1&userId=00815e3cbfc64939e50d25c8cc2e601b&m=link HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Cookie: OAID=00815e3cbfc64939e50d25c8cc2e601b; oaidts=1737967502
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 27 Jan 2025 08:45:03 GMT
content-type: application/json
x-trace-id: 2a5b19b9be8eb36acd19f20d9aedd22d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00815e3cbfc64939e50d25c8cc2e601b; expires=Tue, 27 Jan 2026 08:45:03 GMT; path=/; secure; SameSite=None
oaidts=1737967503; expires=Tue, 27 Jan 2026 08:45:03 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 03 Feb 2025 08:45:03 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET waisheph.com/5/7359319

139.45.197.119

200 OK

42 kB

URL

waisheph.com/5/7359319

IP / ASN

139.45.197.119

#9002 RETN Limited

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typegzip compressed data, max speed, from Unix

First Seen2025-01-27

Last Seen2025-01-27

Times Seen1

Size42 kB (41602 bytes)

MD506961bd698be3197b10a23c2bf807807

SHA17a3fad1128558028cad87eccb0dc4062b683a10b

SHA2569211cf8975769b58c5ca123190b4b3d01501257139a2f829afe5df507432e8b8

Certificate Info

IssuerLet's Encrypt

Subjectwaisheph.com

Fingerprint30:AF:A5:C7:3E:BA:46:88:53:69:78:5C:B8:06:7E:94:16:24:70:EF

ValidityTue, 21 Jan 2025 05:29:54 GMT - Mon, 21 Apr 2025 05:29:53 GMT

HTTP Headers

GET /5/7359319 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: application/javascript
x-trace-id: b0ceddf4ee2ff555e424c981b71edd9b
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00815e3cbfc64939e50d25c8cc2e601b; expires=Tue, 27 Jan 2026 08:45:02 GMT; path=/; secure; SameSite=None
oaidts=1737967502; expires=Tue, 27 Jan 2026 08:45:02 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET my.rtmark.net/gid.js?userId=00815e3cbfc64939e50d25c8cc2e601b

104.18.41.22

200 OK

65 B

URL

my.rtmark.net/gid.js?userId=00815e3cbfc64939e50d25c8cc2e601b

IP / ASN

104.18.41.22

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typetroff or preprocessor input, ASCII text, with no line terminators

First Seen2025-01-27

Last Seen2025-01-27

Times Seen1

Size65 B (65 bytes)

MD5934c103bfdaf0a5da94bc69a8851a65a

SHA15145effdd751f99d869ff7928b94b1bb78c28355

SHA256391c67142c2543cead9c70733e352176060351ba1d6a84b128d03f3cc1342ebb

Certificate Info

IssuerGoogle Trust Services

Subjectmy.rtmark.net

Fingerprint56:7F:53:10:57:2F:C3:F4:06:8B:DB:2F:C1:F7:6A:1D:68:59:14:3F

ValiditySat, 04 Jan 2025 10:02:11 GMT - Fri, 04 Apr 2025 11:00:33 GMT

HTTP Headers

GET /gid.js?userId=00815e3cbfc64939e50d25c8cc2e601b HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Jan 2025 08:45:03 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mexa.sh
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
set-cookie: ID=00815e3cbfc64939e50d25c8cc2e601b; expires=Tue, 27 Jan 2026 08:45:03 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 908776deba4456cb-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

188.114.96.1

200 OK

27 kB

URL

mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (21871), with CRLF, LF line terminators

First Seen2025-01-27

Last Seen2025-01-27

Times Seen1

Size27 kB (26850 bytes)

MD56056c345897dc4dfc02cfdbba1bcfa6e

SHA1f26933a3c3c7e529afb318ecedf0b748e69c8355

SHA256f7c37e84dfa52de61849884a46b2984dac814921a6df783cdc6715938abac3cf

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cj4a5v6tx9uq/G-RJ01299953.zip HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: text/html ; charset=UTF-8
expires: Sun, 26 Jan 2025 08:45:02 GMT
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
set-cookie: lang=english; domain=mexa.sh; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=702b6Ku3b0ki2wxPzHOTn6JzppxQ1lqbpUN%2BBjwxPWyJNrAjftNxuT9Ok1RvpF6B2OQpj4C%2B49n3lJQQSIyrmXztObABt%2BenNuAAEvshMYqLRLVXHDr7QGRA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776d8aa5ab529-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6063&min_rtt=481&rtt_var=11118&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3261&recv_bytes=1253&delivery_rate=5799732&cwnd=254&unsent_bytes=0&cid=1bbefa674512ec11&ts=279&x=0"
X-Firefox-Spdy: h2

GET mexa.sh/css_newTheme/main.css

188.114.96.1

200 OK

35 kB

URL

mexa.sh/css_newTheme/main.css

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typeassembler source, ASCII text, with very long lines (1426)

First Seen2023-04-11

Last Seen2025-07-27

Times Seen102

Size35 kB (35326 bytes)

MD52f075bd8c1fed47ee1ebcaea76c5f036

SHA166e03118be7fa1415deebd13efa08362224f1ed9

SHA256eb10cdca88afebbb0b6af470c50a76cbabfc864193b0c535d93dcea81321c49e

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css_newTheme/main.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: text/css
last-modified: Sun, 13 Jan 2019 07:31:45 GMT
etag: W/"89fe-57f51eb945a40"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 942
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o%2ByB7qNqSi6dxz77FdA5MhMUS6t2ZBYSAjMYtipWcPcnifu6Xtav%2Fd7hFI2ddx9visHgiCgReRSF%2BHuNsXdK4K2MIFfgIW%2FlAPq6RJ473aixjvEsszVu7EcO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbae4c56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4473&min_rtt=2189&rtt_var=2452&sent=21&recv=19&lost=0&retrans=0&sent_bytes=4346&recv_bytes=4417&delivery_rate=271344&cwnd=12000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=233&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/js/jquery.paging.js

188.114.96.1

200 OK

19 kB

URL

mexa.sh/js/jquery.paging.js

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typeJavaScript source, ASCII text

First Seen2023-03-07

Last Seen2025-08-02

Times Seen2851

Size19 kB (19365 bytes)

MD5d7a2c1c7af2a004a6d68e1e55b1cfb46

SHA17fd6daa7076c30381880519ad06ef5639b19ee28

SHA256c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"4ba5-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8WD2N4TaE9Jj%2Fvw1qZWq9VddfSUL07hNKehdgWuanHK2Gf3uwgAMcq%2FTvsiWRh6Mb5EkTY2ogibVg1ceoHoqZE1Izgf2dYz3XT5OckFpO558qbrWiS02924N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbae4e56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4473&min_rtt=2189&rtt_var=2452&sent=33&recv=20&lost=0&retrans=0&sent_bytes=16091&recv_bytes=4714&delivery_rate=271344&cwnd=12000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=237&x=1", cfExtPri, cfHdrFlush;dur=7

GET mexa.sh/js/jquery-1.9.1.min.js

188.114.96.1

200 OK

93 kB

URL

mexa.sh/js/jquery-1.9.1.min.js

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typeJavaScript source, ASCII text, with very long lines (32089)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen18490

Size93 kB (92629 bytes)

MD5397754ba49e9e0cf4e7c190da78dda05

SHA1ae49e56999d82802727455f0ba83b63acd90a22b

SHA256c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery-1.9.1.min.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"169d5-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5347
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LfZrRvogRo327%2BgJTQAjqyP9qUauT3Ug%2F630sXOo99W8iego%2BbvUSTzdpN677lwMKI%2FcvarKO5DmOT74DyeDMOCfku%2BWDD2RHoJJKonymsdmIf1iwXNYhszA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbae4d56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4473&min_rtt=2189&rtt_var=2452&sent=33&recv=20&lost=0&retrans=0&sent_bytes=16091&recv_bytes=4714&delivery_rate=271344&cwnd=12000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=236&x=1", cfExtPri, cfHdrFlush;dur=8

GET waisheph.com/wrr?z=7359319&p_rid=30b5e8e6-84c0-41c2-8c3e-509aad0803f3&rb=lKHnPGcZDc_DsbkH0YX-veU5yt49FdkqGqlue4dLn_f0AmMnGzfFxvzd_nX0KYLK4IUtWCGoU1G5DQvCL-XY1_AjXhPQfnDMhsdSnNomhrfwCCQaL5GuV2EfEyxubGEhpuI6nGAz--u_6VO4VKptFXX8YAxbRDhnLTgjvW8s7Ci3GIL4ZWZbthMuMUnD0F9YDfm2B3CD31MDEvwwhBhJt91DJXcsJHk03UQJ3rZjEGre7bauBBzS8BbqaUOjOBAaZ-TiP0qhTIY=&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fcj4a5v6tx9uq%2FG-RJ01299953.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1059.2&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&dmn=waisheph.com&userId=00815e3cbfc64939e50d25c8cc2e601b

139.45.197.119

200 OK

2 B

URL

waisheph.com/wrr?z=7359319&p_rid=30b5e8e6-84c0-41c2-8c3e-509aad0803f3&rb=lKHnPGcZDc_DsbkH0YX-veU5yt49FdkqGqlue4dLn_f0AmMnGzfFxvzd_nX0KYLK4IUtWCGoU1G5DQvCL-XY1_AjXhPQfnDMhsdSnNomhrfwCCQaL5GuV2EfEyxubGEhpuI6nGAz--u_6VO4VKptFXX8YAxbRDhnLTgjvW8s7Ci3GIL4ZWZbthMuMUnD0F9YDfm2B3CD31MDEvwwhBhJt91DJXcsJHk03UQJ3rZjEGre7bauBBzS8BbqaUOjOBAaZ-TiP0qhTIY=&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fcj4a5v6tx9uq%2FG-RJ01299953.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1059.2&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&dmn=waisheph.com&userId=00815e3cbfc64939e50d25c8cc2e601b

IP / ASN

139.45.197.119

#9002 RETN Limited

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typeASCII text, with no line terminators

First Seen2023-03-08

Last Seen2025-08-02

Times Seen192570

Size2 B (2 bytes)

MD5444bcb3a3fcf8389296c49467f27e1d6

SHA17a85f4764bbd6daf1c3545efbbf0f279a6dc0beb

SHA2562689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Certificate Info

IssuerLet's Encrypt

Subjectwaisheph.com

Fingerprint30:AF:A5:C7:3E:BA:46:88:53:69:78:5C:B8:06:7E:94:16:24:70:EF

ValidityTue, 21 Jan 2025 05:29:54 GMT - Mon, 21 Apr 2025 05:29:53 GMT

HTTP Headers

GET /wrr?z=7359319&p_rid=30b5e8e6-84c0-41c2-8c3e-509aad0803f3&rb=lKHnPGcZDc_DsbkH0YX-veU5yt49FdkqGqlue4dLn_f0AmMnGzfFxvzd_nX0KYLK4IUtWCGoU1G5DQvCL-XY1_AjXhPQfnDMhsdSnNomhrfwCCQaL5GuV2EfEyxubGEhpuI6nGAz--u_6VO4VKptFXX8YAxbRDhnLTgjvW8s7Ci3GIL4ZWZbthMuMUnD0F9YDfm2B3CD31MDEvwwhBhJt91DJXcsJHk03UQJ3rZjEGre7bauBBzS8BbqaUOjOBAaZ-TiP0qhTIY=&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fcj4a5v6tx9uq%2FG-RJ01299953.zip&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1059.2&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&dmn=waisheph.com&userId=00815e3cbfc64939e50d25c8cc2e601b HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 27 Jan 2025 08:45:03 GMT
content-type: text/plain
content-length: 2
x-trace-id: 684c8877ac1e93b326e066f740b6db59
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00815e3cbfc64939e50d25c8cc2e601b; expires=Tue, 27 Jan 2026 08:45:03 GMT; path=/; secure; SameSite=None
oaidts=1737967503; expires=Tue, 27 Jan 2026 08:45:03 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 03 Feb 2025 08:45:03 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET mexa.sh/css_newTheme/style.css

188.114.96.1

200 OK

40 kB

URL

mexa.sh/css_newTheme/style.css

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typeASCII text

First Seen2023-04-11

Last Seen2025-07-27

Times Seen101

Size40 kB (39810 bytes)

MD53c6420826cc1647abda78120299c0eb6

SHA1bf10714579e64ee828627f828695fe093c5b810f

SHA2563688ad50ef9e8944e982c4e017363d2454b84814b3a289af6dc9a341988180e7

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css_newTheme/style.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: text/css
last-modified: Wed, 09 Aug 2017 05:59:44 GMT
etag: W/"9b82-5564bc956d400"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 942
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9ys8lu1CmKQLXz9VV2x3wLam0iEhsuVlkOpE0T300qeGSFT1LVWi7mxedr62xkJ%2BVFmr2uI603bqMp2KCrlNsVGxV1O7Lf0q2c8rXaUDuuGmHnZ5v2uyCIa7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbae4a56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4473&min_rtt=2189&rtt_var=2452&sent=33&recv=20&lost=0&retrans=0&sent_bytes=16091&recv_bytes=4714&delivery_rate=271344&cwnd=12000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=235&x=1", cfExtPri, cfHdrFlush;dur=9

GET mexa.sh/cj4a5v6tx9uq

188.114.96.1

200 OK

27 kB

URL

mexa.sh/cj4a5v6tx9uq

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typeHTML document, ASCII text, with very long lines (21916), with CRLF, LF line terminators

First Seen2025-01-27

Last Seen2025-01-27

Times Seen1

Size27 kB (26895 bytes)

MD5d2db44e8f0ebd4e82a7011a7b56fb488

SHA112e99b0b923f5d6c61c1c34ca7e008618d13ce29

SHA256e51ec621236e02ada6cb48ce4b1de9b7b78b6fd8884e209e3fa842149248b817

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cj4a5v6tx9uq HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
DNT: 1
Connection: keep-alive
Cookie: lang=english; _ga_SBML259V1V=GS1.1.1737967503.1.0.1737967503.0.0.0; _ga=GA1.1.2075728459.1737967503
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:03 GMT
content-type: text/html ; charset=UTF-8
expires: Sun, 26 Jan 2025 08:45:03 GMT
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OF%2FdT%2Fts%2Ba%2Bz%2FQIMbZ3vLBMCUQJpD1d%2FZF3sWOcusvBIyyNi969Ws00wSm%2BMBsvXHpdZ5wOh5j66A1%2FzxbxZybnFcvzB9qW0RjAu7as2Y7SNBKrlZP%2F0ZtRX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 908776df797b56c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6097&min_rtt=1316&rtt_var=6909&sent=514&recv=44&lost=0&retrans=0&sent_bytes=555700&recv_bytes=9373&delivery_rate=2823&cwnd=276000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=1068&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/js/paging.js

188.114.96.1

200 OK

1.7 kB

URL

mexa.sh/js/paging.js

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typeHTML document, ASCII text, with very long lines (1778), with no line terminators

First Seen2023-04-11

Last Seen2025-04-06

Times Seen292

Size1.7 kB (1709 bytes)

MD5cc6cc190d0f5515a00ac307c26fe033a

SHA1b7028b457c314b3a61b4130bb98fc8f2cf3e769e

SHA256030ef0e5188e0cff37c54520d654e321e69a6d88ec6379d1817e546db88b58ea

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"6ad-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DBP522IYzT2R22cYHl88SVmZlS1jcGednDfgTiiS%2BzXZ%2BVLZRitO3xGaITv79KLLx%2FMHiZ38rd0tgDYF3PRkjbdGVJRwer%2F7hf7Xu4CCqflK6DcLq48iH236"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbae5356c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4473&min_rtt=2189&rtt_var=2452&sent=33&recv=20&lost=0&retrans=0&sent_bytes=16091&recv_bytes=4714&delivery_rate=271344&cwnd=12000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=238&x=1", cfExtPri, cfHdrFlush;dur=6

GET mexa.sh/js/jquery.cookie.js

188.114.96.1

200 OK

3.1 kB

URL

mexa.sh/js/jquery.cookie.js

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip

Resource Info

File typeJavaScript source, ASCII text, with very long lines (3441), with no line terminators

First Seen2023-04-06

Last Seen2025-04-06

Times Seen1366

Size3.1 kB (3121 bytes)

MD57e208f9bc7ca201678c76d96e899349c

SHA1afa52ce81c7656bf1a8605bd2cbd38c2be00cd9b

SHA2560f0e74eaa31ad2d6c07d9ceb16efefc78aae0f45328759eb163800d261e53d29

Certificate Info

IssuerGoogle Trust Services

Subjectmexa.sh

Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94

ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.cookie.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/cj4a5v6tx9uq/G-RJ01299953.zip
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 27 Jan 2025 08:45:02 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"c31-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5346
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l4gayiNSa9f%2BXM7NMkl5Se0BUIr0008FDjlXR9NaC3a%2FLKe%2FMdb8hHONlDx1xRkPsd0hdp2esPEmcQjtyzsDvj%2BPTxU1A%2BPCQns1R1Y6FwxON5yySaXrN1DY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 908776dbae5056c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4473&min_rtt=2189&rtt_var=2452&sent=31&recv=20&lost=0&retrans=0&sent_bytes=14026&recv_bytes=4714&delivery_rate=271344&cwnd=12000&unsent_bytes=0&cid=4bdb8371a9911fae&ts=234&x=1", cfExtPri, cfHdrFlush;dur=0