Report - mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip

Report Overview

Visited public
2025-05-10 01:38:15
Tags
Submit Tags
URL
mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Finishing URL
mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
IP / ASN
104.21.3.103
#13335 CLOUDFLARENET
Title
Download G-RJ01361324 zip

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
obeseglobewimp.com	unknown	2025-03-03	2025-03-05	2025-04-25	443 B	605 B	172.240.253.132
waisheph.com	74994	2020-11-23	2020-12-10	2025-05-09	2.2 kB	110 kB	139.45.197.119
mexa.sh	337577	2019-08-22	2019-08-26	2025-05-02	13 kB	725 kB	104.21.3.103
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-05-08	461 B	830 B	172.64.146.234
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-05-07	1.0 kB	655 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-10	medium	obeseglobewimp.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	From	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=G-SBML259V1V&cx=c&gtm=457e5571za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116	ScriptElement	380 kB	2025-05-10	2025-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-SBML259V1V&cx=c&gtm=457e5571za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 01:38 Last Seen2025-05-10 01:38 Times Seen1 Hash e47cf228b83aa7e637ba6f745d07c044 af8f6377f1ada8372e003862195304da21d5f1c9 bff8325005c5937c2266f93ce2ce7fa6fa9838771cad8c249e67836d0e5bc064 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-07-02
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-02 23:22 Times Seen384665 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	mexa.sh/js/jquery.cookie.js	ScriptElement	3.1 kB	2023-03-07	2025-07-02
Pretty URL mexa.sh/js/jquery.cookie.js IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23 Last Seen2025-07-02 23:16 Times Seen2799 Hash ff14e4812b7f512e620b1ad35542bcfc c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96 Loading...

	mexa.sh/8ivuk6wahbpt/sandbox%20eval%20code		147 B	2023-04-11	2025-07-02
Pretty URL mexa.sh/8ivuk6wahbpt/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-02 23:22 Times Seen385186 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	mexa.sh/js/jquery.paging.js	ScriptElement	19 kB	2023-03-07	2025-07-02
Pretty URL mexa.sh/js/jquery.paging.js IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23 Last Seen2025-07-02 23:16 Times Seen2738 Hash d7a2c1c7af2a004a6d68e1e55b1cfb46 7fd6daa7076c30381880519ad06ef5639b19ee28 c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6 Loading...

	mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip	ScriptElement	172 B	2025-05-10	2025-05-10
Pretty URL mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 01:38 Last Seen2025-05-10 01:38 Times Seen1 Hash 952fa14a148ef46c666b20e05bfcc0d1 019df8bd5278716e33e9d72ff622a621c74ed10a a77c047c796797e3d62bc4611fb1cd99c5277f02abe2f9d4f03d9e4eb14f9d69 Loading...

	mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip	ScriptElement	261 B	2023-03-12	2025-07-02
Pretty URL mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-07-02 23:16 Times Seen92 Hash abbf34430edc9e4d913c44d8a48f2ae3 dc9f6c9c0b7d020d8bc465365a4039daa8cbcc84 f04d076aafba2a5adb1116793b34a04ef9da13f29838dd753bfd7ccfedcda8c9 Loading...

	mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip	ScriptElement	666 B	2023-03-12	2025-07-02
Pretty URL mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-07-02 23:16 Times Seen91 Hash 3ff478c8f993edf7fcf9b0a556256ed5 22391de1683e10171a05ac3453143ea297da9f3e 2840b85566767ff50901311c4a2c2545b5b29e94c8c3aaade614902a04dc45d7 Loading...

	mexa.sh/js/jquery-1.9.1.min.js	ScriptElement	93 kB	2023-03-07	2025-07-02
Pretty URL mexa.sh/js/jquery-1.9.1.min.js IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-02 23:16 Times Seen17005 Hash 397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Loading...

	www.googletagmanager.com/gtag/js?id=UA-79936000-1	ScriptElement	272 kB	2025-05-10	2025-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=UA-79936000-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 01:38 Last Seen2025-05-10 01:38 Times Seen1 Hash 7ae7ac156d97944b15db606aba826725 263f693816ff9abbb4ecb881688de7df479c94e0 1d5bb65b95a01ed402762ea3421cde00752a50d7084f6096614652bfa0e22922 Loading...

	waisheph.com/5/7359319	ScriptElement	108 kB	2025-05-10	2025-05-10
Pretty URL waisheph.com/5/7359319 IP 139.45.197.119 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 01:38 Last Seen2025-05-10 01:38 Times Seen1 Hash c50b9b70464f298f13f4c12a960aa5ca c473c3996ed45404c860c807fdc9f868a7f8826e b1367d94f7a2b3445317971a6594dd600d82c1a7a5014a217c5e83cae83e3d33 Loading...

	mexa.sh/js/paging.js	ScriptElement	1.7 kB	2023-03-08	2025-07-02
Pretty URL mexa.sh/js/paging.js IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:01 Last Seen2025-07-02 23:16 Times Seen688 Hash 43e50aa00ad654da80af8f7936afd4c6 fb5921b855cce329191077b7e93563029d703545 e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657 Loading...

	mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip	ScriptElement	154 B	2023-03-12	2025-07-02
Pretty URL mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-07-02 23:16 Times Seen94 Hash c6b02bbb4255c747368479fd2e4300e5 0a5cd83325ceaab81243a71c4ce359edf2d15c03 8b9d20a60322347d585ec6209ba3e9e1bacc7a8aa14c7aa33f3549d10348614c Loading...

HTTP Transactions (35)

URL IP Response Size

GET mexa.sh/images/navicon1.png

104.21.3.103

200 OK

18 kB

URL GET
mexa.sh/images/navicon1.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Size
18 kB (18288 bytes)
Hash
ae9204e9914f4e3c5b146c488d5a1811
fe60b0cf1bbb856f93fca9183404d698e873f33e
f570af26ff118159a429ef1f0add1fa3431fe4ab22e15e80da0407e5bbac2125

HTTP Headers

GET /images/navicon1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 18288
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hBX96DYct3yCHPoruXidcLDxNQa1X64SIAetPBJrPow%2Ff3SmLcNpEZ9o4aW5lqzL1PizjpszttuZeSpqrGGKUSB1DEf94qBTE0dkWASMewkpl%2Byb2U5sHQiI"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4770-550b66ea30280"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4503
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 93d5b687dd57569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1888&min_rtt=576&rtt_var=1473&sent=223&recv=252&lost=0&retrans=0&sent_bytes=14820&recv_bytes=17900&delivery_rate=2301&cwnd=12000&unsent_bytes=0&cid=569fa22e717c5e15&ts=387&x=16"

GET mexa.sh/images/navicon6.png

104.21.3.103

200 OK

1.2 kB

URL GET
mexa.sh/images/navicon6.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
1.2 kB (1175 bytes)
Hash
91f3dc42cd20fcc67b1f9e4d026ae636
4eb701d8acffe7471ca14183d83fdc8e5d57bec5
a9a1670e3a3b68ddead344606fe60843fc01d9cb439094ad9f813a5b6f072659

HTTP Headers

GET /images/navicon6.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 1175
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2guDPNtwObi7Fjlj1VvcdNuW0pfE6X%2FKDGYQq3tK0W7djGj2tFG8SgSTTFGX4d0qzGgeeSn2W8KB4t7dFrDK6RY%2BfPd7hYkQyRj0hMs6UTq%2BJMfPPMv%2Bldb1"}],"group":"cf-nel","max_age":604800}
last-modified: Fri, 11 Jun 2021 12:43:51 GMT
etag: "497-5c47cdc166fc0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 4503
accept-ranges: bytes
cf-ray: 93d5b687dd5a569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1818&min_rtt=576&rtt_var=1244&sent=256&recv=253&lost=0&retrans=0&sent_bytes=50820&recv_bytes=17946&delivery_rate=760353&cwnd=24000&unsent_bytes=0&cid=569fa22e717c5e15&ts=389&x=16"

GET mexa.sh/images/userin.png

104.21.3.103

200 OK

18 kB

URL GET
mexa.sh/images/userin.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced
Size
18 kB (18182 bytes)
Hash
f7354ba97c4568ef41c764f1d5641336
78041d1b15b6af69d015b1dff67bb9d2501fe325
71657baf0148a08ee00ee4b43ab8106c192c670b34f853817a64dcff40fe1eba

HTTP Headers

GET /images/userin.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 18182
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e9eIldBPDRzERYypCUAZmU5GbQfabTkZpAaWLi9PHhXeypISLpoEZVCDL2wS2tRpEQKvM9VFy5Qa9Mef3V8RJma80G7UsttoJJTvNJXzP70sLisD8JgXYayH"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4706-550b66ea30280"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4503
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 93d5b687dd5c569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1818&min_rtt=576&rtt_var=1244&sent=256&recv=253&lost=0&retrans=0&sent_bytes=50820&recv_bytes=17946&delivery_rate=760353&cwnd=24000&unsent_bytes=0&cid=569fa22e717c5e15&ts=390&x=16"

GET mexa.sh/images/regicon.png

104.21.3.103

200 OK

20 kB

URL GET
mexa.sh/images/regicon.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced
Size
20 kB (19508 bytes)
Hash
363e2a7e57bf3cb4da7d113445cd676f
15c3bba1a21d1543ee17ccd57a304f1efedca876
012602b63f0fb6df165120eddb63fd137f160b56be0185cbe59aa6731f994779

HTTP Headers

GET /images/regicon.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 19508
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j0gOUFMbpRE8zRemsH5sYseXFxOGPu2Wb7CNbW%2BsLdmjD4U2UAtzi%2BYJl1N2rGvbyr3Yzhxwm0I1ERFvnl67yQ6%2F3zQyAabRfdzL1S%2BZNEIEkAfL2ZaMie8b"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4c34-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 4503
accept-ranges: bytes
cf-ray: 93d5b687dd5d569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1818&min_rtt=576&rtt_var=1244&sent=256&recv=253&lost=0&retrans=0&sent_bytes=50820&recv_bytes=17946&delivery_rate=760353&cwnd=24000&unsent_bytes=0&cid=569fa22e717c5e15&ts=390&x=16"

GET mexa.sh/js/jquery.cookie.js

104.21.3.103

200 OK

3.1 kB

URL GET
mexa.sh/js/jquery.cookie.js
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
JavaScript source, ASCII text
Size
3.1 kB (3121 bytes)
Hash
ff14e4812b7f512e620b1ad35542bcfc
c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae
c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96

HTTP Headers

GET /js/jquery.cookie.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h1xH7hYyEPIet3yQmp9qLq7cdzUTOTW4TP3Y01%2FvIJxZHwP6z3h1DyUCwZzYffKvE3m6QHaimio%2FadJuxD3jiBvyLD7BXkkFJH4W0ow99mCTmei4%2B5uZkgjv"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"c31-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
age: 4504
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 93d5b687cd54569a-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1888&min_rtt=576&rtt_var=1473&sent=234&recv=252&lost=0&retrans=0&sent_bytes=26820&recv_bytes=17900&delivery_rate=2301&cwnd=12000&unsent_bytes=0&cid=569fa22e717c5e15&ts=387&x=16"

GET mexa.sh/images/premchar.png

104.21.3.103

200 OK

70 kB

URL GET
mexa.sh/images/premchar.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 120 x 142, 16-bit/color RGBA, non-interlaced
Size
70 kB (69808 bytes)
Hash
e3a6c4b647e9c8b789b17a98fb6d75f8
c7428a76951933962ef1d7400b37ba9ef91d6afd
0b96b573944cb4d34a5ee132b09eb322845c82a7ef1a3db0931927c336735d69

HTTP Headers

GET /images/premchar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 69808
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rpn8R72VUfb3gqzqXA%2BRix06%2BohKiyDxMgT4P1AJfnDmNR4ARZaOOUgYZMjHqCpHTc%2B8F4m%2BrAsJ5XseqFSX%2BMWqo%2BLSj2Fgrs9OKKzC%2FxrejXUWZHmkTloi"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "110b0-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 463
accept-ranges: bytes
cf-ray: 93d5b6890d69569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1856&min_rtt=576&rtt_var=610&sent=565&recv=265&lost=0&retrans=0&sent_bytes=397791&recv_bytes=20308&delivery_rate=8705025&cwnd=192000&unsent_bytes=0&cid=569fa22e717c5e15&ts=583&x=16"

GET mexa.sh/8ivuk6wahbpt/favicon.ico

104.21.3.103

302 Found

14 kB

URL GET
mexa.sh/8ivuk6wahbpt/favicon.ico
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type

Size
14 kB (14069 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /8ivuk6wahbpt/favicon.ico HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Sat, 10 May 2025 01:37:44 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jP99jGFJ7av1LUpRn4qooYRu5wFAB2H1s3ny4O%2B3iwe3Qb2Z1AF%2BkE5o%2BgH%2BFh4KpHfspx3iNWiliYgTnG7KEd2LRGN79p2JMwv93hEKj2NX68Dy164LNtTH"}],"group":"cf-nel","max_age":604800}
location: https://mexa.sh/8ivuk6wahbpt
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
cf-ray: 93d5b68cad76569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3017&min_rtt=576&rtt_var=1839&sent=708&recv=271&lost=0&retrans=0&sent_bytes=564168&recv_bytes=21105&delivery_rate=1811738&cwnd=192000&unsent_bytes=0&cid=569fa22e717c5e15&ts=1376&x=16"

GET my.rtmark.net/gid.js?userId=0081c521eef94e59fe20ae1d6a294f3b

172.64.146.234

200 OK

65 B

URL GET
my.rtmark.net/gid.js?userId=0081c521eef94e59fe20ae1d6a294f3b
IP
172.64.146.234:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint61:93:FB:BF:25:C3:CE:7B:CB:69:5D:87:04:AA:ED:1B:35:8D:44:82
ValidityFri, 02 May 2025 11:10:51 GMT - Thu, 31 Jul 2025 12:10:47 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
d0b3300622dde42c4166264ec5a67a03
fa740b3176131be7728f3da40c220e62fd8a1e75
664d355c255676636498b94feac4295386f435fc5548b61f5c70a452e03b7ba3

HTTP Headers

GET /gid.js?userId=0081c521eef94e59fe20ae1d6a294f3b HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 10 May 2025 01:37:44 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mexa.sh
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0081c521eef94e59fe20ae1d6a294f3b; expires=Sun, 10 May 2026 01:37:44 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 93d5b68b6e7856b1-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mexa.sh/images/navbar.png

104.21.3.103

200 OK

22 kB

URL GET
mexa.sh/images/navbar.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced
Size
22 kB (22290 bytes)
Hash
e7c056eea6e071b1f5309d5db50c057a
833e979751da5fffe28b8761b322d16481a24c2e
34785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9

HTTP Headers

GET /images/navbar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 22290
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=svU8GHKYLnzcncLHHJzChcn4OR1Knzghp0s6vclQ4YJqcCmzMlElwnZdjaa332s%2BLtQJ5nUZueYrdMs738c1W2tjlzEN221apgLoXhmJoMDgGii5gluXPm3i"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "5712-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 4503
accept-ranges: bytes
cf-ray: 93d5b688ed66569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1954&min_rtt=576&rtt_var=763&sent=454&recv=259&lost=0&retrans=0&sent_bytes=271814&recv_bytes=18736&delivery_rate=14461251&cwnd=192000&unsent_bytes=0&cid=569fa22e717c5e15&ts=563&x=16"

GET www.googletagmanager.com/gtag/js?id=G-SBML259V1V&cx=c&gtm=457e5571za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116

142.250.74.168

200 OK

380 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-SBML259V1V&cx=c&gtm=457e5571za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, ASCII text, with very long lines (6125)
Size
380 kB (380423 bytes)
Hash
e47cf228b83aa7e637ba6f745d07c044
af8f6377f1ada8372e003862195304da21d5f1c9
bff8325005c5937c2266f93ce2ce7fa6fa9838771cad8c249e67836d0e5bc064

HTTP Headers

GET /gtag/js?id=G-SBML259V1V&cx=c&gtm=457e5571za200&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103284320~103284322~103301114~103301116 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 May 2025 01:37:44 GMT
expires: Sat, 10 May 2025 01:37:44 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1075:0
report-to: {"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
server: Google Tag Manager
content-length: 127016
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET mexa.sh/images/logo1_1x.png

104.21.3.103

200 OK

38 kB

URL GET
mexa.sh/images/logo1_1x.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 300 x 70, 8-bit/color RGBA, non-interlaced
Size
38 kB (38035 bytes)
Hash
037f1c3e351f635f706eda54b812c40a
8aa7dd796e3b41fdf3f523edf6a24995fc6ca8fa
30ef46dd068df61a603fa7a022c1aecd1a841c58d98fd1ceceea80ba342e8408

HTTP Headers

GET /images/logo1_1x.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 38035
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JIblrlu0ZCElpJFd0nM14UxObWmMV0S7Qm0X7xJuHcjfOusjICbU5WAJaL%2FxngdRdW%2BJsMhfRg9IxnbNVW6ehtno6dDcr79y6DCtX%2B2aZyNPKGZ3ADZTsYL%2F"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "9493-550b66ea30280"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4503
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 93d5b687dd56569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1888&min_rtt=576&rtt_var=1473&sent=223&recv=252&lost=0&retrans=0&sent_bytes=14820&recv_bytes=17900&delivery_rate=2301&cwnd=12000&unsent_bytes=0&cid=569fa22e717c5e15&ts=387&x=16"

GET mexa.sh/images/free_download.png

104.21.3.103

200 OK

32 kB

URL GET
mexa.sh/images/free_download.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced
Size
32 kB (32532 bytes)
Hash
46a5fd5732a87850dd58f70c8c870430
9ae7b42ff28fd2129aa5e67057f9d4d198a717eb
9d83ca5cc56ca22555b7760e69827e4cb916ededbedf291e5d877f6e01219487

HTTP Headers

GET /images/free_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 32532
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jeJ6dcwuoozC3M7wPrPVyMOtHeDLopcMyNcNX%2FISIZjfCGZqoGMglrAPwCs7ZbUJO9LbOxUijGewxcIWeIAdNHmDIC1%2Fbx2g%2F1xjqR8I0PlhkW6Mv8fnxSu0"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "7f14-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 463
accept-ranges: bytes
cf-ray: 93d5b6890d68569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1811&min_rtt=576&rtt_var=692&sent=536&recv=264&lost=0&retrans=0&sent_bytes=363782&recv_bytes=20262&delivery_rate=6366370&cwnd=192000&unsent_bytes=0&cid=569fa22e717c5e15&ts=580&x=16"

GET mexa.sh/8ivuk6wahbpt

104.21.3.103

200 OK

14 kB

URL GET
mexa.sh/8ivuk6wahbpt
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text, with very long lines (10947), with CRLF line terminators
Size
14 kB (14069 bytes)
Hash
f33f329d7c48c547229e1e9b50812ae9
9429726d2677a25bdc6e50f2cd6dc4bdf97c9a15
b6b94da364b04de5ef31acbfc8bc07638138a330752bd0b7a6d0c632836dafc0

HTTP Headers

GET /8ivuk6wahbpt HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
DNT: 1
Connection: keep-alive
Cookie: lang=english; _ga_SBML259V1V=GS2.1.s1746841064$o1$g0$t1746841064$j0$l0$h0; _ga=GA1.1.1554469510.1746841065
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:46 GMT
content-type: text/html ; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nuckRYdUTLQEqBjdqV%2BMhmtJCqyyGFx97I6aYLXkOVv9ncgvMoBigxrhgj4DGyMqXzHQtltZHKBVGps5GVvA86p6ueMh6l6%2Bw6hODG3q5BwfjVrIZiVJqN2E"}],"group":"cf-nel","max_age":604800}
expires: Fri, 09 May 2025 01:37:46 GMT
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
cf-ray: 93d5b6908d7d569a-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2852&min_rtt=576&rtt_var=1710&sent=710&recv=273&lost=0&retrans=0&sent_bytes=564806&recv_bytes=21527&delivery_rate=2475&cwnd=192000&unsent_bytes=0&cid=569fa22e717c5e15&ts=2863&x=16"

GET mexa.sh/js/paging.js

104.21.3.103

200 OK

1.7 kB

URL GET
mexa.sh/js/paging.js
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text
Size
1.7 kB (1709 bytes)
Hash
43e50aa00ad654da80af8f7936afd4c6
fb5921b855cce329191077b7e93563029d703545
e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657

HTTP Headers

GET /js/paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JVz5KZef9phjKyDd%2BWn9yW1P48pu6dCzFO0IDUH1g9PoqD8ojcl6l%2FrBsOy4T%2BoyoHq3W%2FYbQtdMBXPkMP7jCjR3ZZcVFrtJ%2BgxJUxI1jALV6%2BEkb5NTpqBa"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"6ad-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
age: 467
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 93d5b687cd55569a-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1888&min_rtt=576&rtt_var=1473&sent=234&recv=252&lost=0&retrans=0&sent_bytes=26820&recv_bytes=17900&delivery_rate=2301&cwnd=12000&unsent_bytes=0&cid=569fa22e717c5e15&ts=387&x=16"

GET mexa.sh/js/jquery.paging.js

104.21.3.103

200 OK

19 kB

URL GET
mexa.sh/js/jquery.paging.js
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
JavaScript source, ASCII text
Size
19 kB (19365 bytes)
Hash
d7a2c1c7af2a004a6d68e1e55b1cfb46
7fd6daa7076c30381880519ad06ef5639b19ee28
c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6

HTTP Headers

GET /js/jquery.paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j5EhIE4OZlAEqTuFTBF0JnJr4D3Uo27Tpb6AqMvpK1h7pNkBCPjrUG%2BR5dLG4HoYAb54NAFhmqSpeyhnwVLLCZQc1AeFaFtA7W0zxrmBBLaXDt25okBVvGIS"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"4ba5-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
age: 4413
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 93d5b687cd53569a-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1888&min_rtt=576&rtt_var=1473&sent=234&recv=252&lost=0&retrans=0&sent_bytes=26820&recv_bytes=17900&delivery_rate=2301&cwnd=12000&unsent_bytes=0&cid=569fa22e717c5e15&ts=388&x=16"

GET obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js

172.240.253.132

403 Forbidden

0 B

URL GET
obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerLet's Encrypt
Subjectobeseglobewimp.com
Fingerprint0C:E3:31:54:61:B6:05:D4:68:C1:35:75:D0:EF:63:38:10:C2:71:47
ValidityFri, 02 May 2025 23:02:15 GMT - Thu, 31 Jul 2025 23:02:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js HTTP/1.1
Host: obeseglobewimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.21.6
Date: Sat, 10 May 2025 01:37:44 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 1
Host: obeseglobewimp.com

GET mexa.sh/images/.png

104.21.3.103

404 Not Found

3.3 kB

URL GET
mexa.sh/images/.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text
Size
3.3 kB (3301 bytes)
Hash
f3c091a2b91e7970fa4602d60103dc67
af5f70406fabc9e192b349e5aee7dc9a67d05f18
6e9e4b1516efd000e0f4b2ce737cb6b418c14f8b6029733c23853db1ed532f14

HTTP Headers

GET /images/.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 10 May 2025 01:37:43 GMT
content-type: text/html; charset=utf-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lL6RbpcF%2FXZY2IuyY8TcSE5uAWCLSVK7%2FwVmPoF4r6uZjg7ev4kofJgBtBkbUT7xI7g0%2FYc8Uhv19icI3FEDRTnvZ8BiI509UZ3MjBBQlcFm4P6Q3yRRrMbY"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 17 Dec 2019 16:49:23 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: EXPIRED
content-encoding: br
cf-ray: 93d5b688ed65569a-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2364&min_rtt=576&rtt_var=1469&sent=684&recv=267&lost=0&retrans=0&sent_bytes=539110&recv_bytes=20402&delivery_rate=22175991&cwnd=192000&unsent_bytes=0&cid=569fa22e717c5e15&ts=724&x=16"

GET mexa.sh/images/premium_download.png

104.21.3.103

200 OK

36 kB

URL GET
mexa.sh/images/premium_download.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced
Size
36 kB (35695 bytes)
Hash
75737b3b7b2586619b43ab184c2f95bf
89878f4f4aafb8637e9e9c50eedbba12e1cb74eb
e05df009685a645cba141b9e0d534c8abd9b23ec997e0894e585702c73e04a5f

HTTP Headers

GET /images/premium_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 35695
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CRLSVQQdHbhCs%2BBynw6gmlp01PIqgnUn3oa6PPud6CxNyWez8ZV%2BWuGmL0mxFMU8Y55%2FNSzOm44swv7MO4gzw9unrpChZwOcRLmfa%2Fc1XDsXClcarxSMRS7m"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "8b6f-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 463
accept-ranges: bytes
cf-ray: 93d5b6890d6b569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1811&min_rtt=576&rtt_var=692&sent=504&recv=264&lost=0&retrans=0&sent_bytes=326519&recv_bytes=20262&delivery_rate=6366370&cwnd=192000&unsent_bytes=0&cid=569fa22e717c5e15&ts=577&x=16"

GET mexa.sh/images/navbara.png

104.21.3.103

200 OK

22 kB

URL GET
mexa.sh/images/navbara.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced
Size
22 kB (22290 bytes)
Hash
e7c056eea6e071b1f5309d5db50c057a
833e979751da5fffe28b8761b322d16481a24c2e
34785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9

HTTP Headers

GET /images/navbara.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:44 GMT
content-type: image/png
content-length: 22290
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dWu%2BMXdlJ7tXj8cl9ZaPpOIg%2BhBCIpL9J0GxGOaBoz9VZsuJpvv5THsIhJl8Kf9Coo0FBRid1880B%2BlxMaNnixcEEPtnqBRgF1Wx7%2Bm0X%2F%2BwMNs8LgOSQMEs"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5712-550b66eb244c0"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 460
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 93d5b68c5d75569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2951&min_rtt=576&rtt_var=2275&sent=687&recv=269&lost=0&retrans=0&sent_bytes=540646&recv_bytes=20749&delivery_rate=201128&cwnd=192000&unsent_bytes=0&cid=569fa22e717c5e15&ts=1108&x=16"

OPTIONS waisheph.com/wrr?z=7359319&p_rid=907490e7-c641-48d7-bd2d-aa5b0644b84d&rb=X9VlGndgY9-NedKlDTQfqSXf_1ndcK96OTv7u3cC0tpKcDW4DlKy1syTx9fXNkFxnB3OFopGVYdMsiwN4uApE_HHrq6mvBaNnIH910_CFeDvyV_AmeVAl7JgXAm8BvqDwI-coOUbPOBolgu1HDvscY6KMK2eM98MKBUlnhVl5ezou3cl1hfQfcHEBD7NpLgsj504iX6Ql37HNw1ws5CfENoFJSzT8f6SEOitZxiXLRfLcVaCGD5jhIa8mB0ChrFu7wAug4NNDFZLP8hPW7PNsA==&dmn=waisheph.com&userId=0081c521eef94e59fe20ae1d6a294f3b

139.45.197.119

204 No Content

0 B

URL OPTIONS
waisheph.com/wrr?z=7359319&p_rid=907490e7-c641-48d7-bd2d-aa5b0644b84d&rb=X9VlGndgY9-NedKlDTQfqSXf_1ndcK96OTv7u3cC0tpKcDW4DlKy1syTx9fXNkFxnB3OFopGVYdMsiwN4uApE_HHrq6mvBaNnIH910_CFeDvyV_AmeVAl7JgXAm8BvqDwI-coOUbPOBolgu1HDvscY6KMK2eM98MKBUlnhVl5ezou3cl1hfQfcHEBD7NpLgsj504iX6Ql37HNw1ws5CfENoFJSzT8f6SEOitZxiXLRfLcVaCGD5jhIa8mB0ChrFu7wAug4NNDFZLP8hPW7PNsA==&dmn=waisheph.com&userId=0081c521eef94e59fe20ae1d6a294f3b
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
Fingerprint55:8E:9B:78:63:25:7D:D9:D4:16:D1:B4:45:57:9A:F1:A3:1A:A9:3A
ValidityThu, 01 May 2025 02:32:40 GMT - Wed, 30 Jul 2025 02:32:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /wrr?z=7359319&p_rid=907490e7-c641-48d7-bd2d-aa5b0644b84d&rb=X9VlGndgY9-NedKlDTQfqSXf_1ndcK96OTv7u3cC0tpKcDW4DlKy1syTx9fXNkFxnB3OFopGVYdMsiwN4uApE_HHrq6mvBaNnIH910_CFeDvyV_AmeVAl7JgXAm8BvqDwI-coOUbPOBolgu1HDvscY6KMK2eM98MKBUlnhVl5ezou3cl1hfQfcHEBD7NpLgsj504iX6Ql37HNw1ws5CfENoFJSzT8f6SEOitZxiXLRfLcVaCGD5jhIa8mB0ChrFu7wAug4NNDFZLP8hPW7PNsA==&dmn=waisheph.com&userId=0081c521eef94e59fe20ae1d6a294f3b HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sat, 10 May 2025 01:37:45 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET mexa.sh/css_newTheme/style.css

104.21.3.103

200 OK

40 kB

URL GET
mexa.sh/css_newTheme/style.css
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
ASCII text
Size
40 kB (39810 bytes)
Hash
3c6420826cc1647abda78120299c0eb6
bf10714579e64ee828627f828695fe093c5b810f
3688ad50ef9e8944e982c4e017363d2454b84814b3a289af6dc9a341988180e7

HTTP Headers

GET /css_newTheme/style.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W1MJixpBZ2HyhfVwwtw0T1onWDNypdKZZgej6XCryEPGQP1T5GPU%2F%2Bi1bduijmFa5iiLB%2FvxdBRk6XLNSmmMZ2wxvRgKb0JHnUo6dX%2BeuxM3D5LtqTFQl9vj"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 09 Aug 2017 05:59:44 GMT
etag: W/"9b82-5564bc956d400"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 4504
content-encoding: br
cf-ray: 93d5b687cd50569a-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1773&min_rtt=576&rtt_var=1024&sent=300&recv=254&lost=0&retrans=0&sent_bytes=98820&recv_bytes=17993&delivery_rate=8827787&cwnd=48000&unsent_bytes=0&cid=569fa22e717c5e15&ts=395&x=16"

GET mexa.sh/images/navicon5.png

104.21.3.103

200 OK

16 kB

URL GET
mexa.sh/images/navicon5.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (15551 bytes)
Hash
002d70c5e45c4d81587ca7d82dca6577
d830a98de6a02ca22933b9f24cadf848499419d3
de5ce08ee842e8f12bfcc0c14dde4bb1e3c2fb695d32a36122b859c7f42b39d3

HTTP Headers

GET /images/navicon5.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 15551
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hJEb9dGciIHrS%2B4eO9PV8spDiO9MR4gIwOGkRnLrttplpbzmetWiRLuzABvVf1qxSBXPlLDyhHoKtDF70TXoOZHzUm7pj8zPU9HbdrcBPG6f4bcKwztpyUyk"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3cbf-550b66ea30280"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4503
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 93d5b687dd5b569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1888&min_rtt=576&rtt_var=1473&sent=234&recv=252&lost=0&retrans=0&sent_bytes=26820&recv_bytes=17900&delivery_rate=2301&cwnd=12000&unsent_bytes=0&cid=569fa22e717c5e15&ts=389&x=16"

GET waisheph.com/5/7359319

139.45.197.119

200 OK

108 kB

URL GET
waisheph.com/5/7359319
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
Fingerprint55:8E:9B:78:63:25:7D:D9:D4:16:D1:B4:45:57:9A:F1:A3:1A:A9:3A
ValidityThu, 01 May 2025 02:32:40 GMT - Wed, 30 Jul 2025 02:32:39 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107586 bytes)
Hash
c50b9b70464f298f13f4c12a960aa5ca
c473c3996ed45404c860c807fdc9f868a7f8826e
b1367d94f7a2b3445317971a6594dd600d82c1a7a5014a217c5e83cae83e3d33

HTTP Headers

GET /5/7359319 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 01:37:43 GMT
content-type: application/javascript
x-trace-id: dcdef4c710ba0c8b27a4304a4a0ae4ef
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081c521eef94e59fe20ae1d6a294f3b; expires=Sun, 10 May 2026 01:37:43 GMT; path=/; secure; SameSite=None
oaidts=1746841063; expires=Sun, 10 May 2026 01:37:43 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET mexa.sh/images/navicon3.png

104.21.3.103

200 OK

16 kB

URL GET
mexa.sh/images/navicon3.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (15889 bytes)
Hash
715335986af196b81f68fa792f5a7f53
b6b2f12993db399f86883315310869dccbd75ec5
aed030aceb42be1e4b98b63eaac7064b3cd6a08fa4806d967be6bd47c449b76f

HTTP Headers

GET /images/navicon3.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 15889
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BPQ9QmrGMAHJXEEScIM%2BZFAwhcaCp5tEa6t8yoQzAiq%2F%2B3W%2FoETq992qOp5UccLAj5yOe%2F1U2mQLHZSJkaAQWihnEw6tXaL987eT7llL8xvXFfRhfCpaTaSl"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "3e11-550b66eb244c0"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4503
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 93d5b687dd59569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1888&min_rtt=576&rtt_var=1473&sent=234&recv=252&lost=0&retrans=0&sent_bytes=26820&recv_bytes=17900&delivery_rate=2301&cwnd=12000&unsent_bytes=0&cid=569fa22e717c5e15&ts=388&x=16"

GET mexa.sh/images/navicon2.png

104.21.3.103

200 OK

16 kB

URL GET
mexa.sh/images/navicon2.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (16374 bytes)
Hash
86665a37cea72cd507ceb7e7282c74f8
f7707000a81a04f217ec9bd93995a0b9fc424037
ee6d96bdbf6cffc4e603a1845255d94861452f9132d400388c10c2b3d6fb3db1

HTTP Headers

GET /images/navicon2.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 16374
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UNW6fLpkxCXvvf7k8o6wYgWD55B%2Bc2KKHdwQ3PTODirnpkwmtOShaHC18l14zZJ21EOe6CC%2FOOFma%2Bknr%2B4eDDaT9K7WAoqOj8a%2B0oSNDPNT6rFVteN9NamF"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:33 GMT
etag: "3ff6-550b66e93c040"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4503
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 93d5b687dd58569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1888&min_rtt=576&rtt_var=1473&sent=223&recv=252&lost=0&retrans=0&sent_bytes=14820&recv_bytes=17900&delivery_rate=2301&cwnd=12000&unsent_bytes=0&cid=569fa22e717c5e15&ts=387&x=16"

GET mexa.sh/images/download1.png

104.21.3.103

200 OK

24 kB

URL GET
mexa.sh/images/download1.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced
Size
24 kB (23553 bytes)
Hash
26b1df6a0077b0e57862d48f78ca6f62
c1333ea62ff83bc3ad7e5e79085a4e2054684106
118653ed567e17878bbc0f821c1858d8f2ea9a65a84a2e3dd8177d5393052b86

HTTP Headers

GET /images/download1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 23553
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KBCc8r%2B30FRdoD7MNJfxNT0Oyy000TWvdHwlqWzbON%2FNJFmw4uS6qkm%2FAlMFGtWTSSOUeKQ9eezEnk8l4pPoDw%2BO%2BPB%2FZdDZybn0STN1LweHJTiPNxz8XdTV"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5c01-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 468
accept-ranges: bytes
cf-ray: 93d5b687dd5e569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1818&min_rtt=576&rtt_var=1244&sent=256&recv=253&lost=0&retrans=0&sent_bytes=50820&recv_bytes=17946&delivery_rate=760353&cwnd=24000&unsent_bytes=0&cid=569fa22e717c5e15&ts=390&x=16"

GET mexa.sh/images/no211.png

104.21.3.103

200 OK

720 B

URL GET
mexa.sh/images/no211.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
Size
720 B (720 bytes)
Hash
5508fda2890fd7f0368dcb662b600dd8
1bcb3a7bfbb7d9085116d57ff120929628d68440
4412e2285d723b472c86f2bd2ecc0b8009d26eea38d3a906d7bce0e512677726

HTTP Headers

GET /images/no211.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 720
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xMdAmTU05VM440f%2Fo9Yd5IGXQdI8dGcFu27NUeXHRmNRFZB0a50c%2F0kSnjFnzC8puNCqgQq8JLUV7zp5nmXhFZ4FljjRdfodw%2BrSJHmFFNNur%2F3KkPt9L4Uh"}],"group":"cf-nel","max_age":604800}
last-modified: Mon, 26 Aug 2019 15:38:33 GMT
etag: "2d0-59106f2ce7040"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 467
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 93d5b687dd60569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1773&min_rtt=576&rtt_var=1024&sent=300&recv=254&lost=0&retrans=0&sent_bytes=98820&recv_bytes=17993&delivery_rate=8827787&cwnd=48000&unsent_bytes=0&cid=569fa22e717c5e15&ts=392&x=16"

GET mexa.sh/images/flags.png

104.21.3.103

200 OK

30 kB

URL GET
mexa.sh/images/flags.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 1248 x 11, 8-bit/color RGBA, non-interlaced
Size
30 kB (29723 bytes)
Hash
df0a3afc77d0c08cdea27ac3a7b9620c
8248d5c5e5eddeaa75a5a0b5490b58e0e61b6900
a38e9ae7d0318307be9b3c7aaccaf64e484d775fe9a507f850b9e4bfa314cf03

HTTP Headers

GET /images/flags.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/style.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 29723
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tg7mjeZTY2Pgxodjj4yj3he58XlPgasnS5Zy5W8xUiHcWxBYQoS%2BU8uHL%2BY9MYAh8xS4cHYKNPEYPsATwDdrTT9F6U4iFkgBqNkCm%2ByEFhdy5apxZrBXSwFC"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "741b-550b66ea30280"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4503
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 93d5b688fd67569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1910&min_rtt=576&rtt_var=659&sent=477&recv=263&lost=0&retrans=0&sent_bytes=295378&recv_bytes=20217&delivery_rate=1555865&cwnd=192000&unsent_bytes=0&cid=569fa22e717c5e15&ts=570&x=16"

GET mexa.sh/css_newTheme/main.css

104.21.3.103

200 OK

35 kB

URL GET
mexa.sh/css_newTheme/main.css
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
assembler source, ASCII text, with very long lines (1426)
Size
35 kB (35326 bytes)
Hash
2f075bd8c1fed47ee1ebcaea76c5f036
66e03118be7fa1415deebd13efa08362224f1ed9
eb10cdca88afebbb0b6af470c50a76cbabfc864193b0c535d93dcea81321c49e

HTTP Headers

GET /css_newTheme/main.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FdrnplFqxbr2I61Fe5bVLcLVaELqBaEqi7xf9EpA3U8tBHP02jRconAbvYyMXXC%2FlCYlv%2FngKZPs%2F2rMGfLpzdXJfXtToAmdwWVmNG5VBINjKLlqgybh9Wt%2F"}],"group":"cf-nel","max_age":604800}
last-modified: Sun, 13 Jan 2019 07:31:45 GMT
etag: W/"89fe-57f51eb945a40"
x-test-header: 1
x-content-type-options: nosniff
age: 4504
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 93d5b687cd51569a-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1888&min_rtt=576&rtt_var=1473&sent=234&recv=252&lost=0&retrans=0&sent_bytes=26820&recv_bytes=17900&delivery_rate=2301&cwnd=12000&unsent_bytes=0&cid=569fa22e717c5e15&ts=387&x=16"

GET mexa.sh/js/jquery-1.9.1.min.js

104.21.3.103

200 OK

93 kB

URL GET
mexa.sh/js/jquery-1.9.1.min.js
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
JavaScript source, ASCII text, with very long lines (32089)
Size
93 kB (92629 bytes)
Hash
397754ba49e9e0cf4e7c190da78dda05
ae49e56999d82802727455f0ba83b63acd90a22b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

HTTP Headers

GET /js/jquery-1.9.1.min.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BDUEnh0BwPrJ8gFedJUt1T13lrv6FIxtEKkWvrqRestJZouIRL3r%2BhaKOrKcOyUcvzwnn75SERh25oKH8yG2nWseyLYdaWR%2FdYqbCETYZC57VlcaMg6VmAXB"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"169d5-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
age: 4504
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 93d5b687cd52569a-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1818&min_rtt=576&rtt_var=1244&sent=256&recv=253&lost=0&retrans=0&sent_bytes=50820&recv_bytes=17946&delivery_rate=760353&cwnd=24000&unsent_bytes=0&cid=569fa22e717c5e15&ts=390&x=16"

GET www.googletagmanager.com/gtag/js?id=UA-79936000-1

142.250.74.168

200 OK

272 kB

URL GET
www.googletagmanager.com/gtag/js?id=UA-79936000-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, ASCII text, with very long lines (5432)
Size
272 kB (272546 bytes)
Hash
7ae7ac156d97944b15db606aba826725
263f693816ff9abbb4ecb881688de7df479c94e0
1d5bb65b95a01ed402762ea3421cde00752a50d7084f6096614652bfa0e22922

HTTP Headers

GET /gtag/js?id=UA-79936000-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 May 2025 01:37:43 GMT
expires: Sat, 10 May 2025 01:37:43 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1075:0
report-to: {"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
server: Google Tag Manager
content-length: 96075
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET mexa.sh/images/yep_d.png

104.21.3.103

200 OK

15 kB

URL GET
mexa.sh/images/yep_d.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
Size
15 kB (15222 bytes)
Hash
662d1738accf3ec5f5c95a0e4896b232
8b1907196139b8819ffd1a77b3b71d3872ca848f
2c3e1756a8ea4bb4fca505be1a11e169adf01017e5fecd3602f3895f1b4450c3

HTTP Headers

GET /images/yep_d.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 15222
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FHlhHmbcyU58Pq3lT5R6XZw%2BtB1pPVkcON7o8MSAPIQlPoMJTy80hvEDkL541BtmumxBEXpxLM19kAkn9MEXeALW%2BCjDGbt8YMRDi8mSU35cU0EaIT%2FaBaza"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3b76-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 468
accept-ranges: bytes
cf-ray: 93d5b687dd61569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1773&min_rtt=576&rtt_var=1024&sent=300&recv=254&lost=0&retrans=0&sent_bytes=98820&recv_bytes=17993&delivery_rate=8827787&cwnd=48000&unsent_bytes=0&cid=569fa22e717c5e15&ts=393&x=16"

GET mexa.sh/images/frechar.png

104.21.3.103

200 OK

67 kB

URL GET
mexa.sh/images/frechar.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 120 x 144, 16-bit/color RGBA, non-interlaced
Size
67 kB (66710 bytes)
Hash
7adab309ecff73216286b6d34b795e7c
f2791da7bcea6e23cb2ae8beb1724c6a003cb3c8
1b2f0a33a03b71c4f76186a368adb3ebacf73dde3b770fe30b93cb4a54188078

HTTP Headers

GET /images/frechar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: image/png
content-length: 66710
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2joxv8j8vTKjPn5GCxHeVTJe7RaIRtWRAW%2FBh%2BcnKyaBsc2GFSyQvgeK%2BQjsk9gUd0e2U8ITtHPdWRIKC6DFYQemX6QIc7oRww6PCyGb2snkl15lLxuvPEk%2F"}],"group":"cf-nel","max_age":604800}
last-modified: Fri, 19 Jul 2024 07:38:56 GMT
etag: "10496-61d94c9aac4eb"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 463
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 93d5b6890d6a569a-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1856&min_rtt=576&rtt_var=610&sent=626&recv=265&lost=0&retrans=0&sent_bytes=470047&recv_bytes=20308&delivery_rate=8705025&cwnd=192000&unsent_bytes=0&cid=569fa22e717c5e15&ts=585&x=16"

POST waisheph.com/wrr?z=7359319&p_rid=907490e7-c641-48d7-bd2d-aa5b0644b84d&rb=X9VlGndgY9-NedKlDTQfqSXf_1ndcK96OTv7u3cC0tpKcDW4DlKy1syTx9fXNkFxnB3OFopGVYdMsiwN4uApE_HHrq6mvBaNnIH910_CFeDvyV_AmeVAl7JgXAm8BvqDwI-coOUbPOBolgu1HDvscY6KMK2eM98MKBUlnhVl5ezou3cl1hfQfcHEBD7NpLgsj504iX6Ql37HNw1ws5CfENoFJSzT8f6SEOitZxiXLRfLcVaCGD5jhIa8mB0ChrFu7wAug4NNDFZLP8hPW7PNsA==&dmn=waisheph.com&userId=0081c521eef94e59fe20ae1d6a294f3b

139.45.197.119

204 No Content

0 B

URL POST
waisheph.com/wrr?z=7359319&p_rid=907490e7-c641-48d7-bd2d-aa5b0644b84d&rb=X9VlGndgY9-NedKlDTQfqSXf_1ndcK96OTv7u3cC0tpKcDW4DlKy1syTx9fXNkFxnB3OFopGVYdMsiwN4uApE_HHrq6mvBaNnIH910_CFeDvyV_AmeVAl7JgXAm8BvqDwI-coOUbPOBolgu1HDvscY6KMK2eM98MKBUlnhVl5ezou3cl1hfQfcHEBD7NpLgsj504iX6Ql37HNw1ws5CfENoFJSzT8f6SEOitZxiXLRfLcVaCGD5jhIa8mB0ChrFu7wAug4NNDFZLP8hPW7PNsA==&dmn=waisheph.com&userId=0081c521eef94e59fe20ae1d6a294f3b
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
Fingerprint55:8E:9B:78:63:25:7D:D9:D4:16:D1:B4:45:57:9A:F1:A3:1A:A9:3A
ValidityThu, 01 May 2025 02:32:40 GMT - Wed, 30 Jul 2025 02:32:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /wrr?z=7359319&p_rid=907490e7-c641-48d7-bd2d-aa5b0644b84d&rb=X9VlGndgY9-NedKlDTQfqSXf_1ndcK96OTv7u3cC0tpKcDW4DlKy1syTx9fXNkFxnB3OFopGVYdMsiwN4uApE_HHrq6mvBaNnIH910_CFeDvyV_AmeVAl7JgXAm8BvqDwI-coOUbPOBolgu1HDvscY6KMK2eM98MKBUlnhVl5ezou3cl1hfQfcHEBD7NpLgsj504iX6Ql37HNw1ws5CfENoFJSzT8f6SEOitZxiXLRfLcVaCGD5jhIa8mB0ChrFu7wAug4NNDFZLP8hPW7PNsA==&dmn=waisheph.com&userId=0081c521eef94e59fe20ae1d6a294f3b HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
content-type: application/json
Content-Length: 2573
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sat, 10 May 2025 01:37:45 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip

104.21.3.103

200 OK

14 kB

URL User Request GET
mexa.sh/8ivuk6wahbpt/G-RJ01361324.zip
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text, with very long lines (10902), with CRLF line terminators
Size
14 kB (14024 bytes)
Hash
b39558d62568ea7a33e0d014af4a4780
d5d429cc01350cb0207d9dcd5ce28569545113ba
acc42d246efc426a9d780ccb693c9ece547c76d88f03366b43a0d542bf731f9a

HTTP Headers

GET /8ivuk6wahbpt/G-RJ01361324.zip HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 10 May 2025 01:37:43 GMT
content-type: text/html ; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Fri, 09 May 2025 01:37:43 GMT
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xivF%2F9K68muOX8vJf4pDM7va4OabW1iong4mKqw6zhsrPg7gov%2F5ic82lxl6tE%2FmRF4hwL%2BgIu%2BjVBwrCVsu%2BtthJzT%2BB7rK%2F9TU5BDjmJbwkUKHFycxfjeM"}]}
content-encoding: br
set-cookie: lang=english; Path=/; Domain=mexa.sh
cf-ray: 93d5b683f83f56c6-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML