Report - mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar

Report Overview

Visited public
2025-05-10 23:02:11
Tags
Submit Tags
URL
mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Finishing URL
mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
IP / ASN
172.67.153.131
#13335 CLOUDFLARENET
Title
Download Voice-RJ01322669 rar

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mexa.sh	337577	2019-08-22	2019-08-26	2025-05-10	13 kB	720 kB	188.114.96.1
waisheph.com	74994	2020-11-23	2020-12-10	2025-05-09	3.4 kB	114 kB	139.45.197.119
obeseglobewimp.com	unknown	2025-03-03	2025-03-05	2025-05-10	443 B	605 B	172.240.108.84
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-05-08	461 B	830 B	104.18.41.22
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-05-07	1.0 kB	655 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-10	medium	obeseglobewimp.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	From	Size	First Seen	Last Seen
	mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar	ScriptElement	261 B	2023-03-12	2025-07-02
Pretty URL mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-07-02 23:16 Times Seen92 Hash abbf34430edc9e4d913c44d8a48f2ae3 dc9f6c9c0b7d020d8bc465365a4039daa8cbcc84 f04d076aafba2a5adb1116793b34a04ef9da13f29838dd753bfd7ccfedcda8c9 Loading...

	waisheph.com/5/7359319	ScriptElement	108 kB	2025-05-10	2025-05-10
Pretty URL waisheph.com/5/7359319 IP 139.45.197.119 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 23:02 Last Seen2025-05-10 23:02 Times Seen1 Hash 62f91597280b5ff1d8ebea8955235696 2ce0f52e93e590c77d584f2b7154a05af92a78b8 677d0545da2126686992670c12cb2dc74b823116103799d4ed6942f03b5336f9 Loading...

	www.googletagmanager.com/gtag/js?id=G-SBML259V1V&cx=c&gtm=457e5571za200&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116	ScriptElement	380 kB	2025-05-10	2025-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-SBML259V1V&cx=c&gtm=457e5571za200&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 23:02 Last Seen2025-05-10 23:02 Times Seen1 Hash 47ffc7673191ea22b7743343c1364c4b fc01d899a887212aebcadd0cc27ad3cd9e44381f 1e34d148456b6a9db6f71f140242078313db631928964badd0ce2d7073126186 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-07-03
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-03 00:41 Times Seen384770 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	mexa.sh/js/jquery.cookie.js	ScriptElement	3.1 kB	2023-03-07	2025-07-02
Pretty URL mexa.sh/js/jquery.cookie.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23 Last Seen2025-07-02 23:16 Times Seen2799 Hash ff14e4812b7f512e620b1ad35542bcfc c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96 Loading...

	mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar	ScriptElement	666 B	2023-03-12	2025-07-02
Pretty URL mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-07-02 23:16 Times Seen91 Hash 3ff478c8f993edf7fcf9b0a556256ed5 22391de1683e10171a05ac3453143ea297da9f3e 2840b85566767ff50901311c4a2c2545b5b29e94c8c3aaade614902a04dc45d7 Loading...

	mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar	ScriptElement	154 B	2023-03-12	2025-07-02
Pretty URL mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-07-02 23:16 Times Seen94 Hash c6b02bbb4255c747368479fd2e4300e5 0a5cd83325ceaab81243a71c4ce359edf2d15c03 8b9d20a60322347d585ec6209ba3e9e1bacc7a8aa14c7aa33f3549d10348614c Loading...

	mexa.sh/js/jquery.paging.js	ScriptElement	19 kB	2023-03-07	2025-07-02
Pretty URL mexa.sh/js/jquery.paging.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23 Last Seen2025-07-02 23:16 Times Seen2738 Hash d7a2c1c7af2a004a6d68e1e55b1cfb46 7fd6daa7076c30381880519ad06ef5639b19ee28 c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6 Loading...

	mexa.sh/js/jquery-1.9.1.min.js	ScriptElement	93 kB	2023-03-07	2025-07-03
Pretty URL mexa.sh/js/jquery-1.9.1.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-03 00:17 Times Seen17007 Hash 397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Loading...

	www.googletagmanager.com/gtag/js?id=UA-79936000-1	ScriptElement	273 kB	2025-05-10	2025-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=UA-79936000-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 23:02 Last Seen2025-05-10 23:02 Times Seen1 Hash 3119b6f4251d4bd479717693e5f1b4ae 2c5da0bb80221778ef1773ad6b27bd051dcce650 9dd2bdce070d5a5423d9f5fca27d9f5af565e0b0a69683eadc13629812100ea6 Loading...

	mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar	ScriptElement	172 B	2025-05-10	2025-05-10
Pretty URL mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-10 23:02 Last Seen2025-05-10 23:02 Times Seen1 Hash 1785e49a17c2452426f6b90a5c8ab112 b5a687ac7d4407e433e0fb3fc246ec0513240db4 bccb8703b519915b0711910a74c1fdd8027b999c87ef4addc5748af7545781e9 Loading...

	mexa.sh/js/paging.js	ScriptElement	1.7 kB	2023-03-08	2025-07-02
Pretty URL mexa.sh/js/paging.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:01 Last Seen2025-07-02 23:16 Times Seen688 Hash 43e50aa00ad654da80af8f7936afd4c6 fb5921b855cce329191077b7e93563029d703545 e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657 Loading...

	mexa.sh/us0hb7iiasjl/sandbox%20eval%20code		147 B	2023-04-11	2025-07-03
Pretty URL mexa.sh/us0hb7iiasjl/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-03 00:41 Times Seen385290 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

HTTP Transactions (36)

URL IP Response Size

GET mexa.sh/js/paging.js

188.114.96.1

200 OK

1.7 kB

URL GET
mexa.sh/js/paging.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text
Size
1.7 kB (1709 bytes)
Hash
43e50aa00ad654da80af8f7936afd4c6
fb5921b855cce329191077b7e93563029d703545
e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657

HTTP Headers

GET /js/paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: application/javascript
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:32 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-test-header: 1
x-content-type-options: nosniff
age: 4239
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Kqs8FnQvvWSs%2F8dox0705%2B4%2B2fWaIsxBgYmLgtSY7G8Bo2nnYF8eurIsvZSCD8psTfV1NcpxODUrGD7iHhzrVAQtDRj0KE8yJd6fe7CR7K2j1EONbIYoIOA0"}]}
etag: W/"6ad-550b66e847e00"
content-encoding: br
cf-ray: 93dd0f488c33b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/navicon6.png

188.114.96.1

200 OK

1.2 kB

URL GET
mexa.sh/images/navicon6.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
1.2 kB (1175 bytes)
Hash
91f3dc42cd20fcc67b1f9e4d026ae636
4eb701d8acffe7471ca14183d83fdc8e5d57bec5
a9a1670e3a3b68ddead344606fe60843fc01d9cb439094ad9f813a5b6f072659

HTTP Headers

GET /images/navicon6.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 1175
server: cloudflare
last-modified: Fri, 11 Jun 2021 12:43:51 GMT
etag: "497-5c47cdc166fc0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 4328
priority: u=4,i=?0
accept-ranges: bytes
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=dpxMbH7nBFltUtQKrrBSvo1p6EyuH3iYf0Yip7OvJNN3r7sQh4YtoIJh9F6N798bkjHHBWQ4RnfOKahrol1b0DTCtedW6328VD5wb95QApWFbFx4naDMcWHq"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f488c5db505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/userin.png

188.114.96.1

200 OK

18 kB

URL GET
mexa.sh/images/userin.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced
Size
18 kB (18182 bytes)
Hash
f7354ba97c4568ef41c764f1d5641336
78041d1b15b6af69d015b1dff67bb9d2501fe325
71657baf0148a08ee00ee4b43ab8106c192c670b34f853817a64dcff40fe1eba

HTTP Headers

GET /images/userin.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 18182
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4706-550b66ea30280"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4238
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DsBkalQR%2Bv3ETRkxjXlFO%2BYRyQ8ChAQWxOXV1m%2BTqEuDvlaXqUHQbe2KEpF8EX%2F3Z15qpA0oBljMzUa4%2FUYfc54%2FrMUQz6d4TrWM0v54R6Ecoh%2Bv33%2FmJPs%2F"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f489c86b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar

188.114.96.1

200 OK

14 kB

URL User Request GET
mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text, with very long lines (10904), with CRLF line terminators
Size
14 kB (14038 bytes)
Hash
c7e382f78d3a7832abdad8f9437caaa1
8e73107a081c40c34de43cd920bdad93ab0205a1
5e8bffe69cced9d7682899f70a46f72eef8ca3abb2cfa3e4301d0f50dee6368e

HTTP Headers

GET /us0hb7iiasjl/Voice-RJ01322669.rar HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: text/html ; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Fri, 09 May 2025 23:01:38 GMT
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=X6k7X8P5kb18OEOqq9Q47KJY4Par%2FwwXmlAvKQcoydb9PSEq73PyLvyVoQmkha8owtL%2B8ui6w24AgDrabA9FAQS4M5fl8JdAVwVxF47AyMHq0uXugIW%2FWK6J"}]}
content-encoding: br
set-cookie: lang=english; Path=/; Domain=mexa.sh
cf-ray: 93dd0f455ce35687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mexa.sh/images/logo1_1x.png

188.114.96.1

200 OK

38 kB

URL GET
mexa.sh/images/logo1_1x.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 300 x 70, 8-bit/color RGBA, non-interlaced
Size
38 kB (38035 bytes)
Hash
037f1c3e351f635f706eda54b812c40a
8aa7dd796e3b41fdf3f523edf6a24995fc6ca8fa
30ef46dd068df61a603fa7a022c1aecd1a841c58d98fd1ceceea80ba342e8408

HTTP Headers

GET /images/logo1_1x.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 38035
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "9493-550b66ea30280"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4328
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Kmx6o5WQpWYpUxP8ZPv7oaFnmPwLfaAOAGrMDWWoXmA3CFskPx0tEGzoZgP%2FpcoRHkmZUPW18QxdMw1uGuGQleGcEaQ%2BnMvtXqir%2F6lX5wvJxHMYbShUCQAp"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f488c41b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/no211.png

188.114.96.1

200 OK

720 B

URL GET
mexa.sh/images/no211.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
Size
720 B (720 bytes)
Hash
5508fda2890fd7f0368dcb662b600dd8
1bcb3a7bfbb7d9085116d57ff120929628d68440
4412e2285d723b472c86f2bd2ecc0b8009d26eea38d3a906d7bce0e512677726

HTTP Headers

GET /images/no211.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 720
server: cloudflare
last-modified: Mon, 26 Aug 2019 15:38:33 GMT
etag: "2d0-59106f2ce7040"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 769
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Xz82o8xFeUT%2Fmges1O7%2F15K0xPXwoveLSFqN2XXpCJbmBp8aDoIkLO%2BoF3%2BVhT5qCJLWUqtEhyz5nZqgRtNHK7SVsIrixpYrAIqiQBKq9yZKoDMj5Dbt4VVs"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f489c8cb505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/navbar.png

188.114.96.1

200 OK

22 kB

URL GET
mexa.sh/images/navbar.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced
Size
22 kB (22290 bytes)
Hash
e7c056eea6e071b1f5309d5db50c057a
833e979751da5fffe28b8761b322d16481a24c2e
34785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9

HTTP Headers

GET /images/navbar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 22290
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "5712-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 4239
priority: u=4,i=?0
accept-ranges: bytes
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=u5BoN%2B6kBvxqe3T4y2v8VPs%2B0QEWOf5p89arTMnCWfPKGQVU6ikYUw4lWqgD1U8YtqWHsnzIg4dVaINvDCzWjeCJPRx5XvGNKTWTwuE2hai2ozUfinbMGypL"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f49be2eb505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/navbara.png

188.114.96.1

200 OK

22 kB

URL GET
mexa.sh/images/navbara.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced
Size
22 kB (22290 bytes)
Hash
e7c056eea6e071b1f5309d5db50c057a
833e979751da5fffe28b8761b322d16481a24c2e
34785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9

HTTP Headers

GET /images/navbara.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:40 GMT
content-type: image/png
content-length: 22290
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5712-550b66eb244c0"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4328
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=h5qpGC9tPZVtiRu0ZZMxrIb8eeqJOWbE%2FTEPDzkq7Oq62MtV6ZsymtMAETztBaF6wUTdnpA%2FRyWw6JwlPIWxsyx22yvKLT0E6ZPTrzCCqCzw975Bnxu0p8%2Ff"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f4d2b78b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

OPTIONS waisheph.com/wrr?z=7359319&p_rid=ab06a86d-906f-4d50-8834-b86c95488842&rb=HXyLj5cwF-mLh5jucMx3vL_uqayul7cHKq20xD2LIWeLPCxuOsIpk6FBQoMweLRaDmyRkgKpH6o1Ayf4C52mKUT2RFoynQe7IYJYZQrzbqQyaGlVO00G4arA390WA-vFpJzpM3HqN7gghDDq0ErLcPavL4UOy0l7hYveRuQKuHrCesivvsWNZ8KS06ezqC2SK7ofs5bQJEMIz9z8ed8CKSmNXE9_GpL-wEK0Iu1VSk-KE3vqC6cN3xTONC4qHYCnJ4O5ecApyXaci9ASYmteOjp5do0=&dmn=waisheph.com&userId=0081c5d9ab92417eefecde41d0a54f32

139.45.197.119

204 No Content

0 B

URL OPTIONS
waisheph.com/wrr?z=7359319&p_rid=ab06a86d-906f-4d50-8834-b86c95488842&rb=HXyLj5cwF-mLh5jucMx3vL_uqayul7cHKq20xD2LIWeLPCxuOsIpk6FBQoMweLRaDmyRkgKpH6o1Ayf4C52mKUT2RFoynQe7IYJYZQrzbqQyaGlVO00G4arA390WA-vFpJzpM3HqN7gghDDq0ErLcPavL4UOy0l7hYveRuQKuHrCesivvsWNZ8KS06ezqC2SK7ofs5bQJEMIz9z8ed8CKSmNXE9_GpL-wEK0Iu1VSk-KE3vqC6cN3xTONC4qHYCnJ4O5ecApyXaci9ASYmteOjp5do0=&dmn=waisheph.com&userId=0081c5d9ab92417eefecde41d0a54f32
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
Fingerprint55:8E:9B:78:63:25:7D:D9:D4:16:D1:B4:45:57:9A:F1:A3:1A:A9:3A
ValidityThu, 01 May 2025 02:32:40 GMT - Wed, 30 Jul 2025 02:32:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /wrr?z=7359319&p_rid=ab06a86d-906f-4d50-8834-b86c95488842&rb=HXyLj5cwF-mLh5jucMx3vL_uqayul7cHKq20xD2LIWeLPCxuOsIpk6FBQoMweLRaDmyRkgKpH6o1Ayf4C52mKUT2RFoynQe7IYJYZQrzbqQyaGlVO00G4arA390WA-vFpJzpM3HqN7gghDDq0ErLcPavL4UOy0l7hYveRuQKuHrCesivvsWNZ8KS06ezqC2SK7ofs5bQJEMIz9z8ed8CKSmNXE9_GpL-wEK0Iu1VSk-KE3vqC6cN3xTONC4qHYCnJ4O5ecApyXaci9ASYmteOjp5do0=&dmn=waisheph.com&userId=0081c5d9ab92417eefecde41d0a54f32 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sat, 10 May 2025 23:01:40 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET mexa.sh/us0hb7iiasjl

188.114.96.1

200 OK

14 kB

URL GET
mexa.sh/us0hb7iiasjl
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text, with very long lines (10953), with CRLF line terminators
Size
14 kB (14087 bytes)
Hash
7c360d78dea78e576d642a498a7de87a
39fb4de1013eb32560cc65cf5a6dfae969c70464
ab6bca99472c198eba2cc45b66d372c13b5f9e394c4f7c365d6dd8d8fae384d3

HTTP Headers

GET /us0hb7iiasjl HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
DNT: 1
Connection: keep-alive
Cookie: lang=english; prefetchAd_7359319=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:40 GMT
content-type: text/html ; charset=UTF-8
server: cloudflare
expires: Fri, 09 May 2025 23:01:40 GMT
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
priority: u=6,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Ca4IQOkL14Ar3f9jj89CsY99u8ySBtfxVlHlhrAsFj6l6sBb4BWQO%2FWbS4OeNqkT4DRA6QcXaMPVJbIL0jSXByNILQuk9Hrn9AXY%2BnxizEmXURIsbXnUDVXl"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 93dd0f5139c2b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/css_newTheme/style.css

188.114.96.1

200 OK

40 kB

URL GET
mexa.sh/css_newTheme/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
ASCII text
Size
40 kB (39810 bytes)
Hash
3c6420826cc1647abda78120299c0eb6
bf10714579e64ee828627f828695fe093c5b810f
3688ad50ef9e8944e982c4e017363d2454b84814b3a289af6dc9a341988180e7

HTTP Headers

GET /css_newTheme/style.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: text/css
server: cloudflare
last-modified: Wed, 09 Aug 2017 05:59:44 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 4239
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=B1uDLWjpsYOB5RNrb0nsljbx2Gc8lOEC14fmx5QZcFpR8HSn8jdYQ9wc6b1vkUYSATGoIzHrfKPX6zqetpzpGTB10Y6Ba%2Ber6R1kE3NfKfs8UexFJk9u%2F6o2"}]}
etag: W/"9b82-5564bc956d400"
content-encoding: br
cf-ray: 93dd0f487c1eb505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/navicon5.png

188.114.96.1

200 OK

16 kB

URL GET
mexa.sh/images/navicon5.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (15551 bytes)
Hash
002d70c5e45c4d81587ca7d82dca6577
d830a98de6a02ca22933b9f24cadf848499419d3
de5ce08ee842e8f12bfcc0c14dde4bb1e3c2fb695d32a36122b859c7f42b39d3

HTTP Headers

GET /images/navicon5.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 15551
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3cbf-550b66ea30280"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4238
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2FY94wlqFZAIamj%2BlCYglv9OiOuYZfobVbA56m4b%2BW2WqH57VDn3iHcwsv6PiC32J5ePzvkjsvKDyzkFWy7VYZnZNK30Xm9zr6AoRqkTkEqR3ZQF%2FL6DBpD2Y"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f488c61b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/premium_download.png

188.114.96.1

200 OK

36 kB

URL GET
mexa.sh/images/premium_download.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced
Size
36 kB (35695 bytes)
Hash
75737b3b7b2586619b43ab184c2f95bf
89878f4f4aafb8637e9e9c50eedbba12e1cb74eb
e05df009685a645cba141b9e0d534c8abd9b23ec997e0894e585702c73e04a5f

HTTP Headers

GET /images/premium_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 35695
server: cloudflare
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "8b6f-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 770
priority: u=4,i=?0
accept-ranges: bytes
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DY2uFIEalIbfaSYKkfYnvCd2ce7l9RE1GPghbBpuxoCiUD7TGHfNOctWZZoGtR%2FJC0%2BFyYvJAyG6we7h9NwN0oGHQhdBnpSVFEWH8w6S7HRJsF7%2FeegxmvaS"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f49ce41b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/flags.png

188.114.96.1

200 OK

30 kB

URL GET
mexa.sh/images/flags.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 1248 x 11, 8-bit/color RGBA, non-interlaced
Size
30 kB (29723 bytes)
Hash
df0a3afc77d0c08cdea27ac3a7b9620c
8248d5c5e5eddeaa75a5a0b5490b58e0e61b6900
a38e9ae7d0318307be9b3c7aaccaf64e484d775fe9a507f850b9e4bfa314cf03

HTTP Headers

GET /images/flags.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/style.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 29723
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "741b-550b66ea30280"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4239
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=5hrp8JSJRqNN1xi8BZI9W33WVaULPmw0MAPWxID7ISOSfV%2BO9RWJi5hO9TTLr4F5oobfuZ%2FF8SGUusibvC9JWoyeGmlXlPo67PqrHrJoE4yWqaoghAMK75pt"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f49be32b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/free_download.png

188.114.96.1

200 OK

32 kB

URL GET
mexa.sh/images/free_download.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced
Size
32 kB (32532 bytes)
Hash
46a5fd5732a87850dd58f70c8c870430
9ae7b42ff28fd2129aa5e67057f9d4d198a717eb
9d83ca5cc56ca22555b7760e69827e4cb916ededbedf291e5d877f6e01219487

HTTP Headers

GET /images/free_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 32532
server: cloudflare
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "7f14-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 770
priority: u=4,i=?0
accept-ranges: bytes
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=SEPCl8Z%2B%2F%2Bai%2Fgqd4519IKBxJY66rmtvCXFDdZZvirCxPz0C34ZF6Pu7%2B9hDEX0j69wbsODkNCzYMDitNAh0LODmMKYANoKl%2Fac18tBpj9Iqdrd7LTBwX5Mr"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f49ce3cb505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/.png

188.114.96.1

404 Not Found

3.3 kB

URL GET
mexa.sh/images/.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text
Size
3.3 kB (3301 bytes)
Hash
f3c091a2b91e7970fa4602d60103dc67
af5f70406fabc9e192b349e5aee7dc9a67d05f18
6e9e4b1516efd000e0f4b2ce737cb6b418c14f8b6029733c23853db1ed532f14

HTTP Headers

GET /images/.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 10 May 2025 23:01:39 GMT
content-type: text/html; charset=utf-8
server: cloudflare
last-modified: Tue, 17 Dec 2019 16:49:23 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=r0LiUtwwEXq0x%2BxuSmYLFUXeyZAwpI3OXMmHoHdMQzIOHBguyfyFaEY4PHtATnagg1C9oHUOuGTBi4RPXZmHpYjldNSoBYL38qktxM0TQtioUVkenJuAhKmZ"}]}
content-encoding: br
cf-ray: 93dd0f49be2bb505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/js/jquery-1.9.1.min.js

188.114.96.1

200 OK

93 kB

URL GET
mexa.sh/js/jquery-1.9.1.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
JavaScript source, ASCII text, with very long lines (32089)
Size
93 kB (92629 bytes)
Hash
397754ba49e9e0cf4e7c190da78dda05
ae49e56999d82802727455f0ba83b63acd90a22b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

HTTP Headers

GET /js/jquery-1.9.1.min.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: application/javascript
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:32 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-test-header: 1
x-content-type-options: nosniff
age: 4239
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9MGjxLnFHmoog%2FPuyMN0VtgTMcoz8Ee1w8xvjhcKRPPwGeJFr0zBwAVQ7AlPXJZ0ZLVdnyF8GQ3AGnkydL8MB2DwZ5Pf2aI8XEOLyE1%2FMuwCRuq8hjI0H4R0"}]}
etag: W/"169d5-550b66e847e00"
content-encoding: br
cf-ray: 93dd0f487c25b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/navicon2.png

188.114.96.1

200 OK

16 kB

URL GET
mexa.sh/images/navicon2.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (16374 bytes)
Hash
86665a37cea72cd507ceb7e7282c74f8
f7707000a81a04f217ec9bd93995a0b9fc424037
ee6d96bdbf6cffc4e603a1845255d94861452f9132d400388c10c2b3d6fb3db1

HTTP Headers

GET /images/navicon2.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 16374
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:33 GMT
etag: "3ff6-550b66e93c040"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4328
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Xxv08LlmH6%2Fr%2BjffQNJs8ZlAFA%2BsdAcSROZ1fXHQwe2RaMATuChVLqX0e2NFQ%2B7y0USxye74ItDd0KLXFpLmoCPhVM%2BvFvJrLFgzl6rCU5dRjseC%2Fm6YS9bD"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f488c4ab505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/yep_d.png

188.114.96.1

200 OK

15 kB

URL GET
mexa.sh/images/yep_d.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
Size
15 kB (15222 bytes)
Hash
662d1738accf3ec5f5c95a0e4896b232
8b1907196139b8819ffd1a77b3b71d3872ca848f
2c3e1756a8ea4bb4fca505be1a11e169adf01017e5fecd3602f3895f1b4450c3

HTTP Headers

GET /images/yep_d.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 15222
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3b76-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 770
priority: u=4,i=?0
accept-ranges: bytes
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=5FVSTYUBfBOyw2WGF5KyTgb%2FURCqCch2DHpfIpQa7IAfLxBsS2W6Gpx224uVCodHOrK1ON15ZZuiE4Ye7WMhBaPkuDwaYUyOiRZ0RcCGMNkGstI24d5V1UhY"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f489c8fb505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js

172.240.108.84

403 Forbidden

0 B

URL GET
obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerLet's Encrypt
Subjectobeseglobewimp.com
Fingerprint0C:E3:31:54:61:B6:05:D4:68:C1:35:75:D0:EF:63:38:10:C2:71:47
ValidityFri, 02 May 2025 23:02:15 GMT - Thu, 31 Jul 2025 23:02:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js HTTP/1.1
Host: obeseglobewimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.21.6
Date: Sat, 10 May 2025 23:01:39 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 2
Host: obeseglobewimp.com

GET mexa.sh/js/jquery.paging.js

188.114.96.1

200 OK

19 kB

URL GET
mexa.sh/js/jquery.paging.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
JavaScript source, ASCII text
Size
19 kB (19365 bytes)
Hash
d7a2c1c7af2a004a6d68e1e55b1cfb46
7fd6daa7076c30381880519ad06ef5639b19ee28
c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6

HTTP Headers

GET /js/jquery.paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: application/javascript
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:32 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-test-header: 1
x-content-type-options: nosniff
age: 4239
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=dVd9C9i6jfiFXzgoojK%2Biw1Z4PJqgYcMPfwunoIhUAj4wAJ7ude2GH2AL%2FXe9ZWSZE1T8prhZySh%2F7joak1Tt1LYqBnQGgHGNPYUbjuoQ0rNIA%2BpPwpInRMV"}]}
etag: W/"4ba5-550b66e847e00"
content-encoding: br
cf-ray: 93dd0f487c27b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/navicon3.png

188.114.96.1

200 OK

16 kB

URL GET
mexa.sh/images/navicon3.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (15889 bytes)
Hash
715335986af196b81f68fa792f5a7f53
b6b2f12993db399f86883315310869dccbd75ec5
aed030aceb42be1e4b98b63eaac7064b3cd6a08fa4806d967be6bd47c449b76f

HTTP Headers

GET /images/navicon3.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 15889
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "3e11-550b66eb244c0"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4328
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=0Seog55kwxNeiLK6ZtQ5GlcHbsf3Bcz%2BH%2FATIBn1iF4xb1PB6bBjqo4R9zWT2OkzgnVAmlBoO6yMjivsNO%2FtAtPrMiIcRXh8AwZ1yBft5MGOyX6E7Wce7FV2"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f488c5bb505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/regicon.png

188.114.96.1

200 OK

20 kB

URL GET
mexa.sh/images/regicon.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced
Size
20 kB (19508 bytes)
Hash
363e2a7e57bf3cb4da7d113445cd676f
15c3bba1a21d1543ee17ccd57a304f1efedca876
012602b63f0fb6df165120eddb63fd137f160b56be0185cbe59aa6731f994779

HTTP Headers

GET /images/regicon.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 19508
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4c34-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 4239
priority: u=4,i=?0
accept-ranges: bytes
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=2RtnU94nUO8b%2BMUmL8qkxS2sZ3rlm4DqBKbApuJFvCW%2FeA%2Few5ZK1Aam2vEwSq8Oh6UfgXEKuRs7IKaoEiXXWcjc2PWmSliAfntP40BXbSSyGGRXtDWkwYwy"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f489c8ab505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/download1.png

188.114.96.1

200 OK

24 kB

URL GET
mexa.sh/images/download1.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced
Size
24 kB (23553 bytes)
Hash
26b1df6a0077b0e57862d48f78ca6f62
c1333ea62ff83bc3ad7e5e79085a4e2054684106
118653ed567e17878bbc0f821c1858d8f2ea9a65a84a2e3dd8177d5393052b86

HTTP Headers

GET /images/download1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 23553
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5c01-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 770
priority: u=4,i=?0
accept-ranges: bytes
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Gi2Fi8v2fduxXciL22JsFjrp94KWEXiIDB5NjTpk%2BSqjK1OUaQkba9WdSa7%2Fr%2BQdvj8oB4JwVJpA4gqfODvIxmX2hTdoPr270qEsl0IlPWPEAgBzsAW2cpnr"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f489c8bb505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET my.rtmark.net/gid.js?userId=0081c5d9ab92417eefecde41d0a54f32

104.18.41.22

200 OK

65 B

URL GET
my.rtmark.net/gid.js?userId=0081c5d9ab92417eefecde41d0a54f32
IP
104.18.41.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint61:93:FB:BF:25:C3:CE:7B:CB:69:5D:87:04:AA:ED:1B:35:8D:44:82
ValidityFri, 02 May 2025 11:10:51 GMT - Thu, 31 Jul 2025 12:10:47 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
ddbf7755fced3614bbcd719d017c0d8c
3a5ea59bf9caf6268acc34cf5c7ce82850dcba2a
a535efec9350eb0fa651c602067ba790d64897372bb007cb2595551cec384081

HTTP Headers

GET /gid.js?userId=0081c5d9ab92417eefecde41d0a54f32 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mexa.sh
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0081c5d9ab92417eefecde41d0a54f32; expires=Sun, 10 May 2026 23:01:39 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 93dd0f4c5c74b51e-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mexa.sh/us0hb7iiasjl/favicon.ico

188.114.96.1

302 Found

14 kB

URL GET
mexa.sh/us0hb7iiasjl/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type

Size
14 kB (14087 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /us0hb7iiasjl/favicon.ico HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Sat, 10 May 2025 23:01:40 GMT
content-length: 0
location: https://mexa.sh/us0hb7iiasjl
server: cloudflare
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
priority: u=6,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=bl9zu1jKe3iGqzNiyYJ9iOlKr%2Fyb1inQ38EbYDf0lXtPNM3gpfIyCbvLdJs234iSOo%2Blr8gW41lXM0Wm2zDQwO8AnAY8jBE5mjpIMxnXU%2FSP1D%2B2ZEdw6VpN"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f4d9c13b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/js/jquery.cookie.js

188.114.96.1

200 OK

3.1 kB

URL GET
mexa.sh/js/jquery.cookie.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
JavaScript source, ASCII text
Size
3.1 kB (3121 bytes)
Hash
ff14e4812b7f512e620b1ad35542bcfc
c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae
c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96

HTTP Headers

GET /js/jquery.cookie.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: application/javascript
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:32 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-test-header: 1
x-content-type-options: nosniff
age: 4239
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zBrQ05CrLUmfehRZt3tnhbBijfb1OWrOdkP0v6jr3qhPlld4shUIWIPRrbnyj4IsNGNa7GcHIRSjM%2BvWGqG4U2dD%2FrdiBYtCVSr6aPH2UDAVbSTabq%2Ft1VDH"}]}
etag: W/"c31-550b66e847e00"
content-encoding: br
cf-ray: 93dd0f488c2bb505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET www.googletagmanager.com/gtag/js?id=UA-79936000-1

142.250.74.168

200 OK

273 kB

URL GET
www.googletagmanager.com/gtag/js?id=UA-79936000-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, ASCII text, with very long lines (5432)
Size
273 kB (272562 bytes)
Hash
3119b6f4251d4bd479717693e5f1b4ae
2c5da0bb80221778ef1773ad6b27bd051dcce650
9dd2bdce070d5a5423d9f5fca27d9f5af565e0b0a69683eadc13629812100ea6

HTTP Headers

GET /gtag/js?id=UA-79936000-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 May 2025 23:01:39 GMT
expires: Sat, 10 May 2025 23:01:39 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1075:0
report-to: {"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
server: Google Tag Manager
content-length: 96079
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET mexa.sh/images/navicon1.png

188.114.96.1

200 OK

18 kB

URL GET
mexa.sh/images/navicon1.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Size
18 kB (18288 bytes)
Hash
ae9204e9914f4e3c5b146c488d5a1811
fe60b0cf1bbb856f93fca9183404d698e873f33e
f570af26ff118159a429ef1f0add1fa3431fe4ab22e15e80da0407e5bbac2125

HTTP Headers

GET /images/navicon1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 18288
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4770-550b66ea30280"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 4328
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DXePd5psdOG1FjoWlms%2FCn0RefH1wPMA7cDJ5da9M5Y22YfUR5kX7VdnfG9%2B%2FkB%2BODH1tAFhluTk%2FaHiH3Qg1f7Hd2okBWGAkkoVseHRJ7VRaz6Suix8v%2FzL"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f488c45b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET waisheph.com/5/7359319

139.45.197.119

200 OK

108 kB

URL GET
waisheph.com/5/7359319
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
Fingerprint55:8E:9B:78:63:25:7D:D9:D4:16:D1:B4:45:57:9A:F1:A3:1A:A9:3A
ValidityThu, 01 May 2025 02:32:40 GMT - Wed, 30 Jul 2025 02:32:39 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107591 bytes)
Hash
62f91597280b5ff1d8ebea8955235696
2ce0f52e93e590c77d584f2b7154a05af92a78b8
677d0545da2126686992670c12cb2dc74b823116103799d4ed6942f03b5336f9

HTTP Headers

GET /5/7359319 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 23:01:39 GMT
content-type: application/javascript
x-trace-id: e7fc58ef81368cc3af8f654756392438
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081c5d9ab92417eefecde41d0a54f32; expires=Sun, 10 May 2026 23:01:39 GMT; path=/; secure; SameSite=None
oaidts=1746918099; expires=Sun, 10 May 2026 23:01:39 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

POST waisheph.com/wrr?z=7359319&p_rid=ab06a86d-906f-4d50-8834-b86c95488842&rb=HXyLj5cwF-mLh5jucMx3vL_uqayul7cHKq20xD2LIWeLPCxuOsIpk6FBQoMweLRaDmyRkgKpH6o1Ayf4C52mKUT2RFoynQe7IYJYZQrzbqQyaGlVO00G4arA390WA-vFpJzpM3HqN7gghDDq0ErLcPavL4UOy0l7hYveRuQKuHrCesivvsWNZ8KS06ezqC2SK7ofs5bQJEMIz9z8ed8CKSmNXE9_GpL-wEK0Iu1VSk-KE3vqC6cN3xTONC4qHYCnJ4O5ecApyXaci9ASYmteOjp5do0=&dmn=waisheph.com&userId=0081c5d9ab92417eefecde41d0a54f32

139.45.197.119

204 No Content

0 B

URL POST
waisheph.com/wrr?z=7359319&p_rid=ab06a86d-906f-4d50-8834-b86c95488842&rb=HXyLj5cwF-mLh5jucMx3vL_uqayul7cHKq20xD2LIWeLPCxuOsIpk6FBQoMweLRaDmyRkgKpH6o1Ayf4C52mKUT2RFoynQe7IYJYZQrzbqQyaGlVO00G4arA390WA-vFpJzpM3HqN7gghDDq0ErLcPavL4UOy0l7hYveRuQKuHrCesivvsWNZ8KS06ezqC2SK7ofs5bQJEMIz9z8ed8CKSmNXE9_GpL-wEK0Iu1VSk-KE3vqC6cN3xTONC4qHYCnJ4O5ecApyXaci9ASYmteOjp5do0=&dmn=waisheph.com&userId=0081c5d9ab92417eefecde41d0a54f32
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
Fingerprint55:8E:9B:78:63:25:7D:D9:D4:16:D1:B4:45:57:9A:F1:A3:1A:A9:3A
ValidityThu, 01 May 2025 02:32:40 GMT - Wed, 30 Jul 2025 02:32:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /wrr?z=7359319&p_rid=ab06a86d-906f-4d50-8834-b86c95488842&rb=HXyLj5cwF-mLh5jucMx3vL_uqayul7cHKq20xD2LIWeLPCxuOsIpk6FBQoMweLRaDmyRkgKpH6o1Ayf4C52mKUT2RFoynQe7IYJYZQrzbqQyaGlVO00G4arA390WA-vFpJzpM3HqN7gghDDq0ErLcPavL4UOy0l7hYveRuQKuHrCesivvsWNZ8KS06ezqC2SK7ofs5bQJEMIz9z8ed8CKSmNXE9_GpL-wEK0Iu1VSk-KE3vqC6cN3xTONC4qHYCnJ4O5ecApyXaci9ASYmteOjp5do0=&dmn=waisheph.com&userId=0081c5d9ab92417eefecde41d0a54f32 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
content-type: application/json
Content-Length: 2579
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sat, 10 May 2025 23:01:40 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET mexa.sh/css_newTheme/main.css

188.114.96.1

200 OK

35 kB

URL GET
mexa.sh/css_newTheme/main.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
assembler source, ASCII text, with very long lines (1426)
Size
35 kB (35326 bytes)
Hash
2f075bd8c1fed47ee1ebcaea76c5f036
66e03118be7fa1415deebd13efa08362224f1ed9
eb10cdca88afebbb0b6af470c50a76cbabfc864193b0c535d93dcea81321c49e

HTTP Headers

GET /css_newTheme/main.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: text/css
server: cloudflare
last-modified: Sun, 13 Jan 2019 07:31:45 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-test-header: 1
x-content-type-options: nosniff
age: 4239
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=INX4uDXcH6PxzLVLYQNYZ5qWoUIoN%2B3Jo5%2Fcna3fWtcRih6dyNEjkwevw5tYwTLSVQ4tRN7%2FoX6PWt2q2Rl3hCJlCniWjFj8LYmWfnBtD8QKYx5nW6aUPYSt"}]}
etag: W/"89fe-57f51eb945a40"
content-encoding: br
cf-ray: 93dd0f487c23b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/frechar.png

188.114.96.1

200 OK

67 kB

URL GET
mexa.sh/images/frechar.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 120 x 144, 16-bit/color RGBA, non-interlaced
Size
67 kB (66710 bytes)
Hash
7adab309ecff73216286b6d34b795e7c
f2791da7bcea6e23cb2ae8beb1724c6a003cb3c8
1b2f0a33a03b71c4f76186a368adb3ebacf73dde3b770fe30b93cb4a54188078

HTTP Headers

GET /images/frechar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 66710
server: cloudflare
last-modified: Fri, 19 Jul 2024 07:38:56 GMT
etag: "10496-61d94c9aac4eb"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 770
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qAKLwwNrSzUv5S%2FhIwosbUikeEnN%2FjbeF9TlZ%2BWKxjHTJc5y78t%2Bx6yoddwpsdEcBxha6U1lU9l%2BU4CFwCLPmAsH1jzZL1tz8D%2FPsK6b%2BivkOimFZwQEi3uE"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f49be37b505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/premchar.png

188.114.96.1

200 OK

70 kB

URL GET
mexa.sh/images/premchar.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 120 x 142, 16-bit/color RGBA, non-interlaced
Size
70 kB (69808 bytes)
Hash
e3a6c4b647e9c8b789b17a98fb6d75f8
c7428a76951933962ef1d7400b37ba9ef91d6afd
0b96b573944cb4d34a5ee132b09eb322845c82a7ef1a3db0931927c336735d69

HTTP Headers

GET /images/premchar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 May 2025 23:01:39 GMT
content-type: image/png
content-length: 69808
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "110b0-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 770
priority: u=4,i=?0
accept-ranges: bytes
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=cIUy%2F3J4Htqo1itYBRjiYEd2NLtzM%2FeK6tue4pgCbxZB70wuRihf%2FOPKLT0%2BjbyP1ZEXG%2FnXGTpI9FYWFEtvP1fK3Hj%2BCYV2%2FASCZpb7X%2Fbw3hZX%2Fn8bUU0L"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 93dd0f49be3ab505-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET www.googletagmanager.com/gtag/js?id=G-SBML259V1V&cx=c&gtm=457e5571za200&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116

142.250.74.168

200 OK

380 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-SBML259V1V&cx=c&gtm=457e5571za200&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint02:7D:56:C0:B9:20:0C:27:A4:AC:B9:8F:9D:45:1D:85:2A:30:50:AD
ValidityMon, 21 Apr 2025 08:40:41 GMT - Mon, 14 Jul 2025 08:40:40 GMT

File type
JavaScript source, ASCII text, with very long lines (6125)
Size
380 kB (380423 bytes)
Hash
47ffc7673191ea22b7743343c1364c4b
fc01d899a887212aebcadd0cc27ad3cd9e44381f
1e34d148456b6a9db6f71f140242078313db631928964badd0ce2d7073126186

HTTP Headers

GET /gtag/js?id=G-SBML259V1V&cx=c&gtm=457e5571za200&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103284320~103284322~103301114~103301116 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 May 2025 23:01:40 GMT
expires: Sat, 10 May 2025 23:01:40 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1075:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1075:0
report-to: {"group":"ascgcycc:1075:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1075:0"}],}
server: Google Tag Manager
content-length: 127073
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET waisheph.com/?rb=HXyLj5cwF-mLh5jucMx3vL_uqayul7cHKq20xD2LIWeLPCxuOsIpk6FBQoMweLRaDmyRkgKpH6o1Ayf4C52mKUT2RFoynQe7IYJYZQrzbqQyaGlVO00G4arA390WA-vFpJzpM3HqN7gghDDq0ErLcPavL4UOy0l7hYveRuQKuHrCesivvsWNZ8KS06ezqC2SK7ofs5bQJEMIz9z8ed8CKSmNXE9_GpL-wEK0Iu1VSk-KE3vqC6cN3xTONC4qHYCnJ4O5ecApyXaci9ASYmteOjp5do0%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1134.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=921&wiw=1152&ww=1152&wh=921&sah=1024&wx=0&wy=0&cw=1152&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fus0hb7iiasjl%2FVoice-RJ01322669.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=llvmpipe&js_build=iclick-v1.1134.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=ab06a86d-906f-4d50-8834-b86c95488842&wasm=1&userId=0081c5d9ab92417eefecde41d0a54f32&m=link

139.45.197.119

200 OK

2.3 kB

URL GET
waisheph.com/?rb=HXyLj5cwF-mLh5jucMx3vL_uqayul7cHKq20xD2LIWeLPCxuOsIpk6FBQoMweLRaDmyRkgKpH6o1Ayf4C52mKUT2RFoynQe7IYJYZQrzbqQyaGlVO00G4arA390WA-vFpJzpM3HqN7gghDDq0ErLcPavL4UOy0l7hYveRuQKuHrCesivvsWNZ8KS06ezqC2SK7ofs5bQJEMIz9z8ed8CKSmNXE9_GpL-wEK0Iu1VSk-KE3vqC6cN3xTONC4qHYCnJ4O5ecApyXaci9ASYmteOjp5do0%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1134.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=921&wiw=1152&ww=1152&wh=921&sah=1024&wx=0&wy=0&cw=1152&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fus0hb7iiasjl%2FVoice-RJ01322669.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=llvmpipe&js_build=iclick-v1.1134.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=ab06a86d-906f-4d50-8834-b86c95488842&wasm=1&userId=0081c5d9ab92417eefecde41d0a54f32&m=link
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/us0hb7iiasjl/Voice-RJ01322669.rar
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
Fingerprint55:8E:9B:78:63:25:7D:D9:D4:16:D1:B4:45:57:9A:F1:A3:1A:A9:3A
ValidityThu, 01 May 2025 02:32:40 GMT - Wed, 30 Jul 2025 02:32:39 GMT

File type
JSON text data
Size
2.3 kB (2275 bytes)
Hash
104936297a8206bdc2b4f54e2edcf1b9
f6cb38b668cd8b2fca3e9c7554b5730d35416e33
d7ec06ed0ae3af32111558d6d2eb7c155e8a81314402b4ec0d0cb7c18f18ec46

HTTP Headers

GET /?rb=HXyLj5cwF-mLh5jucMx3vL_uqayul7cHKq20xD2LIWeLPCxuOsIpk6FBQoMweLRaDmyRkgKpH6o1Ayf4C52mKUT2RFoynQe7IYJYZQrzbqQyaGlVO00G4arA390WA-vFpJzpM3HqN7gghDDq0ErLcPavL4UOy0l7hYveRuQKuHrCesivvsWNZ8KS06ezqC2SK7ofs5bQJEMIz9z8ed8CKSmNXE9_GpL-wEK0Iu1VSk-KE3vqC6cN3xTONC4qHYCnJ4O5ecApyXaci9ASYmteOjp5do0%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1134.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=921&wiw=1152&ww=1152&wh=921&sah=1024&wx=0&wy=0&cw=1152&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fus0hb7iiasjl%2FVoice-RJ01322669.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=llvmpipe&js_build=iclick-v1.1134.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=ab06a86d-906f-4d50-8834-b86c95488842&wasm=1&userId=0081c5d9ab92417eefecde41d0a54f32&m=link HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Cookie: OAID=0081c5d9ab92417eefecde41d0a54f32; oaidts=1746918099
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 10 May 2025 23:01:40 GMT
content-type: application/json
x-trace-id: fb3ef3c6f123b22609a076a3359f97d0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0081c5d9ab92417eefecde41d0a54f32; expires=Sun, 10 May 2026 23:01:40 GMT; path=/; secure; SameSite=None
oaidts=1746918100; expires=Sun, 10 May 2026 23:01:40 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 17 May 2025 23:01:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML