Report - mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip

Report Overview

Visited public
2025-03-29 06:16:47
Tags
Submit Tags
URL
mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Finishing URL
mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
IP / ASN
104.21.3.103
#13335 CLOUDFLARENET
Title
Download G-RJ01350918 zip

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
obeseglobewimp.com	unknown	2025-03-03	2025-03-05	2025-03-28	443 B	571 B	192.243.59.12
waisheph.com	74994	2020-11-23	2020-12-10	2025-03-26	2.2 kB	111 kB	139.45.197.119
mexa.sh	337577	2019-08-22	2019-08-26	2025-03-29	13 kB	724 kB	188.114.96.1
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-03-26	461 B	830 B	104.18.41.22
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-03-26	960 B	634 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-29	medium	obeseglobewimp.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	From	Size	First Seen	Last Seen
	mexa.sh/js/jquery.cookie.js	ScriptElement	3.1 kB	2023-03-07	2025-07-16
Pretty URL mexa.sh/js/jquery.cookie.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23 Last Seen2025-07-16 05:57 Times Seen2866 Hash ff14e4812b7f512e620b1ad35542bcfc c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96 Loading...

	www.googletagmanager.com/gtag/js?id=UA-79936000-1	ScriptElement	262 kB	2025-03-29	2025-03-29
Pretty URL www.googletagmanager.com/gtag/js?id=UA-79936000-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-29 06:16 Last Seen2025-03-29 06:16 Times Seen1 Hash 06df62178780c8e82282924cb3e0bd5e 539b4454444de0a9672864dad53cbbfd8fdf37a9 af5a44eaaab36d8e0514eb49ce5e5ce2b93746e1a41e15313d2f2945a1a06242 Loading...

	mexa.sh/js/paging.js	ScriptElement	1.7 kB	2023-03-08	2025-07-15
Pretty URL mexa.sh/js/paging.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:01 Last Seen2025-07-15 06:36 Times Seen699 Hash 43e50aa00ad654da80af8f7936afd4c6 fb5921b855cce329191077b7e93563029d703545 e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657 Loading...

	mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip	ScriptElement	172 B	2025-03-29	2025-03-29
Pretty URL mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-29 06:16 Last Seen2025-03-29 06:16 Times Seen1 Hash dddc30a3b614d9d29b069d60f655031a aba1515eaf39ff203d9d88db3b384e99964f4819 00ea11c6acd882ac583c2b0eabd39861d7d895d0ea0c7c0f887909958d981065 Loading...

	mexa.sh/js/jquery-1.9.1.min.js	ScriptElement	93 kB	2023-03-07	2025-07-16
Pretty URL mexa.sh/js/jquery-1.9.1.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-16 08:45 Times Seen17725 Hash 397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Loading...

	mexa.sh/js/jquery.paging.js	ScriptElement	19 kB	2023-03-07	2025-07-16
Pretty URL mexa.sh/js/jquery.paging.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23 Last Seen2025-07-16 05:57 Times Seen2800 Hash d7a2c1c7af2a004a6d68e1e55b1cfb46 7fd6daa7076c30381880519ad06ef5639b19ee28 c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-07-16
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-16 08:54 Times Seen409195 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip	ScriptElement	261 B	2023-03-12	2025-07-15
Pretty URL mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-07-15 06:36 Times Seen94 Hash abbf34430edc9e4d913c44d8a48f2ae3 dc9f6c9c0b7d020d8bc465365a4039daa8cbcc84 f04d076aafba2a5adb1116793b34a04ef9da13f29838dd753bfd7ccfedcda8c9 Loading...

	waisheph.com/5/7359319	ScriptElement	108 kB	2025-03-29	2025-03-29
Pretty URL waisheph.com/5/7359319 IP 139.45.197.119 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-29 06:16 Last Seen2025-03-29 06:16 Times Seen1 Hash 114148b02b0a3d31cb53b05c926645a2 9ef2be9ace1cd1b1e5d89635592d5d9ce81b419c 3e54a5927c657f81eaa09ffaa8a19bc3ab76f442ba91bf1b95d644cbd0c748ee Loading...

	wasm:waisheph.com/5/7359319%20line%201%20%3E%20WebAssembly.instantiate	Wasm	0 B	0001-01-01	2025-07-16
Pretty URL wasm:waisheph.com/5/7359319%20line%201%20%3E%20WebAssembly.instantiate IP 0.0.0.0 ASN #0 Introduced by wasm Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 08:55 Times Seen5434436 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	mexa.sh/h9e1s8fil4y8/sandbox%20eval%20code		147 B	2023-04-11	2025-07-16
Pretty URL mexa.sh/h9e1s8fil4y8/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-16 08:54 Times Seen409602 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e53q1za200&tag_exp=102482433~102788824~102803279~102813109~102887800~102926062	ScriptElement	371 kB	2025-03-29	2025-03-29
Pretty URL www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e53q1za200&tag_exp=102482433~102788824~102803279~102813109~102887800~102926062 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-29 06:16 Last Seen2025-03-29 06:16 Times Seen1 Hash 37be8738a68770a317c2bf7f5c86623c 0b5a09f81352c089d0696821f484cf6e5ef06080 43837b84db901898c41611c2825fb91925bc8760feab3d63619d8f42b4fb8771 Loading...

	mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip	ScriptElement	666 B	2023-03-12	2025-07-15
Pretty URL mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-07-15 06:36 Times Seen93 Hash 3ff478c8f993edf7fcf9b0a556256ed5 22391de1683e10171a05ac3453143ea297da9f3e 2840b85566767ff50901311c4a2c2545b5b29e94c8c3aaade614902a04dc45d7 Loading...

	mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip	ScriptElement	154 B	2023-03-12	2025-07-15
Pretty URL mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-07-15 06:36 Times Seen96 Hash c6b02bbb4255c747368479fd2e4300e5 0a5cd83325ceaab81243a71c4ce359edf2d15c03 8b9d20a60322347d585ec6209ba3e9e1bacc7a8aa14c7aa33f3549d10348614c Loading...

HTTP Transactions (35)

URL IP Response Size

GET mexa.sh/images/frechar.png

188.114.96.1

200 OK

67 kB

URL GET
mexa.sh/images/frechar.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 120 x 144, 16-bit/color RGBA, non-interlaced
Size
67 kB (66710 bytes)
Hash
7adab309ecff73216286b6d34b795e7c
f2791da7bcea6e23cb2ae8beb1724c6a003cb3c8
1b2f0a33a03b71c4f76186a368adb3ebacf73dde3b770fe30b93cb4a54188078

HTTP Headers

GET /images/frechar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 66710
last-modified: Fri, 19 Jul 2024 07:38:56 GMT
etag: "10496-61d94c9aac4eb"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 2505
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dqwm4Kkafb4IjjdS37XuZ5xw6ni2p9O2llzJJjQC0Sxg%2F4V2iVTrwj9hGZUsrptW%2BwfGPIQPhmngxzvBAPWDhjvA4DKSQznHSyvqPJsd%2BfxQpIXFQdroKivS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d07fb3656b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3695&min_rtt=1168&rtt_var=1895&sent=297&recv=37&lost=0&retrans=0&sent_bytes=314915&recv_bytes=8410&delivery_rate=4054796&cwnd=133200&unsent_bytes=0&cid=f0fb9de68b31c576&ts=407&x=1", cfExtPri, cfHdrFlush;dur=0

GET my.rtmark.net/gid.js?userId=00819bbb447b4382f3772eaaf183db9e

104.18.41.22

200 OK

65 B

URL GET
my.rtmark.net/gid.js?userId=00819bbb447b4382f3772eaaf183db9e
IP
104.18.41.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint03:52:6A:BD:35:83:43:81:AF:25:BB:A3:26:97:D1:78:25:73:A4:C9
ValidityTue, 04 Mar 2025 10:39:32 GMT - Mon, 02 Jun 2025 11:39:29 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
2e532c5314af0e9e2d761c89ed59381f
30788068fca9534f540e886d2d6ef7c2743046f8
db4693cd7fa7502235a53a44fc3f4cc944c7755d189099e902f51d9971f3fecc

HTTP Headers

GET /gid.js?userId=00819bbb447b4382f3772eaaf183db9e HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mexa.sh
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00819bbb447b4382f3772eaaf183db9e; expires=Sun, 29 Mar 2026 06:16:25 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 927d3d0a0af3b4ee-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mexa.sh/js/paging.js

188.114.96.1

200 OK

1.7 kB

URL GET
mexa.sh/js/paging.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text, with very long lines (1778), with no line terminators
Size
1.7 kB (1709 bytes)
Hash
cc6cc190d0f5515a00ac307c26fe033a
b7028b457c314b3a61b4130bb98fc8f2cf3e769e
030ef0e5188e0cff37c54520d654e321e69a6d88ec6379d1817e546db88b58ea

HTTP Headers

GET /js/paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"6ad-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
age: 3625
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FYJGUSuNonpxj%2FEeTOlSSx2PZxTQHBUOcx1asKAV01ZleOjmOvVgXJRbSGtjyosJPSO1jSsiKSuPCuy%2BtMUCCZD7J9oMQG%2FGwlulqFVXquqTUybeHl3bPTSr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d070a9b56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4991&min_rtt=1658&rtt_var=2767&sent=38&recv=24&lost=0&retrans=0&sent_bytes=25040&recv_bytes=6032&delivery_rate=7214233&cwnd=22800&unsent_bytes=0&cid=f0fb9de68b31c576&ts=258&x=1", cfExtPri, cfHdrFlush;dur=1

GET mexa.sh/images/navicon1.png

188.114.96.1

200 OK

18 kB

URL GET
mexa.sh/images/navicon1.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Size
18 kB (18288 bytes)
Hash
ae9204e9914f4e3c5b146c488d5a1811
fe60b0cf1bbb856f93fca9183404d698e873f33e
f570af26ff118159a429ef1f0add1fa3431fe4ab22e15e80da0407e5bbac2125

HTTP Headers

GET /images/navicon1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 18288
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4770-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3625
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D2lGgoOxQ4Qh4bxAdOWSZMaw4DNHITNRJ8UBgOl28%2BVg6kICxj0OExHVzTQCzureA%2BIhqU257HdNzQnvmBsV1SyOQJGCqyEfCdWaa%2BAhYmWtVCQ5D4LY%2FWjC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d070aa556b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4675&min_rtt=1658&rtt_var=2707&sent=60&recv=25&lost=0&retrans=0&sent_bytes=50240&recv_bytes=6075&delivery_rate=663064&cwnd=25200&unsent_bytes=0&cid=f0fb9de68b31c576&ts=259&x=1", cfExtPri, cfHdrFlush;dur=1

GET mexa.sh/images/navicon3.png

188.114.96.1

200 OK

16 kB

URL GET
mexa.sh/images/navicon3.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (15889 bytes)
Hash
715335986af196b81f68fa792f5a7f53
b6b2f12993db399f86883315310869dccbd75ec5
aed030aceb42be1e4b98b63eaac7064b3cd6a08fa4806d967be6bd47c449b76f

HTTP Headers

GET /images/navicon3.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 15889
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "3e11-550b66eb244c0"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 3624
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
cf-ray: 927d3d070aaa56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/userin.png

188.114.96.1

200 OK

18 kB

URL GET
mexa.sh/images/userin.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced
Size
18 kB (18182 bytes)
Hash
f7354ba97c4568ef41c764f1d5641336
78041d1b15b6af69d015b1dff67bb9d2501fe325
71657baf0148a08ee00ee4b43ab8106c192c670b34f853817a64dcff40fe1eba

HTTP Headers

GET /images/userin.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 18182
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4706-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3624
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dCNvIRc4GE%2B%2FNH%2B9KVvMhkd7eP5Ns0DMjCMkK6u2fJ%2BN0QiOLhzcrEHiXCqQkBYZtAjNY37K82qt8Mfk1YuNxRKQiYPA6tCCnyWXB5B0PhXykl%2BsSR6h6uaT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d070ab056b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3833&min_rtt=1168&rtt_var=2459&sent=106&recv=28&lost=0&retrans=0&sent_bytes=100640&recv_bytes=6207&delivery_rate=10854386&cwnd=100800&unsent_bytes=0&cid=f0fb9de68b31c576&ts=265&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/premchar.png

188.114.96.1

200 OK

70 kB

URL GET
mexa.sh/images/premchar.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 120 x 142, 16-bit/color RGBA, non-interlaced
Size
70 kB (69808 bytes)
Hash
e3a6c4b647e9c8b789b17a98fb6d75f8
c7428a76951933962ef1d7400b37ba9ef91d6afd
0b96b573944cb4d34a5ee132b09eb322845c82a7ef1a3db0931927c336735d69

HTTP Headers

GET /images/premchar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 69808
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "110b0-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 2506
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jxk3WGQrmU%2BcYoDD7eTc2sO7GBfMmMMMLbhu3PazTGH6ns%2BRyFexzZJ26i58obYkSblzYFlf3aemP8%2F6XhJKcSA4LNch2qqUQfToBnzEg36twOkSG5pdNhm0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d07fb3a56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3695&min_rtt=1168&rtt_var=1895&sent=356&recv=37&lost=0&retrans=0&sent_bytes=384066&recv_bytes=8410&delivery_rate=4054796&cwnd=133200&unsent_bytes=0&cid=f0fb9de68b31c576&ts=408&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/js/jquery.paging.js

188.114.96.1

200 OK

19 kB

URL GET
mexa.sh/js/jquery.paging.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
JavaScript source, ASCII text
Size
19 kB (19365 bytes)
Hash
d7a2c1c7af2a004a6d68e1e55b1cfb46
7fd6daa7076c30381880519ad06ef5639b19ee28
c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6

HTTP Headers

GET /js/jquery.paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"4ba5-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3022
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ReluTsVC%2BM3KBOwIdrcvmMgpqwBMR6o7URHwfyUUZkgAMrmSv1MlGBVFtmJt42hLECbdi%2BXqRFWDDDjMk%2FkOieTKNEid%2B57oJpMBsDVXAoLKqqBv%2FGHcvL%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d06fa8756b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5494&min_rtt=4820&rtt_var=3155&sent=22&recv=18&lost=0&retrans=0&sent_bytes=6596&recv_bytes=4192&delivery_rate=58035&cwnd=12000&unsent_bytes=0&cid=f0fb9de68b31c576&ts=254&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/logo1_1x.png

188.114.96.1

200 OK

38 kB

URL GET
mexa.sh/images/logo1_1x.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 300 x 70, 8-bit/color RGBA, non-interlaced
Size
38 kB (38035 bytes)
Hash
037f1c3e351f635f706eda54b812c40a
8aa7dd796e3b41fdf3f523edf6a24995fc6ca8fa
30ef46dd068df61a603fa7a022c1aecd1a841c58d98fd1ceceea80ba342e8408

HTTP Headers

GET /images/logo1_1x.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 38035
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "9493-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3625
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wDnRifMmGsf8CRuh8zOzNJANA0Fr3voNCXEnmgeaUk3IJyjTlKwOHQO14O%2Bivw1aNT2qLCNOEntTVDdMGkVlHbYv46dynw1YEyHk%2FPgASHnrMu4YtcHdOR%2BS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d070aa456b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4079&min_rtt=1168&rtt_var=2624&sent=106&recv=27&lost=0&retrans=0&sent_bytes=100640&recv_bytes=6161&delivery_rate=9218056&cwnd=50400&unsent_bytes=0&cid=f0fb9de68b31c576&ts=261&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/navicon2.png

188.114.96.1

200 OK

16 kB

URL GET
mexa.sh/images/navicon2.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (16374 bytes)
Hash
86665a37cea72cd507ceb7e7282c74f8
f7707000a81a04f217ec9bd93995a0b9fc424037
ee6d96bdbf6cffc4e603a1845255d94861452f9132d400388c10c2b3d6fb3db1

HTTP Headers

GET /images/navicon2.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 16374
last-modified: Tue, 30 May 2017 04:42:33 GMT
etag: "3ff6-550b66e93c040"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3624
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rQ0NB7m2xT6se5KEaBdgmoDXoKPj7pzoD1O8cWffpSv9E2zAjysjlmRVsoLu8fAo1I%2Fzk1pv%2B39b3mCZns9BF6eBe%2BQLtEFqYtykys0GI0OV7%2F5caZre2S2d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d070aa756b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4079&min_rtt=1168&rtt_var=2624&sent=106&recv=27&lost=0&retrans=0&sent_bytes=100640&recv_bytes=6161&delivery_rate=9218056&cwnd=50400&unsent_bytes=0&cid=f0fb9de68b31c576&ts=261&x=1", cfExtPri, cfHdrFlush;dur=0

GET www.googletagmanager.com/gtag/js?id=UA-79936000-1

142.250.74.168

200 OK

262 kB

URL GET
www.googletagmanager.com/gtag/js?id=UA-79936000-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint16:BA:A3:B5:22:51:BB:87:46:7F:17:3F:9D:14:B3:35:F0:FE:B1:8D
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT

File type
JavaScript source, ASCII text, with very long lines (5436)
Size
262 kB (261704 bytes)
Hash
06df62178780c8e82282924cb3e0bd5e
539b4454444de0a9672864dad53cbbfd8fdf37a9
af5a44eaaab36d8e0514eb49ce5e5ce2b93746e1a41e15313d2f2945a1a06242

HTTP Headers

GET /gtag/js?id=UA-79936000-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 29 Mar 2025 06:16:25 GMT
expires: Sat, 29 Mar 2025 06:16:25 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 92657
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET mexa.sh/images/navicon5.png

188.114.96.1

200 OK

16 kB

URL GET
mexa.sh/images/navicon5.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (15551 bytes)
Hash
002d70c5e45c4d81587ca7d82dca6577
d830a98de6a02ca22933b9f24cadf848499419d3
de5ce08ee842e8f12bfcc0c14dde4bb1e3c2fb695d32a36122b859c7f42b39d3

HTTP Headers

GET /images/navicon5.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 15551
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3cbf-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3624
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GZ96yIlsjkRfoQnSf1MlVyRbbLgSLniWcn%2BAjymJDpJYzjmPLccFSBcWjdwPO6VULe08RWbI%2Fmxc6A%2F%2Bfqz9BpuL4E1fRhTSdQZaqssfQXkdSYpSoaU0QM%2B%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d070aaf56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4079&min_rtt=1168&rtt_var=2624&sent=106&recv=27&lost=0&retrans=0&sent_bytes=100640&recv_bytes=6161&delivery_rate=9218056&cwnd=50400&unsent_bytes=0&cid=f0fb9de68b31c576&ts=264&x=1", cfExtPri, cfHdrFlush;dur=1

GET obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js

192.243.59.12

403 Forbidden

0 B

URL GET
obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerLet's Encrypt
Subjectobeseglobewimp.com
Fingerprint2B:15:3C:49:E3:1F:CD:ED:DC:1D:2A:15:38:00:BC:58:19:D2:A1:59
ValidityMon, 03 Mar 2025 19:05:17 GMT - Sun, 01 Jun 2025 19:05:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js HTTP/1.1
Host: obeseglobewimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Sat, 29 Mar 2025 06:16:25 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: obeseglobewimp.com

GET www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e53q1za200&tag_exp=102482433~102788824~102803279~102813109~102887800~102926062

142.250.74.168

200 OK

371 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e53q1za200&tag_exp=102482433~102788824~102803279~102813109~102887800~102926062
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint16:BA:A3:B5:22:51:BB:87:46:7F:17:3F:9D:14:B3:35:F0:FE:B1:8D
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT

File type
JavaScript source, ASCII text, with very long lines (6129)
Size
371 kB (370600 bytes)
Hash
37be8738a68770a317c2bf7f5c86623c
0b5a09f81352c089d0696821f484cf6e5ef06080
43837b84db901898c41611c2825fb91925bc8760feab3d63619d8f42b4fb8771

HTTP Headers

GET /gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e53q1za200&tag_exp=102482433~102788824~102803279~102813109~102887800~102926062 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 29 Mar 2025 06:16:26 GMT
expires: Sat, 29 Mar 2025 06:16:26 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 123635
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET mexa.sh/images/no211.png

188.114.96.1

200 OK

720 B

URL GET
mexa.sh/images/no211.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
Size
720 B (720 bytes)
Hash
5508fda2890fd7f0368dcb662b600dd8
1bcb3a7bfbb7d9085116d57ff120929628d68440
4412e2285d723b472c86f2bd2ecc0b8009d26eea38d3a906d7bce0e512677726

HTTP Headers

GET /images/no211.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 720
server: cloudflare
last-modified: Mon, 26 Aug 2019 15:38:33 GMT
etag: "2d0-59106f2ce7040"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 2510
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 927d3d071ab756b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/.png

188.114.96.1

404 Not Found

3.3 kB

URL GET
mexa.sh/images/.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text, with very long lines (3445), with no line terminators
Size
3.3 kB (3301 bytes)
Hash
228f5192b74f59575de751407220f163
f13fca15068e241ce63aa7d8c20ea9dcd5b712f0
5110887844bc201982a82d09dc4108e015cbd160f3b6163f81f80f9e9ed23aa8

HTTP Headers

GET /images/.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: text/html; charset=utf-8
last-modified: Tue, 17 Dec 2019 16:49:23 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dmOgKTK40Htb3Xr3On4Y1hgwqPHC4QMpC70imEoIC25MjjtKZrMgT%2F9JXd7BZbYNHZ%2Bxvkw5JbwMgbVjRz9BRafnIvi%2Bo6Qnv8ZXy%2BmMbVhwfWaGPR5XhC81"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d07fb3256b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2898&min_rtt=1168&rtt_var=1609&sent=479&recv=41&lost=0&retrans=0&sent_bytes=527790&recv_bytes=8593&delivery_rate=52658070&cwnd=193800&unsent_bytes=0&cid=f0fb9de68b31c576&ts=571&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/h9e1s8fil4y8

188.114.96.1

200 OK

14 kB

URL GET
mexa.sh/h9e1s8fil4y8
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text, with very long lines (10947), with CRLF line terminators
Size
14 kB (14069 bytes)
Hash
1fb3bbc055dd1b44d8e9733be982869a
b8a2be79a99902cf6fecff5939c510b4aab8d7fb
5e2dbeb2bdc4b39ad47406dbc6c3004e6f64f9f347435a4611c8ad1f31e47d46

HTTP Headers

GET /h9e1s8fil4y8 HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
DNT: 1
Connection: keep-alive
Cookie: lang=english; _ga_SBML259V1V=GS1.1.1743228986.1.0.1743228986.0.0.0; _ga=GA1.1.1973738460.1743228987
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:27 GMT
content-type: text/html ; charset=UTF-8
server: cloudflare
expires: Fri, 28 Mar 2025 06:16:27 GMT
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
priority: u=6,i=?0
content-encoding: br
cf-ray: 927d3d10c8f756b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip

188.114.96.1

200 OK

14 kB

URL User Request GET
mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text, with very long lines (10902), with CRLF line terminators
Size
14 kB (14024 bytes)
Hash
7338526bf9ba11c5932beec949774a80
e9c42a794d665bc818917b0ed135a363f04eadf5
545949ff31eead57f5bd5626b55dc4df19bb3147b42d7f64f8ea0988ca5be11c

HTTP Headers

GET /h9e1s8fil4y8/G-RJ01350918.zip HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: text/html ; charset=UTF-8
expires: Fri, 28 Mar 2025 06:16:25 GMT
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
set-cookie: lang=english; domain=mexa.sh; path=/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCSvqVtc8LxVuw62QeHgFn8Ruk3Xr5B4bfNRZugeUYCrwQIzua9rFcO0GCpsVVepqRbNNErjn7EG9w6q3G3d0Fdnu%2F7JuzDug%2BUfFeQ8wz1q%2BYLcyapOs5jU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d0408a60b65-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6629&min_rtt=425&rtt_var=11664&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3189&recv_bytes=1140&delivery_rate=2148367&cwnd=253&unsent_bytes=0&cid=52d928c1a9daf92f&ts=239&x=0"
X-Firefox-Spdy: h2

GET mexa.sh/css_newTheme/style.css

188.114.96.1

200 OK

40 kB

URL GET
mexa.sh/css_newTheme/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
ASCII text
Size
40 kB (39810 bytes)
Hash
3c6420826cc1647abda78120299c0eb6
bf10714579e64ee828627f828695fe093c5b810f
3688ad50ef9e8944e982c4e017363d2454b84814b3a289af6dc9a341988180e7

HTTP Headers

GET /css_newTheme/style.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: text/css
last-modified: Wed, 09 Aug 2017 05:59:44 GMT
etag: W/"9b82-5564bc956d400"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3022
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eiV6vjmkjzN2mGhtENgpWRG4wx%2FSFWJLCYNYgHbu%2BIBf%2FWjqPosQv6hnkLHaj80ngzpHvAMnMBvlSurUUqiTiMkE4hk%2Bj5qD%2Fl4GaeWsgVSmIWfjdjIyWzgr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d06fa7756b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5494&min_rtt=4820&rtt_var=3155&sent=22&recv=18&lost=0&retrans=0&sent_bytes=6596&recv_bytes=4192&delivery_rate=58035&cwnd=12000&unsent_bytes=0&cid=f0fb9de68b31c576&ts=254&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/premium_download.png

188.114.96.1

200 OK

36 kB

URL GET
mexa.sh/images/premium_download.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced
Size
36 kB (35695 bytes)
Hash
75737b3b7b2586619b43ab184c2f95bf
89878f4f4aafb8637e9e9c50eedbba12e1cb74eb
e05df009685a645cba141b9e0d534c8abd9b23ec997e0894e585702c73e04a5f

HTTP Headers

GET /images/premium_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 35695
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "8b6f-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 2506
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h9e37oFTYWSNHiKOUjHauN4d3zmgA36GMBq655HfcFQKkHfSus6TzYi6OXcnHEiwS0%2B6fW%2BDiHX0ce0kHYE5o6AdyLI5ypgmcIrhTSVXyT6kgUCL6%2FHXpqMe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d07fb3c56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3397&min_rtt=1168&rtt_var=2017&sent=425&recv=38&lost=0&retrans=0&sent_bytes=464915&recv_bytes=8456&delivery_rate=9687494&cwnd=150000&unsent_bytes=0&cid=f0fb9de68b31c576&ts=410&x=1", cfExtPri, cfHdrFlush;dur=8

GET mexa.sh/images/navbara.png

188.114.96.1

200 OK

22 kB

URL GET
mexa.sh/images/navbara.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced
Size
22 kB (22290 bytes)
Hash
e7c056eea6e071b1f5309d5db50c057a
833e979751da5fffe28b8761b322d16481a24c2e
34785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9

HTTP Headers

GET /images/navbara.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:26 GMT
content-type: image/png
content-length: 22290
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5712-550b66eb244c0"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 3618
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xbOhmwHHJ2ReiRgcIBFGZvERQQmhETj7kctkApbStwRNkBuulDSp2O5h078fKMNw14XYnKs1nHo3db26RRSR7ALGrJtisVgL5nt%2B7rHAnTigljkuwUst6eng"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d0add2956b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2727&min_rtt=1168&rtt_var=1549&sent=482&recv=43&lost=0&retrans=0&sent_bytes=529380&recv_bytes=8939&delivery_rate=1022877&cwnd=193800&unsent_bytes=0&cid=f0fb9de68b31c576&ts=867&x=1", cfExtPri, cfHdrFlush;dur=0

POST waisheph.com/wrr?z=7359319&p_rid=cc5563b6-87fe-4d77-ad41-f2b0b697be88&rb=BrkSOLGEA0rpJ-gtuebjbPuD41AS3C22YpBgEmJd6OAsXJzxvYY0znidrSCTSEgdNHbtlHYFhHDVVgprKOsw48u8WCKADvjGafedY-Li8j1iPCvHGXeGwUQWt-jztYm0UXmlemJJqE-Q7Ro5k-UzLUCxM3VPLZi0EaWCF1-EmnmGjDPKcBrzqaYAfyVYhnyf_snErrR9VX-tj5w1uP6J12l4snKia71EJbrSsI0oi0BNQHBJSDIJfq7fRSFdTWU75--URshHH5bh0omn24seJg==&dmn=waisheph.com&userId=00819bbb447b4382f3772eaaf183db9e

139.45.197.119

200 OK

2 B

URL POST
waisheph.com/wrr?z=7359319&p_rid=cc5563b6-87fe-4d77-ad41-f2b0b697be88&rb=BrkSOLGEA0rpJ-gtuebjbPuD41AS3C22YpBgEmJd6OAsXJzxvYY0znidrSCTSEgdNHbtlHYFhHDVVgprKOsw48u8WCKADvjGafedY-Li8j1iPCvHGXeGwUQWt-jztYm0UXmlemJJqE-Q7Ro5k-UzLUCxM3VPLZi0EaWCF1-EmnmGjDPKcBrzqaYAfyVYhnyf_snErrR9VX-tj5w1uP6J12l4snKia71EJbrSsI0oi0BNQHBJSDIJfq7fRSFdTWU75--URshHH5bh0omn24seJg==&dmn=waisheph.com&userId=00819bbb447b4382f3772eaaf183db9e
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintE7:88:EE:CD:93:DB:C5:BE:BA:76:E6:0D:56:EB:32:21:DC:F1:FA:91
ValiditySun, 23 Feb 2025 22:17:56 GMT - Sat, 24 May 2025 22:17:55 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /wrr?z=7359319&p_rid=cc5563b6-87fe-4d77-ad41-f2b0b697be88&rb=BrkSOLGEA0rpJ-gtuebjbPuD41AS3C22YpBgEmJd6OAsXJzxvYY0znidrSCTSEgdNHbtlHYFhHDVVgprKOsw48u8WCKADvjGafedY-Li8j1iPCvHGXeGwUQWt-jztYm0UXmlemJJqE-Q7Ro5k-UzLUCxM3VPLZi0EaWCF1-EmnmGjDPKcBrzqaYAfyVYhnyf_snErrR9VX-tj5w1uP6J12l4snKia71EJbrSsI0oi0BNQHBJSDIJfq7fRSFdTWU75--URshHH5bh0omn24seJg==&dmn=waisheph.com&userId=00819bbb447b4382f3772eaaf183db9e HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
content-type: application/json
Content-Length: 2573
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 29 Mar 2025 06:16:26 GMT
content-type: text/plain
content-length: 2
x-trace-id: 32270b610eb15e5a3e189d5b7fd92143
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00819bbb447b4382f3772eaaf183db9e; expires=Sun, 29 Mar 2026 06:16:26 GMT; path=/; secure; SameSite=None
oaidts=1743228986; expires=Sun, 29 Mar 2026 06:16:26 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 05 Apr 2025 06:16:26 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET mexa.sh/js/jquery-1.9.1.min.js

188.114.96.1

200 OK

93 kB

URL GET
mexa.sh/js/jquery-1.9.1.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
JavaScript source, ASCII text, with very long lines (32089)
Size
93 kB (92629 bytes)
Hash
397754ba49e9e0cf4e7c190da78dda05
ae49e56999d82802727455f0ba83b63acd90a22b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

HTTP Headers

GET /js/jquery-1.9.1.min.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"169d5-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3022
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xBCHNlbiDSWf5nBXwmjav5Zyi06TVwoziM56v0Pj%2Ftl%2BbydVg0sDrvKHlm%2B054K27MQ6gPklxR33RP%2B59V9ExwRSBG8GYTn3NziPHN7DIRAnmqkkb6pKIeQt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d06fa8156b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5467&min_rtt=4820&rtt_var=2420&sent=30&recv=21&lost=0&retrans=0&sent_bytes=16096&recv_bytes=5113&delivery_rate=30704&cwnd=12000&unsent_bytes=0&cid=f0fb9de68b31c576&ts=256&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/css_newTheme/main.css

188.114.96.1

200 OK

35 kB

URL GET
mexa.sh/css_newTheme/main.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
assembler source, ASCII text, with very long lines (1426)
Size
35 kB (35326 bytes)
Hash
2f075bd8c1fed47ee1ebcaea76c5f036
66e03118be7fa1415deebd13efa08362224f1ed9
eb10cdca88afebbb0b6af470c50a76cbabfc864193b0c535d93dcea81321c49e

HTTP Headers

GET /css_newTheme/main.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: text/css
server: cloudflare
last-modified: Sun, 13 Jan 2019 07:31:45 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3022
priority: u=2,i=?0
etag: W/"89fe-57f51eb945a40"
content-encoding: br
cf-ray: 927d3d06fa7e56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/regicon.png

188.114.96.1

200 OK

20 kB

URL GET
mexa.sh/images/regicon.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced
Size
20 kB (19508 bytes)
Hash
363e2a7e57bf3cb4da7d113445cd676f
15c3bba1a21d1543ee17ccd57a304f1efedca876
012602b63f0fb6df165120eddb63fd137f160b56be0185cbe59aa6731f994779

HTTP Headers

GET /images/regicon.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 19508
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4c34-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3624
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yxihpaFR%2BUu%2FdVEy%2BKY8%2Ffy2rIWWYsKLnaE5w%2B%2F1T46NBqNMSZZHUEIwVu0zRcYyvlMWcLrWXnMS6aU9BNlKSFtlZtFn4SRhtGXdouvXIYqIIqIhg00zrXS%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d070ab156b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4079&min_rtt=1168&rtt_var=2624&sent=106&recv=27&lost=0&retrans=0&sent_bytes=100640&recv_bytes=6161&delivery_rate=9218056&cwnd=50400&unsent_bytes=0&cid=f0fb9de68b31c576&ts=264&x=1", cfExtPri, cfHdrFlush;dur=1

GET mexa.sh/images/yep_d.png

188.114.96.1

200 OK

15 kB

URL GET
mexa.sh/images/yep_d.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
Size
15 kB (15222 bytes)
Hash
662d1738accf3ec5f5c95a0e4896b232
8b1907196139b8819ffd1a77b3b71d3872ca848f
2c3e1756a8ea4bb4fca505be1a11e169adf01017e5fecd3602f3895f1b4450c3

HTTP Headers

GET /images/yep_d.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 15222
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3b76-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 2510
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dfvGelBLCONqeVPJLtPUQEtlNZq6g37CssYPQGppHty1pBngCmWo7TiOosnqJv6tAShVWE4mRuNevWOr%2B2YMtxiEkiz%2BYA05YTaeMRvzprRKyRwYqosKsUOR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d071ab956b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3833&min_rtt=1168&rtt_var=2459&sent=194&recv=28&lost=0&retrans=0&sent_bytes=201440&recv_bytes=6207&delivery_rate=10854386&cwnd=100800&unsent_bytes=0&cid=f0fb9de68b31c576&ts=266&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/navbar.png

188.114.96.1

200 OK

22 kB

URL GET
mexa.sh/images/navbar.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced
Size
22 kB (22290 bytes)
Hash
e7c056eea6e071b1f5309d5db50c057a
833e979751da5fffe28b8761b322d16481a24c2e
34785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9

HTTP Headers

GET /images/navbar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 22290
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "5712-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3623
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dlJG3kGtC6ctttAz%2FVWl79gjB0KqQV1pE8BGbUe7elGLmTnGU7pqYY0kZFHreQ8PR8wR%2BGl2TFynjhCRqKheDfJTAgIGFuVS8xRpLowjqptAzT%2FhML2NVNX2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d07fb3456b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3695&min_rtt=1168&rtt_var=1895&sent=277&recv=37&lost=0&retrans=0&sent_bytes=291365&recv_bytes=8410&delivery_rate=4054796&cwnd=133200&unsent_bytes=0&cid=f0fb9de68b31c576&ts=406&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/h9e1s8fil4y8/favicon.ico

188.114.96.1

302 Found

14 kB

URL GET
mexa.sh/h9e1s8fil4y8/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type

Size
14 kB (14069 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /h9e1s8fil4y8/favicon.ico HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Sat, 29 Mar 2025 06:16:26 GMT
content-length: 0
location: https://mexa.sh/h9e1s8fil4y8
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YQZOydFc5sT81XXjqHPYWIydK0gMMB00C7fH28mVCYZSYtKlS4h%2BnqSiBJ68McqjLx7Q5GsfCNKYmxfoFyBC6umcJgn8xDRD%2F0ljkCDvN560iZZtoq3zzzDX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d0afd4b56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2554&min_rtt=1168&rtt_var=1507&sent=504&recv=45&lost=0&retrans=0&sent_bytes=552980&recv_bytes=9295&delivery_rate=2360505&cwnd=193800&unsent_bytes=0&cid=f0fb9de68b31c576&ts=1098&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/navicon6.png

188.114.96.1

200 OK

1.2 kB

URL GET
mexa.sh/images/navicon6.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
1.2 kB (1175 bytes)
Hash
91f3dc42cd20fcc67b1f9e4d026ae636
4eb701d8acffe7471ca14183d83fdc8e5d57bec5
a9a1670e3a3b68ddead344606fe60843fc01d9cb439094ad9f813a5b6f072659

HTTP Headers

GET /images/navicon6.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 1175
last-modified: Fri, 11 Jun 2021 12:43:51 GMT
etag: "497-5c47cdc166fc0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3625
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M4L8BXfa%2BKR87yvRueHUpY%2B%2BKFGyXiu38g0TuvNtF5SBzk%2FTsCdUSnap%2Fe6%2FSCDcCXPbKTPdJtxbeIvarhB9hQmIP91dw%2BsH2szSSRlczHSNHvw%2B5H5rp6yJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d070aac56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4079&min_rtt=1168&rtt_var=2624&sent=106&recv=27&lost=0&retrans=0&sent_bytes=100640&recv_bytes=6161&delivery_rate=9218056&cwnd=50400&unsent_bytes=0&cid=f0fb9de68b31c576&ts=261&x=1", cfExtPri, cfHdrFlush;dur=4

GET mexa.sh/images/download1.png

188.114.96.1

200 OK

24 kB

URL GET
mexa.sh/images/download1.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced
Size
24 kB (23553 bytes)
Hash
26b1df6a0077b0e57862d48f78ca6f62
c1333ea62ff83bc3ad7e5e79085a4e2054684106
118653ed567e17878bbc0f821c1858d8f2ea9a65a84a2e3dd8177d5393052b86

HTTP Headers

GET /images/download1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 23553
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5c01-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 2510
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pdhIalEJeJ2MVKFoH55odylzdDm6G%2FFn7OR5xFDZulcs9gJPp6GeZMkmcQzq26uevRyPjctlvluxf%2F6BN8gjiaMzUTVK3hsWZGJDLo2wc5Lo8Kf%2BxSp063Ah"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d071ab556b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3833&min_rtt=1168&rtt_var=2459&sent=194&recv=28&lost=0&retrans=0&sent_bytes=201440&recv_bytes=6207&delivery_rate=10854386&cwnd=100800&unsent_bytes=0&cid=f0fb9de68b31c576&ts=266&x=1", cfExtPri, cfHdrFlush;dur=0

GET waisheph.com/5/7359319

139.45.197.119

200 OK

108 kB

URL GET
waisheph.com/5/7359319
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintE7:88:EE:CD:93:DB:C5:BE:BA:76:E6:0D:56:EB:32:21:DC:F1:FA:91
ValiditySun, 23 Feb 2025 22:17:56 GMT - Sat, 24 May 2025 22:17:55 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107454 bytes)
Hash
114148b02b0a3d31cb53b05c926645a2
9ef2be9ace1cd1b1e5d89635592d5d9ce81b419c
3e54a5927c657f81eaa09ffaa8a19bc3ab76f442ba91bf1b95d644cbd0c748ee

HTTP Headers

GET /5/7359319 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: application/javascript
x-trace-id: a3cee00f30d846b5b4f65f5486690318
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00819bbb447b4382f3772eaaf183db9e; expires=Sun, 29 Mar 2026 06:16:25 GMT; path=/; secure; SameSite=None
oaidts=1743228985; expires=Sun, 29 Mar 2026 06:16:25 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET mexa.sh/js/jquery.cookie.js

188.114.96.1

200 OK

3.1 kB

URL GET
mexa.sh/js/jquery.cookie.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
JavaScript source, ASCII text, with very long lines (3441), with no line terminators
Size
3.1 kB (3121 bytes)
Hash
7e208f9bc7ca201678c76d96e899349c
afa52ce81c7656bf1a8605bd2cbd38c2be00cd9b
0f0e74eaa31ad2d6c07d9ceb16efefc78aae0f45328759eb163800d261e53d29

HTTP Headers

GET /js/jquery.cookie.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"c31-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3022
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w6RjxYlfXhCGqWEiblAufQvQnJDzVz3e1z3k6wSywLgESUnQN1bFnSv%2FT16RalYKYJ7i4cbzqaN38ekU10KLnHvr4XbOD2s6j160ynS3zhMUYAlt87xSZtYx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d06fa8e56b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5494&min_rtt=4820&rtt_var=3155&sent=20&recv=18&lost=0&retrans=0&sent_bytes=4536&recv_bytes=4192&delivery_rate=58035&cwnd=12000&unsent_bytes=0&cid=f0fb9de68b31c576&ts=253&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/flags.png

188.114.96.1

200 OK

30 kB

URL GET
mexa.sh/images/flags.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 1248 x 11, 8-bit/color RGBA, non-interlaced
Size
30 kB (29723 bytes)
Hash
df0a3afc77d0c08cdea27ac3a7b9620c
8248d5c5e5eddeaa75a5a0b5490b58e0e61b6900
a38e9ae7d0318307be9b3c7aaccaf64e484d775fe9a507f850b9e4bfa314cf03

HTTP Headers

GET /images/flags.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/style.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 29723
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "741b-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3623
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 927d3d07fb3556b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/free_download.png

188.114.96.1

200 OK

32 kB

URL GET
mexa.sh/images/free_download.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced
Size
32 kB (32532 bytes)
Hash
46a5fd5732a87850dd58f70c8c870430
9ae7b42ff28fd2129aa5e67057f9d4d198a717eb
9d83ca5cc56ca22555b7760e69827e4cb916ededbedf291e5d877f6e01219487

HTTP Headers

GET /images/free_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 29 Mar 2025 06:16:25 GMT
content-type: image/png
content-length: 32532
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "7f14-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 2506
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lPuVuwTrZC45uYFEFc64h%2Ff619NuZObDum9lJBVXWHpy4nCfOXXKAlwpOEl7tR1OHLVk%2FaW07agSbHRb2eMO%2BDbqXIsvHHiGi3gPdrlJhlY1Qyq9%2B9ZfNlfz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 927d3d07fb3b56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3397&min_rtt=1168&rtt_var=2017&sent=417&recv=38&lost=0&retrans=0&sent_bytes=456374&recv_bytes=8456&delivery_rate=9687494&cwnd=150000&unsent_bytes=0&cid=f0fb9de68b31c576&ts=409&x=1", cfExtPri, cfHdrFlush;dur=0

OPTIONS waisheph.com/wrr?z=7359319&p_rid=cc5563b6-87fe-4d77-ad41-f2b0b697be88&rb=BrkSOLGEA0rpJ-gtuebjbPuD41AS3C22YpBgEmJd6OAsXJzxvYY0znidrSCTSEgdNHbtlHYFhHDVVgprKOsw48u8WCKADvjGafedY-Li8j1iPCvHGXeGwUQWt-jztYm0UXmlemJJqE-Q7Ro5k-UzLUCxM3VPLZi0EaWCF1-EmnmGjDPKcBrzqaYAfyVYhnyf_snErrR9VX-tj5w1uP6J12l4snKia71EJbrSsI0oi0BNQHBJSDIJfq7fRSFdTWU75--URshHH5bh0omn24seJg==&dmn=waisheph.com&userId=00819bbb447b4382f3772eaaf183db9e

139.45.197.119

204 No Content

0 B

URL OPTIONS
waisheph.com/wrr?z=7359319&p_rid=cc5563b6-87fe-4d77-ad41-f2b0b697be88&rb=BrkSOLGEA0rpJ-gtuebjbPuD41AS3C22YpBgEmJd6OAsXJzxvYY0znidrSCTSEgdNHbtlHYFhHDVVgprKOsw48u8WCKADvjGafedY-Li8j1iPCvHGXeGwUQWt-jztYm0UXmlemJJqE-Q7Ro5k-UzLUCxM3VPLZi0EaWCF1-EmnmGjDPKcBrzqaYAfyVYhnyf_snErrR9VX-tj5w1uP6J12l4snKia71EJbrSsI0oi0BNQHBJSDIJfq7fRSFdTWU75--URshHH5bh0omn24seJg==&dmn=waisheph.com&userId=00819bbb447b4382f3772eaaf183db9e
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/h9e1s8fil4y8/G-RJ01350918.zip
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintE7:88:EE:CD:93:DB:C5:BE:BA:76:E6:0D:56:EB:32:21:DC:F1:FA:91
ValiditySun, 23 Feb 2025 22:17:56 GMT - Sat, 24 May 2025 22:17:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /wrr?z=7359319&p_rid=cc5563b6-87fe-4d77-ad41-f2b0b697be88&rb=BrkSOLGEA0rpJ-gtuebjbPuD41AS3C22YpBgEmJd6OAsXJzxvYY0znidrSCTSEgdNHbtlHYFhHDVVgprKOsw48u8WCKADvjGafedY-Li8j1iPCvHGXeGwUQWt-jztYm0UXmlemJJqE-Q7Ro5k-UzLUCxM3VPLZi0EaWCF1-EmnmGjDPKcBrzqaYAfyVYhnyf_snErrR9VX-tj5w1uP6J12l4snKia71EJbrSsI0oi0BNQHBJSDIJfq7fRSFdTWU75--URshHH5bh0omn24seJg==&dmn=waisheph.com&userId=00819bbb447b4382f3772eaaf183db9e HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sat, 29 Mar 2025 06:16:26 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML