Report - mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar

Report Overview

Visited public
2025-03-05 11:26:55
Tags
Submit Tags
URL
mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Finishing URL
mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
IP / ASN
172.67.153.131
#13335 CLOUDFLARENET
Title
Download AN-463705 part1 rar

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mexa.sh	337577	2019-08-22	2019-08-26	2025-03-01	13 kB	725 kB	104.21.3.103
waisheph.com	74994	2020-11-23	2020-12-10	2025-03-01	3.4 kB	111 kB	139.45.197.119
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-03-05	990 B	619 kB	142.250.74.136
obeseglobewimp.com	unknown	unknown	No data	No data	443 B	571 B	192.243.61.227
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-02-26	461 B	833 B	104.18.41.22

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-05	medium	obeseglobewimp.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	From	Size	First Seen	Last Seen
	mexa.sh/js/jquery.paging.js	ScriptElement	19 kB	2023-03-07	2025-07-16
Pretty URL mexa.sh/js/jquery.paging.js IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23 Last Seen2025-07-16 05:57 Times Seen2800 Hash d7a2c1c7af2a004a6d68e1e55b1cfb46 7fd6daa7076c30381880519ad06ef5639b19ee28 c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6 Loading...

	mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar	ScriptElement	261 B	2023-03-12	2025-07-15
Pretty URL mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-07-15 06:36 Times Seen94 Hash abbf34430edc9e4d913c44d8a48f2ae3 dc9f6c9c0b7d020d8bc465365a4039daa8cbcc84 f04d076aafba2a5adb1116793b34a04ef9da13f29838dd753bfd7ccfedcda8c9 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-07-16
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-16 07:47 Times Seen409161 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	mexa.sh/js/jquery-1.9.1.min.js	ScriptElement	93 kB	2023-03-07	2025-07-16
Pretty URL mexa.sh/js/jquery-1.9.1.min.js IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-16 07:22 Times Seen17723 Hash 397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Loading...

	mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar	ScriptElement	172 B	2025-03-05	2025-03-05
Pretty URL mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-05 11:27 Last Seen2025-03-05 11:27 Times Seen1 Hash a70a2c71f5f86952f3038feb07e8d62e de045082709ad244691e8c16f09b02e23353b60d c88ee24d0456451c844792fc2e3c28dd7562e2888b8d888cd0edf18cd34d5c18 Loading...

	wasm:waisheph.com/5/7359319%20line%201%20%3E%20WebAssembly.instantiate	Wasm	0 B	0001-01-01	2025-07-16
Pretty URL wasm:waisheph.com/5/7359319%20line%201%20%3E%20WebAssembly.instantiate IP 0.0.0.0 ASN #0 Introduced by wasm Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-16 07:50 Times Seen5434002 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	mexa.sh/js/paging.js	ScriptElement	1.7 kB	2023-03-08	2025-07-15
Pretty URL mexa.sh/js/paging.js IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:01 Last Seen2025-07-15 06:36 Times Seen699 Hash 43e50aa00ad654da80af8f7936afd4c6 fb5921b855cce329191077b7e93563029d703545 e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657 Loading...

	waisheph.com/5/7359319	ScriptElement	104 kB	2025-03-05	2025-03-05
Pretty URL waisheph.com/5/7359319 IP 139.45.197.119 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-05 11:27 Last Seen2025-03-05 11:27 Times Seen1 Hash d778877a160b040260388acb472a1d20 91e5c72e6e3dd75f4c85b8a2cf9acc422348919f 307dde39886ed0a53ace8a56b8bc91360fad70ea70afae6146ed4121bd4d3901 Loading...

	www.googletagmanager.com/gtag/js?id=UA-79936000-1	ScriptElement	255 kB	2025-03-05	2025-03-05
Pretty URL www.googletagmanager.com/gtag/js?id=UA-79936000-1 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-05 11:27 Last Seen2025-03-05 11:27 Times Seen1 Hash 18cc0f95edc9173f654a9d527eba0315 86bb129f8bc2ce50696e77fa09d35cd912d60d79 d0018e9a86602a078642cb39605d98bc26880f9ae8a4efcce12becdc67d79b27 Loading...

	mexa.sh/7qsna7mxd6ld/sandbox%20eval%20code		147 B	2023-04-11	2025-07-16
Pretty URL mexa.sh/7qsna7mxd6ld/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-07-16 07:47 Times Seen409569 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e5330za200&tag_exp=102067808~102482433~102539968~102558064~102587591~102605417~102640600~102717422~102732003	ScriptElement	362 kB	2025-03-05	2025-03-05
Pretty URL www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e5330za200&tag_exp=102067808~102482433~102539968~102558064~102587591~102605417~102640600~102717422~102732003 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-05 11:27 Last Seen2025-03-05 11:27 Times Seen1 Hash dcbcb06a957da5257f816a90c84fadbc 09db87f3ab03b68fc88dad7506b1590daa6d8235 530a0ac270f4369eba920430faf99a9cd26e177f276baa5b02603ed00db2b466 Loading...

	mexa.sh/js/jquery.cookie.js	ScriptElement	3.1 kB	2023-03-07	2025-07-16
Pretty URL mexa.sh/js/jquery.cookie.js IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23 Last Seen2025-07-16 05:57 Times Seen2866 Hash ff14e4812b7f512e620b1ad35542bcfc c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96 Loading...

	mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar	ScriptElement	666 B	2023-03-12	2025-07-15
Pretty URL mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-07-15 06:36 Times Seen93 Hash 3ff478c8f993edf7fcf9b0a556256ed5 22391de1683e10171a05ac3453143ea297da9f3e 2840b85566767ff50901311c4a2c2545b5b29e94c8c3aaade614902a04dc45d7 Loading...

	mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar	ScriptElement	154 B	2023-03-12	2025-07-15
Pretty URL mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar IP 104.21.3.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-07-15 06:36 Times Seen96 Hash c6b02bbb4255c747368479fd2e4300e5 0a5cd83325ceaab81243a71c4ce359edf2d15c03 8b9d20a60322347d585ec6209ba3e9e1bacc7a8aa14c7aa33f3549d10348614c Loading...

HTTP Transactions (36)

URL IP Response Size

GET mexa.sh/images/userin.png

104.21.3.103

200 OK

18 kB

URL GET
mexa.sh/images/userin.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced
Size
18 kB (18182 bytes)
Hash
f7354ba97c4568ef41c764f1d5641336
78041d1b15b6af69d015b1dff67bb9d2501fe325
71657baf0148a08ee00ee4b43ab8106c192c670b34f853817a64dcff40fe1eba

HTTP Headers

GET /images/userin.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 18182
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4706-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JLYoDYAgge4SkjmHKz2fVOhfwvKzFq2yIVSYeiVbwr%2Fm3u6jkEvz2Av1ZIDoPm48joOI7JBBWlC5mq6txz4JJZiohzj5bNUUin%2B3l87dzSHnZD%2BoITlC9vbI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425dbe6db527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5681&min_rtt=2254&rtt_var=4131&sent=213&recv=30&lost=0&retrans=0&sent_bytes=217942&recv_bytes=6347&delivery_rate=13681391&cwnd=78900&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=789&x=1", cfExtPri, cfHdrFlush;dur=0

POST waisheph.com/wrr?z=7359319&p_rid=3c38ee9a-5d96-434c-951c-67babb9a3143&rb=scnzXo6pCFmzXIs5s6Z8mBizVv8HLCQHh7HzoX7m1dn87F-wNxaOQQ7pv3kflbJGB8WPmYUDrb3Nu0E7bKPrYQaWgiXR48sgqglYWPyP5AG283NiNPtkzHdNWEI6zI_6OvLPjILZZ9pK8ORnPbuC4JSSqnGrBbAwTpkeAEY6NVFaiWXE2tihwxtWCexHHOJ1tF9-5d3dmRp7I06YiACXKBaRLK_HFSFdK8qI8reO1MyPqPF79qHMF4MSzQ-82-m6WoLLeKqeJXLoTdcrhGJoTPQoYZo=&dmn=waisheph.com&userId=00818308112d420afa264c4d67d24416

139.45.197.119

200 OK

2 B

URL POST
waisheph.com/wrr?z=7359319&p_rid=3c38ee9a-5d96-434c-951c-67babb9a3143&rb=scnzXo6pCFmzXIs5s6Z8mBizVv8HLCQHh7HzoX7m1dn87F-wNxaOQQ7pv3kflbJGB8WPmYUDrb3Nu0E7bKPrYQaWgiXR48sgqglYWPyP5AG283NiNPtkzHdNWEI6zI_6OvLPjILZZ9pK8ORnPbuC4JSSqnGrBbAwTpkeAEY6NVFaiWXE2tihwxtWCexHHOJ1tF9-5d3dmRp7I06YiACXKBaRLK_HFSFdK8qI8reO1MyPqPF79qHMF4MSzQ-82-m6WoLLeKqeJXLoTdcrhGJoTPQoYZo=&dmn=waisheph.com&userId=00818308112d420afa264c4d67d24416
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintE7:88:EE:CD:93:DB:C5:BE:BA:76:E6:0D:56:EB:32:21:DC:F1:FA:91
ValiditySun, 23 Feb 2025 22:17:56 GMT - Sat, 24 May 2025 22:17:55 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /wrr?z=7359319&p_rid=3c38ee9a-5d96-434c-951c-67babb9a3143&rb=scnzXo6pCFmzXIs5s6Z8mBizVv8HLCQHh7HzoX7m1dn87F-wNxaOQQ7pv3kflbJGB8WPmYUDrb3Nu0E7bKPrYQaWgiXR48sgqglYWPyP5AG283NiNPtkzHdNWEI6zI_6OvLPjILZZ9pK8ORnPbuC4JSSqnGrBbAwTpkeAEY6NVFaiWXE2tihwxtWCexHHOJ1tF9-5d3dmRp7I06YiACXKBaRLK_HFSFdK8qI8reO1MyPqPF79qHMF4MSzQ-82-m6WoLLeKqeJXLoTdcrhGJoTPQoYZo=&dmn=waisheph.com&userId=00818308112d420afa264c4d67d24416 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
content-type: application/json
Content-Length: 5776
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 05 Mar 2025 11:26:37 GMT
content-type: text/plain
content-length: 2
x-trace-id: 54d673bd42fc388251e7a82ab36c4ec0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00818308112d420afa264c4d67d24416; expires=Thu, 05 Mar 2026 11:26:37 GMT; path=/; secure; SameSite=None
oaidts=1741173997; expires=Thu, 05 Mar 2026 11:26:37 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 12 Mar 2025 11:26:37 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET mexa.sh/css_newTheme/style.css

104.21.3.103

200 OK

40 kB

URL GET
mexa.sh/css_newTheme/style.css
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
ASCII text
Size
40 kB (39810 bytes)
Hash
3c6420826cc1647abda78120299c0eb6
bf10714579e64ee828627f828695fe093c5b810f
3688ad50ef9e8944e982c4e017363d2454b84814b3a289af6dc9a341988180e7

HTTP Headers

GET /css_newTheme/style.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: text/css
server: cloudflare
last-modified: Wed, 09 Aug 2017 05:59:44 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
priority: u=2,i=?0
etag: W/"9b82-5564bc956d400"
content-encoding: br
cf-ray: 91b9425d9e26b527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/navicon2.png

104.21.3.103

200 OK

16 kB

URL GET
mexa.sh/images/navicon2.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (16374 bytes)
Hash
86665a37cea72cd507ceb7e7282c74f8
f7707000a81a04f217ec9bd93995a0b9fc424037
ee6d96bdbf6cffc4e603a1845255d94861452f9132d400388c10c2b3d6fb3db1

HTTP Headers

GET /images/navicon2.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 16374
last-modified: Tue, 30 May 2017 04:42:33 GMT
etag: "3ff6-550b66e93c040"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i4%2FZQ4dEdGKuJVQXQB243QPQVLEKrEEVxnTHVqmuZS3%2BM%2FfYPe3y28Vk5USjjxKlZHjRDOV9oAsEp%2BePOX%2FyGBJ5n09eAFmirgJu2HcpAjQOXQnC7c4i52XH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425dbe60b527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5681&min_rtt=2254&rtt_var=4131&sent=172&recv=30&lost=0&retrans=0&sent_bytes=171204&recv_bytes=6347&delivery_rate=13681391&cwnd=78900&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=787&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/free_download.png

104.21.3.103

200 OK

32 kB

URL GET
mexa.sh/images/free_download.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced
Size
32 kB (32532 bytes)
Hash
46a5fd5732a87850dd58f70c8c870430
9ae7b42ff28fd2129aa5e67057f9d4d198a717eb
9d83ca5cc56ca22555b7760e69827e4cb916ededbedf291e5d877f6e01219487

HTTP Headers

GET /images/free_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 32532
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "7f14-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 7029
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lqL6s0GJyIznTRKCJZzHaBr2XIf8ImxBmRh2zlyd64IzDGVaYMQJiZk9YAcJWaG4dEyW%2B744OW89xh4AmYX1pbRxeu67wpt2QJJ5ySR%2F8j8Jw5wFK080vd4u"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b942608a98b527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4928&min_rtt=1641&rtt_var=2303&sent=377&recv=42&lost=0&retrans=0&sent_bytes=402738&recv_bytes=8679&delivery_rate=14619615&cwnd=98100&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=1068&x=1", cfExtPri, cfHdrFlush;dur=0

GET www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e5330za200&tag_exp=102067808~102482433~102539968~102558064~102587591~102605417~102640600~102717422~102732003

142.250.74.136

200 OK

362 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e5330za200&tag_exp=102067808~102482433~102539968~102558064~102587591~102605417~102640600~102717422~102732003
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintAE:1B:D4:56:41:F7:15:A7:24:B8:F3:55:83:91:17:2C:97:12:67:6E
ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

File type
JavaScript source, ASCII text, with very long lines (5960)
Size
362 kB (361539 bytes)
Hash
dcbcb06a957da5257f816a90c84fadbc
09db87f3ab03b68fc88dad7506b1590daa6d8235
530a0ac270f4369eba920430faf99a9cd26e177f276baa5b02603ed00db2b466

HTTP Headers

GET /gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e5330za200&tag_exp=102067808~102482433~102539968~102558064~102587591~102605417~102640600~102717422~102732003 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 05 Mar 2025 11:26:36 GMT
expires: Wed, 05 Mar 2025 11:26:36 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1003:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1003:0
report-to: {"group":"ascgcycc:1003:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1003:0"}],}
server: Google Tag Manager
content-length: 119734
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET mexa.sh/7qsna7mxd6ld

104.21.3.103

200 OK

14 kB

URL GET
mexa.sh/7qsna7mxd6ld
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
HTML document, ASCII text, with very long lines (10951), with CRLF line terminators
Size
14 kB (14083 bytes)
Hash
1f7687db9d1b70f0880888bd41399692
45d11f23e7860e3574f3f95429827702c174bbf1
d2a2b49cd69ea9702b185407b4c49413269a4cc5ff810ec93538d36394826124

HTTP Headers

GET /7qsna7mxd6ld HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
DNT: 1
Connection: keep-alive
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:36 GMT
content-type: text/html ; charset=UTF-8
expires: Tue, 04 Mar 2025 11:26:36 GMT
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9hH0973h3Jt4P9Rcurbm7xN8CD0dotx7mCqpyrbEKmFE%2B5aKqnvaYWCmoRMidAlBr2942TJHpc0cG2QZL%2Fd%2BwTdwTqp2xU66FpDSbgUdzRQiWcg6ntA7SNUt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91b94264e85fb527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4684&min_rtt=1641&rtt_var=3182&sent=511&recv=53&lost=0&retrans=0&sent_bytes=554729&recv_bytes=9963&delivery_rate=32101&cwnd=98100&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=1850&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/navicon5.png

104.21.3.103

200 OK

16 kB

URL GET
mexa.sh/images/navicon5.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (15551 bytes)
Hash
002d70c5e45c4d81587ca7d82dca6577
d830a98de6a02ca22933b9f24cadf848499419d3
de5ce08ee842e8f12bfcc0c14dde4bb1e3c2fb695d32a36122b859c7f42b39d3

HTTP Headers

GET /images/navicon5.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 15551
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3cbf-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bwGObJEG1MG8koqPa3WWIO2c%2BykL1CrM8x36SxGYiBBpBKt5AB12xxfua23LgOCL2mLtLYl65ZNUHAC0dEsJCkGk2y0oWNYNEK4tkYqeDIBHTnEypw5zt0xd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425dbe6bb527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5681&min_rtt=2254&rtt_var=4131&sent=172&recv=30&lost=0&retrans=0&sent_bytes=171204&recv_bytes=6347&delivery_rate=13681391&cwnd=78900&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=787&x=1", cfExtPri, cfHdrFlush;dur=0

GET obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js

192.243.61.227

403 Forbidden

0 B

URL GET
obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerLet's Encrypt
Subjectobeseglobewimp.com
Fingerprint2B:15:3C:49:E3:1F:CD:ED:DC:1D:2A:15:38:00:BC:58:19:D2:A1:59
ValidityMon, 03 Mar 2025 19:05:17 GMT - Sun, 01 Jun 2025 19:05:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js HTTP/1.1
Host: obeseglobewimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.21.6
Date: Wed, 05 Mar 2025 11:26:35 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: obeseglobewimp.com

GET mexa.sh/images/regicon.png

104.21.3.103

200 OK

20 kB

URL GET
mexa.sh/images/regicon.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced
Size
20 kB (19508 bytes)
Hash
363e2a7e57bf3cb4da7d113445cd676f
15c3bba1a21d1543ee17ccd57a304f1efedca876
012602b63f0fb6df165120eddb63fd137f160b56be0185cbe59aa6731f994779

HTTP Headers

GET /images/regicon.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 19508
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4c34-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=32T0MemyRQhv2WckT81kBMdXpl0cnR5ubYo2%2FiB72g4MjCivilZCXj%2BwLoIKxqqtQBc1dXPVTo6OY1Th2JZfbcCOaMbAgu1pX2%2FY4lsr67tykpM3YGzpDWBz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425dce70b527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5681&min_rtt=2254&rtt_var=4131&sent=162&recv=30&lost=0&retrans=0&sent_bytes=159204&recv_bytes=6347&delivery_rate=13681391&cwnd=78900&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=786&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/premchar.png

104.21.3.103

200 OK

70 kB

URL GET
mexa.sh/images/premchar.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 120 x 142, 16-bit/color RGBA, non-interlaced
Size
70 kB (69808 bytes)
Hash
e3a6c4b647e9c8b789b17a98fb6d75f8
c7428a76951933962ef1d7400b37ba9ef91d6afd
0b96b573944cb4d34a5ee132b09eb322845c82a7ef1a3db0931927c336735d69

HTTP Headers

GET /images/premchar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 69808
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "110b0-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 7029
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HOTrt87%2FxQuP3r2IWpafvehcLsONHMV87qSp4Xgbbu4xIg0JKxzholyCPaYcW8aC%2BVJ3W%2B00ILMsMKewy1uBrD8pTZksMwRX%2B8ZlsDUkZeqkS73txhsl7tE3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b942608a8bb527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5397&min_rtt=2254&rtt_var=1818&sent=316&recv=40&lost=0&retrans=0&sent_bytes=330426&recv_bytes=8328&delivery_rate=2193491&cwnd=98100&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=1066&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/js/jquery.paging.js

104.21.3.103

200 OK

19 kB

URL GET
mexa.sh/js/jquery.paging.js
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
JavaScript source, ASCII text
Size
19 kB (19365 bytes)
Hash
d7a2c1c7af2a004a6d68e1e55b1cfb46
7fd6daa7076c30381880519ad06ef5639b19ee28
c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6

HTTP Headers

GET /js/jquery.paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"4ba5-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 2467
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=No8Jpvr2QKWdcX%2Fl3Ud5DvDys9%2B9nnSNu5Bnqnm04sImmjfNFlHgyeLIbecVYRyfOyWKDSHCyDGafoR%2FxTHdOzheJ0MwFpj%2By09t4Lq%2FFiYXIOybs6KQOof%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425dae32b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=10783&min_rtt=7710&rtt_var=5086&sent=19&recv=15&lost=0&retrans=0&sent_bytes=4263&recv_bytes=3292&delivery_rate=76391&cwnd=12000&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=604&x=1", cfExtPri, cfHdrFlush;dur=0

GET www.googletagmanager.com/gtag/js?id=UA-79936000-1

142.250.74.136

200 OK

255 kB

URL GET
www.googletagmanager.com/gtag/js?id=UA-79936000-1
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintAE:1B:D4:56:41:F7:15:A7:24:B8:F3:55:83:91:17:2C:97:12:67:6E
ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

File type
JavaScript source, ASCII text, with very long lines (5268)
Size
255 kB (255376 bytes)
Hash
18cc0f95edc9173f654a9d527eba0315
86bb129f8bc2ce50696e77fa09d35cd912d60d79
d0018e9a86602a078642cb39605d98bc26880f9ae8a4efcce12becdc67d79b27

HTTP Headers

GET /gtag/js?id=UA-79936000-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 05 Mar 2025 11:26:35 GMT
expires: Wed, 05 Mar 2025 11:26:35 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1003:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1003:0
report-to: {"group":"ascgcycc:1003:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1003:0"}],}
server: Google Tag Manager
content-length: 90348
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET mexa.sh/images/.png

104.21.3.103

404 Not Found

3.3 kB

URL GET
mexa.sh/images/.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
HTML document, ASCII text, with very long lines (3445), with no line terminators
Size
3.3 kB (3301 bytes)
Hash
228f5192b74f59575de751407220f163
f13fca15068e241ce63aa7d8c20ea9dcd5b712f0
5110887844bc201982a82d09dc4108e015cbd160f3b6163f81f80f9e9ed23aa8

HTTP Headers

GET /images/.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: text/html; charset=utf-8
last-modified: Tue, 17 Dec 2019 16:49:23 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3UreoUL2bZXhzlvcvJd7JmchksmVv%2FXFs0BzX8%2B0QZLvkft0uGc1w1WWpMjgJXWDrIB2RLYJS9HmPUTcdedoEDYocOPw6M9L%2BkiPP4HKsRv9rWd3RkvjB%2B4C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b942606a71b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4839&min_rtt=1641&rtt_var=1866&sent=458&recv=46&lost=0&retrans=0&sent_bytes=497669&recv_bytes=8863&delivery_rate=4778812&cwnd=98100&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=1245&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/7qsna7mxd6ld/favicon.ico

104.21.3.103

302 Found

14 kB

URL GET
mexa.sh/7qsna7mxd6ld/favicon.ico
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type

Size
14 kB (14083 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /7qsna7mxd6ld/favicon.ico HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Wed, 05 Mar 2025 11:26:36 GMT
content-length: 0
location: https://mexa.sh/7qsna7mxd6ld
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NcGR0%2Fif3yWzkzdKq3mHa6O8TVadTPCM90tR2st5c4YLwxVxLwDe1ghn858TQt5wuqOrXPvfOePM7gQF3iFFWBFN7XJIF8uKbtPYW%2BfVZszXGKqYJqS0jL7G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b942639e6db527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3910&min_rtt=1641&rtt_var=2177&sent=509&recv=51&lost=0&retrans=0&sent_bytes=554035&recv_bytes=9613&delivery_rate=128898&cwnd=98100&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=1746&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/js/paging.js

104.21.3.103

200 OK

1.7 kB

URL GET
mexa.sh/js/paging.js
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
HTML document, ASCII text, with very long lines (1778), with no line terminators
Size
1.7 kB (1709 bytes)
Hash
cc6cc190d0f5515a00ac307c26fe033a
b7028b457c314b3a61b4130bb98fc8f2cf3e769e
030ef0e5188e0cff37c54520d654e321e69a6d88ec6379d1817e546db88b58ea

HTTP Headers

GET /js/paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"6ad-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
age: 2466
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OmSmmrLSev3NeQ21ie0hHKHxMV4sk7j487Q5mBsvXLzOjH1GZbWDgJvwuoOhUKxGWD5v2zBCh03kbekdjnF1y5qrYBnXhRTVv%2BnDpfEHFZAA9cXz6YcafU3z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425dae37b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=10580&min_rtt=7710&rtt_var=4222&sent=24&recv=16&lost=0&retrans=0&sent_bytes=9529&recv_bytes=3335&delivery_rate=9427&cwnd=12000&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=609&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/navicon6.png

104.21.3.103

200 OK

1.2 kB

URL GET
mexa.sh/images/navicon6.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
1.2 kB (1175 bytes)
Hash
91f3dc42cd20fcc67b1f9e4d026ae636
4eb701d8acffe7471ca14183d83fdc8e5d57bec5
a9a1670e3a3b68ddead344606fe60843fc01d9cb439094ad9f813a5b6f072659

HTTP Headers

GET /images/navicon6.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 1175
last-modified: Fri, 11 Jun 2021 12:43:51 GMT
etag: "497-5c47cdc166fc0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=plQvVpiOCO32jE3cQ7AZa5Vp%2FApL1%2Bmg62Vms4E6Jtkh78t8aauBudo82uVoPlguUls3vROcv4CFtxM0LsMgdW6XQV%2B1cNPkOdhMq4KDDoAGigtl8I46f3Oa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425dbe6ab527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5681&min_rtt=2254&rtt_var=4131&sent=162&recv=30&lost=0&retrans=0&sent_bytes=159204&recv_bytes=6347&delivery_rate=13681391&cwnd=78900&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=786&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/frechar.png

104.21.3.103

200 OK

67 kB

URL GET
mexa.sh/images/frechar.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 120 x 144, 16-bit/color RGBA, non-interlaced
Size
67 kB (66710 bytes)
Hash
7adab309ecff73216286b6d34b795e7c
f2791da7bcea6e23cb2ae8beb1724c6a003cb3c8
1b2f0a33a03b71c4f76186a368adb3ebacf73dde3b770fe30b93cb4a54188078

HTTP Headers

GET /images/frechar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 66710
last-modified: Fri, 19 Jul 2024 07:38:56 GMT
etag: "10496-61d94c9aac4eb"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 7029
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zdZzUGYxSCq6MW6Be2ubMWWoYL9mBgxZAwOQdP7ZCK1PHYgOJJUrhT17gqJvhgxKKCDwWL3wJIdtqNjSpYRkyYpcWTUoNyodoVdyiJYLK1TKLaR6XPJaHGqG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b942608a86b527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5449&min_rtt=2254&rtt_var=2287&sent=257&recv=39&lost=0&retrans=0&sent_bytes=261282&recv_bytes=8282&delivery_rate=1466264&cwnd=98100&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=1061&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/navbara.png

104.21.3.103

200 OK

22 kB

URL GET
mexa.sh/images/navbara.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced
Size
22 kB (22290 bytes)
Hash
e7c056eea6e071b1f5309d5db50c057a
833e979751da5fffe28b8761b322d16481a24c2e
34785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9

HTTP Headers

GET /images/navbara.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:36 GMT
content-type: image/png
content-length: 22290
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5712-550b66eb244c0"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OR3VCDTCsmG9Ua%2BY0GFlfMkifABCsRU%2FJHIjKVaucpTrLezB3jSENnOMR2bMEgZ%2BaFH9Feh%2FDHz2GqGoEw2oYmlHpf1iDi3U85zhbmcBkpBC5%2Fuviqi2CT9H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b94262fd91b527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4178&min_rtt=1641&rtt_var=2188&sent=488&recv=50&lost=0&retrans=0&sent_bytes=530453&recv_bytes=9567&delivery_rate=4438395&cwnd=98100&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=1628&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar

104.21.3.103

200 OK

14 kB

URL User Request GET
mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
HTML document, ASCII text, with very long lines (10903), with CRLF line terminators
Size
14 kB (14035 bytes)
Hash
6bfc441f71245aa96ad458e88afd990d
7d79c1a0fcaa6a0a44201118b306c52fa3cb69c3
6447d01f3530b455d538f77551b7fc342c84ba8c4b592c29ae28281da358fe73

HTTP Headers

GET /7qsna7mxd6ld/AN-463705.part1.rar HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 11:26:34 GMT
content-type: text/html ; charset=UTF-8
expires: Tue, 04 Mar 2025 11:26:34 GMT
set-cookie: lang=english; domain=mexa.sh; path=/
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sQ9UpqKXpJN5FoO5Zbb8SCGytaazLWNRHiN8HRoBNH3kvGJIBivr0eaND5JjyiBH6I%2Fdw3ljNXt%2Fu6edUMG6vC8fVhBy55Yt1JjeNunSYZPd1N6EhdKn59Dx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b942584bfe56c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6016&min_rtt=448&rtt_var=11146&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3261&recv_bytes=1263&delivery_rate=7362711&cwnd=254&unsent_bytes=0&cid=69d0043d0750e62f&ts=266&x=0"
X-Firefox-Spdy: h2

GET waisheph.com/5/7359319

139.45.197.119

200 OK

104 kB

URL GET
waisheph.com/5/7359319
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintE7:88:EE:CD:93:DB:C5:BE:BA:76:E6:0D:56:EB:32:21:DC:F1:FA:91
ValiditySun, 23 Feb 2025 22:17:56 GMT - Sat, 24 May 2025 22:17:55 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
104 kB (104536 bytes)
Hash
d778877a160b040260388acb472a1d20
91e5c72e6e3dd75f4c85b8a2cf9acc422348919f
307dde39886ed0a53ace8a56b8bc91360fad70ea70afae6146ed4121bd4d3901

HTTP Headers

GET /5/7359319 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: application/javascript
x-trace-id: d1cd301775dd3f44198bf450ff87cf4c
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00818308112d420afa264c4d67d24416; expires=Thu, 05 Mar 2026 11:26:35 GMT; path=/; secure; SameSite=None
oaidts=1741173995; expires=Thu, 05 Mar 2026 11:26:35 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

OPTIONS waisheph.com/wrr?z=7359319&p_rid=3c38ee9a-5d96-434c-951c-67babb9a3143&rb=scnzXo6pCFmzXIs5s6Z8mBizVv8HLCQHh7HzoX7m1dn87F-wNxaOQQ7pv3kflbJGB8WPmYUDrb3Nu0E7bKPrYQaWgiXR48sgqglYWPyP5AG283NiNPtkzHdNWEI6zI_6OvLPjILZZ9pK8ORnPbuC4JSSqnGrBbAwTpkeAEY6NVFaiWXE2tihwxtWCexHHOJ1tF9-5d3dmRp7I06YiACXKBaRLK_HFSFdK8qI8reO1MyPqPF79qHMF4MSzQ-82-m6WoLLeKqeJXLoTdcrhGJoTPQoYZo=&dmn=waisheph.com&userId=00818308112d420afa264c4d67d24416

139.45.197.119

204 No Content

0 B

URL OPTIONS
waisheph.com/wrr?z=7359319&p_rid=3c38ee9a-5d96-434c-951c-67babb9a3143&rb=scnzXo6pCFmzXIs5s6Z8mBizVv8HLCQHh7HzoX7m1dn87F-wNxaOQQ7pv3kflbJGB8WPmYUDrb3Nu0E7bKPrYQaWgiXR48sgqglYWPyP5AG283NiNPtkzHdNWEI6zI_6OvLPjILZZ9pK8ORnPbuC4JSSqnGrBbAwTpkeAEY6NVFaiWXE2tihwxtWCexHHOJ1tF9-5d3dmRp7I06YiACXKBaRLK_HFSFdK8qI8reO1MyPqPF79qHMF4MSzQ-82-m6WoLLeKqeJXLoTdcrhGJoTPQoYZo=&dmn=waisheph.com&userId=00818308112d420afa264c4d67d24416
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintE7:88:EE:CD:93:DB:C5:BE:BA:76:E6:0D:56:EB:32:21:DC:F1:FA:91
ValiditySun, 23 Feb 2025 22:17:56 GMT - Sat, 24 May 2025 22:17:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /wrr?z=7359319&p_rid=3c38ee9a-5d96-434c-951c-67babb9a3143&rb=scnzXo6pCFmzXIs5s6Z8mBizVv8HLCQHh7HzoX7m1dn87F-wNxaOQQ7pv3kflbJGB8WPmYUDrb3Nu0E7bKPrYQaWgiXR48sgqglYWPyP5AG283NiNPtkzHdNWEI6zI_6OvLPjILZZ9pK8ORnPbuC4JSSqnGrBbAwTpkeAEY6NVFaiWXE2tihwxtWCexHHOJ1tF9-5d3dmRp7I06YiACXKBaRLK_HFSFdK8qI8reO1MyPqPF79qHMF4MSzQ-82-m6WoLLeKqeJXLoTdcrhGJoTPQoYZo=&dmn=waisheph.com&userId=00818308112d420afa264c4d67d24416 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Wed, 05 Mar 2025 11:26:37 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET mexa.sh/js/jquery.cookie.js

104.21.3.103

200 OK

3.1 kB

URL GET
mexa.sh/js/jquery.cookie.js
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
JavaScript source, ASCII text, with very long lines (3441), with no line terminators
Size
3.1 kB (3121 bytes)
Hash
7e208f9bc7ca201678c76d96e899349c
afa52ce81c7656bf1a8605bd2cbd38c2be00cd9b
0f0e74eaa31ad2d6c07d9ceb16efefc78aae0f45328759eb163800d261e53d29

HTTP Headers

GET /js/jquery.cookie.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"c31-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wQVod0Q3e05r%2B8wan67GFfh14ZqeJABDOG3VaZO0zXHktms4iSD1UMZsZ84veucnD15ViJpUvunTKaxkou2YGwwzuDj4V261HqBuDDGYKWbODxZfwlk9UQU%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425dae34b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7158&min_rtt=2254&rtt_var=4663&sent=69&recv=27&lost=0&retrans=0&sent_bytes=53603&recv_bytes=6209&delivery_rate=890756&cwnd=39300&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=772&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/no211.png

104.21.3.103

200 OK

720 B

URL GET
mexa.sh/images/no211.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
Size
720 B (720 bytes)
Hash
5508fda2890fd7f0368dcb662b600dd8
1bcb3a7bfbb7d9085116d57ff120929628d68440
4412e2285d723b472c86f2bd2ecc0b8009d26eea38d3a906d7bce0e512677726

HTTP Headers

GET /images/no211.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 720
last-modified: Mon, 26 Aug 2019 15:38:33 GMT
etag: "2d0-59106f2ce7040"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3744
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gbq0NsvlsVGPrLbxoAq3Ixs7jAzH18%2F6i%2Bhja7jjdjd9woihrJw1RpRgKyVgfRnDvzmUooU%2BO98waacTuhHr25QX%2Fgqb4E%2Bp2aPEuDtZbbk6SHd1nUUeBqbe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425dce85b527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9546&min_rtt=2312&rtt_var=5234&sent=31&recv=23&lost=0&retrans=0&sent_bytes=11000&recv_bytes=6032&delivery_rate=579137&cwnd=12000&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=629&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/download1.png

104.21.3.103

200 OK

24 kB

URL GET
mexa.sh/images/download1.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced
Size
24 kB (23553 bytes)
Hash
26b1df6a0077b0e57862d48f78ca6f62
c1333ea62ff83bc3ad7e5e79085a4e2054684106
118653ed567e17878bbc0f821c1858d8f2ea9a65a84a2e3dd8177d5393052b86

HTTP Headers

GET /images/download1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 23553
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5c01-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3744
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OgEZPDGgKAKx9QX89Ni%2FXaneUYGSLVtckX3YW%2BIY0cz5iNzeQhg3I5m0HYbvbot3atro%2BgbuwFkvMVgY8bk02yaeA0DDUTsZ04hhu5kToocbdtEw4jvaOlL8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425dce7ab527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=8635&min_rtt=2254&rtt_var=5748&sent=45&recv=24&lost=0&retrans=0&sent_bytes=25653&recv_bytes=6076&delivery_rate=64722&cwnd=13200&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=632&x=1", cfExtPri, cfHdrFlush;dur=5

GET mexa.sh/images/navicon3.png

104.21.3.103

200 OK

16 kB

URL GET
mexa.sh/images/navicon3.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (15889 bytes)
Hash
715335986af196b81f68fa792f5a7f53
b6b2f12993db399f86883315310869dccbd75ec5
aed030aceb42be1e4b98b63eaac7064b3cd6a08fa4806d967be6bd47c449b76f

HTTP Headers

GET /images/navicon3.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 15889
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "3e11-550b66eb244c0"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VFb6qYhz5VuErT2Y35%2FQXpru4gs0tuaTbyE%2BNBpDU15L1t35ZwvUBXIL67XIVDVGfnLuc8TKI84qcdCdiPr5pH7R3Nw3nE0%2F2CP4O%2FI9ca0G9uOYfvBfOnvY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425dbe66b527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5681&min_rtt=2254&rtt_var=4131&sent=161&recv=30&lost=0&retrans=0&sent_bytes=158494&recv_bytes=6347&delivery_rate=13681391&cwnd=78900&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=785&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/flags.png

104.21.3.103

200 OK

30 kB

URL GET
mexa.sh/images/flags.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 1248 x 11, 8-bit/color RGBA, non-interlaced
Size
30 kB (29723 bytes)
Hash
df0a3afc77d0c08cdea27ac3a7b9620c
8248d5c5e5eddeaa75a5a0b5490b58e0e61b6900
a38e9ae7d0318307be9b3c7aaccaf64e484d775fe9a507f850b9e4bfa314cf03

HTTP Headers

GET /images/flags.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/style.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 29723
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "741b-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EIi83wuVlY9S2rWNxDW%2Ffzbyc1U2Y27SkNjwup5wJ0b0RjIZekdyxNl%2FeBeqJ6fpcpmbGefO3qkqu%2FXmfgjhkRIrMMtekjIgvLFni%2FDYjSBKIc%2BQc%2B7tX0cp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b942606a78b527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4470&min_rtt=1641&rtt_var=2139&sent=460&recv=47&lost=0&retrans=0&sent_bytes=499232&recv_bytes=8909&delivery_rate=830263&cwnd=98100&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=1251&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/premium_download.png

104.21.3.103

200 OK

36 kB

URL GET
mexa.sh/images/premium_download.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced
Size
36 kB (35695 bytes)
Hash
75737b3b7b2586619b43ab184c2f95bf
89878f4f4aafb8637e9e9c50eedbba12e1cb74eb
e05df009685a645cba141b9e0d534c8abd9b23ec997e0894e585702c73e04a5f

HTTP Headers

GET /images/premium_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 35695
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "8b6f-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 7029
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4kstvz%2BfsYo9iDlFlx93AF9ugo74GTF0yNPd7cQ7tVDaExl8BbuG8EjYEd57jwH0zQAGdeO4OrarRDmIr63XAItSPLGT1VyPDxMO%2FJJxyN%2FNRx7z9d7T8lJK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b942609aadb527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4997&min_rtt=1641&rtt_var=2819&sent=406&recv=44&lost=0&retrans=0&sent_bytes=436802&recv_bytes=8771&delivery_rate=7851046&cwnd=98100&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=1079&x=1", cfExtPri, cfHdrFlush;dur=0

GET waisheph.com/?rb=scnzXo6pCFmzXIs5s6Z8mBizVv8HLCQHh7HzoX7m1dn87F-wNxaOQQ7pv3kflbJGB8WPmYUDrb3Nu0E7bKPrYQaWgiXR48sgqglYWPyP5AG283NiNPtkzHdNWEI6zI_6OvLPjILZZ9pK8ORnPbuC4JSSqnGrBbAwTpkeAEY6NVFaiWXE2tihwxtWCexHHOJ1tF9-5d3dmRp7I06YiACXKBaRLK_HFSFdK8qI8reO1MyPqPF79qHMF4MSzQ-82-m6WoLLeKqeJXLoTdcrhGJoTPQoYZo%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1100.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2F7qsna7mxd6ld%2FAN-463705.part1.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=llvmpipe&js_build=iclick-v1.1100.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=3c38ee9a-5d96-434c-951c-67babb9a3143&wasm=1&userId=00818308112d420afa264c4d67d24416&m=link

139.45.197.119

200 OK

2.3 kB

URL GET
waisheph.com/?rb=scnzXo6pCFmzXIs5s6Z8mBizVv8HLCQHh7HzoX7m1dn87F-wNxaOQQ7pv3kflbJGB8WPmYUDrb3Nu0E7bKPrYQaWgiXR48sgqglYWPyP5AG283NiNPtkzHdNWEI6zI_6OvLPjILZZ9pK8ORnPbuC4JSSqnGrBbAwTpkeAEY6NVFaiWXE2tihwxtWCexHHOJ1tF9-5d3dmRp7I06YiACXKBaRLK_HFSFdK8qI8reO1MyPqPF79qHMF4MSzQ-82-m6WoLLeKqeJXLoTdcrhGJoTPQoYZo%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1100.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2F7qsna7mxd6ld%2FAN-463705.part1.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=llvmpipe&js_build=iclick-v1.1100.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=3c38ee9a-5d96-434c-951c-67babb9a3143&wasm=1&userId=00818308112d420afa264c4d67d24416&m=link
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintE7:88:EE:CD:93:DB:C5:BE:BA:76:E6:0D:56:EB:32:21:DC:F1:FA:91
ValiditySun, 23 Feb 2025 22:17:56 GMT - Sat, 24 May 2025 22:17:55 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2294), with no line terminators
Size
2.3 kB (2274 bytes)
Hash
f4b972c431121b64fcc0a3bfd6f57b08
09a2f6b9f32f44dfb78d22d6ee67b32ca62282aa
299e4f839830624e5f2bb3f457203041831d2187c649dc4362387a7ce5bfd441

HTTP Headers

GET /?rb=scnzXo6pCFmzXIs5s6Z8mBizVv8HLCQHh7HzoX7m1dn87F-wNxaOQQ7pv3kflbJGB8WPmYUDrb3Nu0E7bKPrYQaWgiXR48sgqglYWPyP5AG283NiNPtkzHdNWEI6zI_6OvLPjILZZ9pK8ORnPbuC4JSSqnGrBbAwTpkeAEY6NVFaiWXE2tihwxtWCexHHOJ1tF9-5d3dmRp7I06YiACXKBaRLK_HFSFdK8qI8reO1MyPqPF79qHMF4MSzQ-82-m6WoLLeKqeJXLoTdcrhGJoTPQoYZo%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1100.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2F7qsna7mxd6ld%2FAN-463705.part1.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=llvmpipe&js_build=iclick-v1.1100.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=3c38ee9a-5d96-434c-951c-67babb9a3143&wasm=1&userId=00818308112d420afa264c4d67d24416&m=link HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Cookie: OAID=00818308112d420afa264c4d67d24416; oaidts=1741173995
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 05 Mar 2025 11:26:36 GMT
content-type: application/json
x-trace-id: 2acc7eb414f56bbb119dd31a396ed59a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00818308112d420afa264c4d67d24416; expires=Thu, 05 Mar 2026 11:26:36 GMT; path=/; secure; SameSite=None
oaidts=1741173996; expires=Thu, 05 Mar 2026 11:26:36 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 12 Mar 2025 11:26:36 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET mexa.sh/js/jquery-1.9.1.min.js

104.21.3.103

200 OK

93 kB

URL GET
mexa.sh/js/jquery-1.9.1.min.js
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
JavaScript source, ASCII text, with very long lines (32089)
Size
93 kB (92629 bytes)
Hash
397754ba49e9e0cf4e7c190da78dda05
ae49e56999d82802727455f0ba83b63acd90a22b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

HTTP Headers

GET /js/jquery-1.9.1.min.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"169d5-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=as7cWPKWNSf%2Bp5RQB0NNcYNm09Z7MaZuKBMPJnfa%2BA5uWMNs7KA3tfWJU8BNPU%2Frh49p62ywphq0TDJS9vLd%2FY7wr4Snb0Oizd%2BITftHUW2wfD60uZhSY5OT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425dae2eb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6553&min_rtt=2254&rtt_var=4706&sent=71&recv=28&lost=0&retrans=0&sent_bytes=55667&recv_bytes=6255&delivery_rate=888698&cwnd=39300&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=775&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/logo1_1x.png

104.21.3.103

200 OK

38 kB

URL GET
mexa.sh/images/logo1_1x.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 300 x 70, 8-bit/color RGBA, non-interlaced
Size
38 kB (38035 bytes)
Hash
037f1c3e351f635f706eda54b812c40a
8aa7dd796e3b41fdf3f523edf6a24995fc6ca8fa
30ef46dd068df61a603fa7a022c1aecd1a841c58d98fd1ceceea80ba342e8408

HTTP Headers

GET /images/logo1_1x.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 38035
server: cloudflare
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "9493-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
priority: u=4,i=?0
accept-ranges: bytes
cf-ray: 91b9425dae40b527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET mexa.sh/images/yep_d.png

104.21.3.103

200 OK

15 kB

URL GET
mexa.sh/images/yep_d.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
Size
15 kB (15222 bytes)
Hash
662d1738accf3ec5f5c95a0e4896b232
8b1907196139b8819ffd1a77b3b71d3872ca848f
2c3e1756a8ea4bb4fca505be1a11e169adf01017e5fecd3602f3895f1b4450c3

HTTP Headers

GET /images/yep_d.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 15222
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3b76-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3744
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0wxcpDgqW9zVwy49NcImMOsux6BODgXzgm5H2K66RI8THyRMVm7BSLCqCZkBZByRwFODmK9ROCeCsXDKYIL3aMJToAgXfz12JM1B%2BedvtNzs%2BicfVMZzWDQ9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425dce94b527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9546&min_rtt=2312&rtt_var=5234&sent=33&recv=23&lost=0&retrans=0&sent_bytes=12453&recv_bytes=6032&delivery_rate=579137&cwnd=12000&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=631&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/navbar.png

104.21.3.103

200 OK

22 kB

URL GET
mexa.sh/images/navbar.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced
Size
22 kB (22290 bytes)
Hash
e7c056eea6e071b1f5309d5db50c057a
833e979751da5fffe28b8761b322d16481a24c2e
34785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9

HTTP Headers

GET /images/navbar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 22290
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "5712-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hRIgck%2FUf7GeSIco16JrbA7kcdkq2k9uQNZwmyXxBAzZn9wj2t4Y1srVVC2oEr76EDpTC2P5rKGJaUcUYfya4Tvnv%2FROqTo9QgM9AHqPzP%2BKqHr0eanS9w6V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b942606a73b527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4827&min_rtt=1641&rtt_var=2455&sent=438&recv=45&lost=0&retrans=0&sent_bytes=474119&recv_bytes=8817&delivery_rate=6836750&cwnd=98100&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=1086&x=1", cfExtPri, cfHdrFlush;dur=0

GET my.rtmark.net/gid.js?userId=00818308112d420afa264c4d67d24416

104.18.41.22

200 OK

65 B

URL GET
my.rtmark.net/gid.js?userId=00818308112d420afa264c4d67d24416
IP
104.18.41.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint03:52:6A:BD:35:83:43:81:AF:25:BB:A3:26:97:D1:78:25:73:A4:C9
ValidityTue, 04 Mar 2025 10:39:32 GMT - Mon, 02 Jun 2025 11:39:29 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
b07e1e472d3de15efa4d0dd74d4d3862
4ff6da26fc9281cf34f66e6de81ac9c9db816dbf
c9ed3509a0afe4b1a69e85e19a61e1a360ce00212bd065e413e9a8a6a7d3733a

HTTP Headers

GET /gid.js?userId=00818308112d420afa264c4d67d24416 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mexa.sh
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
set-cookie: ID=00818308112d420afa264c4d67d24416; expires=Thu, 05 Mar 2026 11:26:35 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 91b94261ec4956aa-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET mexa.sh/css_newTheme/main.css

104.21.3.103

200 OK

35 kB

URL GET
mexa.sh/css_newTheme/main.css
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
assembler source, ASCII text, with very long lines (1426)
Size
35 kB (35326 bytes)
Hash
2f075bd8c1fed47ee1ebcaea76c5f036
66e03118be7fa1415deebd13efa08362224f1ed9
eb10cdca88afebbb0b6af470c50a76cbabfc864193b0c535d93dcea81321c49e

HTTP Headers

GET /css_newTheme/main.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: text/css
last-modified: Sun, 13 Jan 2019 07:31:45 GMT
etag: W/"89fe-57f51eb945a40"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dy9oCywd9zxe4SVe9gPA%2B82LEKMarDf%2FrgPNTN8aK5dmAfIZP7wuCt9Z25F9yS9CLt4yYwpvFsgNr5WdV92%2Fedfu7wqABVY6Ur06tJBy4Fp8KNZsZcVDZmVC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425d9e2ab527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5387&min_rtt=2254&rtt_var=2884&sent=243&recv=32&lost=0&retrans=0&sent_bytes=251530&recv_bytes=6439&delivery_rate=5944064&cwnd=98100&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=807&x=1", cfExtPri, cfHdrFlush;dur=0

GET mexa.sh/images/navicon1.png

104.21.3.103

200 OK

18 kB

URL GET
mexa.sh/images/navicon1.png
IP
104.21.3.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
ValidityWed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Size
18 kB (18288 bytes)
Hash
ae9204e9914f4e3c5b146c488d5a1811
fe60b0cf1bbb856f93fca9183404d698e873f33e
f570af26ff118159a429ef1f0add1fa3431fe4ab22e15e80da0407e5bbac2125

HTTP Headers

GET /images/navicon1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qsna7mxd6ld/AN-463705.part1.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 05 Mar 2025 11:26:35 GMT
content-type: image/png
content-length: 18288
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4770-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XlCFC%2F1X%2FpfJspTPVy3Ed%2B3zdL%2FUH4XyIf%2Bryti0qr2%2BSCimG3%2BVVcpaqKJROFUJBjjUKFXAJY99m%2FuP0tiaEAIavTHSiPEHcV8uuU5%2FA5tOnxyVRDK93hC9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 91b9425dbe4bb527-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5681&min_rtt=2254&rtt_var=4131&sent=144&recv=30&lost=0&retrans=0&sent_bytes=139042&recv_bytes=6347&delivery_rate=13681391&cwnd=78900&unsent_bytes=0&cid=c78f4ee1a93f242f&ts=784&x=1", cfExtPri, cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML