{"report_id":"a2c16a96-be60-4851-94a6-e1071a401ddc","version":6,"status":"done","tags":[],"date":"2025-04-27T02:45:01Z","url":{"schema":"http","addr":"mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"104.21.3.103","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"title":"Download Voice-RJ01370576 rar"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-06T02:45:01Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"mexa.sh","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-22","domain_rank":337577,"first_seen":"2019-08-26T06:52:55Z","last_seen":"2025-04-24T19:16:36.949847Z","alert_count":0,"request_count":28,"received_data":710886,"sent_data":13616,"comment":"","tags":null,"fingerprints":null},{"fqdn":"experttrafficcounter.com","ip":{"addr":"18.185.55.239","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-01-23","domain_rank":0,"first_seen":"2025-01-24T06:51:20Z","last_seen":"2025-04-24T23:24:30.972514Z","alert_count":0,"request_count":4,"received_data":1292,"sent_data":1898,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.show-sb.com","ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":0,"first_seen":"2024-08-31T03:46:04Z","last_seen":"2025-04-20T02:56:28.885726Z","alert_count":0,"request_count":1,"received_data":1721,"sent_data":480,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":8877,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-04-23T01:42:26.75514Z","alert_count":0,"request_count":1,"received_data":17441,"sent_data":430,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":75,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-04-23T01:56:40.043776Z","alert_count":0,"request_count":2,"received_data":655198,"sent_data":992,"comment":"","tags":null,"fingerprints":null},{"fqdn":"unseenreport.com","ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2022-03-30","domain_rank":0,"first_seen":"2022-03-30T14:33:17Z","last_seen":"2025-04-26T16:58:24.747503Z","alert_count":2,"request_count":2,"received_data":992,"sent_data":1516,"comment":"","tags":null,"fingerprints":null},{"fqdn":"recordedthereby.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-05-08","domain_rank":0,"first_seen":"2024-05-08T15:24:45Z","last_seen":"2025-04-26T16:58:24.900569Z","alert_count":2,"request_count":2,"received_data":171916,"sent_data":812,"comment":"","tags":null,"fingerprints":null},{"fqdn":"obeseglobewimp.com","ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-03-03","domain_rank":0,"first_seen":"2025-03-05T11:26:55.468386Z","last_seen":"2025-04-25T06:22:26.930893Z","alert_count":1,"request_count":1,"received_data":98912,"sent_data":443,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":0,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-04-26T19:23:33.420978Z","alert_count":0,"request_count":2,"received_data":104519,"sent_data":922,"comment":"","tags":null,"fingerprints":null},{"fqdn":"waisheph.com","ip":{"addr":"139.45.197.119","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2020-11-23","domain_rank":74994,"first_seen":"2020-12-10T00:25:39Z","last_seen":"2025-04-24T19:20:59.193441Z","alert_count":0,"request_count":4,"received_data":113828,"sent_data":3393,"comment":"","tags":null,"fingerprints":null},{"fqdn":"nannyirrationalacquainted.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-08-19","domain_rank":0,"first_seen":"2025-01-22T13:06:19Z","last_seen":"2025-04-24T12:20:22.320999Z","alert_count":7,"request_count":7,"received_data":51547,"sent_data":3527,"comment":"","tags":null,"fingerprints":null},{"fqdn":"straightforwardaudition.com","ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-08-19","domain_rank":0,"first_seen":"2025-04-11T00:07:25.135715Z","last_seen":"2025-04-25T14:36:33.432867Z","alert_count":7,"request_count":7,"received_data":4012,"sent_data":6116,"comment":"","tags":null,"fingerprints":null},{"fqdn":"my.rtmark.net","ip":{"addr":"172.64.146.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-10-29","domain_rank":9054,"first_seen":"2015-02-04T09:54:57Z","last_seen":"2025-04-23T21:33:30.834886Z","alert_count":0,"request_count":1,"received_data":830,"sent_data":461,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-04-23T01:45:33.796361Z","alert_count":0,"request_count":2,"received_data":81926,"sent_data":1084,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.creative-stat1.com","ip":{"addr":"104.21.13.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":0,"first_seen":"2024-08-27T13:23:35Z","last_seen":"2025-04-20T02:56:28.895478Z","alert_count":0,"request_count":4,"received_data":90710,"sent_data":1898,"comment":"","tags":null,"fingerprints":null},{"fqdn":"capaciousdrewreligion.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-11-07","domain_rank":0,"first_seen":"2023-11-27T12:27:45Z","last_seen":"2025-04-26T17:22:44.48001Z","alert_count":1,"request_count":1,"received_data":377,"sent_data":420,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-26","alert":"Sinkholed","trigger":"nannyirrationalacquainted.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"straightforwardaudition.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"straightforwardaudition.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-26","alert":"Sinkholed","trigger":"nannyirrationalacquainted.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-26","alert":"Sinkholed","trigger":"nannyirrationalacquainted.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"unseenreport.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"recordedthereby.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-26","alert":"Sinkholed","trigger":"nannyirrationalacquainted.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"obeseglobewimp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-26","alert":"Sinkholed","trigger":"nannyirrationalacquainted.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"straightforwardaudition.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"unseenreport.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"straightforwardaudition.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"recordedthereby.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"capaciousdrewreligion.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"straightforwardaudition.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"straightforwardaudition.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"straightforwardaudition.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-26","alert":"Sinkholed","trigger":"nannyirrationalacquainted.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-26","alert":"Sinkholed","trigger":"nannyirrationalacquainted.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"recordedthereby.com/sfp.js","fqdn":"recordedthereby.com","domain":"recordedthereby.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"108625937affa4b38bb17cea65510d72","sha1":"2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee","sha256":"c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0","sha512":"7ed575e399e05235e4b15c050450e2aa54fb02f6080c198ef88de2b13c790ebabee5b1921edbe9948f8371fab97c6387f3456dec581407eaace0be3d218cec19","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoR2:nPncLBSUBULGVTfGpucE5fow","tlshash":"948395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85380,"data":"","first_seen":"2025-01-25T09:25:15.370304Z","last_seen":"2025-06-27T06:21:24.06821Z","times_seen":2209,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"52504258bb67cc42818378fbd81db311","sha1":"0c15b1d3b80caf16a7a4449ae6a362d52e6df65b","sha256":"6aa5015c5ea93fd2e06e06b030c515190faf2c82ec51f7d1f6bfcedbcc1014bb","sha512":"75402a765a25da286057e8dcfecebc6b9d635345bb28c8e8b9d1003101f197b774927d274d38d88bf0070709dd696ee8d0e6513b04dc4ea06f9119bd25284c36","ssdeep":"","tlshash":"c4f078381b050273d2abf257e14f72485f2de438e124810eb1e87a16086678f3c92c8d","size":601,"data":"","first_seen":"2025-04-13T15:37:41.227898Z","last_seen":"2025-05-19T15:57:18.206602Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"abbf34430edc9e4d913c44d8a48f2ae3","sha1":"dc9f6c9c0b7d020d8bc465365a4039daa8cbcc84","sha256":"f04d076aafba2a5adb1116793b34a04ef9da13f29838dd753bfd7ccfedcda8c9","sha512":"c2540bc8c35d2b2d707de24f7152c7fea1fb272a811ab32ea86d25880c06f4abf57267831fe5e977dd724ff2ded42bfb0598f04e2bc347286be5befd7ea7e5a2","ssdeep":"","tlshash":"d0d0a737b0e4630c081770b54e9786414c71702a96459d04392c79d00b2e5788429704","size":261,"data":"","first_seen":"2023-03-12T23:45:00Z","last_seen":"2025-10-24T22:48:06.394537Z","times_seen":110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-79936000-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3e1196924778443c3961e21ff91e6dd","sha1":"fdad9b529613a1647a351427817060f9c01e64de","sha256":"6dc67659257fd5388d8eced0b3f7d4add38ee93f5a612c63e2892dc78e7021a1","sha512":"10b13728ad0445c3c2e038d0ee0e2b3a036771ec7d654ed28ef061b11e0c10f572dc51a901a7df836162610f6ed9f15a808ce903ced48b8af0480f325a14e95a","ssdeep":"3072:IOhdrV9tD1DN3FlUrg0fqlaG6V35Gk5+FioUJoqunfVyeD0/NPg7zFc:Zhvp53FlU78aXPYFFlnfn0/NPg7u","tlshash":"e044f7ccb3d6b4668393a474903f014bb17b7892f84cd894e186d9e82d74aa94277f7c","size":271961,"data":"","first_seen":"2025-04-27T02:45:03.511998Z","last_seen":"2025-04-27T02:45:03.511998Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/1yot6zey2uxo/sandbox%20eval%20code","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"92b651082ce234f66bb544e678befda3","sha1":"14c21c55ddce43b6f677caadf51d4ab98c6a3df8","sha256":"25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded","sha512":"b4fcbc037e0a3d91db2a624921e96b878e9e18dd998ad5649d77d7d053faf28b09c8725a0542aef702310bf85f3037b70985c274db8acabd021efb171d41f361","ssdeep":"","tlshash":"34c08ca3e74026ae2a1166b2b810e003a2866b015aa78402b00a003b1441fe21aaa1a8","size":147,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-20T13:58:32.898441Z","times_seen":805310,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/js/jquery.cookie.js","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ff14e4812b7f512e620b1ad35542bcfc","sha1":"c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae","sha256":"c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96","sha512":"59e0276314814c6e033fbc81ab9f2541a86bfb85fc263397d0e3f3c1a0cb0c8e5fe2f833998245462903d8a7e9e499d2685b8fc44964935ad282e4e175753d78","ssdeep":"","tlshash":"84516650b7cc325e06ab22516b6f10ace63cff721158449d881965f82cb0c7bdb6bd6b","size":3121,"data":"","first_seen":"2023-03-07T01:23:22Z","last_seen":"2026-04-20T03:34:44.374602Z","times_seen":4494,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/js/jquery.paging.js","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d7a2c1c7af2a004a6d68e1e55b1cfb46","sha1":"7fd6daa7076c30381880519ad06ef5639b19ee28","sha256":"c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6","sha512":"36693be0b502594cd29b55690eef5a26768a54c05d453cc80abc248db4672b84e9e0130ffc07b18d3ad6b0e1a8666982b861098796db02f7bc5986e74a804ee5","ssdeep":"384:HkTHopqVdI1Zx/wnH9pvJs/8BhmuqBNaz+r7xyCX:HkTHopq7wZx/wnH9JJsEzmuqBNaz+r7r","tlshash":"5b925348e9ea1432622361ba7eef1059ae7ce0379104dd4db84c41a81f55f34b3b9ba9","size":19365,"data":"","first_seen":"2023-03-07T01:23:22Z","last_seen":"2026-04-20T02:13:28.226108Z","times_seen":4059,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/js/jquery-1.9.1.min.js","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","size":92629,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-20T13:52:55.07564Z","times_seen":62327,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3ff478c8f993edf7fcf9b0a556256ed5","sha1":"22391de1683e10171a05ac3453143ea297da9f3e","sha256":"2840b85566767ff50901311c4a2c2545b5b29e94c8c3aaade614902a04dc45d7","sha512":"2268cd305870d099362a5ab9719c34fa188fc1197c03ac3db261cf871a206da2b3a19f07447d3319304a5db4fcfacebd09044d2e0da826f904c0670d8a0ba628","ssdeep":"","tlshash":"32014c7d3053b4759863312a6fb79404363650249169550cfc7ea9a10ff503edb1ba6e","size":666,"data":"","first_seen":"2023-03-12T23:45:00Z","last_seen":"2025-10-24T22:48:06.395045Z","times_seen":109,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nannyirrationalacquainted.com/ce/95/e4/ce95e43f3553e10df4882fca51971c45.js","fqdn":"nannyirrationalacquainted.com","domain":"nannyirrationalacquainted.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"72836977236f732465f33b8c5cabacec","sha1":"bd962a50dec1dcfafc56c8309c209adf91c356e6","sha256":"9377d47a8030467f8e737435e7aeffdd75bb88d75af561b6922ddd6555dc5a0e","sha512":"6447b74f73f144c89345e7bfc47160d49662422df06202fbbbacf75120fe67cc780599a7a56c45070711f9292a22ce7edcab84b4cc0974a1ea047dcb8b4b5883","ssdeep":"384:OrdRXf8Q1jzyrRD9c+5U5qay8L0gPnrvOl6XgHsTQV4gqbO+nuzY4hybs4pw3s:gHgRDy9nL0g/rHX1TK4VA/UQ4pN","tlshash":"1de2b65c7f00709d1392a4bb362f7536f06aad03958df46ce04bb58c7ab9725b03ae58","size":33852,"data":"","first_seen":"2025-04-27T02:45:03.524387Z","last_seen":"2025-04-27T02:45:03.524387Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/js/paging.js","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"43e50aa00ad654da80af8f7936afd4c6","sha1":"fb5921b855cce329191077b7e93563029d703545","sha256":"e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657","sha512":"a48211408cc1383409c6dee158de86a26ecdfc932cfd033ab2feeec603618ba8c91789e53d80b473ad69ca06571e3f81b966e6b66456a866411b1eea060a9c96","ssdeep":"","tlshash":"0431f1ac38e3a0009313117b6f2e52806e65280b4088dd48be8cc0914fcdd14a6aaabd","size":1709,"data":"","first_seen":"2023-03-08T03:01:08Z","last_seen":"2026-03-26T20:21:34.010905Z","times_seen":973,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"waisheph.com/5/7359319","fqdn":"waisheph.com","domain":"waisheph.com","tld":"com"},"ip":{"addr":"139.45.197.119","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"fa95c88143a7c484b4725af2f540e452","sha1":"f74a60ed8d7879ecbb5099188646c5b3843197b3","sha256":"abfea1c3dc4b388b5300d67b1f7f3d043c5686c3438dc87278df32b19e74a7ce","sha512":"7b530cac42b2709ca35e4699ef621100a9aef2e3dd93333d287784624296294156e7fb44b37998083cfaf381194085028623eae9d61004560d3f116d09a0824d","ssdeep":"3072:isCqci2LzcDfwYLstYbedgtj2meRYfOCJ4NLZi1CtOoaagOcAKLzXSvJ/c3EISLf:isCqci2LFYLstYKdgtjheRYfOCJ4NLZb","tlshash":"6eb31a97b6f57d9b472a84f01c7fc40962ee9c80040fcda9d0e4a8a9796b444d37bee4","size":107581,"data":"","first_seen":"2025-04-27T02:45:03.532119Z","last_seen":"2025-04-27T02:45:03.532119Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js","fqdn":"obeseglobewimp.com","domain":"obeseglobewimp.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0435d2a71bb2bd884628141d7147aadb","sha1":"d959d78e83e3789d97eb5d3eff82b41e317dc061","sha256":"3499fa3c0e395580681645d31d8bd39325999c9961e155b6760cd85c246a1519","sha512":"795818843148438b54a9e8a34b9a55859adfc258cb58f1dcfd857c67abac5706ecbd3b980a1d4ea078e4f57778c45e629e098de5dff99d5ce18cd13f51340aff","ssdeep":"1536:7hsKcFxhohdidzSyBy5hvESV2C+5H0dPvuFXuxL76LRafh32MaLY0ub+iY65xBvu:SpzS24PEXcT05iY65xBvwEOX","tlshash":"d0a3d88a7f00f11c42b160bb273f5619f0250e96e68c916ce013e1ed3f6cb5bea79599","size":98068,"data":"","first_seen":"2025-04-26T17:22:46.279273Z","last_seen":"2025-04-30T20:35:43.560732Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-SBML259V1V\u0026l=dataLayer\u0026cx=c\u0026gtm=457e54n0h1za200\u0026tag_exp=102887800~103051953~103077950~103106314~103106316~103116026~103130360~103130362~103200004","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"342d4d2bf2fa0298d40ee0e152830858","sha1":"46caf10adaf045df07c6348da5310c49862596e7","sha256":"7fb8a07563bd0076e2166e7e64d0e549b0937349fa68e94de88d639cdca8ba56","sha512":"5ba907be1372a2d89fa8857f49b3942d3c706a180e611bb123e872d30a8353ed8331b6d825bfe333d67d4b9e32531029ff1b45dd76c623881028dbbe4ec773f5","ssdeep":"6144:DkDeEvp53xrlUum4KOaDPYFFlHsX0/NPgGS8bUStw:4Desp/rbFKOaDAFFs8Le","tlshash":"ff841ade73c674625396b478903f018ba5bb28a2b44cc895f1c9cce42d74a9a4277f7c","size":381256,"data":"","first_seen":"2025-04-27T02:45:03.531215Z","last_seen":"2025-04-27T02:45:03.531215Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c6b02bbb4255c747368479fd2e4300e5","sha1":"0a5cd83325ceaab81243a71c4ce359edf2d15c03","sha256":"8b9d20a60322347d585ec6209ba3e9e1bacc7a8aa14c7aa33f3549d10348614c","sha512":"854faf126e067ccba50dca87c00cb19c483b0c6e135b91ff45d58be65a866ef5cb980ce70f8bb627989b9541ef35429a7531a400e6dd7998c060e3fd3ee39bb3","ssdeep":"","tlshash":"6ac02b88210f0c7191d73f010f7ff700b4023210a4e12c310d0b33445b21d17db0c804","size":154,"data":"","first_seen":"2023-03-12T23:45:00Z","last_seen":"2025-10-24T22:48:06.398819Z","times_seen":112,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"009c06b6172fa1044a7e020aadf5b4c6","sha1":"72c84dbb805bbabf80369ae117d340be4fde51dc","sha256":"34a2e5a04dc2912464658d207d69d1b13df8c01a5af18f05bdd208995476a338","sha512":"1895002fa2c05a954a26e0993d7bce1bf2c09a1c895af7f493ceccdd80e94ff87cd545b0600571d338aa8870e95eeb6ccb163762feefee964c7787f4f72d8395","ssdeep":"","tlshash":"e9c08080e5f41bf011fd35d2770a1d42e1d51e955eac20a377084c05a7539cfce45163","size":172,"data":"","first_seen":"2025-04-27T02:45:03.536828Z","last_seen":"2025-04-27T02:45:03.536828Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google-analytics.com/analytics.js","fqdn":"www.google-analytics.com","domain":"google-analytics.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f24128d0c9cba7be2916c693427a3483","sha1":"1b6397d496ea896ebc2018b01b995cee4f166029","sha256":"58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8","sha512":"c4950733b44e258bbc817ce6396f002caec1e11a6413fd0038c9baef2d5f1d992b1fd0ec52515aba52faedb52c28b996a7fc063f28a0f45f3aab5e2f91bf5be5","ssdeep":"96:A1VdZYqhPnjpWx4/eTe8qSMbqaQd6VL2Jyt9LdJoyayCVPVD5wdBfQPfCHiUr3:AXdZYqNjpU4yPqSMbqaQGL2QfdDayCZC","tlshash":"a6a1dc9939fb50210233b1bd1bafa918b23895236208dd61b98c9364bf94437d7f1fc9","size":4691,"data":"","first_seen":"2023-04-11T21:07:53Z","last_seen":"2026-04-20T13:58:32.89444Z","times_seen":803709,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"recordedthereby.com/sfp.js","fqdn":"recordedthereby.com","domain":"recordedthereby.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"108625937affa4b38bb17cea65510d72","sha1":"2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee","sha256":"c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0","sha512":"7ed575e399e05235e4b15c050450e2aa54fb02f6080c198ef88de2b13c790ebabee5b1921edbe9948f8371fab97c6387f3456dec581407eaace0be3d218cec19","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoR2:nPncLBSUBULGVTfGpucE5fow","tlshash":"948395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85380,"data":"","first_seen":"2025-01-25T09:25:15.370304Z","last_seen":"2025-06-27T06:21:24.06821Z","times_seen":2209,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"mexa.sh/images/download1.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/download1.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 23553\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:35 GMT\r\netag: \"5c01-550b66eb244c0\"\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 5932\r\npriority: u=4,i=?0\r\naccept-ranges: bytes\r\ncf-ray: 936afa7238250b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23553,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced","md5":"26b1df6a0077b0e57862d48f78ca6f62","sha1":"c1333ea62ff83bc3ad7e5e79085a4e2054684106","sha256":"118653ed567e17878bbc0f821c1858d8f2ea9a65a84a2e3dd8177d5393052b86","sha512":"82304623b9fcc2a942c63bbd435ca61cad60975cd3cb270227311790165661f9109b75e6d23e441ab09b0bd9a0a94d7d08fa60999f38af811f936e32f9d52254","ssdeep":"384:6ftqlgWf+a7cXnqvwyZkskwT9evoGtYIwc:YtyA3cbZaM9evmIZ","tlshash":"45b28d78fdf17194d5a9b23248d418d6dc7386d36c826d8a7acd4826bf093ad8c0f49e","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.379954Z","times_seen":110,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"waisheph.com/wrr?z=7359319\u0026p_rid=6e6c8e02-86d9-4ec5-8aa8-881d319651c3\u0026rb=PTiJr7abP4dgV-xpc03D8u0YhbsUI548jhRaZi5dXuYGnzIq-_blLI64QSlhF4qEXhOl0McCEnJT_061o-LyG87DzU7VsEAq8D4ykZi_h6ZKlvDKVPZ95PcVCVn0P6eZWSHvVBQTtxDrXPMJYnYVq1tKKd6d8wl8eM1TRKz4Hl3JSC1yd-zXU5jLWvwnG-174iJ_ipOe5tWBCc628WJtkG2sxE6OEIlkKiL2GJcqOYUq_byYpK5wTe5mjjlps-2Mq9GaX4JQXVIygnW1OK7IHZTHHbE=\u0026dmn=waisheph.com\u0026userId=0081b896ce9b427cfef74eaa0f0cc184","fqdn":"waisheph.com","domain":"waisheph.com","tld":"com"},"ip":{"addr":"139.45.197.119","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:30.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"waisheph.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Apr 2025 05:22:09 GMT","end":"Thu, 10 Jul 2025 05:22:08 GMT"},"fingerprint":{"sha1":"2F:DC:B5:CD:9D:81:2D:67:4D:2A:BF:A5:28:D4:1A:B9:F9:CE:C6:AC","sha256":"6C:5D:FA:03:C3:66:B9:17:22:73:36:A8:16:F3:F3:F1:A5:37:2F:8B:CA:08:BD:BB:BD:CC:BA:1B:88:70:6A:50"}}},"request":{"raw":"OPTIONS /wrr?z=7359319\u0026p_rid=6e6c8e02-86d9-4ec5-8aa8-881d319651c3\u0026rb=PTiJr7abP4dgV-xpc03D8u0YhbsUI548jhRaZi5dXuYGnzIq-_blLI64QSlhF4qEXhOl0McCEnJT_061o-LyG87DzU7VsEAq8D4ykZi_h6ZKlvDKVPZ95PcVCVn0P6eZWSHvVBQTtxDrXPMJYnYVq1tKKd6d8wl8eM1TRKz4Hl3JSC1yd-zXU5jLWvwnG-174iJ_ipOe5tWBCc628WJtkG2sxE6OEIlkKiL2GJcqOYUq_byYpK5wTe5mjjlps-2Mq9GaX4JQXVIygnW1OK7IHZTHHbE=\u0026dmn=waisheph.com\u0026userId=0081b896ce9b427cfef74eaa0f0cc184 HTTP/1.1\r\nHost: waisheph.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://mexa.sh/\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sun, 27 Apr 2025 02:44:30 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://mexa.sh\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":205,"timings":{"blocked":88,"dns":1,"connect":26,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/navicon2.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.177Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/navicon2.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":1779,"data":"e=37dfbd8ee84e00126eebc037eb4f8f9c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674d82868f542e3e18f77d2501d43ed866c2573801769007025a66575bc2bc384977be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2947750703f58f28337f06f7ff1b7e8daea77a93e359204e7ffda1a3969e72bccfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709b03e2dfcd05631ad9ba625d35ae115edd907801a9a936098616bcdcc73813b8e81b7ae90b3ba4771a37befe5e47a0e69a38f3cc7ed1cad051e41c84f469784848899afcb70d82dd38fb88438b62d2865ca382ad4ccd1620a90a633ab41bfc303d660ac3d1a1d1a8c26b809dbd7be78a8c760875ca9cfddd127d619676bec78135d750b3185aa6ebb46dfc0c56be79066f19627d687fbfd7888f0a91f6a7d9ce25b47cdbc045642acacee74b828cdbb2fb3b97bec38d9658759c609c5b42e914854b8f7c7387b46341120194105b6f3ce30c008dc464f4035f1b44fdf84190cfeb8dfa6bd6cc2efece087f8aff249533dfb4785be456a9f5e6419df7f407264f167b2751fc6f7dc658860cb388caa2dd1a50a987f133c26027d0f81c6e4df516747ce5d1cc1c1d3a9b1d452029ab5ba7f97c7767ac6d26d7e3390f2a32940ea64df069d7bbe2d8700988d4aaca838f09a96d39f4367e8e23a6b8777b884e9ae52df3a525f53eb391406f2da209df0068edcc29c46c795862d0f3043bb3aa904a250b39f3cc147457c1b457a28b30887f94416bd7ddcb5b7758fdd47e7196fbd5338758de2d11648ba20b1df6c8554604413e3654ed7f88e37954534989901f58a9fed8a41db5e493055af2637589d8c1e1ce769a5eccb2e8ed0f01c1d21e0782a0818dd4813b5c8fc12108c702e90c4d203dbdeb9ce5a3ea86ff8542844c64e3f6d8c86515381d7ffc4b3f101eb3fa66dd521dd9d4080b4be393db1c31c9ed3\u0026cri=wYURaaafDN\u0026sf=0\u0026dc=\u0026cp=3\u0026gtm=-\u0026gac=-\u0026tb=1\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=3007\u0026mo=0\u0026pn=4609\u0026spn=1603\u0026fp=548\u0026snt=1"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 16374\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:33 GMT\r\netag: \"3ff6-550b66e93c040\"\r\naccept-ranges: bytes\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 5933\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 936afa72381c0b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16374,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced","md5":"86665a37cea72cd507ceb7e7282c74f8","sha1":"f7707000a81a04f217ec9bd93995a0b9fc424037","sha256":"ee6d96bdbf6cffc4e603a1845255d94861452f9132d400388c10c2b3d6fb3db1","sha512":"c77626e35628669fc9a9bb1b541401d32a563438d867bdf0e65232d6c41228c2e459356a7bff329bee2304d5b281c42c3fe407d7597e7d84c7dd6d4867f2e3bf","ssdeep":"96:YSZ3kEWRPxNX6Llxsc59qa/skJsF41e+JWA9:YSZ3ktJq/rJw41L","tlshash":"e7729570bcf276789958a6372dc525424d3746c3dac06c81bbdecc165f10bae8c5f186","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.350773Z","times_seen":115,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/js/jquery.cookie.js","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /js/jquery.cookie.js HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":1782,"data":"e=37dfbd8ee84e00126eebc037eb4f8f9c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674d82868f542e3e18f77d2501d43ed866c2573801769007025a66575bc2bc384977be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2947750703f58f28337f06f7ff1b7e8daea77a93e359204e7ffda1a3969e72bccfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709b03e2dfcd05631ad9ba625d35ae115edd907801a9a936098616bcdcc73813b8e81b7ae90b3ba4771a37befe5e47a0e69a38f3cc7ed1cad051e41c84f469784848899afcb70d82dd38fb88438b62d2865ca382ad4ccd1620a90a633ab41bfc303d660ac3d1a1d1a8c26b809dbd7be78a8c760875ca9cfddd127d619676bec78135d750b3185aa6ebb46dfc0c56be79066f19627d687fbfd7888f0a91f6a7d9ce25b47cdbc045642acacee74b828cdbb2fb3b97bec38d9658759c609c5b42e914854b8f7c7387b46341120194105b6f3ce30c008dc464f4035f1b44fdf84190cfeb8dfa6bd6cc2efece087f8aff249533dfb4785be456a9f5e6419df7f407264f167b2751fc6f7dc658860cb388caa2dd1a50a987f133c26027d0f81c6e4df516747ce5d1cc1c1d3a9b1d452029ab5ba7f97c7767ac6d26d7e3390f2a32940ea64df069d7bbe2d8700988d4aaca838f09a96d39f4367e8e23a6b8777b884e9ae52df3a525f53eb391406f2da209df0068edcc29c46c795862d0f3043bb3aa904a250b39f3cc147457c1b457a28b30887f94416bd7ddcb5b7758fdd47e7196fbd5338758de2d11648ba20b1df6c8554604413e3654ed7f88e37954534989901f58a9fed8a41db5e493055af2637589d8c1e1ce769a5eccb2e8ed0f01c1d21e0782a0818dd4813b5c8fc12108c702e90c4d203dbdeb9ce5a3ea86ff8542844c64e3f6d8c86515381d7ffc4b3f101eb3fa66dd521dd9d4080b4be393db1c31c9ed3\u0026cri=wYURaaafDN\u0026sf=0\u0026dc=\u0026cp=10\u0026gtm=-\u0026gac=-\u0026tb=1\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=10020\u0026mo=0\u0026pn=11623\u0026spn=1603\u0026fp=548\u0026snt=1"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:32 GMT\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 5934\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\netag: W/\"c31-550b66e847e00\"\r\ncontent-encoding: br\r\ncf-ray: 936afa7228140b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3121,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"ff14e4812b7f512e620b1ad35542bcfc","sha1":"c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae","sha256":"c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96","sha512":"59e0276314814c6e033fbc81ab9f2541a86bfb85fc263397d0e3f3c1a0cb0c8e5fe2f833998245462903d8a7e9e499d2685b8fc44964935ad282e4e175753d78","ssdeep":"","tlshash":"84516650b7cc325e06ab22516b6f10ace63cff721158449d881965f82cb0c7bdb6bd6b","first_seen":"2023-03-07T01:23:22Z","last_seen":"2026-04-20T03:34:44.374602Z","times_seen":4494,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/navicon6.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/navicon6.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":1782,"data":"e=37dfbd8ee84e00126eebc037eb4f8f9c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674d82868f542e3e18f77d2501d43ed866c2573801769007025a66575bc2bc384977be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2947750703f58f28337f06f7ff1b7e8daea77a93e359204e7ffda1a3969e72bccfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709b03e2dfcd05631ad9ba625d35ae115edd907801a9a936098616bcdcc73813b8e81b7ae90b3ba4771a37befe5e47a0e69a38f3cc7ed1cad051e41c84f469784848899afcb70d82dd38fb88438b62d2865ca382ad4ccd1620a90a633ab41bfc303d660ac3d1a1d1a8c26b809dbd7be78a8c760875ca9cfddd127d619676bec78135d750b3185aa6ebb46dfc0c56be79066f19627d687fbfd7888f0a91f6a7d9ce25b47cdbc045642acacee74b828cdbb2fb3b97bec38d9658759c609c5b42e914854b8f7c7387b46341120194105b6f3ce30c008dc464f4035f1b44fdf84190cfeb8dfa6bd6cc2efece087f8aff249533dfb4785be456a9f5e6419df7f407264f167b2751fc6f7dc658860cb388caa2dd1a50a987f133c26027d0f81c6e4df516747ce5d1cc1c1d3a9b1d452029ab5ba7f97c7767ac6d26d7e3390f2a32940ea64df069d7bbe2d8700988d4aaca838f09a96d39f4367e8e23a6b8777b884e9ae52df3a525f53eb391406f2da209df0068edcc29c46c795862d0f3043bb3aa904a250b39f3cc147457c1b457a28b30887f94416bd7ddcb5b7758fdd47e7196fbd5338758de2d11648ba20b1df6c8554604413e3654ed7f88e37954534989901f58a9fed8a41db5e493055af2637589d8c1e1ce769a5eccb2e8ed0f01c1d21e0782a0818dd4813b5c8fc12108c702e90c4d203dbdeb9ce5a3ea86ff8542844c64e3f6d8c86515381d7ffc4b3f101eb3fa66dd521dd9d4080b4be393db1c31c9ed3\u0026cri=wYURaaafDN\u0026sf=0\u0026dc=\u0026cp=15\u0026gtm=-\u0026gac=-\u0026tb=1\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=15027\u0026mo=0\u0026pn=16630\u0026spn=1603\u0026fp=548\u0026snt=1"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 1175\r\nserver: cloudflare\r\nlast-modified: Fri, 11 Jun 2021 12:43:51 GMT\r\netag: \"497-5c47cdc166fc0\"\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 5933\r\npriority: u=4,i=?0\r\naccept-ranges: bytes\r\ncf-ray: 936afa7238200b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1175,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced","md5":"91f3dc42cd20fcc67b1f9e4d026ae636","sha1":"4eb701d8acffe7471ca14183d83fdc8e5d57bec5","sha256":"a9a1670e3a3b68ddead344606fe60843fc01d9cb439094ad9f813a5b6f072659","sha512":"882e049a49d4cdb4b2f69427b722a4bc1211d949a05a3f85efe57b99b6459f41dbe15c77a266966fecc73a93a7bbb9dbe477c353bff63db4c4a14828541102e9","ssdeep":"","tlshash":"6921a3c8d18cdc291ca3671f72206435f6b58923b903019c902fd562369e38db48efb0","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.376166Z","times_seen":115,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nannyirrationalacquainted.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1217\u0026rd=1217\u0026fd=685\u0026bv=25.4.8000\u0026tmpl=136","fqdn":"nannyirrationalacquainted.com","domain":"nannyirrationalacquainted.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"nannyirrationalacquainted.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 00:43:48 GMT","end":"Sat, 19 Jul 2025 00:43:47 GMT"},"fingerprint":{"sha1":"02:A2:15:3C:6C:15:16:0E:78:8F:56:09:21:EA:27:04:2D:EC:D5:E2","sha256":"B9:E9:88:D1:E9:84:76:2E:AF:77:43:F9:01:55:3B:97:B2:F2:0F:4E:F1:20:AC:28:9B:22:95:74:08:37:71:33"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1217\u0026rd=1217\u0026fd=685\u0026bv=25.4.8000\u0026tmpl=136 HTTP/1.1\r\nHost: nannyirrationalacquainted.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:30 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: nannyirrationalacquainted.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":713,"timings":{"blocked":308,"dns":21,"connect":95,"send":0,"wait":97,"receive":0,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-26","alert":"Sinkholed","trigger":"nannyirrationalacquainted.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/navbara.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/navbara.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/css_newTheme/main.css\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 22290\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:35 GMT\r\netag: \"5712-550b66eb244c0\"\r\naccept-ranges: bytes\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 4961\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 936afa76d96d0b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22290,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced","md5":"e7c056eea6e071b1f5309d5db50c057a","sha1":"833e979751da5fffe28b8761b322d16481a24c2e","sha256":"34785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9","sha512":"013e1d717841e2e4120d4a8613a7f04e664c79925739d32fee8df4cc632c021ebc25ccc5dd42351f3611bf5843e5f254a8bb5961c1d4f45aca286ebba076fadd","ssdeep":"192:1PkI6yn5RRi/MRecr3A2jQMzSHzz5JsKLa3oV:CIZ5RCUQMwz1aKeYV","tlshash":"c0a23e10edf071a58409223669d934014da3da83fb81dccbba9dc9b95f20bd98cbb757","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.352035Z","times_seen":115,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"experttrafficcounter.com/stats","fqdn":"experttrafficcounter.com","domain":"experttrafficcounter.com","tld":"com"},"ip":{"addr":"18.185.55.239","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:30.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"experttrafficcounter.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 23 Jan 2025 00:00:00 GMT","end":"Sat, 21 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EE:A0:89:D0:CF:A2:E2:EC:50:6D:6C:20:D2:5A:BB:B9:8C:6E:3F:CC","sha256":"10:38:3D:45:4F:24:A0:61:7E:B2:5F:85:B3:4F:33:39:E0:8E:3A:82:45:63:EA:1E:41:80:93:2A:65:F3:A1:AC"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: experttrafficcounter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nCookie: uid_id2=2e05f825-9e8c-4972-897a-aa643ea95715:1:1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:30 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://mexa.sh\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"f56f314d98580c702b1bbb39b6bb1f67","sha1":"10cfdefa95116c863696cd9875234a1360069766","sha256":"4467c5dd1110cd9dfa599dd30a6c20c85f7eac3c3dc546f4ff56aae832282722","sha512":"66925f4efd78846681ece3f9c330f58014645b7ef1f6b6031f0022ac68e4cf075613d76f0e1444c7462a7fe0924a3e05e49b79cc69c8f4423144d7d2a2cb4c48","ssdeep":"","tlshash":"b19004dc0d417015c10c4700054037c1df1100c004104c5551434d014d00f15f5d0f54","first_seen":"2025-04-27T02:45:03.50239Z","last_seen":"2025-04-27T02:45:03.50239Z","times_seen":1,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/css_newTheme/main.css","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /css_newTheme/main.css HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 13 Jan 2019 07:31:45 GMT\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 5934\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\netag: W/\"89fe-57f51eb945a40\"\r\ncontent-encoding: br\r\ncf-ray: 936afa7218100b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":35326,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with very long lines (1426)","md5":"2f075bd8c1fed47ee1ebcaea76c5f036","sha1":"66e03118be7fa1415deebd13efa08362224f1ed9","sha256":"eb10cdca88afebbb0b6af470c50a76cbabfc864193b0c535d93dcea81321c49e","sha512":"398f81706f367bea104ec49f6317b4bb22ccf0af6a0c3bb3489c70f0ae5ea3efea8404225a326ec5804310ca55dc529f2004d3c69875b484c5710c0accf59eb7","ssdeep":"384:nda1nwAkwpzR/vM9lQHw85JvW0ddpz6PUnpzMFqZLJAUtfFL6jFYcJMLzJdHGWdZ:ndCt/vAQHxt+Ua8LWFGzJFFrd4+/XF","tlshash":"09f2b432e655204fb03bc0767a52bbd1721a9107d11b4f7dbebd7179da8e0a80632b8d","first_seen":"2023-04-11T20:57:38Z","last_seen":"2025-10-24T22:48:06.387145Z","times_seen":115,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"straightforwardaudition.com/pixel/sbs?c=1","fqdn":"straightforwardaudition.com","domain":"straightforwardaudition.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:32.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"straightforwardaudition.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 23:29:29 GMT","end":"Sat, 19 Jul 2025 23:29:28 GMT"},"fingerprint":{"sha1":"37:79:6E:2B:6D:60:27:B4:CE:CF:C8:79:9F:47:21:CD:A1:1F:02:45","sha256":"92:25:26:1E:08:FC:AA:95:F0:A6:AB:CB:A9:FB:84:A5:88:FE:64:84:0A:90:6D:D7:84:2B:F0:F7:08:BE:A7:F4"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: straightforwardaudition.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":2557,"data":"e=37dfbd8ee84e00126eebc037eb4f8f9c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674d82868f542e3e18f77d2501d43ed866c2573801769007025a66575bc2bc384977be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2947750703f58f28337f06f7ff1b7e8daea77a93e359204e7ffda1a3969e72bccfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709b03e2dfcd05631ad9ba625d35ae115edd907801a9a936098616bcdcc73813b8e81b7ae90b3ba4771a37befe5e47a0e69a38f3cc7ed1cad051e41c84f469784848899afcb70d82dd38fb88438b62d2865ca382ad4ccd1620a90a633ab41bfc303d660ac3d1a1d1a8c26b809dbd7be78a8c760875ca9cfddd127d619676bec78135d750b3185aa6ebb46dfc0c56be79066f19627d687fbfd7888f0a91f6a7d9ce25b47cdbc045642acacee74b828cdbb2fb3b97bec38d9658759c609c5b42e914854b8f7c7387b46341120194105b6f3ce30c008dc464f4035f1b44fdf84190cfeb8dfa6bd6cc2efece087f8aff249533dfb4785be456a9f5e6419df7f407264f167b2751fc6f7dc658860cb388caa2dd1a50a987f133c26027d0f81c6e4df516747ce5d1cc1c1d3a9b1d452029ab5ba7f97c7767ac6d26d7e3390f2a32940ea64df069d7bbe2d8700988d4aaca838f09a96d39f4367e8e23a6b8777b884e9ae52df3a525f53eb391406f2da209df0068edcc29c46c795862d0f3043bb3aa904a250b39f3cc147457c1b457a28b30887f94416bd7ddcb5b7758fdd47e7196fbd5338758de2d11648ba20b1df6c8554604413e3654ed7f88e37954534989901f58a9fed8a41db5e493055af2637589d8c1e1ce769a5eccb2e8ed0f01c1d21e0782a0818dd4813b5c8fc12108c702e90c4d203dbdeb9ce5a3ea86ff8542844c64e3f6d8c86515381d7ffc4b3f101eb3fa66dd521dd9d4080b4be393db1c31c9ed3\u0026cri=wYURaaafDN\u0026sf=0\u0026dc=Fx8bAxNkAxQUThQDFBQDFGVIU0pKAxRlFBYWAxRlFRMTEQMUZRcVERIDFGUXEhAWAxRlFxUVEgMUZRcSEx8DFGUXFRcUAxRlFgMUZRcVAxRlFxMXFwMUZRcTFxQDE2IAFRcbAxFkAxQUUQMUFAMVZxcRFAMUZQMUFE4DFBQDFWcSFAMUZQMUFER5AxQUAxVnFxUDEWIAERcbAxFkAxQUVQMUFAMVZxYDFGUDFBRLAxQUAxVnFgMUZQMUFFEDFBQDFWcWAxRlAxQURHkDFBQDFWcUFAMRYgAXEhcbAxFkAxQUVQMUFAMVZxcDFGUDFBREeQMUFAMVZxYDEWIAFxMfGwMRZAMUFEMWAxQUAxVnAxQUVQhBQ1JkR1JSQ1RfAxQWT1UDFBZISVIDFBZHAxQWQFNIRVJPSUgDFBQDFGUDFBREeQMUFAMVZxYDEWIAFRQQGwMTZAMRZAMUFEQDFBQDFWcXAxRlAxQUVQMUFAMVZwMUFBcDFBQDEWIDFGUDEWQDFBREAxQUAxVnFgMUZQMUFFUDFBQDFWcDFBQXAxQUAxFiAxNiABMUFhsDEWQDFBRWAxQUAxVnAxQUak9IU14DFBZeHhB5EBIDFBQDFGUDFBRKAxQUAxVnAxNkAxQUQ0gLc3UDFBQDFGUDFBRDSAMUFAMTYgMUZQMUFE5FAxQUAxVnEh4DFGUDFBREeQMUFAMVZxcQAxFiAB4REhsDEWQDFBRVAxQUAxVnFQMUZQMUFFNQVkcDFBQDFWcWAxRlAxQURHkDFBQDFWcXAxFi\u0026cp=1\u0026gtm=-\u0026gac=-\u0026tb=1\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=1003\u0026mo=0\u0026pn=2606\u0026spn=1603\u0026fp=548"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:32 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: straightforwardaudition.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"straightforwardaudition.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/navicon3.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.180Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/navicon3.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":1779,"data":"e=37dfbd8ee84e00126eebc037eb4f8f9c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674d82868f542e3e18f77d2501d43ed866c2573801769007025a66575bc2bc384977be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2947750703f58f28337f06f7ff1b7e8daea77a93e359204e7ffda1a3969e72bccfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709b03e2dfcd05631ad9ba625d35ae115edd907801a9a936098616bcdcc73813b8e81b7ae90b3ba4771a37befe5e47a0e69a38f3cc7ed1cad051e41c84f469784848899afcb70d82dd38fb88438b62d2865ca382ad4ccd1620a90a633ab41bfc303d660ac3d1a1d1a8c26b809dbd7be78a8c760875ca9cfddd127d619676bec78135d750b3185aa6ebb46dfc0c56be79066f19627d687fbfd7888f0a91f6a7d9ce25b47cdbc045642acacee74b828cdbb2fb3b97bec38d9658759c609c5b42e914854b8f7c7387b46341120194105b6f3ce30c008dc464f4035f1b44fdf84190cfeb8dfa6bd6cc2efece087f8aff249533dfb4785be456a9f5e6419df7f407264f167b2751fc6f7dc658860cb388caa2dd1a50a987f133c26027d0f81c6e4df516747ce5d1cc1c1d3a9b1d452029ab5ba7f97c7767ac6d26d7e3390f2a32940ea64df069d7bbe2d8700988d4aaca838f09a96d39f4367e8e23a6b8777b884e9ae52df3a525f53eb391406f2da209df0068edcc29c46c795862d0f3043bb3aa904a250b39f3cc147457c1b457a28b30887f94416bd7ddcb5b7758fdd47e7196fbd5338758de2d11648ba20b1df6c8554604413e3654ed7f88e37954534989901f58a9fed8a41db5e493055af2637589d8c1e1ce769a5eccb2e8ed0f01c1d21e0782a0818dd4813b5c8fc12108c702e90c4d203dbdeb9ce5a3ea86ff8542844c64e3f6d8c86515381d7ffc4b3f101eb3fa66dd521dd9d4080b4be393db1c31c9ed3\u0026cri=wYURaaafDN\u0026sf=0\u0026dc=\u0026cp=5\u0026gtm=-\u0026gac=-\u0026tb=1\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=5009\u0026mo=0\u0026pn=6612\u0026spn=1603\u0026fp=548\u0026snt=1"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 15889\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:35 GMT\r\netag: \"3e11-550b66eb244c0\"\r\naccept-ranges: bytes\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 5933\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 936afa72381e0b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15889,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced","md5":"715335986af196b81f68fa792f5a7f53","sha1":"b6b2f12993db399f86883315310869dccbd75ec5","sha256":"aed030aceb42be1e4b98b63eaac7064b3cd6a08fa4806d967be6bd47c449b76f","sha512":"af00d47ffd98582bad0b3d3c1cfd9643f405d545e483f33b4bda44c9d6c749581fc3f30b3f77f41938e3e0995ceebe9aa52ee4440fd27c0cceaf6e945a418160","ssdeep":"48:Y/6Mei+k29W8sEvXb2xN+Y9A/y6DBCAsLQKfL1K1sc56y7e8wNoSNWc:YSZ3kEWRfxNXYyysc59eHdNWc","tlshash":"cd626228fcf072b49458a6332ae525065d7707c3d6c1ac85bbce4c666f10baacc5f282","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.351307Z","times_seen":115,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/userin.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/userin.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 18182\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:34 GMT\r\netag: \"4706-550b66ea30280\"\r\naccept-ranges: bytes\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 5931\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 936afa7238230b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18182,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced","md5":"f7354ba97c4568ef41c764f1d5641336","sha1":"78041d1b15b6af69d015b1dff67bb9d2501fe325","sha256":"71657baf0148a08ee00ee4b43ab8106c192c670b34f853817a64dcff40fe1eba","sha512":"aecd422a99051e735db03aefd96d8d6147bad94c41b7d0ce0b40b3b70cb7e358330ee6547fcf3fcf59cfcd781bb909565df8e60a8e95ccba60fd083fb54a7429","ssdeep":"96:CZ/I09Da01l+gmkyTt6Hk8nTTXWvkiY93l9sIWyHyVtm5wNGuLGfNXrNXVhsc9J9:CS0tKg9E05TTWkiY93lA85wK5h","tlshash":"87822b25fcf0b498659db5321dd524079e330387e9826c88bacc4e9a6f10f9a8f4f196","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.353841Z","times_seen":115,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/no211.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/no211.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 720\r\nserver: cloudflare\r\nlast-modified: Mon, 26 Aug 2019 15:38:33 GMT\r\netag: \"2d0-59106f2ce7040\"\r\naccept-ranges: bytes\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 5931\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 936afa7238260b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":720,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced","md5":"5508fda2890fd7f0368dcb662b600dd8","sha1":"1bcb3a7bfbb7d9085116d57ff120929628d68440","sha256":"4412e2285d723b472c86f2bd2ecc0b8009d26eea38d3a906d7bce0e512677726","sha512":"36d70e9935601492be918d2a3739dbc0f431b9090c888556f991e9069f6fa98255b55441345e263b9ec4e01de836f2a4683bd07ced3bdccf3073163590cb981a","ssdeep":"","tlshash":"6d0144ecf11ad461900b5b950112d1a6b3bf2223614b912c6c54afa509be34f85aed52","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.365502Z","times_seen":110,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"waisheph.com/wrr?z=7359319\u0026p_rid=6e6c8e02-86d9-4ec5-8aa8-881d319651c3\u0026rb=PTiJr7abP4dgV-xpc03D8u0YhbsUI548jhRaZi5dXuYGnzIq-_blLI64QSlhF4qEXhOl0McCEnJT_061o-LyG87DzU7VsEAq8D4ykZi_h6ZKlvDKVPZ95PcVCVn0P6eZWSHvVBQTtxDrXPMJYnYVq1tKKd6d8wl8eM1TRKz4Hl3JSC1yd-zXU5jLWvwnG-174iJ_ipOe5tWBCc628WJtkG2sxE6OEIlkKiL2GJcqOYUq_byYpK5wTe5mjjlps-2Mq9GaX4JQXVIygnW1OK7IHZTHHbE=\u0026dmn=waisheph.com\u0026userId=0081b896ce9b427cfef74eaa0f0cc184","fqdn":"waisheph.com","domain":"waisheph.com","tld":"com"},"ip":{"addr":"139.45.197.119","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:30.747Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"waisheph.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Apr 2025 05:22:09 GMT","end":"Thu, 10 Jul 2025 05:22:08 GMT"},"fingerprint":{"sha1":"2F:DC:B5:CD:9D:81:2D:67:4D:2A:BF:A5:28:D4:1A:B9:F9:CE:C6:AC","sha256":"6C:5D:FA:03:C3:66:B9:17:22:73:36:A8:16:F3:F3:F1:A5:37:2F:8B:CA:08:BD:BB:BD:CC:BA:1B:88:70:6A:50"}}},"request":{"raw":"POST /wrr?z=7359319\u0026p_rid=6e6c8e02-86d9-4ec5-8aa8-881d319651c3\u0026rb=PTiJr7abP4dgV-xpc03D8u0YhbsUI548jhRaZi5dXuYGnzIq-_blLI64QSlhF4qEXhOl0McCEnJT_061o-LyG87DzU7VsEAq8D4ykZi_h6ZKlvDKVPZ95PcVCVn0P6eZWSHvVBQTtxDrXPMJYnYVq1tKKd6d8wl8eM1TRKz4Hl3JSC1yd-zXU5jLWvwnG-174iJ_ipOe5tWBCc628WJtkG2sxE6OEIlkKiL2GJcqOYUq_byYpK5wTe5mjjlps-2Mq9GaX4JQXVIygnW1OK7IHZTHHbE=\u0026dmn=waisheph.com\u0026userId=0081b896ce9b427cfef74eaa0f0cc184 HTTP/1.1\r\nHost: waisheph.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mexa.sh/\r\ncontent-type: application/json\r\nContent-Length: 2581\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2581,"data":"{\"sync\":\"TBtSUh8cJhwUBWcfHEsSAwEFUA5MXwMBbAQlKz9KWUBKAFsDQwYCHR9EBx1SGx8UCBJbUlcvXRoYG01IHBsCFlReGxtHTBVGQ1hZQE8eWwNQWFZbXhYZBRUDAgZIUFVKAgtPS0MIU1JeR1BDBwUVAwIGSFBVSgIaGlNJFUMdF0lIBEJPXkERDEpIWx8TARpTSRVDGQ8DUA5fXQUNHxQJDFtSRFIKXVUbEh1MUUMGVl0bG0BXDUZDWUdaCEVbTRI1Cg4GUQ0ZUl0RDEpIWwIGF1lLQxssBRQCHlgPQgIXAxZSMxAGEQ1PGll3NUpfW1wEVU1gUF0ATl9ZEENWA0kLT1tbXV9cBEdNcFxQXRVLS1hEUghYSQhBLAcZF1IBFRgIAAJUVFtEVwxIS0MITUgeD1AOTARZTVZEFAUVRQUGXkQPUAQdCxlIXR09fgJaWA4BCwYUDhUZHV9MHAcOBVEcV15KY39BDRccEBBWCBUUEQ4IRgRdCxpSSwlfCTQwUxwMTAwLVwAGQxsWUkMbXlxEUwheEBslKwMAF00EGAAKHhkeCVEURV8fExwaTwtLOTACQ0ZMHhtQTFdZTF9aVkYdGhNAAktbFUMaAklIFgYZQ0lADFVLFA0NAxYaERZQEwEfRE4LFAVMS1lVMhYBFgcVOzMJUFlZW0cDWENFWEEUVkYXD1dYCEVbTRtIVEknYC1PGxtdVFheSERXDFkZWwNDJgcFB0xOFQ8PbABORlVKBRYaU0kVQw8YCh4WVF4AFRFeGUZDXE1OGg0UG1tHX0dQRhoZFQMeB1ZGGgAqDVoDWwNRRkwFBRZUXBsbRFJYXh8JGRFdRVtWEgkeHlAOTCFeV0ZOWhxBXipUDEtVGwkDCg8XWkxXUVhfRR9IWwsdPVcLE2YIBAoOChZUQAYVEUETCiYDEBtLNhVcDw0aA1AOXFkHFRFVFQgWGioGXRkNUUNQXF9eFhgIWV1cRFheW0pZQF8IFFwRCwoYUA5eQRVXXxRARhwGWDdrS1UbDwYdSUgWCwMabGAaHwpbRFcBVwUWSz4NDwYHQExXFUpBURhGVUoFBFRLQxtDRkwIHkBMV0xEHxQKCBgcEw1KBCZdBB4LCAZbHE8NQhFfCTsYBhEQVwAdG1sMDwcBUUJPXkpsQggNHQ0bFhpTH1gNGQtHUF0dMlRRQVkXDQwFKloONhZLPgQLHBdGTFdRWF9FH0hbAQY9WwELVgwDGwZQDggMW0pWGlgNCjcQBl8MWwMHCwIYFxhMBERmVFMZDxZKTxZKHBwVQwMdNAVRDDJcUEcUQAIYBAYHFEsQSj4dCwktXwcZaA8DACULCzcbB08MCxtbDA8HAVFCT15KbFIfFxIcGhJnGhhfABgHSUhSDwFEXB8UExcmCx0QVwQQTAw1ARsXRg9PDV9SWgkBBERXDF0aWwNDWFhfRQNZWgAKAhRWRhoEHAdWHSZQBUhUSQdaBQNYTl0UVkYYDhMLVAAYTQQ1Bw9QDkxPGxtHRBsCHwEWPUsGDEsCDzECFhZUTxUVEVceEhwaAQtLDAtmCA5MUVAWQk9UWF5GGw0eBioLXEtDG0NGTAgHRxoCWmZaUiVVW1JXQBRLGkwSHgEGLV0KMgUbCRRYSFsLGQtbAiZQBUhUSVAYTA5YSkcUQEZbRFcPXR0RVgVIVEkYRxoMUBsfFAg7DAERQAJLWxVDBQ80G1BMVxUbHxQbAB0BAQtXBxhVPgMKGFAONTBK\",\"async\":\"TBtbXx4AHAYqC14bGFQESFRbXhYMDEMbCU1YDQo3FwNMS0MJTUgNAxNGCQRZXhEMSkhbCx0DSg4QVwY1GgIfUUxXBxURUhMXGgAUEF8AF14+HgcGFxZUXRsbX1MMARVKT1JFRVtaDQMLBQZrBwkVAxFDFA8XBwIMGkVbWAcMBwcbVRoIaFBXFEBGW0RXFkoIH18ICTEYHUEcDlJmWlJYXltKWUBZDQ9cEx4HGBdGMQRTGwkUWEhbCxQPSAgQXg81Bw9QDkxPGxtQQwkQFgUqC1w2SBtbSExHUFcbHkNWXmkTACZaV1gaS1UbAgYHCBlrBwkVAxEUVkYaBwYWGlNbG01IAw4GXAEJFQMRXAkQGA9XThobJkwIDkxRUBZCT1hYbF8eRkNKV04aCB1dCB4HBBxVAjJeXUAUQD8kFQ==\",\"quality_options\":{\"hil\":1,\"jsp\":1,\"ng\":false,\"ix\":false,\"pt\":false,\"np\":false,\"nw\":true,\"nb\":true,\"sw\":1280,\"sh\":1024,\"pl\":\"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\",\"wy\":0,\"wx\":0,\"ww\":1280,\"wh\":1024,\"cw\":1280,\"wiw\":1280,\"wih\":1024,\"wfc\":0,\"sah\":1024,\"navlng\":\"en-US\",\"drf\":\"\",\"wgl\":\"llvmpipe\",\"tb\":false,\"btz\":\"UTC\",\"bto\":0,\"pnt\":0,\"pnrc\":0,\"bml\":0,\"bmi\":false,\"vsbl\":true},\"client_hints\":{}}"}},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sun, 27 Apr 2025 02:44:30 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://mexa.sh\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"straightforwardaudition.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fnotifications%2Fdating%2Fdefault%2Fus%2Fdesk-all%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=60","fqdn":"straightforwardaudition.com","domain":"straightforwardaudition.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:32.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"straightforwardaudition.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 23:29:29 GMT","end":"Sat, 19 Jul 2025 23:29:28 GMT"},"fingerprint":{"sha1":"37:79:6E:2B:6D:60:27:B4:CE:CF:C8:79:9F:47:21:CD:A1:1F:02:45","sha256":"92:25:26:1E:08:FC:AA:95:F0:A6:AB:CB:A9:FB:84:A5:88:FE:64:84:0A:90:6D:D7:84:2B:F0:F7:08:BE:A7:F4"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fnotifications%2Fdating%2Fdefault%2Fus%2Fdesk-all%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=60 HTTP/1.1\r\nHost: straightforwardaudition.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:32 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: straightforwardaudition.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"straightforwardaudition.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/css_newTheme/style.css","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /css_newTheme/style.css HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Wed, 09 Aug 2017 05:59:44 GMT\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 5935\r\npriority: u=2,i=?0\r\netag: W/\"9b82-5564bc956d400\"\r\ncontent-encoding: br\r\ncf-ray: 936afa72180f0b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":39810,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3c6420826cc1647abda78120299c0eb6","sha1":"bf10714579e64ee828627f828695fe093c5b810f","sha256":"3688ad50ef9e8944e982c4e017363d2454b84814b3a289af6dc9a341988180e7","sha512":"49946ecd54262e83e754a80c1e0d1d01e6bc9a62660059c98b631f624d8a194f2daabaa9a6d27e6ae880bcc389610b8be6600e528a4b7d6fab601fdabf7661c6","ssdeep":"768:Fbqgz7NKPKbcK18E2EY3yNRYJEEHdmO6o:Fbhz7NGKbcK18E2EqyNeJE4dqo","tlshash":"4903723b26102c4cf117e0fdae94abc6671e4013e91f4e7d79a935acd38e0e445b3a99","first_seen":"2023-04-11T20:57:38Z","last_seen":"2025-10-24T22:48:06.386193Z","times_seen":114,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"experttrafficcounter.com/stats","fqdn":"experttrafficcounter.com","domain":"experttrafficcounter.com","tld":"com"},"ip":{"addr":"18.185.55.239","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:30.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"experttrafficcounter.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 23 Jan 2025 00:00:00 GMT","end":"Sat, 21 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EE:A0:89:D0:CF:A2:E2:EC:50:6D:6C:20:D2:5A:BB:B9:8C:6E:3F:CC","sha256":"10:38:3D:45:4F:24:A0:61:7E:B2:5F:85:B3:4F:33:39:E0:8E:3A:82:45:63:EA:1E:41:80:93:2A:65:F3:A1:AC"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: experttrafficcounter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nCookie: uid_id2=2e05f825-9e8c-4972-897a-aa643ea95715:1:1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:30 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://mexa.sh\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"f56f314d98580c702b1bbb39b6bb1f67","sha1":"10cfdefa95116c863696cd9875234a1360069766","sha256":"4467c5dd1110cd9dfa599dd30a6c20c85f7eac3c3dc546f4ff56aae832282722","sha512":"66925f4efd78846681ece3f9c330f58014645b7ef1f6b6031f0022ac68e4cf075613d76f0e1444c7462a7fe0924a3e05e49b79cc69c8f4423144d7d2a2cb4c48","ssdeep":"","tlshash":"b19004dc0d417015c10c4700054037c1df1100c004104c5551434d014d00f15f5d0f54","first_seen":"2025-04-27T02:45:03.50239Z","last_seen":"2025-04-27T02:45:03.50239Z","times_seen":1,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nannyirrationalacquainted.com/sbar.json?key=ce95e43f3553e10df4882fca51971c45\u0026uuid=2e05f825-9e8c-4972-897a-aa643ea95715%3A1%3A1","fqdn":"nannyirrationalacquainted.com","domain":"nannyirrationalacquainted.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:30.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"nannyirrationalacquainted.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 00:43:48 GMT","end":"Sat, 19 Jul 2025 00:43:47 GMT"},"fingerprint":{"sha1":"02:A2:15:3C:6C:15:16:0E:78:8F:56:09:21:EA:27:04:2D:EC:D5:E2","sha256":"B9:E9:88:D1:E9:84:76:2E:AF:77:43:F9:01:55:3B:97:B2:F2:0F:4E:F1:20:AC:28:9B:22:95:74:08:37:71:33"}}},"request":{"raw":"GET /sbar.json?key=ce95e43f3553e10df4882fca51971c45\u0026uuid=2e05f825-9e8c-4972-897a-aa643ea95715%3A1%3A1 HTTP/1.1\r\nHost: nannyirrationalacquainted.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:31 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\ncustom-referer: https://mexa.sh\r\naccess-control-allow-origin: https://mexa.sh\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=2e05f825-9e8c-4972-897a-aa643ea95715:1:1; expires=Sun, 04 May 2025 02:44:31 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 28 Apr 2025 02:44:31 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 28 Apr 2025 02:44:31 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Mon, 28 Apr 2025 02:44:31 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Mon, 28 Apr 2025 02:44:31 GMT; path=/; secure; SameSite=None\nu_pl26017473=1; expires=Mon, 28 Apr 2025 02:44:31 GMT; path=/; secure; SameSite=None\nslecce95e43f3553e10df4882fca51971c45=[5752772,5836004]; expires=Sun, 27 Apr 2025 02:44:36 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 224\r\nHost: nannyirrationalacquainted.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b91447da26ea300b8211d1807916edad\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12646,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"7961522162df71e766ad6834328f7a9c","sha1":"623de4e4c25096b4225c3c7a6b10b7fff55ea197","sha256":"1a610b6d21980c665630e6c392d2a80746d8e927c2b2e44c04d0072314f32758","sha512":"3926ec3869f9a8a2ff1d063eaad32ac79b78ebc839fb43f22c4fb4fcf8298eb2e525afaedf1c74339d85e96eb0e44470996b43824bde9611fa5d348847f410cc","ssdeep":"384:9zqOOD7HDXdg6tFg2O/DLzNyXk7aBHFSis:9GD7HDXdMJ/DLhyXkKHFSis","tlshash":"2742ae3f651d60c34ad39d08c62f3f7a2cc526cfc1db964e9d6b89ae1079818176809e","first_seen":"2025-04-27T02:45:03.506376Z","last_seen":"2025-04-27T02:45:03.506376Z","times_seen":1,"resource_available":false,"data":null}},"time_used":320,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":319,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-26","alert":"Sinkholed","trigger":"nannyirrationalacquainted.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nannyirrationalacquainted.com/pixel/pure","fqdn":"nannyirrationalacquainted.com","domain":"nannyirrationalacquainted.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:31.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"nannyirrationalacquainted.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 00:43:48 GMT","end":"Sat, 19 Jul 2025 00:43:47 GMT"},"fingerprint":{"sha1":"02:A2:15:3C:6C:15:16:0E:78:8F:56:09:21:EA:27:04:2D:EC:D5:E2","sha256":"B9:E9:88:D1:E9:84:76:2E:AF:77:43:F9:01:55:3B:97:B2:F2:0F:4E:F1:20:AC:28:9B:22:95:74:08:37:71:33"}}},"request":{"raw":"POST /pixel/pure HTTP/1.1\r\nHost: nannyirrationalacquainted.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 74\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":74,"data":"{\"bv\":\"25.4.8000\",\"error\":\"UUID request timed out or failed\",\"tmpl\":\"136\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:31 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: nannyirrationalacquainted.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":466,"timings":{"blocked":-1,"dns":1,"connect":94,"send":0,"wait":94,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-26","alert":"Sinkholed","trigger":"nannyirrationalacquainted.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:32.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 31 Mar 2025 08:55:41 GMT","end":"Mon, 23 Jun 2025 08:55:40 GMT"},"fingerprint":{"sha1":"62:27:9C:C9:95:FF:8F:83:34:D0:B1:42:CB:B7:63:C0:8E:6F:3E:F1","sha256":"3F:6A:5F:E1:F0:BA:1E:57:4B:64:05:6B:41:44:A7:D9:8F:95:5D:1C:20:DF:6E:CB:BC:9A:5C:1D:FB:02:A8:DB"}}},"request":{"raw":"GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 24 Apr 2025 10:03:46 GMT\r\nexpires: Fri, 24 Apr 2026 10:03:46 GMT\r\ncache-control: public, max-age=31536000\r\nage: 232846\r\nlast-modified: Wed, 08 Jan 2025 18:23:10 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-20T13:59:38.920906Z","times_seen":751132,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":86,"dns":1,"connect":20,"send":0,"wait":21,"receive":25,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unseenreport.com/pxf.gif?uuid=2e05f825-9e8c-4972-897a-aa643ea95715\u0026eb=56a3745424804a23b12899170f9076de\u0026te=9c9b2bc1fcb866fe34b4078d4dc2b749\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=48eac25e15d2aeed70d260fa57ee3c42\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=2","fqdn":"unseenreport.com","domain":"unseenreport.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:31.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.unseenreport.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 18 Mar 2025 22:26:47 GMT","end":"Mon, 16 Jun 2025 22:26:46 GMT"},"fingerprint":{"sha1":"E0:4C:2E:29:FF:E3:0A:E7:2C:96:4B:AD:13:1B:9D:AB:A0:91:35:A7","sha256":"E6:7A:E6:7E:06:5E:5D:89:5D:BD:0D:EE:0A:18:3A:00:43:32:6A:73:D9:EA:22:8A:F2:90:17:4C:4E:E8:E7:7B"}}},"request":{"raw":"GET /pxf.gif?uuid=2e05f825-9e8c-4972-897a-aa643ea95715\u0026eb=56a3745424804a23b12899170f9076de\u0026te=9c9b2bc1fcb866fe34b4078d4dc2b749\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=48eac25e15d2aeed70d260fa57ee3c42\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=2 HTTP/1.1\r\nHost: unseenreport.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":3056,"data":"{\"metadata\":{\"event_sent_at_ms\":1745721845142},\"events\":[{\"schema_id\":\"web_pixels_manager_pixel_register/3.8\",\"payload\":{\"version\":\"0.0.475\",\"page_url\":\"https://www.oilily.com/en-en?tduid=7f35533af8d5986f1b3f68cb310fa579\u0026progId=369214\u0026affId=686431\u0026utm_source=tradedoubler\u0026utm_medium=affiliate\u0026utm_campaign=Takeads+DE\",\"shop_id\":3983474801,\"surface\":\"storefront-renderer\",\"pixel_id\":\"528220486\",\"pixel_app_id\":\"10250649601\",\"pixel_source\":\"APP\",\"pixel_runtime_context\":\"STRICT\",\"pixel_script_version\":\"29550c07d182da302d2b1a5840b37262\",\"pixel_configuration\":\"{\\\"accountID\\\":\\\"3983474801\\\"}\",\"pixel_event_schema_version\":\"v1\",\"status\":\"registered\",\"user_can_be_tracked\":\"false\",\"bundle_target\":\"modern\",\"duration\":1163,\"start_time\":1501,\"session_id\":\"sh-752164dd-5D0B-4535-CAAC-5BF70BDE917D\"},\"metadata\":{\"event_created_at_ms\":1745721844642}},{\"schema_id\":\"web_pixels_manager_subscriber_event_emit/4.1\",\"payload\":{\"version\":\"0.0.475\",\"bundle_target\":\"modern\",\"page_url\":\"https://www.oilily.com/en-en?tduid=7f35533af8d5986f1b3f68cb310fa579\u0026progId=369214\u0026affId=686431\u0026utm_source=tradedoubler\u0026utm_medium=affiliate\u0026utm_campaign=Takeads+DE\",\"shop_id\":3983474801,\"surface\":\"storefront-renderer\",\"pixel_id\":\"528220486\",\"pixel_app_id\":\"10250649601\",\"pixel_source\":\"APP\",\"pixel_runtime_context\":\"STRICT\",\"pixel_script_version\":\"29550c07d182da302d2b1a5840b37262\",\"pixel_configuration\":\"{\\\"accountID\\\":\\\"3983474801\\\"}\",\"pixel_event_schema_version\":\"v1\",\"event_name\":\"page_viewed\",\"event_id\":\"sh-752164f0-1E5F-4B78-6F29-C7ECB567AA9C\",\"event_type\":\"standard\",\"status\":\"SUCCESS\"},\"metadata\":{\"event_created_at_ms\":1745721844644}},{\"schema_id\":\"web_pixels_manager_pixel_register/3.8\",\"payload\":{\"version\":\"0.0.475\",\"page_url\":\"https://www.oilily.com/en-en?tduid=7f35533af8d5986f1b3f68cb310fa579\u0026progId=369214\u0026affId=686431\u0026utm_source=tradedoubler\u0026utm_medium=affiliate\u0026utm_campaign=Takeads+DE\",\"shop_id\":3983474801,\"surface\":\"storefront-renderer\",\"pixel_id\":\"99090758\",\"pixel_app_id\":\"-1\",\"pixel_source\":\"CUSTOM\",\"pixel_runtime_context\":\"LAX\",\"pixel_script_version\":\"201\",\"pixel_event_schema_version\":\"1\",\"pixel_name\":\"GTM NND Custom Pixel\",\"status\":\"registered\",\"user_can_be_tracked\":\"false\",\"bundle_target\":\"modern\",\"duration\":1239,\"start_time\":1502,\"session_id\":\"sh-752164dd-5D0B-4535-CAAC-5BF70BDE917D\"},\"metadata\":{\"event_created_at_ms\":1745721844717}},{\"schema_id\":\"web_pixels_manager_pixel_register/3.8\",\"payload\":{\"version\":\"0.0.475\",\"page_url\":\"https://www.oilily.com/en-en?tduid=7f35533af8d5986f1b3f68cb310fa579\u0026progId=369214\u0026affId=686431\u0026utm_source=tradedoubler\u0026utm_medium=affiliate\u0026utm_campaign=Takeads+DE\",\"shop_id\":3983474801,\"surface\":\"storefront-renderer\",\"pixel_id\":\"161775942\",\"pixel_app_id\":\"-1\",\"pixel_source\":\"CUSTOM\",\"pixel_runtime_context\":\"LAX\",\"pixel_script_version\":\"6\",\"pixel_event_schema_version\":\"1\",\"pixel_name\":\"Tradedoubler\",\"status\":\"registered\",\"user_can_be_tracked\":\"false\",\"bundle_target\":\"modern\",\"duration\":1387,\"start_time\":1502,\"session_id\":\"sh-752164dd-5D0B-4535-CAAC-5BF70BDE917D\"},\"metadata\":{\"event_created_at_ms\":1745721844866}}]}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 27 Apr 2025 02:44:31 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nHost: unseenreport.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ed316ce9c066d7525028f10f23fb2a76\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":687,"timings":{"blocked":294,"dns":9,"connect":92,"send":0,"wait":98,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"unseenreport.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"recordedthereby.com/sfp.js","fqdn":"recordedthereby.com","domain":"recordedthereby.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:30.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"recordedthereby.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Mar 2025 21:25:47 GMT","end":"Wed, 04 Jun 2025 21:25:46 GMT"},"fingerprint":{"sha1":"19:45:8B:8A:1B:43:8F:CB:7D:D5:AA:7C:FF:FA:04:93:35:CA:9D:47","sha256":"42:47:A7:FF:F6:7D:4A:05:03:EC:95:FF:4E:80:05:D6:0C:40:AF:69:D8:86:7A:42:05:F2:A1:D7:80:0B:40:B3"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: recordedthereby.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":10610,"data":"\n\u0018w0_qmZVSdobukXrBwYd9dTF7\u0012¹\u000b03AFcWeA5AE7oYpjwukxuLjNIf0u5XloNovCRBmAAYaPnT1J7OKsLGfXQ_7rhtraVukgVBQzuSPWEeSpp3qjUdToP0mm6KAg5Vtif-L73BtiH3nxYhHLbxGPDbfK_kKZKJ5JPzueYMCG6F0ydzLt3VdGPWET_IvtAcCFu5lhYwrOzqhXI2c9l2pOR10qp8DpcHFIojebMN_V2bF9htjIWvytnBiqzgYtRz40kh4Tz4UOKgdZHQ-7id00cuXiBO00i0J-7cFQ3mfvJre9wqtOS-kCyF0OSMTQ3rCmB12F1YT_Zz6De5jCPeG8PBPoSsVP5OFG37lv16Hl_Nfoc0zqnOYrPxej6KGVFdtMcY36eRJIyngJpTWpWRPyBlF2aoTtYco_XDEvFj1q7OlYZBR5E9t-EPlulVCjRvbxBjYrtK19N3ZREVPz6_VS7-w4e7Dmq8dDH3l5SxEGzHqCbrwq4b7q-FWR1mBmbVWi5794F_FiQ1rdlkT6p7XBdRVUohEui42xxL6J3l8Hkxpp61t1Y6Fcdzad5aouN7pWfvmmsPhoISFP6cAQOCLOoNVEvw2NLKEzngXoF6lq6-MRThwEY-aceP_GrZr1QfVWFS5vZEC1hzm_5x1lIKm_VFY4wIbMPGKTjUw6IciPDgk30w6uspGPTNgmDmmS_xbWK5B2sejmcDsta7Ct6_opCi6s2fMl6Ewa47w6y3z_UFyj0uUl8Tq8kToFwoQ_WG6hEiMIichh0nsTOrUv_SLgdzib1T7TXn7nAiqGaiJFeXc4RGfONSloFjdCq2daCZiMagm6dcdwDTFb1ikysAQGCyTCnzUNe6EVQu1joYjCYdakp4iq-gaxywOn7qZvut7Yc1qkONmzprSWjCQURxZQT5J4sTY4hxutI0P64JKvcqeh5dgYUbCoy0lQ7AlG14SiA3qwHkd_utBaMXVbQWJk8UKj5fNE0w5HemYc0eHEUU9l_ikTyUFqqffBQsY4n-YnyMcOGzQid1rS0SZoK1iV8uRuw1HI35AqGXCBEdhcLsJtR_QqKSG1ZfqXyhapgJ659N0Csz3qePeynavgqnv9_PjLzuMCjLzoE4yi3vzgznd5O6fG2uKLvx1ULDtFLHEJ-Ax_YSX_HU_VOzjFuzMmTNLx1CVryObpYdUvhj6wOPJ0s1PacCNg07Msthf3eSHOXB6F4WeEsnEOthotMKWs-A7kBeaDGBoTrZxFdjSiPPtFCWHVzB92wTsAfThYOda-oLa3ay23ISJprpXwsZC9AMSwAjo0BCl4CY-W0hx5ezQFo6JGn83O6cK2rfOtYowqxki76v8bRaQkQg6LUGpAVgon2LLd_yaH_Pm-JEAlhcwfEK-q54CYX_VYRVG68N1SDizVQJP-ptOXLCWj-eQOZ9AkZWETBVZsIWeHyu80aWcxcHB-CYX0YEz8Ol6VegQZF5rg6RFXpHvGVF160eZg\"»\u0007!5eOg4-YKAAQeGjZUbQEHewAw1KV9O99j6G5CJt8MY4DoUXfkC3CQ99FD54FNXbj_XpDM__UUy1i9x5AL__a6n7kHDwIEBadMKXMVwvMhmjYZSjGkhBvdmG1Iz6vqv1NSJsKm4WrJiqaNhSXCcb79TCpSBuf4v5CVY98Izx5M8yVddwIeZxB2ibwmDEMnVa4nF_Y2rOcLcpAPZ_G5c7tfmh3hdgopR276m-s8VbmFQEJAHdfq9NyEVPTDqlyQi0VIxlyy_Z99SvhnKJ1r5FLRAmrfZHgxdKYlxREN15nmdScA0i4FSyikj5YBSSGkYHirwoOZ-DbQBSGoZI4FWSNmPeJ0GoMWCZWeyKYo7TYKe_1tAeYeiYt86CSp_WV1gQfLy0MPr0-qJDAIg1emV3Gc7LD7BGqdejrA3MmiOEt-XJqxDA1sxUP1m6pmpXztHtaalSkF5I5bj0BQulKx1EWTBxVswvb1JgdXENEzrRfFCJmkAinfjnmofzoOeU-ZxMLOUA0uddY9vrP67tf8a7QpU53cRmbd1u3cwDTvESTrtPdFmKxS-f7qiCiJRWlthLCvJUou0a0A1ZZPbV7qlgRMbsnlP1UxAQMvV41La7mXFI6sidisJvnfLvl4A3H4AMMh5wAW4v5S4eQ4t_Yoo-fXvM5vQwIw_vVbKBc_6NZhS87hoSpyrJ2FpW8n4IcspnhluzBBo395Tq5kOR_quy9hmtz6zshuCwrig_SogRi7uCchLShi3_Pgh1F12eF10IcAo9DjBsQVUNDtnAB_bhClw0vmVP8Z_zPFUuzbgaVf3p2iVhT8mKwn0PQkQ99dB-Si1qAph9T_IxUmKjQNCy_j88Oreu7Vd7SOJZ143xesUFSCJ_WCs3PWvcBPTyBm7Yd5jrxPDZ-SHI0KYLEX4znyTYWEiMehb81SP8w8Oo4x4bnMc2qIQD1T50UdWg*\u000b-10982410262\u0001qB\bhomepager(6LduPZApAAAAAExDwI5OYE2GCj_ZYh8TC6Nnycww‚\u0001—\u001f01uT-DAoR2CEvLTT7RFJQVx5ndXN6QT5ZYWOaYXJ-gMnX1dyj7Pr4_8YPHRsi6TJAPkUMVWNhaC94hoSLUpupp651vszK0Zjh7-30uwQSEBfeFOIWOhwzOUxlalkxV12OdpuSfpCzfMih0rCf1-y6BNMP5iD-9wsTQUMiAUMZJyckbn1QjYdwn3ClesfQwZet2pus9QMBCM8YJiQr8jtJR04VXmxqcTiBj42UW6SysLd-x9XT2qHq-Pb9xPrIDwbsLj0zCRdfWUthdFxXSk55c4SxpJiAobKqo7jjx7ru5BPTGfERC_kQJUVDM1xPZFJ0WHt3epaLn3yXxqrWs53O9Mj23hEWGAUtEA8rAQstRSBAQUhPWFyGk3CjnqiTuqeQ0srKq7fnvOrvDvbgHgALRAcsKFdZaF1tTIBZZYV_jLKmkaXRxaqOn62xvsPC09veD-Ub6TArSVtRQE9UKDlHUlZaXG10fql_tYPKx7ri59P_29DrFSQ1HRvzBBIeHSYnOEBFdEqATpWTgmp7h5OXnp6vtr3rwffFDOfwATQ8TQ1MQDVBP1tSWGBDVGJpdnd3iI-TxJrQnuXLyv_B0t7q6_P1Bg0OQhhOHGM-hjhJVWJqbWx9g465j8WT2rW-z9YKG9_5CAMLOSQfJjoRIjA3REVFVlxikmiebLOkpMy_wsfh0gIR5_Pu-fvxPToqNzViFCUzO0FNSFleZJVroW-2vMaq6cz1p7jE0NXZ2-zx_Sj-NAJJOWc0JTZCTVZbWWpvcqZ8soDH38ScrbnFydPQ4eXqHfMp9z5FURMkMDtER0dYW2aUaqButbTIipuptbS9vs_S3AvhF-UsGzIgCBksLzM6QkpOXlhpc3mle7F_xsW6wrHwBuPu_AEpIBUaNBsrE1xYUWdKQHZvjJ59ipN4tpqqkbPAv-vVAcn57RD-5f8TECIrKD8xVkRCYmFZZHF7eKmWtZWN0s3B2svpxwfl_uUA_wYEDxo9LUQwQk5kVF1pUXlzc52rmHqmuaG5uuG9_NIG7vUUIgr9JBQnGkk-TWxdZ1pmgH-HbWaIYXKAjIuUlaapt-K4AQ8NFNsR3yb4CBtYFCAsa1JeU2qDkJWcXW56h4-SkaKrrt606rj__uzU5fP__gcIGRwjVSthL3Zki11zWWp2hYiRkp-kram9xMr2zALQFy8U7P0LEh8gIDE0Om1DjJqYn2acarGOoJXDu8DBurDBzdzf6O_39gEKEw4iJjBbMWc1fHhvZ6eEssLKpaGpxM7us_PeBvQZAQX9NhI3SVcnHjVvYniCkFNqd2iGs5PCp7C8odTPxLj5DvUGCioa6xxFIkdYPTRCZGNdZot4l6GWg5vDq5vJnKLO0Lq2-Q8LCib03O36AAkVGx8mMDkzR0tSgFaMWqF5sr_Fq8Gomaq-w8rL1trf7PLwAQcRPRNJF15pcTNEUFtmbGd4gIa0isCO1bP4qrvJ1Nvk3u_3-CsBSlhWXSRaKG9sb2ZgaYyqr3mE0pmettDNyNTp3wEg4eYkHB87BQxNWUA-MldWfpeahoWUqJa1ysCos-Hi2NDX2wTzAOkgAvcwKw0wISlKdn5kZ3yWkHN7ppyjyryzrd7U1dkCA8XQHhEbKgsyE1BVMTBCY0dWiF-Ve1xjm5R7oLevprTVxML-19fN9xP7CSD2GSlUUCFDWC5sX2uMVHylnqKLv8WwsJbZwuTQ7dLo9O71Gi4kMCMvVCZRZjF2THx9aHueZ42AvcCX1K_Vudywy-XkFNL09CIh-CJFRRk-NC1fbzqEf4udlnqmqY-evo-dxcfA4vDT3AD4JPsiF0EPBx9aXSUxUn5DXZCMmJiNtbmjsq_aqsO79bG_3d8G6_DtIfccCDAuK1ZBTlNyX2yHan92h7mLgsmpt6_a3czaBs3_DRIVEBQxQDpEMlgdcUNLVX-ShV54iKBxqsapo8bi7uTUAfv-4PwR7Q8UQjVQWFRFWXA4b3p1j1Glf2-YisaLidq_yM_rub7j4RXcCAAW9hgqQkRQNW5gZ152fIh5j3ifr7qzu9XZn8PL1wDn9vTd-QwL8i38AyNGNmorV3B7WGVTkX1urbnGlq6rnb249rvi-_ML7h0tMBAMSQ1BOB5hVGR-eX2LnaGBfou9mcG_q5mj48fs7gr09-77BQ0sOEcVSV8hRUU4UHeFiUtcaHV9gH-TmcWb0Z_m2Ofq7gr_DRAnC_MEEh4dJic4Okl0SoBOlYKUv5KpotC5w9DWANUCAOkB9hEMCB08UiVWOTtKdlmIflJwY5q2eJd_wdjgpeDBsNnDEtPn9f0xFC5AJSFQMl87RnJDV15oXZOOhYqxwL-wu6HKzN7A9-kEICIoITMVFCZMHR9NL1FPdYWUkX6GhnaNlqGgyufBzOPa-OfS1wEF8Tc8AigyFVdWcCIzP0tOW1ZnaXWjea99xKK05-jxzfb5Aw_R4u78AggSGSAjLjEvQ0dQfFKIVp28t5V5ipicqLKtvsDL-tAG1Bsl-icIQDNEaF1laWxWgZWepqCNuZi-wsvCxqjyx9L-zMLT3-z09_YHCRNDGU8dZFJ5bJV2gJ9zp52UydPe1uLK1c3Q4uH16_kjBRUAGRxMNzU5X2ttXIptimiaiZl_dIWTmKapqLm7xPXLAc8WIxI9QyojLjRUS3M6aW2JkH-Gj3B_nc-etK6iqdbO0d_k5-3nLxI9HSUoI2BTS09zXkJGZ2iFbaOmm3OEkJ2frae4usH0ygDOFQ8m-wNFVlsbP09lU1SEgHx9l6uTvLe-sLCywe_ktby1xtLe4e_p-vsLNgwYHy4xL2UzemiWpa5smL24tqXNtezm9eCxwtDW4ufl9vcFMgg-DDRFV0yFYYhXkn1-jHmmmqCWycCzuqa3xNHT3uPo9PX6_REVHkogViRrXWmReJOdj7iUma_SsdPd8OzawPjqC9orIQI5ATgfJC5bOnNqWVR7bpJxnZZmd4OOmaCaqrW7573zwQgFFu81FhJNVDJWQHBTgGRaYVZfpa2Gmn-jqM6atNzQua_AzNfg5OPz_gIwBjwKMkRUVnhrcXKbe41-eKy7psm_vrG4pLXDyNfd2OzzHvQq-D9GYlpfZ0k_iG5vj5qAr5KVndK8uuO6ybja4RIWAREh3_D8CQ4ZEyMtNGA2bDqBaZKucIWKcoORm6GnprbAxfPJEiAeJewiKUNRT1YdKys2OTZfl4-Wb6F0s8HH1Nez4M2v0QnRB9r65DDzGAIsRiogJkZpWmRKk45xpIhzgbvCjs6aosrstvb34ekO9Pos-TYfLzcgGytnfHhhW3ZxlWhola2a0aa51OvsrrkID-AcACcqNf43OlgZFyozN1pZao-dTY9lrry6wYjR393kq-H7CQcO1eHt6vX49UktN1I5LVR6NHZMlaOhqG-4xsTLktvp5-616wUTERjf6-34-_gwSE5iRTlvgkllb1VTlWu0wsDHjtfl4-qx5wEPDRTb6en09_QsIUhgXWxnYWpMkJ-bZqe2qreUm4fJn9Xv_fsCydXX4_Hs6RlMNT1dVSNYXFWIbnxaYpF3srbJfL6UyuTy8Pe-yszX2tcKKQEAGQ45Q1hHTFlhR2t7TpBmnLbEwsmQnZ6prKnG48zm3QgSGDUBQxgERhxSbHp4f0ZSVF9iX768trq0vtq20-zL_MnW2Rsq9A0qPB0rFEUjRElZdGmNjp6ddmKkerDK2NbdpLCyv8C9E_H2MAkXQT9AQyksGFowZoCOjJNaZmh4dnPDl8-gzL_Nv8MA8-LOEOYcNkRCSRAbHi4sKWWNTk6Xkqi5qb66oZiq1avR_MnQvP7UCiQyMDf-CgwgGhdfVEJceotZf2ZziZC5udC-wLnTucng587uHhcm9Q9GBE8uMDRBVTU8XG2MalKUm3G6yMbNlMqYwNHiBcwCFCIjIQcYBzEzMFxWPD9GMkNQVl9ncHOAhYuQkKSosd2z_AoID9YfLSsy-S_9RFtUJyAxPUhRUlRkbnChqA¢\u0001Å\u0002tbMyw2NzMsMTk0NF0sWzEsNTgxLDI4OTVdLFsyLDgzLDM3ODhdXSxudWxsLFtudWxsLG51bGwsbnVsbCxbMjgsNC4xNDI4NTcxNDI4NTcxNDMsMC4zMjQ5Mjk5NzE5ODg3OTU1Myw0M10sWzAsbnVsbCwwXSwwLDBdLFsiYm91Z2llcGVyc29ubmFsaXNlZS1jeW9yLmZyIiwid3d3Lmdvb2dsZS5jb20iLCJ3d3cuZ29vZ2xldGFnbWFuYWdlci5jb20iLCJ3d3cuZ3N0YXRpYy5jb20iLCJ3d3cueW91dHViZS5jb20iXSxbMTUsNjUzXV0²\u0001¤\u001dBHABcSJEDGSAAWMqKY0DDOANsIlYAC6FQJ9ggiaGCE2APSaAgRxCdwkLRFgICmNFQCllIAiBRKqAaAWgqIKCbIBQCFZCIEDJHKjSoQGBcIQEGGICwBIpABaIyYAVhBggUgMvYEqpUgCFcEFeQCS0QJAdXLFFIxRUaJiVJIlgwBMFEJCYIUwKAASAAFkGMkuriGSrGCFCNAgQgJKQZcBzQogVIEQIIAhZKEkIFEFKwAQiUQzQAgZAAq+UExIBFCiDkqB0FeFoI8AQ0wQAiXkBZQAAFSANBAUCqFABClKUZIBRBQBBNQlRBGBUAGMCyCYxCZUUki0BAgQ0DF4GAAQJUAgpPIwWCBIoRnaOUmRB2ibezEMeJGzYJBUMBIjsPkRkdgYhDBAgEGlr0cqACmANbQkA8BAGJYAmABIUAALwhIDKAgADNJoZmqDABXRWcUJDFEgCK6wAyiZiwBDBAckIWPQJKDAFA0AoALFQGYDUihIVk4gMCRFUQLgF2g6PFWUCNYtQQAVCgFC4IA9FCVCRNUBN4lLQ7KMhAHCAIpCqrJFJABQRYJBSAkWkIEIlVBoQcDCRAQACEIiIgUEEM8FbQgSihKhEQIgmuBlMAysIcWAi4EBt6CDRQSpwCIIkJ5XAsAERAEyR8EiBFFxBwykACRQPRIIQUQTChUA4YHdGX0cHFIoAeCFBijET1EMADgOhikgQinxQogQwAAGToEAvKCliKYBEIKBkBhCppoAMANxBAALoUWYwgDZhgqEV7ID5OEAIFlMAvKBEKS0pKCQIU0fSAAIR5QamLQACdFaxd8EkYLlEQCAICEHDMiIqUYggYBEAIopBEgQc8aQUQSETPwQkoAcCmpewoutQBIAoEDIhFgCHACRgAcVxKiloAIHGNEpKMcSIEFE5g4BmEhpAMASTD4IJG2jAxMD3JY1OAzCYIyIBCXhn7iJ0JNLIBBQIKEAAwMUSaoIcSkrtAIaCUAAUCAQwkBECwNoAAiZDMRbYARkIJLFFFlACFBZIiGIEQRkggQPBtARCGQJQAwY4QgTeIyIJRhHxaGhAkgmZAAE0QEFsGgIONeqAAiITEQQkFQgiAdsgK4KFIngCM3YACQSHcNJwADKNKmEIjKEUjgawRI6BgkmkC1CS2+BFQQ5/p4AigQWAECwFz3QUJAaKSQSwEiA8RXsKEDtJQ0SQBeJ+oHyBgnFFAiEoGxSpJOgCAgsgsiFgEggcAwLwJniooGSBxxQAjQ5RMoiAMMEgKBELBBCxFJBaOHgxSKjCjAGSkSwAYSZymIgFMCADSHQXkYooBrcAip4ROkEwQISAiIEEsNGQFKuxCAMQaAByKiRgkgMFAEDgAYKIciGYqAEs8CggVEAEMMSB8AMDPwFAmUIsHCwQIXlNVWVEGxjAiILIcYQ8aYQBA5aQOIgaBoESqAlOlMCrt2ISQoECiCSWAAEgQAKCACACGIKAACtxQQzASZBVAglsVilNDVrMNk8lZFkBjSERAIi2okAAzSCQsqQGiBAyCSpa3YBwA2istYLVYZAB1VktgYQNBMoCgUomAhAEwoIK7gQDQDFFASASOICAANYAzBn0SARIUCmvDCBECJRcKZAooBiBZBIATQNmjJJOjrAGgBNIAhIASESi9AEC4GMkAiLgUDHQEGy0E54rBVEik7AAQe4hEALcEwAERkpYwuwICIggQA3pQQEoAgAqiVANAA2yAGDOhEIdHawCWAYokAeAGohFGlQFAsEhAEmhWDCNgTUAAYgrEDYIEJCKhpQExGi9UIiYLozQUhAFAEkAIgIBAjBUJ8DAuQC0iKDoF7pIEAAVPyoCcEBGgJQFyEQ0BA0TEFACQyRcQoQp0ZKA7IE1QCCJBKTmg/sCIJR4lJWAEUIBowUABKiAKwjEoaQFRjGCcQqzCDERBNcLYEAMCkCFCZ0p9DGEiGAGwBAgBB+RIwIVAC4xKmUEDApKICDqkJxAwLRAiISARzbiwEMFEhKTEyYjhAxgogQMENAaMAwUQghFJCQJ7kpaTIXASkXvIAA0gmvEkVLgEiUAxCSgOACkAYoJWjpgAiiAiAcVQiVYKQQHgRCoESmzQghAJSBSkJlKQYgE7asKCRf1sh0jGBYBxXpdSAKYlIBBUE1QiQldAIoiCAyjhSEgAA6IBFXQRgCmDIIBIEuZJKkxlEWYwgaXkRBAm8AAdu0AWkKAAEOBRi0EezLUyN0IiQKZsrklNEpQ/GmE6iejpIzJzC3FDBCkAA6DQAMCIAAVCZMGEASsANJmgKBQ4+2dmMCEmgFBJlISXFgUIHwqgoBgkmwpMERDYgCEV5hyNATSoQERCmWRpMCiQkQrAChICFOmAShUDWQZCAjE3CBAAOgVUoGkIEGoQgYAKHAgNRmAAIgqBYQUZAPMOMBFCCNBhAhzCKBAEwIgGQsTJgAYIAIRdhDxwUKYgQAQZcEIsIiIUgGQYAqQJgAESBXQJEJKJQIGrBAAyno0mwBBkEKAQjASIQDmXGSZcEAQVEATCBmGWhQkGRQBS7QioQgYgQeSl6RFjA/EkxggS5RmCCAMQpgJsgipEUeCCHHlgDM/gIPQcEHEMFCAgTYNMMUtiMAWxYhAFAQAKwEiALIwUBMbOEhKHYOMTlxZgFogpWhAejwOABBAZ5QgQQLGhA5ggWkjGgAFg4LANIInAM7RYgYIHzsHEEEPhCDUoBcCp8AGBESZgIUSAAgCmJyAByKoIdQC8AGBogkQIggAICqUCIHZoJA4KIjMcDKMQRiwXmQ4pFEAaoSAHLlSs0hgOoMBQFsABECAQI0oQAHueElBAiSXEih2I8QPBGzNRkOSplACCCHCZIxoCjw1FwopHDiYIgZhFAOINBFApKAEAiMfC5IzwOQgDBAgIoCuBoAG4AIUEIAAPxDhgCDAgbIUAQIgCEWGYYQlxAJEAACMFITwAFLIABUPEABuJAELDQfhmutelCCLSJOFyCEJC6alERBABEBZADgDAwECoM7bIvQe1QKCI5IpCqpgiOCCmU6OIMEhGDR0hG8oAIAAxwQNIaAJIUwCABqAFACYkGAKACSF5HO2iIOP3AAiIqUJ4FEGhAUCiSFCSWiAAoYiCiAbEAiYLBCiuhMHwoJwOnJ8ZEiDaOAxl0gCJXqPARSgAEDB6AgChnBpBRDBA445OYgAWJQiAFEaCChLA5kQECt1ihCAyECYBsjEApIYk/8CRGjFAjAhUSYgADFTASCJkB5AwhhY3gARBogRRnDFiEUBU1qJhRIMCJD4ttmRqUAgIwv4tIAtLA7BjxkIoWR2BCEJwSjIoZ2YQT2QkDEoQBwIkADBERTQCJgGCZngEYFzkWUsA8BIDABECj5gIgAWlA3ECx/hCCDJ3JkIjnQFYAIFRAUQQaBZSrCWoTYpgEogNMgSVVVCBWIGiMESoLXgTUwUYEGYgNEvTCDkBIAiKINiSAEgNJOEe4CgRAAEkCceJVi5nBLFAs5DEENgXWiODggCSAIFw3IGBxIwAmEKQl0wGgXRAAigIVAIAo2TPPE4F6oESCKJgQKjIIioAPQYcRJCA0SA1JrxBTKiCGMAFgciEBoCApQC1QzEgk9CoyLFkS0SCKgOhgKo8FagTBwSik80oDFICUEwWEqgMdXbgrAQVExRAnMAawUIAkUQbvhKRAC4IEElb0xoGizcg5AbwURSIqouCyADQEBAiEE1hmABRCDgcGZRAFMAxlFBDUmEJQgnYkLAhEEUATJKBBuZGAIyFZCoÊ\u0001\u0003W10"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:30 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 28255\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: recordedthereby.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3a2469e357ab520d790cc323c687c5c1\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":85380,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"108625937affa4b38bb17cea65510d72","sha1":"2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee","sha256":"c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0","sha512":"7ed575e399e05235e4b15c050450e2aa54fb02f6080c198ef88de2b13c790ebabee5b1921edbe9948f8371fab97c6387f3456dec581407eaace0be3d218cec19","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoR2:nPncLBSUBULGVTfGpucE5fow","tlshash":"948395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-01-25T09:25:15.370304Z","last_seen":"2025-06-27T06:21:24.06821Z","times_seen":2209,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"recordedthereby.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nannyirrationalacquainted.com/pixel/pure","fqdn":"nannyirrationalacquainted.com","domain":"nannyirrationalacquainted.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:30.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"nannyirrationalacquainted.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 00:43:48 GMT","end":"Sat, 19 Jul 2025 00:43:47 GMT"},"fingerprint":{"sha1":"02:A2:15:3C:6C:15:16:0E:78:8F:56:09:21:EA:27:04:2D:EC:D5:E2","sha256":"B9:E9:88:D1:E9:84:76:2E:AF:77:43:F9:01:55:3B:97:B2:F2:0F:4E:F1:20:AC:28:9B:22:95:74:08:37:71:33"}}},"request":{"raw":"OPTIONS /pixel/pure HTTP/1.1\r\nHost: nannyirrationalacquainted.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://mexa.sh/\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS","post_data":{"size":205,"data":"{\"metadata\":{\"event_sent_at_ms\":1745721843428},\"events\":[{\"schema_id\":\"trekkie_metrics/2.0\",\"payload\":{\"metric_name\":\"serverSideCookieNotSet__shopify_y\"},\"metadata\":{\"event_created_at_ms\":1745721843428}}]}"}},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:31 GMT\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Max-Age: 1728000\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":638,"timings":{"blocked":266,"dns":1,"connect":91,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-26","alert":"Sinkholed","trigger":"nannyirrationalacquainted.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.creative-stat1.com/sb/notifications/dating/default/us/desk-all/css/style.css","fqdn":"cdn.creative-stat1.com","domain":"creative-stat1.com","tld":"com"},"ip":{"addr":"104.21.13.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:31.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-stat1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 13 Apr 2025 21:34:38 GMT","end":"Sat, 12 Jul 2025 22:33:20 GMT"},"fingerprint":{"sha1":"0B:D7:09:43:6C:42:76:92:3B:8C:0E:15:43:A3:A3:AC:94:B2:C2:CB","sha256":"09:C8:2F:08:19:0B:87:6B:10:9C:A8:7B:34:5A:05:BC:D3:94:4D:42:D2:F4:2F:D0:E2:EB:DE:81:DC:93:90:B8"}}},"request":{"raw":"GET /sb/notifications/dating/default/us/desk-all/css/style.css HTTP/1.1\r\nHost: cdn.creative-stat1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:31 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:23:50 GMT\r\netag: W/\"65aa85f6-1676\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 62003\r\ncf-cache-status: HIT\r\ncf-ray: 936afa83bb29b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5750,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"2648ad78701bb00949b244fe3f1a8bf5","sha1":"22d324dcf9f1f838e39963096d60becd2c539372","sha256":"77e68f8d0c801a8ac9e6446ecd0f742d039290c6e7e6023b2f88a78c06ba390e","sha512":"f1b4579331fb3d7aef31a3ad4d177cc2684d3e6eb1f92e36663eeca8258a1dd105f99c8afc42c3095fd98e945d45f8d30f38f2b11e4cff3d7adc23f968c9f04f","ssdeep":"96:iTMXkG4Pz2HhN6F+iQImJxMX5ei4wFlFDJUTQHjbl+VF3XYv9ytWFHF2rBHhZrTB:IMX6r2HhAF+JxMX5mwFlFDJmGjbcPAFS","tlshash":"11c1dd9a2a771904b807d56b3f6a2747272540078a0fe9653fcd724c8fca1e8c9d27db","first_seen":"2024-01-21T17:21:58Z","last_seen":"2026-04-12T04:27:11.000618Z","times_seen":250,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":38,"dns":1,"connect":1,"send":0,"wait":7,"receive":0,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/yep_d.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/yep_d.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 15222\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:34 GMT\r\netag: \"3b76-550b66ea30280\"\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 5932\r\npriority: u=4,i=?0\r\naccept-ranges: bytes\r\ncf-ray: 936afa7238270b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15222,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced","md5":"662d1738accf3ec5f5c95a0e4896b232","sha1":"8b1907196139b8819ffd1a77b3b71d3872ca848f","sha256":"2c3e1756a8ea4bb4fca505be1a11e169adf01017e5fecd3602f3895f1b4450c3","sha512":"6802be674d2ddd590fe7a6266d997e57aefdd56dea418ca7ed441fc370d8b0c0a6c3361cc799cea9e37c1611b1a756ac9f2d3fef24aa12e46aa5780a01c6d091","ssdeep":"48:gei+k29W8sEvWxN+Y92/Jz3BCM0Lj5cchpJ77LTM:13kEWRHxNXiJecchf7LQ","tlshash":"84626634fcf075a8954aa1332dd525099c734683da819c4abbcd8c176f11bed4c5f186","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.366614Z","times_seen":110,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js","fqdn":"obeseglobewimp.com","domain":"obeseglobewimp.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"obeseglobewimp.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 03 Mar 2025 19:05:17 GMT","end":"Sun, 01 Jun 2025 19:05:16 GMT"},"fingerprint":{"sha1":"2B:15:3C:49:E3:1F:CD:ED:DC:1D:2A:15:38:00:BC:58:19:D2:A1:59","sha256":"93:03:39:F4:5D:19:03:BE:48:AE:42:E1:F5:41:28:60:0D:F9:A4:39:5F:5E:D5:90:9E:A3:4A:84:DC:5E:10:68"}}},"request":{"raw":"GET /48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js HTTP/1.1\r\nHost: obeseglobewimp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:29 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 31017\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 5\r\nHost: obeseglobewimp.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ffc26a0d15ee9f6cd087443f19eba160\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":98068,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"0435d2a71bb2bd884628141d7147aadb","sha1":"d959d78e83e3789d97eb5d3eff82b41e317dc061","sha256":"3499fa3c0e395580681645d31d8bd39325999c9961e155b6760cd85c246a1519","sha512":"795818843148438b54a9e8a34b9a55859adfc258cb58f1dcfd857c67abac5706ecbd3b980a1d4ea078e4f57778c45e629e098de5dff99d5ce18cd13f51340aff","ssdeep":"1536:7hsKcFxhohdidzSyBy5hvESV2C+5H0dPvuFXuxL76LRafh32MaLY0ub+iY65xBvu:SpzS24PEXcT05iY65xBvwEOX","tlshash":"d0a3d88a7f00f11c42b160bb273f5619f0250e96e68c916ce013e1ed3f6cb5bea79599","first_seen":"2025-04-26T17:22:46.279273Z","last_seen":"2025-04-30T20:35:43.560732Z","times_seen":3,"resource_available":true,"data":null}},"time_used":1004,"timings":{"blocked":379,"dns":67,"connect":96,"send":0,"wait":104,"receive":101,"ssl":252},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"obeseglobewimp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nannyirrationalacquainted.com/pixel/pure","fqdn":"nannyirrationalacquainted.com","domain":"nannyirrationalacquainted.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:31.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"nannyirrationalacquainted.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 00:43:48 GMT","end":"Sat, 19 Jul 2025 00:43:47 GMT"},"fingerprint":{"sha1":"02:A2:15:3C:6C:15:16:0E:78:8F:56:09:21:EA:27:04:2D:EC:D5:E2","sha256":"B9:E9:88:D1:E9:84:76:2E:AF:77:43:F9:01:55:3B:97:B2:F2:0F:4E:F1:20:AC:28:9B:22:95:74:08:37:71:33"}}},"request":{"raw":"OPTIONS /pixel/pure HTTP/1.1\r\nHost: nannyirrationalacquainted.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://mexa.sh/\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:31 GMT\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Max-Age: 1728000\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":640,"timings":{"blocked":268,"dns":1,"connect":91,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-26","alert":"Sinkholed","trigger":"nannyirrationalacquainted.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.creative-stat1.com/sb/notifications/dating/default/us/desk-all/js/script.js","fqdn":"cdn.creative-stat1.com","domain":"creative-stat1.com","tld":"com"},"ip":{"addr":"104.21.13.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:31.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-stat1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 13 Apr 2025 21:34:38 GMT","end":"Sat, 12 Jul 2025 22:33:20 GMT"},"fingerprint":{"sha1":"0B:D7:09:43:6C:42:76:92:3B:8C:0E:15:43:A3:A3:AC:94:B2:C2:CB","sha256":"09:C8:2F:08:19:0B:87:6B:10:9C:A8:7B:34:5A:05:BC:D3:94:4D:42:D2:F4:2F:D0:E2:EB:DE:81:DC:93:90:B8"}}},"request":{"raw":"GET /sb/notifications/dating/default/us/desk-all/js/script.js HTTP/1.1\r\nHost: cdn.creative-stat1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:31 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:23:50 GMT\r\ncf-cache-status: HIT\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nage: 62003\r\netag: W/\"65aa85f6-182\"\r\ncontent-encoding: br\r\ncf-ray: 936afa83bb2bb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":386,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"5ca8c1679ba9453cfa512e01d6fec9c5","sha1":"45628341eb20e4acee5e812d3b2dfc8f23962daf","sha256":"520a0196a18cbe656f7382a02ec828125e68bdac511b9ebe2bf27f31e262d037","sha512":"842e878cb264f7362266570b9a8e4b50187e8bedf2a499c0b8fe5e9fa2c563fa7577427039f58540b103c4da5197287373efc5f031ebd7ce17e5b34bbb8d11f7","ssdeep":"","tlshash":"86e02b386158513487f7d1a2619f27df2730469ed00a025e702c474f0ce1fa622c1d9b","first_seen":"2023-04-05T09:22:06Z","last_seen":"2026-04-20T00:56:58.60115Z","times_seen":2601,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":37,"dns":3,"connect":1,"send":0,"wait":6,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:32.074Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 31 Mar 2025 08:55:43 GMT","end":"Mon, 23 Jun 2025 08:55:42 GMT"},"fingerprint":{"sha1":"7E:14:87:08:DF:BA:04:65:17:BA:3B:4F:BA:EA:BC:8C:3F:0A:A4:00","sha256":"CF:6B:F9:B4:5D:A7:83:D4:84:57:F9:64:79:15:1F:EB:6A:C5:D3:DE:D4:65:4A:01:0E:D7:43:84:4F:92:04:59"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 27 Apr 2025 02:44:32 GMT\r\ndate: Sun, 27 Apr 2025 02:44:32 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"079d175a37af415fe31b05b4ee3f0c6d","sha1":"e14b499ae075d1437a3d19c061ce5c47e70ebaf9","sha256":"9407ac88551e3046045786d43d427ded47b0133ac0acb85f8604743885d06d4b","sha512":"af8cce6e89eab758435d92c4cacda998caff1183604f373ac681761f6a405266804a330e9af07feb03881152eff12e80a301810c632f0a1a5c307775221572fc","ssdeep":"384:pCf5CgCPCrCyUC/qY4+C4CYCpCfMC1CWC6CyhC/qY4XCNCtC4CfdCkCDC3CyQC/x:pKhOoJUaRbn07Un9JhaEqOFulqsJQaVb","tlshash":"18722ea1041700009b835ce223cebf35fe1f92117141d0b9abfd9b6badcbd6652693ad","first_seen":"2025-01-09T16:14:03.891829Z","last_seen":"2026-03-12T04:48:01.877198Z","times_seen":715,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":87,"dns":0,"connect":20,"send":0,"wait":31,"receive":0,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"straightforwardaudition.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fnotifications%2Fdating%2Fdefault%2Fus%2Fdesk-all%2Fcss%2Fstyle.css\u0026l=5750\u0026fd=71","fqdn":"straightforwardaudition.com","domain":"straightforwardaudition.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:32.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"straightforwardaudition.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 23:29:29 GMT","end":"Sat, 19 Jul 2025 23:29:28 GMT"},"fingerprint":{"sha1":"37:79:6E:2B:6D:60:27:B4:CE:CF:C8:79:9F:47:21:CD:A1:1F:02:45","sha256":"92:25:26:1E:08:FC:AA:95:F0:A6:AB:CB:A9:FB:84:A5:88:FE:64:84:0A:90:6D:D7:84:2B:F0:F7:08:BE:A7:F4"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fnotifications%2Fdating%2Fdefault%2Fus%2Fdesk-all%2Fcss%2Fstyle.css\u0026l=5750\u0026fd=71 HTTP/1.1\r\nHost: straightforwardaudition.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:32 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: straightforwardaudition.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":648,"timings":{"blocked":274,"dns":1,"connect":91,"send":0,"wait":93,"receive":0,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"straightforwardaudition.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=UA-79936000-1","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 31 Mar 2025 08:54:37 GMT","end":"Mon, 23 Jun 2025 08:54:36 GMT"},"fingerprint":{"sha1":"E4:97:12:2A:2B:30:84:66:33:9D:D6:09:14:D3:8F:CE:3E:20:73:24","sha256":"D5:81:53:10:24:38:06:43:73:D0:A6:65:1A:88:4A:66:4C:27:69:54:27:93:B7:A5:91:07:BF:72:58:7F:73:AE"}}},"request":{"raw":"GET /gtag/js?id=UA-79936000-1 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\nexpires: Sun, 27 Apr 2025 02:44:29 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1068:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1068:0\r\nreport-to: {\"group\":\"ascgcycc:1068:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1068:0\"}],}\r\nserver: Google Tag Manager\r\ncontent-length: 95697\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":271961,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5436)","md5":"b3e1196924778443c3961e21ff91e6dd","sha1":"fdad9b529613a1647a351427817060f9c01e64de","sha256":"6dc67659257fd5388d8eced0b3f7d4add38ee93f5a612c63e2892dc78e7021a1","sha512":"10b13728ad0445c3c2e038d0ee0e2b3a036771ec7d654ed28ef061b11e0c10f572dc51a901a7df836162610f6ed9f15a808ce903ced48b8af0480f325a14e95a","ssdeep":"3072:IOhdrV9tD1DN3FlUrg0fqlaG6V35Gk5+FioUJoqunfVyeD0/NPg7zFc:Zhvp53FlU78aXPYFFlnfn0/NPg7u","tlshash":"e044f7ccb3d6b4668393a474903f014bb17b7892f84cd894e186d9e82d74aa94277f7c","first_seen":"2025-04-27T02:45:03.511998Z","last_seen":"2025-04-27T02:45:03.511998Z","times_seen":1,"resource_available":false,"data":null}},"time_used":463,"timings":{"blocked":163,"dns":2,"connect":28,"send":0,"wait":58,"receive":60,"ssl":147},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/premchar.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/premchar.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/css_newTheme/main.css\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 69808\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:34 GMT\r\netag: \"110b0-550b66ea30280\"\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 5931\r\npriority: u=4,i=?0\r\naccept-ranges: bytes\r\ncf-ray: 936afa7388740b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":69808,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 142, 16-bit/color RGBA, non-interlaced","md5":"e3a6c4b647e9c8b789b17a98fb6d75f8","sha1":"c7428a76951933962ef1d7400b37ba9ef91d6afd","sha256":"0b96b573944cb4d34a5ee132b09eb322845c82a7ef1a3db0931927c336735d69","sha512":"b1130d899567f335f330107d8ac4842ab7b6cf5dc34e94989bd01ad8bb7ae1d3828486bf06671feeb91384feef95c1526aeddf390f285b8c288da1df9f47ffa6","ssdeep":"1536:yUm0sAuksyydgENQR7Ft5VmzdAH0+y/xW9horYNlm:0FdgENMF3ydAH0+y/yyYNlm","tlshash":"2263f135e9f57179e8c9a8a20e47a68a59236543d2c10c94f2ef8c811f45bb7ef0bd80","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.389234Z","times_seen":110,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"experttrafficcounter.com/stats","fqdn":"experttrafficcounter.com","domain":"experttrafficcounter.com","tld":"com"},"ip":{"addr":"18.185.55.239","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"experttrafficcounter.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 23 Jan 2025 00:00:00 GMT","end":"Sat, 21 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EE:A0:89:D0:CF:A2:E2:EC:50:6D:6C:20:D2:5A:BB:B9:8C:6E:3F:CC","sha256":"10:38:3D:45:4F:24:A0:61:7E:B2:5F:85:B3:4F:33:39:E0:8E:3A:82:45:63:EA:1E:41:80:93:2A:65:F3:A1:AC"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: experttrafficcounter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://mexa.sh\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=2e05f825-9e8c-4972-897a-aa643ea95715:1:1; expires=Wed, 25 Apr 2035 02:44:29 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"f56f314d98580c702b1bbb39b6bb1f67","sha1":"10cfdefa95116c863696cd9875234a1360069766","sha256":"4467c5dd1110cd9dfa599dd30a6c20c85f7eac3c3dc546f4ff56aae832282722","sha512":"66925f4efd78846681ece3f9c330f58014645b7ef1f6b6031f0022ac68e4cf075613d76f0e1444c7462a7fe0924a3e05e49b79cc69c8f4423144d7d2a2cb4c48","ssdeep":"","tlshash":"b19004dc0d417015c10c4700054037c1df1100c004104c5551434d014d00f15f5d0f54","first_seen":"2025-04-27T02:45:03.50239Z","last_seen":"2025-04-27T02:45:03.50239Z","times_seen":1,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":94,"dns":10,"connect":29,"send":0,"wait":21,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unseenreport.com/pxf.gif?uuid=2e05f825-9e8c-4972-897a-aa643ea95715\u0026eb=56a3745424804a23b12899170f9076de\u0026te=9c9b2bc1fcb866fe34b4078d4dc2b749\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=ce95e43f3553e10df4882fca51971c45\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=2","fqdn":"unseenreport.com","domain":"unseenreport.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:31.284Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.unseenreport.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Tue, 18 Mar 2025 22:26:47 GMT","end":"Mon, 16 Jun 2025 22:26:46 GMT"},"fingerprint":{"sha1":"E0:4C:2E:29:FF:E3:0A:E7:2C:96:4B:AD:13:1B:9D:AB:A0:91:35:A7","sha256":"E6:7A:E6:7E:06:5E:5D:89:5D:BD:0D:EE:0A:18:3A:00:43:32:6A:73:D9:EA:22:8A:F2:90:17:4C:4E:E8:E7:7B"}}},"request":{"raw":"GET /pxf.gif?uuid=2e05f825-9e8c-4972-897a-aa643ea95715\u0026eb=56a3745424804a23b12899170f9076de\u0026te=9c9b2bc1fcb866fe34b4078d4dc2b749\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=ce95e43f3553e10df4882fca51971c45\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=2 HTTP/1.1\r\nHost: unseenreport.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 27 Apr 2025 02:44:31 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nHost: unseenreport.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3eb3a24663f84a57fe93f00be5eea903\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":692,"timings":{"blocked":298,"dns":9,"connect":95,"send":0,"wait":94,"receive":0,"ssl":193},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"unseenreport.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"straightforwardaudition.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fnotifications%2Fdating%2Fdefault%2Fus%2Fdesk-all%2Fjs%2Fscript.js\u0026l=386\u0026fd=62","fqdn":"straightforwardaudition.com","domain":"straightforwardaudition.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:32.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"straightforwardaudition.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 23:29:29 GMT","end":"Sat, 19 Jul 2025 23:29:28 GMT"},"fingerprint":{"sha1":"37:79:6E:2B:6D:60:27:B4:CE:CF:C8:79:9F:47:21:CD:A1:1F:02:45","sha256":"92:25:26:1E:08:FC:AA:95:F0:A6:AB:CB:A9:FB:84:A5:88:FE:64:84:0A:90:6D:D7:84:2B:F0:F7:08:BE:A7:F4"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fnotifications%2Fdating%2Fdefault%2Fus%2Fdesk-all%2Fjs%2Fscript.js\u0026l=386\u0026fd=62 HTTP/1.1\r\nHost: straightforwardaudition.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:32 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: straightforwardaudition.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":172,"timings":{"blocked":79,"dns":0,"connect":0,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"straightforwardaudition.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/premium_download.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.377Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/premium_download.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/css_newTheme/main.css\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 35695\r\nserver: cloudflare\r\nlast-modified: Sat, 15 Jul 2017 04:35:36 GMT\r\netag: \"8b6f-55453b26c1600\"\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 5931\r\npriority: u=4,i=?0\r\naccept-ranges: bytes\r\ncf-ray: 936afa73a87e0b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":35695,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced","md5":"75737b3b7b2586619b43ab184c2f95bf","sha1":"89878f4f4aafb8637e9e9c50eedbba12e1cb74eb","sha256":"e05df009685a645cba141b9e0d534c8abd9b23ec997e0894e585702c73e04a5f","sha512":"ec0499ff241fbaed23dc2da530b0fe608f9cf937f0a905db9d34b0ea61e629c63fa4fbff50e9e5a679a28f9ce7e358fa821af55d20e9e2dcf0c2724553d1e4ed","ssdeep":"384:7JXE05PinC53BsFyDwlRoyajReRwgIAIDLPf4lcty1ZTi9MMZCt23hYFtj:J35PiED6o5M+jAIvPQctoOMygmGjj","tlshash":"1df2b062adf2b165b099d73039ec15452a27a287e5c26c473ecc8d8f8f50b97cd0f265","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.370567Z","times_seen":110,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"recordedthereby.com/sfp.js","fqdn":"recordedthereby.com","domain":"recordedthereby.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.888Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"recordedthereby.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Mar 2025 21:25:47 GMT","end":"Wed, 04 Jun 2025 21:25:46 GMT"},"fingerprint":{"sha1":"19:45:8B:8A:1B:43:8F:CB:7D:D5:AA:7C:FF:FA:04:93:35:CA:9D:47","sha256":"42:47:A7:FF:F6:7D:4A:05:03:EC:95:FF:4E:80:05:D6:0C:40:AF:69:D8:86:7A:42:05:F2:A1:D7:80:0B:40:B3"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: recordedthereby.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:30 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 28255\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: recordedthereby.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 75a8f50e71f6c9ff7d3ea943ccac5dc9\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":85380,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"108625937affa4b38bb17cea65510d72","sha1":"2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee","sha256":"c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0","sha512":"7ed575e399e05235e4b15c050450e2aa54fb02f6080c198ef88de2b13c790ebabee5b1921edbe9948f8371fab97c6387f3456dec581407eaace0be3d218cec19","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoR2:nPncLBSUBULGVTfGpucE5fow","tlshash":"948395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-01-25T09:25:15.370304Z","last_seen":"2025-06-27T06:21:24.06821Z","times_seen":2209,"resource_available":true,"data":null}},"time_used":254,"timings":{"blocked":100,"dns":26,"connect":33,"send":0,"wait":28,"receive":18,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"recordedthereby.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/b3/dd/fd/b3ddfd7cf6f212b3bce3129fb7a007fc/1683231156.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:32.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 12 Mar 2025 02:33:05 GMT","end":"Tue, 10 Jun 2025 02:33:04 GMT"},"fingerprint":{"sha1":"44:32:60:54:16:79:8E:ED:60:B9:DD:B2:36:7C:B0:DC:CC:F5:B5:5C","sha256":"BA:CE:D6:BA:55:98:12:53:9A:7E:94:80:FD:98:11:81:BD:D5:5B:79:E9:30:9C:8E:03:B7:C1:E7:7A:DA:C9:BF"}}},"request":{"raw":"GET /si/b3/dd/fd/b3ddfd7cf6f212b3bce3129fb7a007fc/1683231156.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:32 GMT\r\ncontent-type: image/png\r\ncontent-length: 64601\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 04 May 2023 20:12:45 GMT\r\netag: \"645411bd-fc59\"\r\nexpires: Tue, 29 Apr 2025 02:44:32 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":64601,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"887812a53b8ea2dbad33f6ae105b8c2d","sha1":"f83d97ef46827200fa62093ed09b4b6fa25b26d8","sha256":"9443edf293511b0732211234002c799508a2bfc63a3e28a57d7b12ee30f277e9","sha512":"83d31c81c672ae6eec74c4fdfdfb660b5f7bff5f11adf46f455d1dfb1f9461bb34a8fe132121cae669c3c2337cb476e1c130f10a1d18a7e7c426329c1767dd46","ssdeep":"1536:6Pc0RaMAwV3e6sdzcxwkFXDcohfdZh0jYCnzX0TJ59G:6k0RBV3Erkxwohfj0YCnr0N5c","tlshash":"46530204775eb63e718713a17bced422d11916235c828a16d63ca7e29ffa07d7fca482","first_seen":"2023-05-05T23:11:51Z","last_seen":"2025-05-19T15:57:18.186264Z","times_seen":1946,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":105,"dns":0,"connect":0,"send":0,"wait":58,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/frechar.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/frechar.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/css_newTheme/main.css\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 66710\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jul 2024 07:38:56 GMT\r\netag: \"10496-61d94c9aac4eb\"\r\naccept-ranges: bytes\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 5931\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 936afa7388720b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":66710,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 144, 16-bit/color RGBA, non-interlaced","md5":"7adab309ecff73216286b6d34b795e7c","sha1":"f2791da7bcea6e23cb2ae8beb1724c6a003cb3c8","sha256":"1b2f0a33a03b71c4f76186a368adb3ebacf73dde3b770fe30b93cb4a54188078","sha512":"7aa33e7fef60932f16146f61d1b7745df72b9c97dc71c7c71f47b3366fd6648ddf036c22701adc741772ad385317dc0b71063e82db28476366058aceb65207c4","ssdeep":"1536:Jtt0Znqm82g4AZCtE0uIbHTHE/F3+bDMpopnRz4N2usc:ftmqmHlCIzu30DcAa6c","tlshash":"cb53e1396cf83529f48ed6714e4140c251a6439bdd139d49b2ee8ec68f00bbadca75cb","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.388145Z","times_seen":110,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/navicon1.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/navicon1.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 18288\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:34 GMT\r\netag: \"4770-550b66ea30280\"\r\naccept-ranges: bytes\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 5933\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 936afa72381b0b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18288,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"ae9204e9914f4e3c5b146c488d5a1811","sha1":"fe60b0cf1bbb856f93fca9183404d698e873f33e","sha256":"f570af26ff118159a429ef1f0add1fa3431fe4ab22e15e80da0407e5bbac2125","sha512":"b7b572445181140b586c52a811d254503f99a0dc517d4f2f148024a8b87778ffb191dd33f723c89819908a31a8d349b597d1d48e8084e0552845854239752dcf","ssdeep":"96:wZ/I09Da01l+gmkyTt6Hk8nTtXWvkir0yuBxHxPUoNGQZGfNXrNXVhAc/+miVf:wS0tKg9E05TtWkir0yExPUoL65xuf","tlshash":"fa821a25fcf070a9998db6321dd87502af3712c7d582ad49b6dc4dca2f10f9a8d5f092","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.374052Z","times_seen":114,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/regicon.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/regicon.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":1421,"data":"{\"schema_id\":\"online_store_media_video_created/4.0\",\"payload\":{\"shop_id\":3983474801,\"uniq_token\":\"00000000-0000-0000-5000-000000000000\",\"session_token\":\"00000000-0000-0000-5000-000000000000\",\"page_url\":\"https://www.oilily.com/en-en?tduid=7f35533af8d5986f1b3f68cb310fa579\u0026progId=369214\u0026affId=686431\u0026utm_source=tradedoubler\u0026utm_medium=affiliate\u0026utm_campaign=Takeads+DE\",\"resource_type\":null,\"resource_id\":null,\"current_src\":\"https://scontent.cdninstagram.com/o1/v/t2/f2/m86/AQN2Vf1u9txQs1Ds_yt8EMW2wY6N73Pl5oMRVa4eBQvGOPkrvdquntbYWbaf7y8o0StA7kj22jX3g_xwfBt69DQzJjQSxZnlajMdwoY.mp4?_nc_cat=111\u0026_nc_sid=5e9851\u0026_nc_ht=scontent.cdninstagram.com\u0026_nc_ohc=b01ClRh7eSQQ7kNvwH4N19U\u0026efg=eyJ2ZW5jb2RlX3RhZyI6Inhwdl9wcm9ncmVzc2l2ZS5JTlNUQUdSQU0uQ0xJUFMuQzMuNzIwLmRhc2hfYmFzZWxpbmVfMV92MSIsInhwdl9hc3NldF9pZCI6MTAyMzk4ODc2NjQ2MzI0NSwidmlfdXNlY2FzZV9pZCI6MTAwOTksImR1cmF0aW9uX3MiOjIwLCJ1cmxnZW5fc291cmNlIjoid3d3In0%3D\u0026ccb=17-1\u0026vs=ae20f601eecc1288\u0026_nc_vs=HBksFQIYUmlnX3hwdl9yZWVsc19wZXJtYW5lbnRfc3JfcHJvZC9FOTQ2QTFENERENERFNEZGMjRGMEY4QTI4QkM1MEQ5MF92aWRlb19kYXNoaW5pdC5tcDQVAALIAQAVAhg6cGFzc3Rocm91Z2hfZXZlcnN0b3JlL0dKcjNTQjAzSUE1Mzdja0RBRUFjVjJrRnluWVNicV9FQUFBRhUCAsgBACgAGAAbAogHdXNlX29pbAExEnByb2dyZXNzaXZlX3JlY2lwZQExFQAAJprU7ur-09EDFQIoAkMzLBdANLul41P3zxgSZGFzaF9iYXNlbGluZV8xX3YxEQB1_gcA\u0026_nc_zt=28\u0026oh=00_AfFYCJreJ74Jb_tZromYILWAWO0BB-npmkpn7PSTaD_cRg\u0026oe=680F6A88\",\"session_video_id\":2,\"can_track\":true,\"video_type\":\"html_video\"}}"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 19508\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:34 GMT\r\netag: \"4c34-550b66ea30280\"\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 5932\r\npriority: u=4,i=?0\r\naccept-ranges: bytes\r\ncf-ray: 936afa7238240b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19508,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced","md5":"363e2a7e57bf3cb4da7d113445cd676f","sha1":"15c3bba1a21d1543ee17ccd57a304f1efedca876","sha256":"012602b63f0fb6df165120eddb63fd137f160b56be0185cbe59aa6731f994779","sha512":"cab8b09b425b05c8f5097452f8094e8f3b0b684d601908d9db4b8bc3b8f314811a8f54776fe0f8c2a053f4aaa8cb5b13b84325cb73f8f86fa804d9749bb6108d","ssdeep":"96:CZ/I09Da01l+gmkyTt6Hk8nTUkkEWmY8nLxNGQdxGfNXrNXNsc9JvwslhsVUaCz2:CS0tKg9E05TUkk6DnN25PLaCzfe","tlshash":"6f921725fcf075a5688eb2331ed92502ae7707c3da816c4479cc4e9a2f10b999e5f492","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.368994Z","times_seen":115,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"capaciousdrewreligion.com/advertisers.js","fqdn":"capaciousdrewreligion.com","domain":"capaciousdrewreligion.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:30.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"capaciousdrewreligion.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Mon, 03 Mar 2025 21:07:24 GMT","end":"Sun, 01 Jun 2025 21:07:23 GMT"},"fingerprint":{"sha1":"F2:06:B4:93:08:6A:C2:08:91:7D:7A:22:BE:44:FF:74:BE:CC:0C:2E","sha256":"CF:EA:FE:9A:86:B4:00:C3:1C:97:19:A5:20:81:04:6E:21:0C:F7:E8:51:0A:7F:3A:A9:7A:C3:62:03:C4:EB:09"}}},"request":{"raw":"GET /advertisers.js HTTP/1.1\r\nHost: capaciousdrewreligion.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:30 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6219fc701a0a3d230470e0321d7cc266\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":376,"timings":{"blocked":178,"dns":24,"connect":22,"send":0,"wait":17,"receive":0,"ssl":133},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"capaciousdrewreligion.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/logo1_1x.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.174Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/logo1_1x.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 38035\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:34 GMT\r\netag: \"9493-550b66ea30280\"\r\naccept-ranges: bytes\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 5933\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 936afa7238190b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":38035,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 70, 8-bit/color RGBA, non-interlaced","md5":"037f1c3e351f635f706eda54b812c40a","sha1":"8aa7dd796e3b41fdf3f523edf6a24995fc6ca8fa","sha256":"30ef46dd068df61a603fa7a022c1aecd1a841c58d98fd1ceceea80ba342e8408","sha512":"eab6f144f9a35235f33a676f93663c14d0a031b7e23446503d250bff5a617f1c973c06cf20e4eedb5475559c6002fb4648219ab7a2e1b8235670391b096b15df","ssdeep":"384:mJXE054s553BveEoJdidHuq0qKiDM8vNLB45Odk5tFi0ewNgUYEq1NtOsEF:2354sGp8NdEi0xgR5tri","tlshash":"3b039e2efdf0b9d5c98c613a1ec9200259678bc7ca826c403bdd49995f65f88cedf942","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.368096Z","times_seen":115,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/1yot6zey2uxo/favicon.ico","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:30.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /1yot6zey2uxo/favicon.ico HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english; _ga_SBML259V1V=GS1.1.1745721870.1.0.1745721870.0.0.0; _ga=GA1.1.1398729241.1745721870\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\ndate: Sun, 27 Apr 2025 02:44:30 GMT\r\ncontent-length: 0\r\nlocation: https://mexa.sh/1yot6zey2uxo\r\nserver: cloudflare\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\ncf-cache-status: BYPASS\r\npriority: u=6,i=?0\r\ncf-ray: 936afa798abd0b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":14087,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/flags.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/flags.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/css_newTheme/style.css\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 29723\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:34 GMT\r\netag: \"741b-550b66ea30280\"\r\naccept-ranges: bytes\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 5931\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 936afa73586d0b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":29723,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1248 x 11, 8-bit/color RGBA, non-interlaced","md5":"df0a3afc77d0c08cdea27ac3a7b9620c","sha1":"8248d5c5e5eddeaa75a5a0b5490b58e0e61b6900","sha256":"a38e9ae7d0318307be9b3c7aaccaf64e484d775fe9a507f850b9e4bfa314cf03","sha512":"05c3fae1b7407f4e7160c98bb6c0a1f33845ead9ee38c5bd68a4f606d6e36687471a26524311b93cfda820a9c468ccd08020785cb6f9e83b270e508d74a2edf6","ssdeep":"384:gxtM1ctmsYOlQYt9QNhH4bJynMdfGPlWWLTTgeIfToR:0thmiWH4JcMdePlWsTgegTm","tlshash":"48d2bf18bef0b461d64532b05fc4358a5e365207ae805c427add6e667f807fbdc2a0eb","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.384286Z","times_seen":115,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/js/paging.js","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /js/paging.js HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:32 GMT\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 5934\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\netag: W/\"6ad-550b66e847e00\"\r\ncontent-encoding: br\r\ncf-ray: 936afa7228150b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1709,"size_decoded":0,"mime_type":"application/javascript","magic":"HTML document, ASCII text","md5":"43e50aa00ad654da80af8f7936afd4c6","sha1":"fb5921b855cce329191077b7e93563029d703545","sha256":"e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657","sha512":"a48211408cc1383409c6dee158de86a26ecdfc932cfd033ab2feeec603618ba8c91789e53d80b473ad69ca06571e3f81b966e6b66456a866411b1eea060a9c96","ssdeep":"","tlshash":"0431f1ac38e3a0009313117b6f2e52806e65280b4088dd48be8cc0914fcdd14a6aaabd","first_seen":"2023-03-08T03:01:08Z","last_seen":"2026-03-26T20:21:34.010905Z","times_seen":973,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"straightforwardaudition.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F24%2F54%2F4e%2F24544ed07f7394384bbb75023b9b0b3a%2F1591713925.html\u0026l=1274\u0026fd=528","fqdn":"straightforwardaudition.com","domain":"straightforwardaudition.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:31.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"straightforwardaudition.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 23:29:29 GMT","end":"Sat, 19 Jul 2025 23:29:28 GMT"},"fingerprint":{"sha1":"37:79:6E:2B:6D:60:27:B4:CE:CF:C8:79:9F:47:21:CD:A1:1F:02:45","sha256":"92:25:26:1E:08:FC:AA:95:F0:A6:AB:CB:A9:FB:84:A5:88:FE:64:84:0A:90:6D:D7:84:2B:F0:F7:08:BE:A7:F4"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F24%2F54%2F4e%2F24544ed07f7394384bbb75023b9b0b3a%2F1591713925.html\u0026l=1274\u0026fd=528 HTTP/1.1\r\nHost: straightforwardaudition.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:31 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: straightforwardaudition.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"straightforwardaudition.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:32.429Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 31 Mar 2025 08:55:41 GMT","end":"Mon, 23 Jun 2025 08:55:40 GMT"},"fingerprint":{"sha1":"62:27:9C:C9:95:FF:8F:83:34:D0:B1:42:CB:B7:63:C0:8E:6F:3E:F1","sha256":"3F:6A:5F:E1:F0:BA:1E:57:4B:64:05:6B:41:44:A7:D9:8F:95:5D:1C:20:DF:6E:CB:BC:9A:5C:1D:FB:02:A8:DB"}}},"request":{"raw":"GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 24 Apr 2025 10:03:46 GMT\r\nexpires: Fri, 24 Apr 2026 10:03:46 GMT\r\ncache-control: public, max-age=31536000\r\nage: 232846\r\nlast-modified: Wed, 08 Jan 2025 18:23:10 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-20T13:59:38.920906Z","times_seen":751132,"resource_available":false,"data":null}},"time_used":298,"timings":{"blocked":131,"dns":2,"connect":20,"send":0,"wait":26,"receive":9,"ssl":105},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-27T02:44:28.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /1yot6zey2uxo/Voice-RJ01370576.rar HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:28 GMT\r\ncontent-type: text/html ; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Sat, 26 Apr 2025 02:44:28 GMT\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\ncf-cache-status: BYPASS\r\ncontent-encoding: br\r\nset-cookie: lang=english; Path=/; Domain=mexa.sh\r\ncf-ray: 936afa6efdd95687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14038,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (10904), with CRLF line terminators","md5":"7c5897777adc502bcfa19017803077e3","sha1":"ce3e637a724e589719d5347fbaa2c864f46de742","sha256":"11283f9a0d28ed86487516dd83a2906dedfceed416adc49f604a4668f211d705","sha512":"9ee94c8e58ec3220703df343c1e6fc9bff907594bc922f8bcbbd280b3d4b1433cce9f7ad6d0b4ea2a98ca80dcb5e71c1f3f9634d65eecd141e45c28afdc91afa","ssdeep":"384:G9ndcholhmsBhmsLhmsFhmIjKlouN+jN4hUCSNRCXe:mdyoTPHPdPzHuNwN4qN9","tlshash":"8952c8b3abc0681a921381d5e525eb89be630d75c7129e42babf501af7cddf4081319e","first_seen":"2025-04-27T02:45:03.519137Z","last_seen":"2025-04-27T02:45:03.519137Z","times_seen":1,"resource_available":false,"data":null}},"time_used":339,"timings":{"blocked":40,"dns":20,"connect":1,"send":0,"wait":259,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.creative-stat1.com/sb/notifications/dating/default/us/desk-all/img/close.png","fqdn":"cdn.creative-stat1.com","domain":"creative-stat1.com","tld":"com"},"ip":{"addr":"104.21.13.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:32.076Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-stat1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 13 Apr 2025 21:34:38 GMT","end":"Sat, 12 Jul 2025 22:33:20 GMT"},"fingerprint":{"sha1":"0B:D7:09:43:6C:42:76:92:3B:8C:0E:15:43:A3:A3:AC:94:B2:C2:CB","sha256":"09:C8:2F:08:19:0B:87:6B:10:9C:A8:7B:34:5A:05:BC:D3:94:4D:42:D2:F4:2F:D0:E2:EB:DE:81:DC:93:90:B8"}}},"request":{"raw":"GET /sb/notifications/dating/default/us/desk-all/img/close.png HTTP/1.1\r\nHost: cdn.creative-stat1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":508,"data":"{\"metadata\":{\"event_sent_at_ms\":1745721844038},\"events\":[{\"schema_id\":\"trekkie_asset_context/1.1\",\"payload\":{\"build_id\":\"423a314223fb7e8d7c94337fcd62d7ad8c06d7a5\",\"page_url\":\"https://www.oilily.com/en-en?tduid=7f35533af8d5986f1b3f68cb310fa579\u0026progId=369214\u0026affId=686431\u0026utm_source=tradedoubler\u0026utm_medium=affiliate\u0026utm_campaign=Takeads+DE\",\"app_name\":\"storefront\",\"shop_id\":3983474801,\"monorail_region\":\"shop_domain\",\"source\":\"trekkie-storefront-renderer\"},\"metadata\":{\"event_created_at_ms\":1745721843430}}]}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:32 GMT\r\ncontent-type: image/png\r\ncontent-length: 4022\r\nserver: cloudflare\r\naccept-ranges: bytes\r\nlast-modified: Fri, 19 Jan 2024 14:23:50 GMT\r\netag: \"65aa85f6-fb6\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncf-cache-status: HIT\r\nage: 232646\r\ncf-ray: 936afa846b54b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4022,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit gray+alpha, non-interlaced","md5":"23e9690b0e7ac26868363a6248f44467","sha1":"d7ad0eae64e0c1e65b12eda0aa9d2b91996dd64f","sha256":"f362c67320d739ccf3bea21f857b9620075bd20ceacda8c51261b9612fe28395","sha512":"d5a8801b98aec11957fb8dc20b1595f1f47504d528bd89833b407ee71e715a57387e9762e3ef7f9d7ebcc87596737f9bddecab21c7ba3f456c8f3b111e025170","ssdeep":"","tlshash":"d981193882564c7cca0a77a10501f861e21f386cf97fb4678873a4d8430e2abe75f17a","first_seen":"2023-04-05T23:50:36Z","last_seen":"2026-04-12T04:27:11.006154Z","times_seen":2454,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"straightforwardaudition.com/impr.gif?sid=H4sIAAAAAAAC_1RSz4scRRSumcSTSkgIXkSYgwcVd7Z7untnOjkEY0wIiUlIIot4qq6qni23uqtT1T09mVN0QXLwMHhST73f7GZRQ9A_QNDZgIcFwfG0hywE_QsUchTpycDog3o_6nsF3_tefbZdHBEfBT288b4eSaXoatB2Wm-sy5Tr0rau3W65Tts521qX6Zp_tjWsnRmccT2_7bzZuiTYpl7tOK7juI7buiiNiPVwdY5CZg9Dtx06bb_TdgMfQ_P_2hYNWNoAHxyRU5B8duKP-CNINkWafH9B2M1cZ2-_lxSK5tpgwPc-SDdTXaZIlmlsGojTvUU3tJ0R8mUTOt1bTAA92KknQCRnpPnKE0Tp3oImosHuc6aRgkgR8RdRDqYQagpJp2B6C5L_RgDGce060uTBNW1Kevc5Smt0Ro4_-xuynJHjT04jTR6dV3LYuqVVkUudWgzjCnI4hexPkRX7yEdNyHIfLP8Ukv9KVp9dRZrsXLdKQ_LD1zvCCeJeJ1gJRY-t-GG3s9ILu3SF0jXfEzQMum4wl0jGUygxBrUNFPWRDRRxA0XWQMIPW77T85lLvbU45Kzr-NT3uYicsNdxHBqyLgpW8x8jz8Zgagxm7iEz97ApxzDFT7AbFSxvwOYEA16hFASlJSgpQSkJypygHFS7XNmOrR5wZYvIXcTOInrVROf9bbqr875ICagZw_BqR2Z37BZYfmwyiu2Via4djfJqQiNebWdH5GQtbePzf37GpjhsMREGwvdiLwg84To89nu9Tsxo4IZdl_kBrKwgbXMuxqje81tfIZMzQsYEEd2HVftg8iRo8RpoWYFuVBile4kY0rbdANcVsvw48ruNbXVEXp3vdf2XxxDs4NxfTy89Oj16CmYqZKbCx_IxQV_dn9zUJdm5qUtLfrie5TKRI1rv_FZOc3Hs2yvibqkNv3zBjr95h9VAnT68LWx-laZcpn1LvjsvORfmojZMkB8v23UR3SjsxvnCpEV29ca7Fy8nmRHWSp1OQet5pnfA5IyceoHN_7P7yRlIM4UpKiTFAVkYpN4Hy-7BZkv-VhMYteyJsgbKopqYTrS8VJJAiWVNowr2P3W0zCeG1q-prLbtffRNEzTfQppUGJgKA1WBqjFscWySZ-bg3O_e3BCp5iRSprkTKaO-mMs8Ix--9CesPGzFnugwx-l111yvFwvX8zmLg54f8jXqeJ5AbmcbL3994t8AAAD__-FBRrK2BAAA","fqdn":"straightforwardaudition.com","domain":"straightforwardaudition.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:32.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"straightforwardaudition.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 23:29:29 GMT","end":"Sat, 19 Jul 2025 23:29:28 GMT"},"fingerprint":{"sha1":"37:79:6E:2B:6D:60:27:B4:CE:CF:C8:79:9F:47:21:CD:A1:1F:02:45","sha256":"92:25:26:1E:08:FC:AA:95:F0:A6:AB:CB:A9:FB:84:A5:88:FE:64:84:0A:90:6D:D7:84:2B:F0:F7:08:BE:A7:F4"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSz4scRRSumcSTSkgIXkSYgwcVd7Z7untnOjkEY0wIiUlIIot4qq6qni23uqtT1T09mVN0QXLwMHhST73f7GZRQ9A_QNDZgIcFwfG0hywE_QsUchTpycDog3o_6nsF3_tefbZdHBEfBT288b4eSaXoatB2Wm-sy5Tr0rau3W65Tts521qX6Zp_tjWsnRmccT2_7bzZuiTYpl7tOK7juI7buiiNiPVwdY5CZg9Dtx06bb_TdgMfQ_P_2hYNWNoAHxyRU5B8duKP-CNINkWafH9B2M1cZ2-_lxSK5tpgwPc-SDdTXaZIlmlsGojTvUU3tJ0R8mUTOt1bTAA92KknQCRnpPnKE0Tp3oImosHuc6aRgkgR8RdRDqYQagpJp2B6C5L_RgDGce060uTBNW1Kevc5Smt0Ro4_-xuynJHjT04jTR6dV3LYuqVVkUudWgzjCnI4hexPkRX7yEdNyHIfLP8Ukv9KVp9dRZrsXLdKQ_LD1zvCCeJeJ1gJRY-t-GG3s9ILu3SF0jXfEzQMum4wl0jGUygxBrUNFPWRDRRxA0XWQMIPW77T85lLvbU45Kzr-NT3uYicsNdxHBqyLgpW8x8jz8Zgagxm7iEz97ApxzDFT7AbFSxvwOYEA16hFASlJSgpQSkJypygHFS7XNmOrR5wZYvIXcTOInrVROf9bbqr875ICagZw_BqR2Z37BZYfmwyiu2Via4djfJqQiNebWdH5GQtbePzf37GpjhsMREGwvdiLwg84To89nu9Tsxo4IZdl_kBrKwgbXMuxqje81tfIZMzQsYEEd2HVftg8iRo8RpoWYFuVBile4kY0rbdANcVsvw48ruNbXVEXp3vdf2XxxDs4NxfTy89Oj16CmYqZKbCx_IxQV_dn9zUJdm5qUtLfrie5TKRI1rv_FZOc3Hs2yvibqkNv3zBjr95h9VAnT68LWx-laZcpn1LvjsvORfmojZMkB8v23UR3SjsxvnCpEV29ca7Fy8nmRHWSp1OQet5pnfA5IyceoHN_7P7yRlIM4UpKiTFAVkYpN4Hy-7BZkv-VhMYteyJsgbKopqYTrS8VJJAiWVNowr2P3W0zCeG1q-prLbtffRNEzTfQppUGJgKA1WBqjFscWySZ-bg3O_e3BCp5iRSprkTKaO-mMs8Ix--9CesPGzFnugwx-l111yvFwvX8zmLg54f8jXqeJ5AbmcbL3994t8AAAD__-FBRrK2BAAA HTTP/1.1\r\nHost: straightforwardaudition.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:32 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: straightforwardaudition.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: def1d8437bbc8792e142831dc72f456c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"straightforwardaudition.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/1yot6zey2uxo","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:30.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /1yot6zey2uxo HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: lang=english; _ga_SBML259V1V=GS1.1.1745721870.1.0.1745721870.0.0.0; _ga=GA1.1.1398729241.1745721870; prefetchAd_7359319=true; pp_main_48eac25e15d2aeed70d260fa57ee3c42=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:31 GMT\r\ncontent-type: text/html ; charset=UTF-8\r\nserver: cloudflare\r\nexpires: Sat, 26 Apr 2025 02:44:31 GMT\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\ncf-cache-status: DYNAMIC\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\ncf-ray: 936afa7cfbb10b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14087,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (10953), with CRLF line terminators","md5":"08b980ae1b1c408c8b524bc206f0e104","sha1":"e2ddaef35c1d636e377572b99d538c57faa090ad","sha256":"672b6ebc24a2d39faf3a4605689292c75331970ca0975fdffb08a962669648c1","sha512":"ee52cfa304ae92705511216aa76a02a0453189722c3e8e8ce67de9ca69104a63a4de77d9eaecb6f10870145c4a08a0978c786a9b4c328e8119dd3ce275d398d9","ssdeep":"384:G9ndcholhmsBhmsLhmsFhmIjKlouN+jN4hUCSN+CXe:mdyoTPHPdPzHuNwN4qN4","tlshash":"6e52c8b3abc0681a921381d5e525eb89be630d75c6129e52babf501af7cddf008131de","first_seen":"2025-04-27T02:45:03.521274Z","last_seen":"2025-04-27T02:45:03.521274Z","times_seen":1,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":219,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"straightforwardaudition.com/ren.gif?sid=H4sIAAAAAAAC_1RSz4scRRSumcSTSkgIXkSYgwcVd7Z_zk4nh2CMCSExCUlkEU_VVdW75VZ3daq6pydzigYkBw-DJ_XU-80mixqC_gGCzgY8LAiOpz1kIehfoJCjSE8GRh_U-1HfK_je9-qz7fKQBCjpwbX39UgqRVfDrtN5Y11mXFe2c-Vmx3W6zunOusx6wenOsHFmcMr1g67zZueCYFt61XNcx3Edt3NeGpHo4eochcwfRm43crqB13XDAEPz_9qWLVjaAh8ckhOQfHbsj-QjSDZFln5_TtitQudvv5eWihbaYMB3P8i2Ml1lSJdpYlpIst1FN7SdEfJlGzrbXUwAPdhpJkAsZ6T9yhPE2e6CJuLB_edMYwWRIeYvohpMIdQUkk7B9F1I_hsBGMeVq8jSB1e0qejt5yht0Bk5-uxvyGpGjj45iSx9dFbJYeeGVmUhdWYxTGrI4RRyY4q83EMxakNWe2DFp5D8V7L67DKydOeqVRqSH7zuCSdM-l64Eok-WwmiNW-lH63RFUp7gS9oFK654VwimUyhxBjUtlA2R7ZQJi2UeQspP-gETj9gLvV7ScTZmhPQIOAidqK-5zg0YmsoWcN_jCIfg6kxmLmD3NzBlhzDlD_BbtawvAVbEAx4jUoQVJagogSVJKgKgmpQ3-fKerZ-wJUtY3cRvUX064kuNrbpfV1siIyAmjEMr3dkfsveBSuOTEaJvTTRjaNxUU9ozOvt_JAcb6Rtff7Pz9gSBx0molAEfuKHoS9chydBv-8ljIZutOayIISVNaRtz8UYNXt-6yvkckbImCCme7BqD0weBy1fA61q0M0ao2w3FUPatZvgukZeHEVxu7WtDsmr872u__IYgu2f-evphUcnR0_BTI3c1PhYPibYUPcm13VFdq7rypIfruaFTOWINju_UdBCHPn2krhdacMvnrPjb95hDdCkD28KW1ymGZfZhiXfnZWcC3NeGybIjxftuoivlXbzbGmyMr987d3zF9PcCGulzqagzTzTW2ByRk68wOb_2f3kFKSZwpQ10nKfLAxS74Hld2DzJX-rCYxa9sR5C1VZT4wXLy-VJFBiWdO4hv1PHS_ziaHNayrrbXsPG6YNWtxFltYYmBoDVYOqMWx5ZFLkZv_M7_7cEKv2JFamvRMro76YyzwjH770J6w86IRe7Pf6_Z5Iejzxue_5PAodEQU06gVREKKws82Xvz72bwAAAP__HSnWbLYEAAA=","fqdn":"straightforwardaudition.com","domain":"straightforwardaudition.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:31.344Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"straightforwardaudition.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 23:29:29 GMT","end":"Sat, 19 Jul 2025 23:29:28 GMT"},"fingerprint":{"sha1":"37:79:6E:2B:6D:60:27:B4:CE:CF:C8:79:9F:47:21:CD:A1:1F:02:45","sha256":"92:25:26:1E:08:FC:AA:95:F0:A6:AB:CB:A9:FB:84:A5:88:FE:64:84:0A:90:6D:D7:84:2B:F0:F7:08:BE:A7:F4"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz4scRRSumcSTSkgIXkSYgwcVd7Z_zk4nh2CMCSExCUlkEU_VVdW75VZ3daq6pydzigYkBw-DJ_XU-80mixqC_gGCzgY8LAiOpz1kIehfoJCjSE8GRh_U-1HfK_je9-qz7fKQBCjpwbX39UgqRVfDrtN5Y11mXFe2c-Vmx3W6zunOusx6wenOsHFmcMr1g67zZueCYFt61XNcx3Edt3NeGpHo4eochcwfRm43crqB13XDAEPz_9qWLVjaAh8ckhOQfHbsj-QjSDZFln5_TtitQudvv5eWihbaYMB3P8i2Ml1lSJdpYlpIst1FN7SdEfJlGzrbXUwAPdhpJkAsZ6T9yhPE2e6CJuLB_edMYwWRIeYvohpMIdQUkk7B9F1I_hsBGMeVq8jSB1e0qejt5yht0Bk5-uxvyGpGjj45iSx9dFbJYeeGVmUhdWYxTGrI4RRyY4q83EMxakNWe2DFp5D8V7L67DKydOeqVRqSH7zuCSdM-l64Eok-WwmiNW-lH63RFUp7gS9oFK654VwimUyhxBjUtlA2R7ZQJi2UeQspP-gETj9gLvV7ScTZmhPQIOAidqK-5zg0YmsoWcN_jCIfg6kxmLmD3NzBlhzDlD_BbtawvAVbEAx4jUoQVJagogSVJKgKgmpQ3-fKerZ-wJUtY3cRvUX064kuNrbpfV1siIyAmjEMr3dkfsveBSuOTEaJvTTRjaNxUU9ozOvt_JAcb6Rtff7Pz9gSBx0molAEfuKHoS9chydBv-8ljIZutOayIISVNaRtz8UYNXt-6yvkckbImCCme7BqD0weBy1fA61q0M0ao2w3FUPatZvgukZeHEVxu7WtDsmr872u__IYgu2f-evphUcnR0_BTI3c1PhYPibYUPcm13VFdq7rypIfruaFTOWINju_UdBCHPn2krhdacMvnrPjb95hDdCkD28KW1ymGZfZhiXfnZWcC3NeGybIjxftuoivlXbzbGmyMr987d3zF9PcCGulzqagzTzTW2ByRk68wOb_2f3kFKSZwpQ10nKfLAxS74Hld2DzJX-rCYxa9sR5C1VZT4wXLy-VJFBiWdO4hv1PHS_ziaHNayrrbXsPG6YNWtxFltYYmBoDVYOqMWx5ZFLkZv_M7_7cEKv2JFamvRMro76YyzwjH770J6w86IRe7Pf6_Z5Iejzxue_5PAodEQU06gVREKKws82Xvz72bwAAAP__HSnWbLYEAAA= HTTP/1.1\r\nHost: straightforwardaudition.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:31 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: straightforwardaudition.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f45b99ef97e4fef38b7c072d1618e251\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":718,"timings":{"blocked":311,"dns":27,"connect":92,"send":0,"wait":95,"receive":0,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-27","alert":"Sinkholed","trigger":"straightforwardaudition.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/au/24/54/4e/24544ed07f7394384bbb75023b9b0b3a/1591713925.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:31.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 14 Apr 2025 03:51:48 GMT","end":"Sun, 13 Jul 2025 04:50:09 GMT"},"fingerprint":{"sha1":"1D:98:CF:D5:11:E1:60:97:76:85:27:F9:55:AF:5E:13:60:3F:67:B7","sha256":"A7:BC:BF:CD:EA:35:0B:92:E4:A3:82:1A:A5:BC:CB:AF:E5:6F:BD:0C:54:7E:31:2E:44:32:67:92:A4:73:F3:ED"}}},"request":{"raw":"GET /sb/au/24/54/4e/24544ed07f7394384bbb75023b9b0b3a/1591713925.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:31 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Sat, 07 May 2022 03:21:27 GMT\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 936afa800af85697-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1274,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"d0ad675486e71d2572491722d28ce9d9","sha1":"3dffb067589240dad5167db540b8af1e1f6b3355","sha256":"c8b69d3ee0e9fbe2d1c5c07bd250ba3d7edf5bf26e3567629e9e332248273daa","sha512":"d40b4a6f2771640afe909ab06b0292769d0f51f873b2d31cab579a71cd17929ec816378b6c836bed56699469ac90f457ccd2d0e5a1053d4bc7dc7c7738b3b7e4","ssdeep":"","tlshash":"a42168262cc9d07721b381d6ba302f9bfe96958bc84b690037fd1a535fbae44ca03507","first_seen":"2023-05-06T00:25:55Z","last_seen":"2026-04-12T04:27:11.005135Z","times_seen":540,"resource_available":false,"data":null}},"time_used":530,"timings":{"blocked":24,"dns":4,"connect":1,"send":0,"wait":481,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.creative-stat1.com/sb/notifications/dating/default/us/desk-all/css/animate.css","fqdn":"cdn.creative-stat1.com","domain":"creative-stat1.com","tld":"com"},"ip":{"addr":"104.21.13.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:31.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-stat1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 13 Apr 2025 21:34:38 GMT","end":"Sat, 12 Jul 2025 22:33:20 GMT"},"fingerprint":{"sha1":"0B:D7:09:43:6C:42:76:92:3B:8C:0E:15:43:A3:A3:AC:94:B2:C2:CB","sha256":"09:C8:2F:08:19:0B:87:6B:10:9C:A8:7B:34:5A:05:BC:D3:94:4D:42:D2:F4:2F:D0:E2:EB:DE:81:DC:93:90:B8"}}},"request":{"raw":"GET /sb/notifications/dating/default/us/desk-all/css/animate.css HTTP/1.1\r\nHost: cdn.creative-stat1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":464,"data":"{\"metadata\":{\"event_sent_at_ms\":1745721842725},\"events\":[{\"schema_id\":\"web_pixels_manager_load/3.1\",\"payload\":{\"version\":\"fe9401c6w6fcd3e4fp464410b4m1f17cd9f\",\"bundle_target\":\"modern\",\"page_url\":\"https://www.oilily.com/en-en?tduid=7f35533af8d5986f1b3f68cb310fa579\u0026progId=369214\u0026affId=686431\u0026utm_source=tradedoubler\u0026utm_medium=affiliate\u0026utm_campaign=Takeads+DE\",\"status\":\"loading\",\"surface\":\"storefront-renderer\"},\"metadata\":{\"event_created_at_ms\":1745721842725}}]}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:31 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:23:50 GMT\r\netag: W/\"65aa85f6-13361\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: HIT\r\nage: 62003\r\ncf-ray: 936afa839b22b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":78689,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3d4123dbfb33d27a5cfdfcfa91df6783","sha1":"e7d0eeeec54b848f0bc3da8685fa3bc88429d660","sha256":"cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887","sha512":"75c8a48dc207595e201b50b87ff68782112a21aded9f15f14185c07d40f0151d6afe74a2b278aa575caf12ac422e8166316296ed7b6573ea24e667cca4af51dd","ssdeep":"384:jvuAuF81dghu3ublZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uLu7uNKwZiMUL6Vpaj7F","tlshash":"22731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-01-20T06:37:31Z","last_seen":"2026-04-20T09:35:14.377091Z","times_seen":10804,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":31,"dns":5,"connect":1,"send":0,"wait":8,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/05/c8/20/05c820d9ce67af6dea2e5441dbe3e8f9/1683231080.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:32.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Wed, 12 Mar 2025 02:33:05 GMT","end":"Tue, 10 Jun 2025 02:33:04 GMT"},"fingerprint":{"sha1":"44:32:60:54:16:79:8E:ED:60:B9:DD:B2:36:7C:B0:DC:CC:F5:B5:5C","sha256":"BA:CE:D6:BA:55:98:12:53:9A:7E:94:80:FD:98:11:81:BD:D5:5B:79:E9:30:9C:8E:03:B7:C1:E7:7A:DA:C9:BF"}}},"request":{"raw":"GET /si/05/c8/20/05c820d9ce67af6dea2e5441dbe3e8f9/1683231080.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:32 GMT\r\ncontent-type: image/png\r\ncontent-length: 39220\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 04 May 2023 20:11:29 GMT\r\netag: \"64541171-9934\"\r\nexpires: Tue, 29 Apr 2025 02:44:32 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":39220,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"6451b63b68b5068db02571051f6f6a30","sha1":"32badef5d69090b4d2ea7b300bb5264938e198ef","sha256":"b1b0a314a2d4924b2849fec48b7863ccc68413e58330d99f6ad901bfa6282819","sha512":"12f2c9fce754fb585d60201d30028ef03fd634d7c175dbb13b75e8f6d4b788373460c9d52f4188b320ca975c16f93174582f8b9e9427116a9701b34b1a9d8226","ssdeep":"768:BcC935u4uKqUlIv6kZPZmzfolE0L7olKyeofZG3xi/vp1:BcC17uiW6gZizSoreoq2z","tlshash":"d003f1d23a76cce2c1340527ab7514a7dead028bb9b3f0a832475e43f58c3e758ac516","first_seen":"2023-05-05T23:11:51Z","last_seen":"2025-05-19T15:57:18.189567Z","times_seen":1941,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":105,"dns":59,"connect":19,"send":0,"wait":41,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nannyirrationalacquainted.com/ce/95/e4/ce95e43f3553e10df4882fca51971c45.js","fqdn":"nannyirrationalacquainted.com","domain":"nannyirrationalacquainted.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"nannyirrationalacquainted.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 00:43:48 GMT","end":"Sat, 19 Jul 2025 00:43:47 GMT"},"fingerprint":{"sha1":"02:A2:15:3C:6C:15:16:0E:78:8F:56:09:21:EA:27:04:2D:EC:D5:E2","sha256":"B9:E9:88:D1:E9:84:76:2E:AF:77:43:F9:01:55:3B:97:B2:F2:0F:4E:F1:20:AC:28:9B:22:95:74:08:37:71:33"}}},"request":{"raw":"GET /ce/95/e4/ce95e43f3553e10df4882fca51971c45.js HTTP/1.1\r\nHost: nannyirrationalacquainted.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:30 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 12957\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: nannyirrationalacquainted.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b5beb20f76203a443536debf33f5713c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":33852,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (33852), with no line terminators","md5":"72836977236f732465f33b8c5cabacec","sha1":"bd962a50dec1dcfafc56c8309c209adf91c356e6","sha256":"9377d47a8030467f8e737435e7aeffdd75bb88d75af561b6922ddd6555dc5a0e","sha512":"6447b74f73f144c89345e7bfc47160d49662422df06202fbbbacf75120fe67cc780599a7a56c45070711f9292a22ce7edcab84b4cc0974a1ea047dcb8b4b5883","ssdeep":"384:OrdRXf8Q1jzyrRD9c+5U5qay8L0gPnrvOl6XgHsTQV4gqbO+nuzY4hybs4pw3s:gHgRDy9nL0g/rHX1TK4VA/UQ4pN","tlshash":"1de2b65c7f00709d1392a4bb362f7536f06aad03958df46ce04bb58c7ab9725b03ae58","first_seen":"2025-04-27T02:45:03.524387Z","last_seen":"2025-04-27T02:45:03.524387Z","times_seen":1,"resource_available":true,"data":null}},"time_used":701,"timings":{"blocked":295,"dns":27,"connect":91,"send":0,"wait":97,"receive":1,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-26","alert":"Sinkholed","trigger":"nannyirrationalacquainted.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/js/jquery.paging.js","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /js/jquery.paging.js HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:32 GMT\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 5934\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\netag: W/\"4ba5-550b66e847e00\"\r\ncontent-encoding: br\r\ncf-ray: 936afa7228120b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19365,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"d7a2c1c7af2a004a6d68e1e55b1cfb46","sha1":"7fd6daa7076c30381880519ad06ef5639b19ee28","sha256":"c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6","sha512":"36693be0b502594cd29b55690eef5a26768a54c05d453cc80abc248db4672b84e9e0130ffc07b18d3ad6b0e1a8666982b861098796db02f7bc5986e74a804ee5","ssdeep":"384:HkTHopqVdI1Zx/wnH9pvJs/8BhmuqBNaz+r7xyCX:HkTHopq7wZx/wnH9JJsEzmuqBNaz+r7r","tlshash":"5b925348e9ea1432622361ba7eef1059ae7ce0379104dd4db84c41a81f55f34b3b9ba9","first_seen":"2023-03-07T01:23:22Z","last_seen":"2026-04-20T02:13:28.226108Z","times_seen":4059,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/navicon5.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/navicon5.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 15551\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:34 GMT\r\netag: \"3cbf-550b66ea30280\"\r\naccept-ranges: bytes\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 5933\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\ncf-ray: 936afa7238220b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15551,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced","md5":"002d70c5e45c4d81587ca7d82dca6577","sha1":"d830a98de6a02ca22933b9f24cadf848499419d3","sha256":"de5ce08ee842e8f12bfcc0c14dde4bb1e3c2fb695d32a36122b859c7f42b39d3","sha512":"e29db57c524d0ee5e85936bc1e69d8f6daac5361753f7b93173c2c30dea427c7d608722ddd461d0df1ba9810392de46e8e3d3125f7a8c480aca7ee1ab7a2b6ac","ssdeep":"48:Y/6fei+k29W8sEvSxN+Y9CDBCAcsc56y74SR2RkCjQvuYr8ZubbARGxTIaW61:YSG3kEWRXxNXNsc59pRLCUuYoZMsYXWM","tlshash":"b162b750bcf171a19185da331de9a9479d2244c79d80ad89facd8c176f10bfa0c8f6d3","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.382621Z","times_seen":115,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/css_newTheme/main.css\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nlast-modified: Tue, 17 Dec 2019 16:49:23 GMT\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=4,i=?0\r\ncontent-encoding: br\r\ncf-ray: 936afa73586a0b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":3301,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"f3c091a2b91e7970fa4602d60103dc67","sha1":"af5f70406fabc9e192b349e5aee7dc9a67d05f18","sha256":"6e9e4b1516efd000e0f4b2ce737cb6b418c14f8b6029733c23853db1ed532f14","sha512":"256e7c86b017d133bb43313f756f4e0caea7d0c74b58ca15bdb45db9c0cad21fa020d09e09a015d0d9c39afff070cc59e0c5b8eb1a920e2bf7d65bec23a7fad3","ssdeep":"","tlshash":"b6617fb5a8829ccf6793818ad00ee4b876311f0dd1954fc8b7d55f3be980b34205a6ec","first_seen":"2023-09-24T08:11:49Z","last_seen":"2025-10-24T22:48:06.392194Z","times_seen":74,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":172,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/navbar.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/navbar.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/css_newTheme/main.css\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 22290\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:34 GMT\r\netag: \"5712-550b66ea30280\"\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 5932\r\npriority: u=4,i=?0\r\naccept-ranges: bytes\r\ncf-ray: 936afa73586c0b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22290,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced","md5":"e7c056eea6e071b1f5309d5db50c057a","sha1":"833e979751da5fffe28b8761b322d16481a24c2e","sha256":"34785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9","sha512":"013e1d717841e2e4120d4a8613a7f04e664c79925739d32fee8df4cc632c021ebc25ccc5dd42351f3611bf5843e5f254a8bb5961c1d4f45aca286ebba076fadd","ssdeep":"192:1PkI6yn5RRi/MRecr3A2jQMzSHzz5JsKLa3oV:CIZ5RCUQMwz1aKeYV","tlshash":"c0a23e10edf071a58409223669d934014da3da83fb81dccbba9dc9b95f20bd98cbb757","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.352035Z","times_seen":115,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/gid.js?userId=0081b896ce9b427cfef74eaa0f0cc184","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"172.64.146.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 04 Mar 2025 10:39:32 GMT","end":"Mon, 02 Jun 2025 11:39:29 GMT"},"fingerprint":{"sha1":"03:52:6A:BD:35:83:43:81:AF:25:BB:A3:26:97:D1:78:25:73:A4:C9","sha256":"BE:A3:DE:EC:B8:DA:3D:65:72:D0:DD:CE:EE:A7:03:0A:27:55:8D:DC:F8:42:1A:06:E6:47:A5:6E:11:98:65:3A"}}},"request":{"raw":"GET /gid.js?userId=0081b896ce9b427cfef74eaa0f0cc184 HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: https://mexa.sh\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nset-cookie: ID=0081b896ce9b427cfef74eaa0f0cc184; expires=Mon, 27 Apr 2026 02:44:29 GMT; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 936afa759c215695-OSL\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":65,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"98c974438be99e79ab5a7750362a3204","sha1":"6c4bfc123a5534b9d668b60ca0aa6acd87f5ba07","sha256":"60c2146b02ec13201e0237cb778f66c5d23fc1b7fe5892e6c94569f92c658066","sha512":"591ff328ebea63fed9730a87c97f702a072adc3e79544ba45606b69543e10f2fb68445e9e817fd6e7f36aa0cbd06944acfc5c3cb6fe2e07ad1a8d2c0db3e0746","ssdeep":"","tlshash":"c4a002f609195b880090571e1966bf174092a9515c04766fc5e8510121cf5ce56ad290","first_seen":"2025-04-27T02:45:03.527281Z","last_seen":"2025-04-27T02:45:03.527281Z","times_seen":1,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":42,"dns":23,"connect":1,"send":0,"wait":30,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"waisheph.com/?rb=PTiJr7abP4dgV-xpc03D8u0YhbsUI548jhRaZi5dXuYGnzIq-_blLI64QSlhF4qEXhOl0McCEnJT_061o-LyG87DzU7VsEAq8D4ykZi_h6ZKlvDKVPZ95PcVCVn0P6eZWSHvVBQTtxDrXPMJYnYVq1tKKd6d8wl8eM1TRKz4Hl3JSC1yd-zXU5jLWvwnG-174iJ_ipOe5tWBCc628WJtkG2sxE6OEIlkKiL2GJcqOYUq_byYpK5wTe5mjjlps-2Mq9GaX4JQXVIygnW1OK7IHZTHHbE%3D\u0026request_ab2=0\u0026zoneid=7359319\u0026js_build=iclick-v1.1127.0\u0026jsp=1\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026wih=1024\u0026wiw=1280\u0026ww=1280\u0026wh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026cw=1280\u0026wfc=0\u0026pl=https%3A%2F%2Fmexa.sh%2F1yot6zey2uxo%2FVoice-RJ01370576.rar\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026btz=UTC\u0026bto=0\u0026tt=1\u0026wgl=llvmpipe\u0026js_build=iclick-v1.1127.0\u0026navlng=en-US\u0026vsbl=true\u0026pnt=0\u0026pnrc=0\u0026bs=6e6c8e02-86d9-4ec5-8aa8-881d319651c3\u0026wasm=1\u0026userId=0081b896ce9b427cfef74eaa0f0cc184\u0026m=link","fqdn":"waisheph.com","domain":"waisheph.com","tld":"com"},"ip":{"addr":"139.45.197.119","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:30.645Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"waisheph.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Apr 2025 05:22:09 GMT","end":"Thu, 10 Jul 2025 05:22:08 GMT"},"fingerprint":{"sha1":"2F:DC:B5:CD:9D:81:2D:67:4D:2A:BF:A5:28:D4:1A:B9:F9:CE:C6:AC","sha256":"6C:5D:FA:03:C3:66:B9:17:22:73:36:A8:16:F3:F3:F1:A5:37:2F:8B:CA:08:BD:BB:BD:CC:BA:1B:88:70:6A:50"}}},"request":{"raw":"GET /?rb=PTiJr7abP4dgV-xpc03D8u0YhbsUI548jhRaZi5dXuYGnzIq-_blLI64QSlhF4qEXhOl0McCEnJT_061o-LyG87DzU7VsEAq8D4ykZi_h6ZKlvDKVPZ95PcVCVn0P6eZWSHvVBQTtxDrXPMJYnYVq1tKKd6d8wl8eM1TRKz4Hl3JSC1yd-zXU5jLWvwnG-174iJ_ipOe5tWBCc628WJtkG2sxE6OEIlkKiL2GJcqOYUq_byYpK5wTe5mjjlps-2Mq9GaX4JQXVIygnW1OK7IHZTHHbE%3D\u0026request_ab2=0\u0026zoneid=7359319\u0026js_build=iclick-v1.1127.0\u0026jsp=1\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026wih=1024\u0026wiw=1280\u0026ww=1280\u0026wh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026cw=1280\u0026wfc=0\u0026pl=https%3A%2F%2Fmexa.sh%2F1yot6zey2uxo%2FVoice-RJ01370576.rar\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026btz=UTC\u0026bto=0\u0026tt=1\u0026wgl=llvmpipe\u0026js_build=iclick-v1.1127.0\u0026navlng=en-US\u0026vsbl=true\u0026pnt=0\u0026pnrc=0\u0026bs=6e6c8e02-86d9-4ec5-8aa8-881d319651c3\u0026wasm=1\u0026userId=0081b896ce9b427cfef74eaa0f0cc184\u0026m=link HTTP/1.1\r\nHost: waisheph.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mexa.sh/\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: OAID=0081b896ce9b427cfef74eaa0f0cc184; oaidts=1745721869\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 27 Apr 2025 02:44:30 GMT\r\ncontent-type: application/json\r\nx-trace-id: f48c1b6ac616792ed7d61244d6f45690\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://mexa.sh\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nset-cookie: OAID=0081b896ce9b427cfef74eaa0f0cc184; expires=Mon, 27 Apr 2026 02:44:30 GMT; path=/; secure; SameSite=None\noaidts=1745721870; expires=Mon, 27 Apr 2026 02:44:30 GMT; path=/; secure; SameSite=None\nsyncedCookie=true; expires=Sun, 04 May 2025 02:44:30 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2283,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1d4d20fdf90ffde98df13471b388d8e7","sha1":"05a2f86de59ccec1c5c1de76cb84870b0d7e64f4","sha256":"59f27fc32eb7e4cf3f44f43b4e5f9a5297306cbe712a88f35e2faf5ef4a21b83","sha512":"4706a12cc355cab08b026163d1dedf1e970111b9735ff5e3a144d342d20569b9948e6af518745e337db6e7e4850ec4a2d27e1a5d36e568d1f314930bc5affa1f","ssdeep":"","tlshash":"85414cb280f64334d6f1f4c91cd055a998ce2a19f9ccb01a78eea3145a75352d5cd5ac","first_seen":"2025-04-27T02:45:03.528374Z","last_seen":"2025-04-27T02:45:03.528374Z","times_seen":1,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/js/jquery-1.9.1.min.js","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /js/jquery-1.9.1.min.js HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar\r\nCookie: lang=english\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Tue, 30 May 2017 04:42:32 GMT\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\nage: 5934\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\netag: W/\"169d5-550b66e847e00\"\r\ncontent-encoding: br\r\ncf-ray: 936afa7218110b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":92629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-20T13:52:55.07564Z","times_seen":62327,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexa.sh/images/free_download.png","fqdn":"mexa.sh","domain":"mexa.sh","tld":"sh"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexa.sh","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Mar 2025 05:28:49 GMT","end":"Fri, 13 Jun 2025 06:26:04 GMT"},"fingerprint":{"sha1":"12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0","sha256":"FE:A5:DD:8B:17:0B:E8:7D:CB:DB:70:43:36:DA:D3:22:A0:B4:4D:83:18:31:A0:F3:E7:FB:03:85:3A:49:88:06"}}},"request":{"raw":"GET /images/free_download.png HTTP/1.1\r\nHost: mexa.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/css_newTheme/main.css\r\nCookie: lang=english\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":648,"data":"{\"metric_group\":\"signup-forms\",\"events\":[{\"metric\":\"openModal\",\"log_to_statsd\":true,\"log_to_s3\":true,\"log_to_metrics_service\":true,\"metric_service_event_name\":\"viewed_form\",\"event_details\":{\"utm_source\":\"tradedoubler\",\"utm_medium\":\"affiliate\",\"utm_campaign\":\"Takeads+DE\",\"form_version_c_id\":\"3\",\"is_client\":true,\"form_id\":\"S2JVxp\",\"form_version_id\":18544604,\"form_type\":\"POPUP\",\"device_type\":\"DESKTOP\",\"hostname\":\"www.oilily.com\",\"href\":\"https://www.oilily.com/en-en?tduid=7f35533af8d5986f1b3f68cb310fa579\u0026progId=369214\u0026affId=686431\u0026utm_source=tradedoubler\u0026utm_medium=affiliate\u0026utm_campaign=Takeads+DE\",\"page_url\":\"https://www.oilily.com/en-en\"}}]}"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 32532\r\nserver: cloudflare\r\nlast-modified: Sat, 15 Jul 2017 04:35:36 GMT\r\netag: \"7f14-55453b26c1600\"\r\nx-test-header: 1\r\nx-content-type-options: nosniff\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 5931\r\npriority: u=4,i=?0\r\naccept-ranges: bytes\r\ncf-ray: 936afa7388750b51-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32532,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced","md5":"46a5fd5732a87850dd58f70c8c870430","sha1":"9ae7b42ff28fd2129aa5e67057f9d4d198a717eb","sha256":"9d83ca5cc56ca22555b7760e69827e4cb916ededbedf291e5d877f6e01219487","sha512":"ef5891bbc12252db81fe155518a7ff26279e1a4a970a49dbe9463f6008907fadd6a0e3b5ee106f7d532e8c369f420f473df72b01c0bf541ca15daee3935045c7","ssdeep":"384:7JXE05Ki953B9gfYc9UThQxy6Khb4o6JWfhxH0ymrWTNU:J35KivlCyhQqb4o6QfgymrANU","tlshash":"92e2bfa1fcf0fd6a90ca72f21ec614019d371f47c6854c5536ee0a4baf02b6a8e47a5d","first_seen":"2023-05-01T11:20:00Z","last_seen":"2025-10-24T22:48:06.372304Z","times_seen":110,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-SBML259V1V\u0026l=dataLayer\u0026cx=c\u0026gtm=457e54n0h1za200\u0026tag_exp=102887800~103051953~103077950~103106314~103106316~103116026~103130360~103130362~103200004","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 31 Mar 2025 08:54:37 GMT","end":"Mon, 23 Jun 2025 08:54:36 GMT"},"fingerprint":{"sha1":"E4:97:12:2A:2B:30:84:66:33:9D:D6:09:14:D3:8F:CE:3E:20:73:24","sha256":"D5:81:53:10:24:38:06:43:73:D0:A6:65:1A:88:4A:66:4C:27:69:54:27:93:B7:A5:91:07:BF:72:58:7F:73:AE"}}},"request":{"raw":"GET /gtag/js?id=G-SBML259V1V\u0026l=dataLayer\u0026cx=c\u0026gtm=457e54n0h1za200\u0026tag_exp=102887800~103051953~103077950~103106314~103106316~103116026~103130360~103130362~103200004 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 27 Apr 2025 02:44:30 GMT\r\nexpires: Sun, 27 Apr 2025 02:44:30 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1068:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1068:0\r\nreport-to: {\"group\":\"ascgcycc:1068:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1068:0\"}],}\r\nserver: Google Tag Manager\r\ncontent-length: 126871\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":381256,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6129)","md5":"342d4d2bf2fa0298d40ee0e152830858","sha1":"46caf10adaf045df07c6348da5310c49862596e7","sha256":"7fb8a07563bd0076e2166e7e64d0e549b0937349fa68e94de88d639cdca8ba56","sha512":"5ba907be1372a2d89fa8857f49b3942d3c706a180e611bb123e872d30a8353ed8331b6d825bfe333d67d4b9e32531029ff1b45dd76c623881028dbbe4ec773f5","ssdeep":"6144:DkDeEvp53xrlUum4KOaDPYFFlHsX0/NPgGS8bUStw:4Desp/rbFKOaDAFFs8Le","tlshash":"ff841ade73c674625396b478903f018ba5bb28a2b44cc895f1c9cce42d74a9a4277f7c","first_seen":"2025-04-27T02:45:03.531215Z","last_seen":"2025-04-27T02:45:03.531215Z","times_seen":1,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":9,"dns":0,"connect":0,"send":0,"wait":56,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"experttrafficcounter.com/stats","fqdn":"experttrafficcounter.com","domain":"experttrafficcounter.com","tld":"com"},"ip":{"addr":"18.185.55.239","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:30.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"experttrafficcounter.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 23 Jan 2025 00:00:00 GMT","end":"Sat, 21 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EE:A0:89:D0:CF:A2:E2:EC:50:6D:6C:20:D2:5A:BB:B9:8C:6E:3F:CC","sha256":"10:38:3D:45:4F:24:A0:61:7E:B2:5F:85:B3:4F:33:39:E0:8E:3A:82:45:63:EA:1E:41:80:93:2A:65:F3:A1:AC"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: experttrafficcounter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nCookie: uid_id2=2e05f825-9e8c-4972-897a-aa643ea95715:1:1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 27 Apr 2025 02:44:30 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://mexa.sh\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"f56f314d98580c702b1bbb39b6bb1f67","sha1":"10cfdefa95116c863696cd9875234a1360069766","sha256":"4467c5dd1110cd9dfa599dd30a6c20c85f7eac3c3dc546f4ff56aae832282722","sha512":"66925f4efd78846681ece3f9c330f58014645b7ef1f6b6031f0022ac68e4cf075613d76f0e1444c7462a7fe0924a3e05e49b79cc69c8f4423144d7d2a2cb4c48","ssdeep":"","tlshash":"b19004dc0d417015c10c4700054037c1df1100c004104c5551434d014d00f15f5d0f54","first_seen":"2025-04-27T02:45:03.50239Z","last_seen":"2025-04-27T02:45:03.50239Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nannyirrationalacquainted.com/pixel/pure","fqdn":"nannyirrationalacquainted.com","domain":"nannyirrationalacquainted.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:31.355Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"nannyirrationalacquainted.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Apr 2025 00:43:48 GMT","end":"Sat, 19 Jul 2025 00:43:47 GMT"},"fingerprint":{"sha1":"02:A2:15:3C:6C:15:16:0E:78:8F:56:09:21:EA:27:04:2D:EC:D5:E2","sha256":"B9:E9:88:D1:E9:84:76:2E:AF:77:43:F9:01:55:3B:97:B2:F2:0F:4E:F1:20:AC:28:9B:22:95:74:08:37:71:33"}}},"request":{"raw":"POST /pixel/pure HTTP/1.1\r\nHost: nannyirrationalacquainted.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 74\r\nOrigin: https://mexa.sh\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":74,"data":"{\"bv\":\"25.4.8000\",\"error\":\"UUID request timed out or failed\",\"tmpl\":\"136\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 27 Apr 2025 02:44:31 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: nannyirrationalacquainted.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":459,"timings":{"blocked":-1,"dns":0,"connect":94,"send":0,"wait":95,"receive":0,"ssl":192},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-04-26","alert":"Sinkholed","trigger":"nannyirrationalacquainted.com","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"waisheph.com/5/7359319","fqdn":"waisheph.com","domain":"waisheph.com","tld":"com"},"ip":{"addr":"139.45.197.119","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"","requested_by":"https://mexa.sh/1yot6zey2uxo/Voice-RJ01370576.rar","date":"2025-04-27T02:44:29.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"waisheph.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Apr 2025 05:22:09 GMT","end":"Thu, 10 Jul 2025 05:22:08 GMT"},"fingerprint":{"sha1":"2F:DC:B5:CD:9D:81:2D:67:4D:2A:BF:A5:28:D4:1A:B9:F9:CE:C6:AC","sha256":"6C:5D:FA:03:C3:66:B9:17:22:73:36:A8:16:F3:F3:F1:A5:37:2F:8B:CA:08:BD:BB:BD:CC:BA:1B:88:70:6A:50"}}},"request":{"raw":"GET /5/7359319 HTTP/1.1\r\nHost: waisheph.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexa.sh/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 27 Apr 2025 02:44:29 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: 433e01d83dbbe547b138656f52e260ce\r\nlink: \u003chttps://my.rtmark.net\u003e; rel=\"preconnect dns-prefetch\"\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\nset-cookie: OAID=0081b896ce9b427cfef74eaa0f0cc184; expires=Mon, 27 Apr 2026 02:44:29 GMT; path=/; secure; SameSite=None\noaidts=1745721869; expires=Mon, 27 Apr 2026 02:44:29 GMT; path=/; secure; SameSite=None\nsyncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":107581,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"fa95c88143a7c484b4725af2f540e452","sha1":"f74a60ed8d7879ecbb5099188646c5b3843197b3","sha256":"abfea1c3dc4b388b5300d67b1f7f3d043c5686c3438dc87278df32b19e74a7ce","sha512":"7b530cac42b2709ca35e4699ef621100a9aef2e3dd93333d287784624296294156e7fb44b37998083cfaf381194085028623eae9d61004560d3f116d09a0824d","ssdeep":"3072:isCqci2LzcDfwYLstYbedgtj2meRYfOCJ4NLZi1CtOoaagOcAKLzXSvJ/c3EISLf:isCqci2LFYLstYKdgtjheRYfOCJ4NLZb","tlshash":"6eb31a97b6f57d9b472a84f01c7fc40962ee9c80040fcda9d0e4a8a9796b444d37bee4","first_seen":"2025-04-27T02:45:03.532119Z","last_seen":"2025-04-27T02:45:03.532119Z","times_seen":1,"resource_available":true,"data":null}},"time_used":475,"timings":{"blocked":188,"dns":32,"connect":26,"send":0,"wait":58,"receive":0,"ssl":166},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}