Report - zipmoe.net/goto/mexa.sh/8aogzCjsOg1X.zip

Report Overview

Visited public
2025-03-22 08:16:47
Tags
URL
zipmoe.net/goto/mexa.sh/8aogzCjsOg1X.zip
Finishing URL
mexa.sh/6d3b60d4uvd3
IP / ASN
164.70.236.82
#2527 Sony Network Communications Inc.
Title
Download 140816-RJ139034131097-C86-E1BD8D1B zip

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-03-19	940 B	623 kB	142.250.74.136
obeseglobewimp.com	unknown	2025-03-03	2025-03-05	2025-03-21	443 B	571 B	192.243.61.227
mexa.sh	337577	2019-08-22	2019-08-26	2025-03-21	12 kB	699 kB	188.114.96.1
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-03-19	461 B	830 B	104.18.41.22
zipmoe.net	unknown	2016-07-04	2025-03-22	2025-03-22	932 B	14 kB	164.70.236.82
waisheph.com	74994	2020-11-23	2020-12-10	2025-03-18	2.2 kB	111 kB	139.45.197.119

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-03-22	medium	obeseglobewimp.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	From	Size	First Seen	Last Seen
	mexa.sh/6d3b60d4uvd3	ScriptElement	261 B	2023-03-12	2025-06-03
Pretty URL mexa.sh/6d3b60d4uvd3 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-06-03 12:36 Times Seen88 Hash abbf34430edc9e4d913c44d8a48f2ae3 dc9f6c9c0b7d020d8bc465365a4039daa8cbcc84 f04d076aafba2a5adb1116793b34a04ef9da13f29838dd753bfd7ccfedcda8c9 Loading...

	wasm:waisheph.com/5/7359319%20line%201%20%3E%20WebAssembly.instantiate	Wasm	0 B	0001-01-01	2025-06-09
Pretty URL wasm:waisheph.com/5/7359319%20line%201%20%3E%20WebAssembly.instantiate IP 0.0.0.0 ASN #0 Introduced by wasm Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-06-09 03:39 Times Seen4894371 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	mexa.sh/sandbox%20eval%20code		147 B	2023-04-11	2025-06-09
Pretty URL mexa.sh/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-09 03:38 Times Seen351598 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-06-09
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-06-09 03:38 Times Seen350843 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	mexa.sh/6d3b60d4uvd3	ScriptElement	666 B	2023-03-12	2025-06-03
Pretty URL mexa.sh/6d3b60d4uvd3 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-06-03 12:36 Times Seen87 Hash 3ff478c8f993edf7fcf9b0a556256ed5 22391de1683e10171a05ac3453143ea297da9f3e 2840b85566767ff50901311c4a2c2545b5b29e94c8c3aaade614902a04dc45d7 Loading...

	mexa.sh/js/jquery-1.9.1.min.js	ScriptElement	93 kB	2023-03-07	2025-06-09
Pretty URL mexa.sh/js/jquery-1.9.1.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-09 03:32 Times Seen15318 Hash 397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Loading...

	mexa.sh/js/jquery.cookie.js	ScriptElement	3.1 kB	2023-03-07	2025-06-08
Pretty URL mexa.sh/js/jquery.cookie.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23 Last Seen2025-06-08 22:59 Times Seen2703 Hash ff14e4812b7f512e620b1ad35542bcfc c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96 Loading...

	waisheph.com/5/7359319	ScriptElement	107 kB	2025-03-22	2025-03-22
Pretty URL waisheph.com/5/7359319 IP 139.45.197.119 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-22 08:16 Last Seen2025-03-22 08:16 Times Seen1 Hash 49908f6bb3c0d29963ce4398c40fb0d4 9012b58dea5d4d6b84cfc94cf119190bd6c9f92d 374740437f53ecf1fe8de84b9044ff0c1f9bcd1c61ee6d421a945e40a5d63970 Loading...

	mexa.sh/6d3b60d4uvd3	ScriptElement	154 B	2023-03-12	2025-06-03
Pretty URL mexa.sh/6d3b60d4uvd3 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 23:45 Last Seen2025-06-03 12:36 Times Seen90 Hash c6b02bbb4255c747368479fd2e4300e5 0a5cd83325ceaab81243a71c4ce359edf2d15c03 8b9d20a60322347d585ec6209ba3e9e1bacc7a8aa14c7aa33f3549d10348614c Loading...

	mexa.sh/6d3b60d4uvd3	ScriptElement	172 B	2025-03-22	2025-03-22
Pretty URL mexa.sh/6d3b60d4uvd3 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-22 08:16 Last Seen2025-03-22 08:16 Times Seen1 Hash df380d93619c6f8b951b562331caade7 7f892cb2084af349e604947dabd6b120c4dadc7d a0f0c887f96a19755942b515519b7a89b992d3c7c1d76a5fa3d0af38694c34cf Loading...

	www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e53j1za200&tag_exp=102482433~102788824~102803279~102813109	ScriptElement	364 kB	2025-03-22	2025-03-22
Pretty URL www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e53j1za200&tag_exp=102482433~102788824~102803279~102813109 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-22 08:16 Last Seen2025-03-22 08:16 Times Seen1 Hash dd4de85b226acba4170e286c239ae1ca bc42486579571bd6c6879486f3b035dc1bdebc2b d05b99477d0d7345d835f9a0fc38251c2b86e0e708b3cbc0f78349e09cc6b041 Loading...

	mexa.sh/js/jquery.paging.js	ScriptElement	19 kB	2023-03-07	2025-06-08
Pretty URL mexa.sh/js/jquery.paging.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23 Last Seen2025-06-08 22:59 Times Seen2660 Hash d7a2c1c7af2a004a6d68e1e55b1cfb46 7fd6daa7076c30381880519ad06ef5639b19ee28 c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6 Loading...

	mexa.sh/js/paging.js	ScriptElement	1.7 kB	2023-03-08	2025-06-07
Pretty URL mexa.sh/js/paging.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:01 Last Seen2025-06-07 11:53 Times Seen678 Hash 43e50aa00ad654da80af8f7936afd4c6 fb5921b855cce329191077b7e93563029d703545 e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657 Loading...

	www.googletagmanager.com/gtag/js?id=UA-79936000-1	ScriptElement	257 kB	2025-03-22	2025-03-22
Pretty URL www.googletagmanager.com/gtag/js?id=UA-79936000-1 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-22 08:16 Last Seen2025-03-22 08:16 Times Seen1 Hash 4515cef423933ff3814a07b9d016a2c1 85a94dc0fdd7be5d8b10ae49f89bf0fc95bd26db 907575f32a8fa1c945e63ddd73edab05f0adb1e746c2ed00a19bb03e5af916b9 Loading...

HTTP Transactions (36)

URL IP Response Size

obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js

192.243.61.227

403 Forbidden

0 B

URL GET
obeseglobewimp.com/48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerLet's Encrypt
Subjectobeseglobewimp.com
Fingerprint2B:15:3C:49:E3:1F:CD:ED:DC:1D:2A:15:38:00:BC:58:19:D2:A1:59
ValidityMon, 03 Mar 2025 19:05:17 GMT - Sun, 01 Jun 2025 19:05:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js HTTP/1.1
Host: obeseglobewimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.21.6
Date: Sat, 22 Mar 2025 08:16:31 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: obeseglobewimp.com

mexa.sh/images/frechar.png

188.114.96.1

200 OK

67 kB

URL GET
mexa.sh/images/frechar.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 120 x 144, 16-bit/color RGBA, non-interlaced
Size
67 kB (66710 bytes)
Hash
7adab309ecff73216286b6d34b795e7c
f2791da7bcea6e23cb2ae8beb1724c6a003cb3c8
1b2f0a33a03b71c4f76186a368adb3ebacf73dde3b770fe30b93cb4a54188078

HTTP Headers

GET /images/frechar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 66710
last-modified: Fri, 19 Jul 2024 07:38:56 GMT
etag: "10496-61d94c9aac4eb"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 223
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LuNTU4P%2FCdOCgTwoOMWC9J1fT2WXG6BWqC0wkaOJ5cmYHFt0JX5x%2FTvNgwgoVWeEUSDLs6APeSaqg3tV8zlC8Zf%2BZ%2FKjT%2FHyuZe2dzbN%2BMMB0adKCsOnewsT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f5788c1a896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20779&min_rtt=16849&rtt_var=4339&sent=279&recv=36&lost=0&retrans=0&sent_bytes=285731&recv_bytes=8136&delivery_rate=2929649&cwnd=182400&unsent_bytes=0&cid=2a11d256f70861cd&ts=628&x=1", cfExtPri, cfHdrFlush;dur=0

my.rtmark.net/gid.js?userId=008194a68abd4538f3f9b1f4bedc0f96

104.18.41.22

200 OK

65 B

URL GET
my.rtmark.net/gid.js?userId=008194a68abd4538f3f9b1f4bedc0f96
IP
104.18.41.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint03:52:6A:BD:35:83:43:81:AF:25:BB:A3:26:97:D1:78:25:73:A4:C9
ValidityTue, 04 Mar 2025 10:39:32 GMT - Mon, 02 Jun 2025 11:39:29 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
91ba7cd0ba76926b4907674c64bc8284
2513ff87b579cdfdf3649072a59911f101d94476
b9c09614a0d4bbc1d34445b05fd2a4e1c2fccc2d857d5cc40ffe21ce8434a09e

HTTP Headers

GET /gid.js?userId=008194a68abd4538f3f9b1f4bedc0f96 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 22 Mar 2025 08:16:32 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mexa.sh
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008194a68abd4538f3f9b1f4bedc0f96; expires=Sun, 22 Mar 2026 08:16:31 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 92443f57de4a7128-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

zipmoe.net/goto/mexa.sh/8aogzCjsOg1X.zip

164.70.236.82

302 Found

14 kB

URL User Request GET
zipmoe.net/goto/mexa.sh/8aogzCjsOg1X.zip
IP
164.70.236.82:80
ASN
#2527 Sony Network Communications Inc.

File type

Size
14 kB (14112 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /goto/mexa.sh/8aogzCjsOg1X.zip HTTP/1.1
Host: zipmoe.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sat, 22 Mar 2025 08:16:30 GMT
Server: Apache/2.4.6 (CentOS)
Location: https://mexa.sh/6d3b60d4uvd3
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

mexa.sh/images/logo1_1x.png

188.114.96.1

200 OK

38 kB

URL GET
mexa.sh/images/logo1_1x.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 300 x 70, 8-bit/color RGBA, non-interlaced
Size
38 kB (38035 bytes)
Hash
037f1c3e351f635f706eda54b812c40a
8aa7dd796e3b41fdf3f523edf6a24995fc6ca8fa
30ef46dd068df61a603fa7a022c1aecd1a841c58d98fd1ceceea80ba342e8408

HTTP Headers

GET /images/logo1_1x.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 38035
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "9493-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 224
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oY0PsgjuA%2FZvUZcJj7Ryn5OBVjsVjLwaFzZY8j9M3utb1B3Y1AfuzoBiIjQwQiQvhBgtKqA4%2F%2FjdAA3gZwLjk89bIuLgChSeboImCePYJoWvqL%2B1WeLjJMEC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f556f8aa896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=32&recv=17&lost=0&retrans=0&sent_bytes=15910&recv_bytes=4255&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=285&x=1", cfExtPri, cfHdrFlush;dur=32

mexa.sh/images/regicon.png

188.114.96.1

200 OK

20 kB

URL GET
mexa.sh/images/regicon.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced
Size
20 kB (19508 bytes)
Hash
363e2a7e57bf3cb4da7d113445cd676f
15c3bba1a21d1543ee17ccd57a304f1efedca876
012602b63f0fb6df165120eddb63fd137f160b56be0185cbe59aa6731f994779

HTTP Headers

GET /images/regicon.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 19508
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4c34-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 223
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rZjQWkOBvo%2BCP71ANobTwMw2jpyUryUCOGzOWdl4%2BTyeDyIxQf41dTgl3VIYk%2F%2BA5WM3n8x586rDoBxJ9mk2da%2FwTQKWrhENc1sC%2BwwX9AVHOvaEb6VtQ3TJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f557f96a896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=37&recv=22&lost=0&retrans=0&sent_bytes=16042&recv_bytes=5718&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=295&x=1", cfExtPri, cfHdrFlush;dur=63

mexa.sh/images/no211.png

188.114.96.1

200 OK

720 B

URL GET
mexa.sh/images/no211.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
Size
720 B (720 bytes)
Hash
5508fda2890fd7f0368dcb662b600dd8
1bcb3a7bfbb7d9085116d57ff120929628d68440
4412e2285d723b472c86f2bd2ecc0b8009d26eea38d3a906d7bce0e512677726

HTTP Headers

GET /images/no211.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 720
last-modified: Mon, 26 Aug 2019 15:38:33 GMT
etag: "2d0-59106f2ce7040"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 223
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jla8y2IVCjog2p7vT5laHOOsOctFpaORk%2FnoIiFnSgpVMZvVBxLn5X7rQusqIT0Wi94WVSPVOABZlxOgLQiqH9qbP4uWH4eG0fCXiBoKvOEysnMj0SPgz6N5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f557f9ba896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=37&recv=22&lost=0&retrans=0&sent_bytes=16042&recv_bytes=5718&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=296&x=1", cfExtPri, cfHdrFlush;dur=62

waisheph.com/wrr?z=7359319&p_rid=7711c4b2-e6d0-451a-9c0a-386791c2d13f&rb=-q93P-tfFaaPAGYzoOvBSufeLACPhfKq1tThDmRS9A5y8PS9Cfv-Jf4W7bY2nYMldVwPiCZ4nGr9rvREpKA6iRqfMBnFmTS2Nv-IrSJNHnWorkPzojBfoXXjrneGXX_fIjtGsQ7EaTWZ5xEP9fozjND94sTKvXzyxbtkKZEbjGhB9jk5SYjDWT1C6EOq8ojikS7BhFXM--ZaSV98yYjywfGUTm-mOv_Z9JGDVPAGTrUZEgFR1P96GXppOGntSnsF44nUSm9JRd8aIxRSDm7x1w==&dmn=waisheph.com&userId=008194a68abd4538f3f9b1f4bedc0f96

139.45.197.119

204 No Content

0 B

URL OPTIONS
waisheph.com/wrr?z=7359319&p_rid=7711c4b2-e6d0-451a-9c0a-386791c2d13f&rb=-q93P-tfFaaPAGYzoOvBSufeLACPhfKq1tThDmRS9A5y8PS9Cfv-Jf4W7bY2nYMldVwPiCZ4nGr9rvREpKA6iRqfMBnFmTS2Nv-IrSJNHnWorkPzojBfoXXjrneGXX_fIjtGsQ7EaTWZ5xEP9fozjND94sTKvXzyxbtkKZEbjGhB9jk5SYjDWT1C6EOq8ojikS7BhFXM--ZaSV98yYjywfGUTm-mOv_Z9JGDVPAGTrUZEgFR1P96GXppOGntSnsF44nUSm9JRd8aIxRSDm7x1w==&dmn=waisheph.com&userId=008194a68abd4538f3f9b1f4bedc0f96
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintE7:88:EE:CD:93:DB:C5:BE:BA:76:E6:0D:56:EB:32:21:DC:F1:FA:91
ValiditySun, 23 Feb 2025 22:17:56 GMT - Sat, 24 May 2025 22:17:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /wrr?z=7359319&p_rid=7711c4b2-e6d0-451a-9c0a-386791c2d13f&rb=-q93P-tfFaaPAGYzoOvBSufeLACPhfKq1tThDmRS9A5y8PS9Cfv-Jf4W7bY2nYMldVwPiCZ4nGr9rvREpKA6iRqfMBnFmTS2Nv-IrSJNHnWorkPzojBfoXXjrneGXX_fIjtGsQ7EaTWZ5xEP9fozjND94sTKvXzyxbtkKZEbjGhB9jk5SYjDWT1C6EOq8ojikS7BhFXM--ZaSV98yYjywfGUTm-mOv_Z9JGDVPAGTrUZEgFR1P96GXppOGntSnsF44nUSm9JRd8aIxRSDm7x1w==&dmn=waisheph.com&userId=008194a68abd4538f3f9b1f4bedc0f96 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sat, 22 Mar 2025 08:16:32 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

zipmoe.net/goto/mexa.sh/8aogzCjsOg1X.zip

0.0.0.0

0 B

URL User Request GET
zipmoe.net/goto/mexa.sh/8aogzCjsOg1X.zip
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /goto/mexa.sh/8aogzCjsOg1X.zip HTTP/1.1
Host: zipmoe.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

mexa.sh/images/navicon2.png

188.114.96.1

200 OK

16 kB

URL GET
mexa.sh/images/navicon2.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (16374 bytes)
Hash
86665a37cea72cd507ceb7e7282c74f8
f7707000a81a04f217ec9bd93995a0b9fc424037
ee6d96bdbf6cffc4e603a1845255d94861452f9132d400388c10c2b3d6fb3db1

HTTP Headers

GET /images/navicon2.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 16374
last-modified: Tue, 30 May 2017 04:42:33 GMT
etag: "3ff6-550b66e93c040"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 224
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Eqtlk2afHCKzyyC22xy2oPALAi1aOu98toIoDyDvvRC%2Bq4StZYWR9M9hsx%2BpoLukXtzS5QOjMA%2FzoQwKdGhhWDNjQw8PN2e4lO1DP%2B%2Bc49vymaPWqOUT7Up"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f556f8ea896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=36&recv=21&lost=0&retrans=0&sent_bytes=16015&recv_bytes=5425&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=289&x=1", cfExtPri, cfHdrFlush;dur=48

mexa.sh/images/.png

188.114.96.1

404 Not Found

3.3 kB

URL GET
mexa.sh/images/.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text, with very long lines (3445), with no line terminators
Size
3.3 kB (3301 bytes)
Hash
228f5192b74f59575de751407220f163
f13fca15068e241ce63aa7d8c20ea9dcd5b712f0
5110887844bc201982a82d09dc4108e015cbd160f3b6163f81f80f9e9ed23aa8

HTTP Headers

GET /images/.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 22 Mar 2025 08:16:32 GMT
content-type: text/html; charset=utf-8
last-modified: Tue, 17 Dec 2019 16:49:23 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X17ml7ka54SUey4M1T%2BmFEJtLjJn%2BMt1hV5YaAfHq2u1RMvoLpM9Qhb6fCJubALWvsQOs36FGqWASUpxzIR6LBXdCvua%2BL1ju7nvOvapRsaa114GWi0SAlLA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f5788bea896-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19351&min_rtt=16849&rtt_var=2250&sent=486&recv=42&lost=0&retrans=0&sent_bytes=529749&recv_bytes=8411&delivery_rate=4607075&cwnd=307200&unsent_bytes=0&cid=2a11d256f70861cd&ts=738&x=1", cfExtPri, cfHdrFlush;dur=0

mexa.sh/images/navbara.png

188.114.96.1

200 OK

22 kB

URL GET
mexa.sh/images/navbara.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced
Size
22 kB (22290 bytes)
Hash
e7c056eea6e071b1f5309d5db50c057a
833e979751da5fffe28b8761b322d16481a24c2e
34785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9

HTTP Headers

GET /images/navbara.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:32 GMT
content-type: image/png
content-length: 22290
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5712-550b66eb244c0"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 222
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jWutMqURPt1QxMgcQwReCk19q92oQrO9LzvkcKF3AjGbo9yuYAzFyLfSZSLHEyPk%2BVPGMb2cPue4E865BEaAy71BK2jv00K71zT4B%2BfjZYP%2FSIbbZ6Y%2FrE5a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f58b9a0a896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19051&min_rtt=16849&rtt_var=2288&sent=490&recv=45&lost=0&retrans=0&sent_bytes=531364&recv_bytes=9046&delivery_rate=68978&cwnd=307200&unsent_bytes=0&cid=2a11d256f70861cd&ts=815&x=1", cfExtPri, cfHdrFlush;dur=0

mexa.sh/images/download1.png

188.114.96.1

200 OK

24 kB

URL GET
mexa.sh/images/download1.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced
Size
24 kB (23553 bytes)
Hash
26b1df6a0077b0e57862d48f78ca6f62
c1333ea62ff83bc3ad7e5e79085a4e2054684106
118653ed567e17878bbc0f821c1858d8f2ea9a65a84a2e3dd8177d5393052b86

HTTP Headers

GET /images/download1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 23553
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5c01-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 223
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yU5xxZhwh%2ByKYJ%2F5%2FshVcO4auEd4dgwHce4iYKxf63tFA%2BqMG3pIFvwuJqiq%2BohrpV9B1JETc%2FnScmSGQnMpT8hsiNteRCbyfnHiJmd7jLKvaLWjncCHKdQP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f557f98a896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=37&recv=22&lost=0&retrans=0&sent_bytes=16042&recv_bytes=5718&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=296&x=1", cfExtPri, cfHdrFlush;dur=62

mexa.sh/js/paging.js

188.114.96.1

200 OK

1.7 kB

URL GET
mexa.sh/js/paging.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text, with very long lines (1778), with no line terminators
Size
1.7 kB (1709 bytes)
Hash
cc6cc190d0f5515a00ac307c26fe033a
b7028b457c314b3a61b4130bb98fc8f2cf3e769e
030ef0e5188e0cff37c54520d654e321e69a6d88ec6379d1817e546db88b58ea

HTTP Headers

GET /js/paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"6ad-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
age: 224
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IM9TcLl%2BvheUEtku25Cq1M%2BpUzea6gKrhicIfIwsns6bpt7K4vI3P8rvCOUtJDyx6b3dsa6lMiRBw1NAPRiqmG8gN7yM8qVTf6K6e7o8AMOFcmDgdsQtSgSk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f555f88a896-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=28&recv=15&lost=0&retrans=0&sent_bytes=13795&recv_bytes=3667&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=283&x=1", cfExtPri, cfHdrFlush;dur=34

mexa.sh/images/navicon3.png

188.114.96.1

200 OK

16 kB

URL GET
mexa.sh/images/navicon3.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (15889 bytes)
Hash
715335986af196b81f68fa792f5a7f53
b6b2f12993db399f86883315310869dccbd75ec5
aed030aceb42be1e4b98b63eaac7064b3cd6a08fa4806d967be6bd47c449b76f

HTTP Headers

GET /images/navicon3.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 15889
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "3e11-550b66eb244c0"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 223
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SfO60C10Ip5uII2IZqqiTubvbj3tjUVJumdjHwcHJjsEWA%2BpDabBpHeFn363Z78Zr7o6oPU%2FOKVBKN8uDzIEyRXCo1BBDWwTe6QtOLOXNqChzFif3v8vOz9A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f556f90a896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=36&recv=21&lost=0&retrans=0&sent_bytes=16015&recv_bytes=5425&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=289&x=1", cfExtPri, cfHdrFlush;dur=48

mexa.sh/images/navicon6.png

188.114.96.1

200 OK

1.2 kB

URL GET
mexa.sh/images/navicon6.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
1.2 kB (1175 bytes)
Hash
91f3dc42cd20fcc67b1f9e4d026ae636
4eb701d8acffe7471ca14183d83fdc8e5d57bec5
a9a1670e3a3b68ddead344606fe60843fc01d9cb439094ad9f813a5b6f072659

HTTP Headers

GET /images/navicon6.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 1175
last-modified: Fri, 11 Jun 2021 12:43:51 GMT
etag: "497-5c47cdc166fc0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 223
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tUaT9ddJpiSIN2dHFoRf%2BVyrkxO4f%2B23FxPS3%2BXPBpGcv7M5EG5Vkw6ceIxaOaomDMWuXFqmA5w16s1Fix2PnURF4FKN1BYV5%2FxD6UAZjVhLFESb0fsVAobW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f556f91a896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=37&recv=22&lost=0&retrans=0&sent_bytes=16042&recv_bytes=5718&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=291&x=1", cfExtPri, cfHdrFlush;dur=67

mexa.sh/js/jquery.cookie.js

188.114.96.1

200 OK

3.1 kB

URL GET
mexa.sh/js/jquery.cookie.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
JavaScript source, ASCII text, with very long lines (3441), with no line terminators
Size
3.1 kB (3121 bytes)
Hash
7e208f9bc7ca201678c76d96e899349c
afa52ce81c7656bf1a8605bd2cbd38c2be00cd9b
0f0e74eaa31ad2d6c07d9ceb16efefc78aae0f45328759eb163800d261e53d29

HTTP Headers

GET /js/jquery.cookie.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"c31-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 224
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q2ylYtajoQiFbAzmc4xLSzeQ9VFBlyWsaHBjpvesIm8rY7LTAV493ijyBG0LXhNP5SYJYnR7LlVvJb%2FgPQ78U3BVTCe6IrxbFNac5Dyh5HiUyEsXz7lgxRIu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f555f86a896-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=28&recv=15&lost=0&retrans=0&sent_bytes=13795&recv_bytes=3667&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=283&x=1", cfExtPri, cfHdrFlush;dur=0

www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e53j1za200&tag_exp=102482433~102788824~102803279~102813109

142.250.74.136

200 OK

364 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e53j1za200&tag_exp=102482433~102788824~102803279~102813109
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint16:BA:A3:B5:22:51:BB:87:46:7F:17:3F:9D:14:B3:35:F0:FE:B1:8D
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT

File type
JavaScript source, ASCII text, with very long lines (6055)
Size
364 kB (364332 bytes)
Hash
dd4de85b226acba4170e286c239ae1ca
bc42486579571bd6c6879486f3b035dc1bdebc2b
d05b99477d0d7345d835f9a0fc38251c2b86e0e708b3cbc0f78349e09cc6b041

HTTP Headers

GET /gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e53j1za200&tag_exp=102482433~102788824~102803279~102813109 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 22 Mar 2025 08:16:32 GMT
expires: Sat, 22 Mar 2025 08:16:32 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 121307
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

139.45.197.119

200 OK

2 B

URL POST
waisheph.com/wrr?z=7359319&p_rid=7711c4b2-e6d0-451a-9c0a-386791c2d13f&rb=-q93P-tfFaaPAGYzoOvBSufeLACPhfKq1tThDmRS9A5y8PS9Cfv-Jf4W7bY2nYMldVwPiCZ4nGr9rvREpKA6iRqfMBnFmTS2Nv-IrSJNHnWorkPzojBfoXXjrneGXX_fIjtGsQ7EaTWZ5xEP9fozjND94sTKvXzyxbtkKZEbjGhB9jk5SYjDWT1C6EOq8ojikS7BhFXM--ZaSV98yYjywfGUTm-mOv_Z9JGDVPAGTrUZEgFR1P96GXppOGntSnsF44nUSm9JRd8aIxRSDm7x1w==&dmn=waisheph.com&userId=008194a68abd4538f3f9b1f4bedc0f96
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintE7:88:EE:CD:93:DB:C5:BE:BA:76:E6:0D:56:EB:32:21:DC:F1:FA:91
ValiditySun, 23 Feb 2025 22:17:56 GMT - Sat, 24 May 2025 22:17:55 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /wrr?z=7359319&p_rid=7711c4b2-e6d0-451a-9c0a-386791c2d13f&rb=-q93P-tfFaaPAGYzoOvBSufeLACPhfKq1tThDmRS9A5y8PS9Cfv-Jf4W7bY2nYMldVwPiCZ4nGr9rvREpKA6iRqfMBnFmTS2Nv-IrSJNHnWorkPzojBfoXXjrneGXX_fIjtGsQ7EaTWZ5xEP9fozjND94sTKvXzyxbtkKZEbjGhB9jk5SYjDWT1C6EOq8ojikS7BhFXM--ZaSV98yYjywfGUTm-mOv_Z9JGDVPAGTrUZEgFR1P96GXppOGntSnsF44nUSm9JRd8aIxRSDm7x1w==&dmn=waisheph.com&userId=008194a68abd4538f3f9b1f4bedc0f96 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
content-type: application/json
Content-Length: 2532
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 22 Mar 2025 08:16:32 GMT
content-type: text/plain
content-length: 2
x-trace-id: 466a90ffd06798f2a3ed1126a3d3bf34
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008194a68abd4538f3f9b1f4bedc0f96; expires=Sun, 22 Mar 2026 08:16:32 GMT; path=/; secure; SameSite=None
oaidts=1742631392; expires=Sun, 22 Mar 2026 08:16:32 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 29 Mar 2025 08:16:32 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

mexa.sh/6d3b60d4uvd3

188.114.96.1

200 OK

14 kB

URL User Request GET
mexa.sh/6d3b60d4uvd3
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
HTML document, ASCII text, with very long lines (10924), with CRLF line terminators
Size
14 kB (14112 bytes)
Hash
17fa2c644ef2b1dd6f83378f11e1183d
9c3f5ab77b46ab46cb8a83826b2a3d606ec38a37
aafdde02ddb1bc5b791329bee70e87472a6d8c43228fb05a378f4d84516f52cd

HTTP Headers

GET /6d3b60d4uvd3 HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: text/html ; charset=UTF-8
expires: Fri, 21 Mar 2025 08:16:31 GMT
set-cookie: lang=english; domain=mexa.sh; path=/
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fm86rbh0l6PhYP5iJ7txbBj5OIaEOX55y9VC5VfiIP1ogc8k2hPvJc7bLKNBJN8yCGxdrEGeqjs70jC9VgVOfzddVpYnO4uOR1deY68WdBNiSB4Oqrlyztgb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92443f526e2bd7a1-AMS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20217&min_rtt=19677&rtt_var=4174&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3263&recv_bytes=1248&delivery_rate=220005&cwnd=60&unsent_bytes=0&cid=e774a47807015984&ts=213&x=0"
X-Firefox-Spdy: h2

mexa.sh/css_newTheme/main.css

188.114.96.1

200 OK

35 kB

URL GET
mexa.sh/css_newTheme/main.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
assembler source, ASCII text, with very long lines (1426)
Size
35 kB (35326 bytes)
Hash
2f075bd8c1fed47ee1ebcaea76c5f036
66e03118be7fa1415deebd13efa08362224f1ed9
eb10cdca88afebbb0b6af470c50a76cbabfc864193b0c535d93dcea81321c49e

HTTP Headers

GET /css_newTheme/main.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: text/css
last-modified: Sun, 13 Jan 2019 07:31:45 GMT
etag: W/"89fe-57f51eb945a40"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6281
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CPH%2BlVHlZbeubycGnWW2cYB3ssxJ8cR4qov9zvgSyJDygv7bcPwKBzqY%2F%2Ff1By%2F8oplDmSyH4ek%2Bc7exZI2YWW2eiiE5IGh3GccakTmRfYiqdi20BCxn6J1x"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f555f83a896-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=30&recv=15&lost=0&retrans=0&sent_bytes=15857&recv_bytes=3667&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=283&x=1", cfExtPri, cfHdrFlush;dur=16

waisheph.com/5/7359319

139.45.197.119

200 OK

107 kB

URL GET
waisheph.com/5/7359319
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintE7:88:EE:CD:93:DB:C5:BE:BA:76:E6:0D:56:EB:32:21:DC:F1:FA:91
ValiditySun, 23 Feb 2025 22:17:56 GMT - Sat, 24 May 2025 22:17:55 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
107 kB (107444 bytes)
Hash
49908f6bb3c0d29963ce4398c40fb0d4
9012b58dea5d4d6b84cfc94cf119190bd6c9f92d
374740437f53ecf1fe8de84b9044ff0c1f9bcd1c61ee6d421a945e40a5d63970

HTTP Headers

GET /5/7359319 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: application/javascript
x-trace-id: 7f4a0ea133994aeb5facc41f39ebff9b
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008194a68abd4538f3f9b1f4bedc0f96; expires=Sun, 22 Mar 2026 08:16:31 GMT; path=/; secure; SameSite=None
oaidts=1742631391; expires=Sun, 22 Mar 2026 08:16:31 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

mexa.sh/images/navbar.png

188.114.96.1

200 OK

22 kB

URL GET
mexa.sh/images/navbar.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced
Size
22 kB (22290 bytes)
Hash
e7c056eea6e071b1f5309d5db50c057a
833e979751da5fffe28b8761b322d16481a24c2e
34785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9

HTTP Headers

GET /images/navbar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 22290
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "5712-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 223
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=flTq3TY9HjGzRyhvqGPf1C3%2FmS7j8I1nPsQbMYBqeBkjkJHa9NVpA9XkXvsCigbt8qboSfjGo1xxLHgkF4L%2FwP%2BBr8PTzoo2bJS%2B88qCbyVI0kyq93QGuQb6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f5788bfa896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20779&min_rtt=16849&rtt_var=4339&sent=257&recv=34&lost=0&retrans=0&sent_bytes=262125&recv_bytes=7526&delivery_rate=2929649&cwnd=182400&unsent_bytes=0&cid=2a11d256f70861cd&ts=626&x=1", cfExtPri, cfHdrFlush;dur=0

mexa.sh/images/premchar.png

188.114.96.1

200 OK

70 kB

URL GET
mexa.sh/images/premchar.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 120 x 142, 16-bit/color RGBA, non-interlaced
Size
70 kB (69808 bytes)
Hash
e3a6c4b647e9c8b789b17a98fb6d75f8
c7428a76951933962ef1d7400b37ba9ef91d6afd
0b96b573944cb4d34a5ee132b09eb322845c82a7ef1a3db0931927c336735d69

HTTP Headers

GET /images/premchar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 69808
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "110b0-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 223
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dVT5mBrj%2BAnKz6O5wyVcVZV8pt9sAgmKSpZYqnlsL9ge49WH6WN1CS8RSUhEebYq0OgzNRmPXDJWUaMHy2Tjyi2mfbAk2K2GMhHpZOI5BLEk2GmUF6AMTprT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f5788c5a896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20779&min_rtt=16849&rtt_var=4339&sent=363&recv=36&lost=0&retrans=0&sent_bytes=386019&recv_bytes=8136&delivery_rate=2929649&cwnd=182400&unsent_bytes=0&cid=2a11d256f70861cd&ts=632&x=1", cfExtPri, cfHdrFlush;dur=0

mexa.sh/images/premium_download.png

188.114.96.1

200 OK

36 kB

URL GET
mexa.sh/images/premium_download.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced
Size
36 kB (35695 bytes)
Hash
75737b3b7b2586619b43ab184c2f95bf
89878f4f4aafb8637e9e9c50eedbba12e1cb74eb
e05df009685a645cba141b9e0d534c8abd9b23ec997e0894e585702c73e04a5f

HTTP Headers

GET /images/premium_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 35695
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "8b6f-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 223
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vic0dRjHWbWxFCh2m2JbtPtGdPt7WZzf%2Fq8xL3BLz0OSoiUpR0yNzURJQUBZwM3BwFFTKoCA7u6x1m1sTxrxAqEq0G2c4Xi6NHzobXqWS9DNtZk8fBdbqkkU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f5798cba896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20779&min_rtt=16849&rtt_var=4339&sent=412&recv=36&lost=0&retrans=0&sent_bytes=444579&recv_bytes=8136&delivery_rate=2929649&cwnd=182400&unsent_bytes=0&cid=2a11d256f70861cd&ts=637&x=1", cfExtPri, cfHdrFlush;dur=7

mexa.sh/images/navicon1.png

188.114.96.1

200 OK

18 kB

URL GET
mexa.sh/images/navicon1.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Size
18 kB (18288 bytes)
Hash
ae9204e9914f4e3c5b146c488d5a1811
fe60b0cf1bbb856f93fca9183404d698e873f33e
f570af26ff118159a429ef1f0add1fa3431fe4ab22e15e80da0407e5bbac2125

HTTP Headers

GET /images/navicon1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 18288
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4770-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6281
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZoLDlTjE%2FS%2F0SgUhINF1HUIraAiFc0SkBAKltqIrLvKsk4GS1LU27UKMLqsuWQCDwl1urOd15kShSViLKoSY4%2BlF%2F8j3mjO4SiJz7JvOlnzQwlqSjnQ2V7eB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f556f8ca896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=34&recv=19&lost=0&retrans=0&sent_bytes=15962&recv_bytes=4840&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=288&x=1", cfExtPri, cfHdrFlush;dur=49

mexa.sh/images/navicon5.png

188.114.96.1

200 OK

16 kB

URL GET
mexa.sh/images/navicon5.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
16 kB (15551 bytes)
Hash
002d70c5e45c4d81587ca7d82dca6577
d830a98de6a02ca22933b9f24cadf848499419d3
de5ce08ee842e8f12bfcc0c14dde4bb1e3c2fb695d32a36122b859c7f42b39d3

HTTP Headers

GET /images/navicon5.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 15551
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3cbf-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 223
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cyxOz7tBtBmS4CVLe%2FD6pkedFXAP3vO%2FKr8u%2FJtWu4RgsDHLrJwbMfXYnVyV%2BwRcoFg14l9UuS3agZyWeP5ymaKwNAL5VRtlMY33AAmdIvHYlppKEhhVCwec"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f556f93a896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=37&recv=22&lost=0&retrans=0&sent_bytes=16042&recv_bytes=5718&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=293&x=1", cfExtPri, cfHdrFlush;dur=65

www.googletagmanager.com/gtag/js?id=UA-79936000-1

142.250.74.136

200 OK

257 kB

URL GET
www.googletagmanager.com/gtag/js?id=UA-79936000-1
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint16:BA:A3:B5:22:51:BB:87:46:7F:17:3F:9D:14:B3:35:F0:FE:B1:8D
ValidityMon, 10 Mar 2025 08:35:59 GMT - Mon, 02 Jun 2025 08:35:58 GMT

File type
JavaScript source, ASCII text, with very long lines (5343)
Size
257 kB (256722 bytes)
Hash
4515cef423933ff3814a07b9d016a2c1
85a94dc0fdd7be5d8b10ae49f89bf0fc95bd26db
907575f32a8fa1c945e63ddd73edab05f0adb1e746c2ed00a19bb03e5af916b9

HTTP Headers

GET /gtag/js?id=UA-79936000-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 22 Mar 2025 08:16:31 GMT
expires: Sat, 22 Mar 2025 08:16:31 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 90954
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mexa.sh/images/userin.png

188.114.96.1

200 OK

18 kB

URL GET
mexa.sh/images/userin.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced
Size
18 kB (18182 bytes)
Hash
f7354ba97c4568ef41c764f1d5641336
78041d1b15b6af69d015b1dff67bb9d2501fe325
71657baf0148a08ee00ee4b43ab8106c192c670b34f853817a64dcff40fe1eba

HTTP Headers

GET /images/userin.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 18182
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4706-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 223
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5d0nay5GRAnRG%2F2gRWVd2iA836pdgUOrlRPrSaBMCgIs1VhlI2xnPPy4u4kc4iWx5s7LUzcSjOyEFW709VSvKCQ4vL9%2B%2B2w%2BwpgrLf7q1JnDrhLpdzDnRWeR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f556f95a896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=37&recv=22&lost=0&retrans=0&sent_bytes=16042&recv_bytes=5718&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=293&x=1", cfExtPri, cfHdrFlush;dur=65

mexa.sh/images/free_download.png

188.114.96.1

200 OK

32 kB

URL GET
mexa.sh/images/free_download.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced
Size
32 kB (32532 bytes)
Hash
46a5fd5732a87850dd58f70c8c870430
9ae7b42ff28fd2129aa5e67057f9d4d198a717eb
9d83ca5cc56ca22555b7760e69827e4cb916ededbedf291e5d877f6e01219487

HTTP Headers

GET /images/free_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 32532
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "7f14-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 223
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DHkEe6CP0bA7lWf11RNt8%2F0i1S6%2Fkn3sbcl1tCC8D3v6fCg3aGsf22wA2%2B%2F0L1ZKNyq8wJoXLkK%2BELt%2Bv%2BBapFuHPNZiXEMX9xfgAUihyE8v5zH8I8GNLUzV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f5798c8a896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20779&min_rtt=16849&rtt_var=4339&sent=412&recv=36&lost=0&retrans=0&sent_bytes=444579&recv_bytes=8136&delivery_rate=2929649&cwnd=182400&unsent_bytes=0&cid=2a11d256f70861cd&ts=635&x=1", cfExtPri, cfHdrFlush;dur=9

mexa.sh/favicon.ico

188.114.96.1

200 OK

1.2 kB

URL GET
mexa.sh/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
bc24c1ae606017debf25de8f71872714
2b2d2a100c917d4ebf2d4f54b5b563d4063995ac
51239bef9ede90c01a8c59b58c176962b0251e1d762d0ca6641cfc05ffd22237

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:32 GMT
content-type: image/vnd.microsoft.icon
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"47e-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: REVALIDATED
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jEBYiqJmghfAoJRAggBW6TrONccmx01PAiFppT%2Bu6AQOfPGbofZBjW5vofpxa0P%2FI7yV2ax6a%2Flll1gXUtE%2BfBB2ZmBUFJvllh4lJn7VA4wRkDNAYul4zuI8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f58a993a896-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18826&min_rtt=16849&rtt_var=2166&sent=511&recv=46&lost=0&retrans=0&sent_bytes=554942&recv_bytes=9092&delivery_rate=798166&cwnd=307200&unsent_bytes=0&cid=2a11d256f70861cd&ts=975&x=1", cfExtPri, cfHdrFlush;dur=0

mexa.sh/css_newTheme/style.css

188.114.96.1

200 OK

40 kB

URL GET
mexa.sh/css_newTheme/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
ASCII text
Size
40 kB (39810 bytes)
Hash
3c6420826cc1647abda78120299c0eb6
bf10714579e64ee828627f828695fe093c5b810f
3688ad50ef9e8944e982c4e017363d2454b84814b3a289af6dc9a341988180e7

HTTP Headers

GET /css_newTheme/style.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: text/css
last-modified: Wed, 09 Aug 2017 05:59:44 GMT
etag: W/"9b82-5564bc956d400"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 224
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CHgGbezVX6RyUOiJep9l9WHHid97%2FHskbJH4oBHbTTlk7Fut8PVotBiPWvfF5ToGTsLSAiKualGGw8EW2IrYxElex3ruqdXHxVOTPSlGiyn%2F1YD8WO%2BOVqTI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f555f82a896-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=19&recv=14&lost=0&retrans=0&sent_bytes=4243&recv_bytes=3373&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=282&x=1", cfExtPri, cfHdrFlush;dur=0

mexa.sh/js/jquery-1.9.1.min.js

188.114.96.1

200 OK

93 kB

URL GET
mexa.sh/js/jquery-1.9.1.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
JavaScript source, ASCII text, with very long lines (32089)
Size
93 kB (92629 bytes)
Hash
397754ba49e9e0cf4e7c190da78dda05
ae49e56999d82802727455f0ba83b63acd90a22b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

HTTP Headers

GET /js/jquery-1.9.1.min.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"169d5-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 224
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wq9UojuizxVn4tbxenLNThsyON7EWjbQ7I4EUoOSC7RfadCatFtqVId4fe8jSrNwvuIJl3NLxae0jjbg3kjATYrJwzxZYPp0G7SlfUc%2FwXgTYV4S29g4btSl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f555f84a896-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=30&recv=15&lost=0&retrans=0&sent_bytes=15857&recv_bytes=3667&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=283&x=1", cfExtPri, cfHdrFlush;dur=17

mexa.sh/images/flags.png

188.114.96.1

200 OK

30 kB

URL GET
mexa.sh/images/flags.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 1248 x 11, 8-bit/color RGBA, non-interlaced
Size
30 kB (29723 bytes)
Hash
df0a3afc77d0c08cdea27ac3a7b9620c
8248d5c5e5eddeaa75a5a0b5490b58e0e61b6900
a38e9ae7d0318307be9b3c7aaccaf64e484d775fe9a507f850b9e4bfa314cf03

HTTP Headers

GET /images/flags.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/style.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 29723
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "741b-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 223
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uiA%2Fk8GmEPNXgxTWX9Cy7p4IvhlABD710zyH4op6uy9HKGx3IEuAwC1NXLU1LqeElCWy%2FdjLojEO1tdh2jBmTZcXVPwgKWvzfcHVcO1zxZx%2BgNJSzM1%2BJsqV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f5788c0a896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20779&min_rtt=16849&rtt_var=4339&sent=279&recv=36&lost=0&retrans=0&sent_bytes=285731&recv_bytes=8136&delivery_rate=2929649&cwnd=182400&unsent_bytes=0&cid=2a11d256f70861cd&ts=628&x=1", cfExtPri, cfHdrFlush;dur=0

mexa.sh/js/jquery.paging.js

188.114.96.1

200 OK

19 kB

URL GET
mexa.sh/js/jquery.paging.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
JavaScript source, ASCII text
Size
19 kB (19365 bytes)
Hash
d7a2c1c7af2a004a6d68e1e55b1cfb46
7fd6daa7076c30381880519ad06ef5639b19ee28
c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6

HTTP Headers

GET /js/jquery.paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"4ba5-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 224
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4EGOT8Y4W6zkBv1Bd8gr%2Fqj%2FJP16UeJpwCFEdf9qmHUXACk8Rw0DaKYBk4GO3Zn5%2BM0uj7uvYUpONA4i2wsJllBBuiZeYcoMrBvdGbk%2FLAKYnKJztXQ%2BlAdn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f555f85a896-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=31&recv=16&lost=0&retrans=0&sent_bytes=15884&recv_bytes=3961&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=284&x=1", cfExtPri, cfHdrFlush;dur=33

mexa.sh/images/yep_d.png

188.114.96.1

200 OK

15 kB

URL GET
mexa.sh/images/yep_d.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mexa.sh/6d3b60d4uvd3
Certificate
IssuerGoogle Trust Services
Subjectmexa.sh
Fingerprint12:DD:C9:07:B0:0E:09:D5:D6:A1:89:A9:52:7A:8D:51:C2:58:DF:B0
ValiditySat, 15 Mar 2025 05:28:49 GMT - Fri, 13 Jun 2025 06:26:04 GMT

File type
PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
Size
15 kB (15222 bytes)
Hash
662d1738accf3ec5f5c95a0e4896b232
8b1907196139b8819ffd1a77b3b71d3872ca848f
2c3e1756a8ea4bb4fca505be1a11e169adf01017e5fecd3602f3895f1b4450c3

HTTP Headers

GET /images/yep_d.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/6d3b60d4uvd3
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 22 Mar 2025 08:16:31 GMT
content-type: image/png
content-length: 15222
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3b76-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 223
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gft84R%2FTc2zKahizF85qKADGysG%2FT48f0ByJdoCYvT8hQLDWsd8%2F2dlzKURJYu9%2BRT42JUD22J76kGYFGSjT0VeOdyKsEddCNuergV0tnoFCdTMzxKos2d0r"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92443f557f9da896-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19199&min_rtt=16849&rtt_var=7997&sent=37&recv=22&lost=0&retrans=0&sent_bytes=16042&recv_bytes=5718&delivery_rate=35252&cwnd=12000&unsent_bytes=0&cid=2a11d256f70861cd&ts=299&x=1", cfExtPri, cfHdrFlush;dur=59

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML