GET mexa.sh/images/navicon1.png
200 OK 18 kB URL
mexa.sh/images/navicon1.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 101
Size 18 kB (18288 bytes)
MD5 ae9204e9914f4e3c5b146c488d5a1811
SHA1 fe60b0cf1bbb856f93fca9183404d698e873f33e
SHA256 f570af26ff118159a429ef1f0add1fa3431fe4ab22e15e80da0407e5bbac2125
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/navicon1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 18288
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4770-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 547
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xnF7IIxX%2FA%2BpG9YK3xt54GWcBYpSVFqe6j6F%2FIvjnzJnVqnLwW8qZ%2BgYa%2F0gmn2ZZg3UYLtizBUFGn5VO2ML2t8LkGgxv%2B1%2FpFsO9f5UZxcZW0%2FyYByb0Kvx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c74ca556ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7086&min_rtt=1697&rtt_var=5252&sent=63&recv=23&lost=0&retrans=0&sent_bytes=57526&recv_bytes=5930&delivery_rate=7564000&cwnd=48000&unsent_bytes=0&cid=99d41842fc6daae7&ts=341&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/images/navicon6.png
200 OK 1.2 kB URL
mexa.sh/images/navicon6.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 102
Size 1.2 kB (1175 bytes)
MD5 91f3dc42cd20fcc67b1f9e4d026ae636
SHA1 4eb701d8acffe7471ca14183d83fdc8e5d57bec5
SHA256 a9a1670e3a3b68ddead344606fe60843fc01d9cb439094ad9f813a5b6f072659
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/navicon6.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 1175
last-modified: Fri, 11 Jun 2021 12:43:51 GMT
etag: "497-5c47cdc166fc0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 547
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NkLWKbdXINIP3Xw5Euq8DM55ldwzay4nkpYy%2F63r4j9XpLnvUfp4WSHkOpsgkmNBggKcLBBpQf7gIUghLwyURmMomdaI5ReRqGJpNMIBk%2Bo4Rmh6QOiSikuQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c74cad56ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7086&min_rtt=1697&rtt_var=5252&sent=73&recv=23&lost=0&retrans=0&sent_bytes=69526&recv_bytes=5930&delivery_rate=7564000&cwnd=48000&unsent_bytes=0&cid=99d41842fc6daae7&ts=342&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/images/navicon2.png
200 OK 16 kB URL
mexa.sh/images/navicon2.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 102
Size 16 kB (16374 bytes)
MD5 86665a37cea72cd507ceb7e7282c74f8
SHA1 f7707000a81a04f217ec9bd93995a0b9fc424037
SHA256 ee6d96bdbf6cffc4e603a1845255d94861452f9132d400388c10c2b3d6fb3db1
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/navicon2.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 16374
last-modified: Tue, 30 May 2017 04:42:33 GMT
etag: "3ff6-550b66e93c040"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6217
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uATh8bV6jG9jNkT5SZvcd1Ve7f2sLCFm6z%2FDO4dmX0INfowTvQ16BbFKwrkg9ddW4wAMCwKZqf1UiHzjRtgSCnro4i8w8zi2NX%2BslOXO0Mr4oVzJlcHpav%2Ft"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c74ca656ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6476&min_rtt=1697&rtt_var=5158&sent=82&recv=24&lost=0&retrans=0&sent_bytes=78883&recv_bytes=5974&delivery_rate=6332516&cwnd=48000&unsent_bytes=0&cid=99d41842fc6daae7&ts=343&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/images/navicon5.png
200 OK 16 kB URL
mexa.sh/images/navicon5.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 102
Size 16 kB (15551 bytes)
MD5 002d70c5e45c4d81587ca7d82dca6577
SHA1 d830a98de6a02ca22933b9f24cadf848499419d3
SHA256 de5ce08ee842e8f12bfcc0c14dde4bb1e3c2fb695d32a36122b859c7f42b39d3
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/navicon5.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 15551
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3cbf-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 547
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rl4wcWlyrKmQjCFjx2mDpXkiw10kDKNiQ1yoYrYPPu9oCOi3rvlhiy%2BsWZClP4oGAKzvbHC5sny3XPvBanjF0RI%2FNWWlcYYT7nH9Jp88ykSnvRJW0D%2FcrCtp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c74cb056ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6476&min_rtt=1697&rtt_var=5158&sent=102&recv=24&lost=0&retrans=0&sent_bytes=102125&recv_bytes=5974&delivery_rate=6332516&cwnd=48000&unsent_bytes=0&cid=99d41842fc6daae7&ts=344&x=1", cfExtPri, cfHdrFlush;dur=2
GET mexa.sh/images/userin.png
200 OK 18 kB URL
mexa.sh/images/userin.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 102
Size 18 kB (18182 bytes)
MD5 f7354ba97c4568ef41c764f1d5641336
SHA1 78041d1b15b6af69d015b1dff67bb9d2501fe325
SHA256 71657baf0148a08ee00ee4b43ab8106c192c670b34f853817a64dcff40fe1eba
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/userin.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 18182
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4706-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 547
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fM9K1l8xWxqmiT9qpOJ9btVC%2FXLg8qH7nzqOPHWp30PuCTqoUDUl%2B6ontiJ%2BX%2F5tOqxINj7FUodD2NpLoDATvZ3DvdmQr1X2Ufyk%2FU2D66%2FXZbmrx40AZITf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c74cb456ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6476&min_rtt=1697&rtt_var=5158&sent=102&recv=24&lost=0&retrans=0&sent_bytes=102125&recv_bytes=5974&delivery_rate=6332516&cwnd=48000&unsent_bytes=0&cid=99d41842fc6daae7&ts=345&x=1", cfExtPri, cfHdrFlush;dur=1
GET mexa.sh/images/logo1_1x.png
200 OK 38 kB URL
mexa.sh/images/logo1_1x.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 300 x 70, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 102
Size 38 kB (38035 bytes)
MD5 037f1c3e351f635f706eda54b812c40a
SHA1 8aa7dd796e3b41fdf3f523edf6a24995fc6ca8fa
SHA256 30ef46dd068df61a603fa7a022c1aecd1a841c58d98fd1ceceea80ba342e8408
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/logo1_1x.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 38035
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "9493-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 547
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8fhyf0oUBO9qGzWJvfNbMjnETxDl16bq3VTLrrwIdyO77EIWUng%2BOUMAS4xJ0A1N34pcoAbSdlil6Bh8Y8%2FQYoFDNtMWQmQW%2FwmwiMI7GWWOuTCJLS2hqSYv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c74ca456ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5913&min_rtt=1697&rtt_var=4995&sent=122&recv=25&lost=0&retrans=0&sent_bytes=125400&recv_bytes=6020&delivery_rate=17537523&cwnd=72000&unsent_bytes=0&cid=99d41842fc6daae7&ts=346&x=1", cfExtPri, cfHdrFlush;dur=2
GET mexa.sh/images/navicon3.png
200 OK 16 kB URL
mexa.sh/images/navicon3.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 102
Size 16 kB (15889 bytes)
MD5 715335986af196b81f68fa792f5a7f53
SHA1 b6b2f12993db399f86883315310869dccbd75ec5
SHA256 aed030aceb42be1e4b98b63eaac7064b3cd6a08fa4806d967be6bd47c449b76f
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/navicon3.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 15889
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "3e11-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 547
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8AETYLK5l2mYaHQTnztYdjF8zN8a7o7rVEHqdmp6wL8nB32Rfwykhe53oqKFATfyocp2gDLzmnfw8kLz8efS5VMaaA1LBujutPNN6kkTZCI598hdie8O1S88"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c74ca856ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6476&min_rtt=1697&rtt_var=5158&sent=92&recv=24&lost=0&retrans=0&sent_bytes=90883&recv_bytes=5974&delivery_rate=6332516&cwnd=48000&unsent_bytes=0&cid=99d41842fc6daae7&ts=344&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/images/download1.png
200 OK 24 kB URL
mexa.sh/images/download1.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 75 x 75, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 97
Size 24 kB (23553 bytes)
MD5 26b1df6a0077b0e57862d48f78ca6f62
SHA1 c1333ea62ff83bc3ad7e5e79085a4e2054684106
SHA256 118653ed567e17878bbc0f821c1858d8f2ea9a65a84a2e3dd8177d5393052b86
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/download1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 23553
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5c01-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1724
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d9%2B23WkCXY4SW%2BCgVjCKR3aore3P830YHIRux%2BgQ3jVFO7QIafqwN2arPqf0ru4j5HoggVKNfhlYb9gFg9dmttyhYtH5q5b5sz%2FYmd2DLqmlVDBTz3hNI2Y1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c74cb856ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6476&min_rtt=1697&rtt_var=5158&sent=97&recv=24&lost=0&retrans=0&sent_bytes=96348&recv_bytes=5974&delivery_rate=6332516&cwnd=48000&unsent_bytes=0&cid=99d41842fc6daae7&ts=344&x=1", cfExtPri, cfHdrFlush;dur=2
GET mexa.sh/images/no211.png
200 OK 720 B URL
mexa.sh/images/no211.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 97
Size 720 B (720 bytes)
MD5 5508fda2890fd7f0368dcb662b600dd8
SHA1 1bcb3a7bfbb7d9085116d57ff120929628d68440
SHA256 4412e2285d723b472c86f2bd2ecc0b8009d26eea38d3a906d7bce0e512677726
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/no211.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 720
last-modified: Mon, 26 Aug 2019 15:38:33 GMT
etag: "2d0-59106f2ce7040"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1724
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K3TEYXdmlYBIqXEZC3VBVot9TiAMlzER1bMQ2sjsd7IOLOidOfR%2FasWzXAdF6tN8Zu950BvI%2B8MwvAhv74UQnUfaDEaNbF52X3wDGORNyxqTMo0burS5z3Ga"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c75cc656ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5560&min_rtt=1697&rtt_var=4452&sent=186&recv=26&lost=0&retrans=0&sent_bytes=198125&recv_bytes=6066&delivery_rate=8430567&cwnd=96000&unsent_bytes=0&cid=99d41842fc6daae7&ts=351&x=1", cfExtPri, cfHdrFlush;dur=4
GET mexa.sh/images/yep_d.png
200 OK 15 kB URL
mexa.sh/images/yep_d.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 97
Size 15 kB (15222 bytes)
MD5 662d1738accf3ec5f5c95a0e4896b232
SHA1 8b1907196139b8819ffd1a77b3b71d3872ca848f
SHA256 2c3e1756a8ea4bb4fca505be1a11e169adf01017e5fecd3602f3895f1b4450c3
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/yep_d.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 15222
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3b76-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1724
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SXblPKS%2FPzxfo%2BS3e1q%2B2huzCvzKH9PlhFMTA5BnKhfgIHYmBVvgB0lnLO2Tx5o9s1jqBna2aXP6na%2FFxOCZ4cyy9WCIEZIMskWU4SyxMWZhtFHUJwY29uV%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c75ccc56ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5164&min_rtt=1697&rtt_var=4132&sent=210&recv=27&lost=0&retrans=0&sent_bytes=224800&recv_bytes=6112&delivery_rate=13553058&cwnd=192000&unsent_bytes=0&cid=99d41842fc6daae7&ts=356&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/images/regicon.png
200 OK 20 kB URL
mexa.sh/images/regicon.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 102
Size 20 kB (19508 bytes)
MD5 363e2a7e57bf3cb4da7d113445cd676f
SHA1 15c3bba1a21d1543ee17ccd57a304f1efedca876
SHA256 012602b63f0fb6df165120eddb63fd137f160b56be0185cbe59aa6731f994779
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/regicon.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 19508
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4c34-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 547
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vkQSNJEYnMLDXhMrvvM%2B05KXs6ANwYFu0yqmP9Xp8quX5ZLZvOIAZmCxlR1nku51UE7MAg0o%2FyECH9Rqdt58FsXoZZ2D70bpRWXgPseNioZKpBg61i5XgSk0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c74cb656ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5164&min_rtt=1697&rtt_var=4132&sent=224&recv=27&lost=0&retrans=0&sent_bytes=241103&recv_bytes=6112&delivery_rate=13553058&cwnd=192000&unsent_bytes=0&cid=99d41842fc6daae7&ts=359&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/js/jquery.paging.js
200 OK 4.9 kB URL
mexa.sh/js/jquery.paging.js
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type JavaScript source, ASCII text
First Seen 2023-03-07
Last Seen 2025-08-01
Times Seen 2849
Size 4.9 kB (4931 bytes)
MD5 d7a2c1c7af2a004a6d68e1e55b1cfb46
SHA1 7fd6daa7076c30381880519ad06ef5639b19ee28
SHA256 c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /js/jquery.paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"4ba5-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5556
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XB0R54cwJd58pfuo%2BCRX9AOTTDp0LtTjnT06yexcPQx7WLDcyRbP0y%2F2V9M8vyrQvSyaXKxN%2B9Z1VL3ut5KDTA%2FNDVAVTgpnT1w%2FEfz7XxfvNb3wjI%2FnSGrx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c73c8b56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=8369&min_rtt=1697&rtt_var=5401&sent=14&recv=18&lost=0&retrans=0&sent_bytes=4107&recv_bytes=4670&delivery_rate=349856&cwnd=12000&unsent_bytes=0&cid=99d41842fc6daae7&ts=333&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/images/navbar.png
200 OK 22 kB URL
mexa.sh/images/navbar.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 102
Size 22 kB (22290 bytes)
MD5 e7c056eea6e071b1f5309d5db50c057a
SHA1 833e979751da5fffe28b8761b322d16481a24c2e
SHA256 34785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/navbar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 22290
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "5712-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6217
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2fepVB6wB46%2FIkd80DuIHQ0YWwcMC2G1x2WCgJIfkyqL3CokcAz9hMCLXuwHcAoXQ6Vlx89p5KVhcxT7cVDMjTnpGE7QtyYhC8oCBAjst4h2dmmYWtb%2FOyBT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c81df056ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5097&min_rtt=1697&rtt_var=2919&sent=246&recv=32&lost=0&retrans=0&sent_bytes=263410&recv_bytes=7096&delivery_rate=6385741&cwnd=192000&unsent_bytes=0&cid=99d41842fc6daae7&ts=477&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/images/flags.png
200 OK 30 kB URL
mexa.sh/images/flags.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 1248 x 11, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 102
Size 30 kB (29723 bytes)
MD5 df0a3afc77d0c08cdea27ac3a7b9620c
SHA1 8248d5c5e5eddeaa75a5a0b5490b58e0e61b6900
SHA256 a38e9ae7d0318307be9b3c7aaccaf64e484d775fe9a507f850b9e4bfa314cf03
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/flags.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/style.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 29723
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "741b-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 6217
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2BwyK%2FPKVhQ90%2B7v3c4OAtbaUDksA2I8aKhU8Bl%2FvzTvM%2FZuBkXBTpznYgZg4Dd7EkZ2AnVcnzl589XMMv%2BaP0TwaVChLWpOePyJzlfxuxRDw0SEb7sC8Lv8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c82df756ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5097&min_rtt=1697&rtt_var=2919&sent=267&recv=33&lost=0&retrans=0&sent_bytes=286983&recv_bytes=7396&delivery_rate=6385741&cwnd=192000&unsent_bytes=0&cid=99d41842fc6daae7&ts=480&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/js/jquery.cookie.js
200 OK 68 kB URL
mexa.sh/js/jquery.cookie.js
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type JavaScript source, ASCII text
First Seen 2023-03-07
Last Seen 2025-08-01
Times Seen 2915
Size 68 kB (68043 bytes)
MD5 ff14e4812b7f512e620b1ad35542bcfc
SHA1 c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae
SHA256 c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /js/jquery.cookie.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"c31-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 547
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nDPY4soJW9HzEktJBqIbBin8RLIitRwwvrMT7elpOrmVzk%2B1issKeoTplYg91Apk%2BUMZ9Kllpq2jlQ3pE0rUX%2FglaIkWQE6EgYeE2k99JmCMSND9S3krFrER"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c74c9f56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7086&min_rtt=1697&rtt_var=5252&sent=61&recv=23&lost=0&retrans=0&sent_bytes=55462&recv_bytes=5930&delivery_rate=7564000&cwnd=48000&unsent_bytes=0&cid=99d41842fc6daae7&ts=341&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/images/premchar.png
200 OK 70 kB URL
mexa.sh/images/premchar.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 120 x 142, 16-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 97
Size 70 kB (69808 bytes)
MD5 e3a6c4b647e9c8b789b17a98fb6d75f8
SHA1 c7428a76951933962ef1d7400b37ba9ef91d6afd
SHA256 0b96b573944cb4d34a5ee132b09eb322845c82a7ef1a3db0931927c336735d69
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/premchar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 69808
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "110b0-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1723
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2y1Ta2p53lONcwUMOKL7je%2BtvxcC29dfLFTFOvK825BkhA36Wzj5FbkMIPciJBTTEguS%2BTc7Iqq6zzQc%2BArEw%2B6w3pi2LWi7uwPY6JDDz2vfxT2KBUOPhNFB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c83e0756ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4532&min_rtt=1697&rtt_var=2630&sent=353&recv=37&lost=0&retrans=0&sent_bytes=387331&recv_bytes=8623&delivery_rate=2731970&cwnd=192000&unsent_bytes=0&cid=99d41842fc6daae7&ts=491&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/images/free_download.png
200 OK 32 kB URL
mexa.sh/images/free_download.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 97
Size 32 kB (32532 bytes)
MD5 46a5fd5732a87850dd58f70c8c870430
SHA1 9ae7b42ff28fd2129aa5e67057f9d4d198a717eb
SHA256 9d83ca5cc56ca22555b7760e69827e4cb916ededbedf291e5d877f6e01219487
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/free_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 32532
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "7f14-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1723
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I40yMMmvqFGVrwkin2f8SmwWabS01BnPF80UeA5so8%2Fw23WSXCUG61aiicCuY9cvwSn9Ko8A1hun00%2Bu8mkaAKhEIP%2BQrk2IMX0TkRLcv7Juu677OMtEBrb7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c83e0856ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4532&min_rtt=1697&rtt_var=2630&sent=363&recv=37&lost=0&retrans=0&sent_bytes=399331&recv_bytes=8623&delivery_rate=2731970&cwnd=192000&unsent_bytes=0&cid=99d41842fc6daae7&ts=491&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/images/premium_download.png
200 OK 36 kB URL
mexa.sh/images/premium_download.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 323 x 71, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 97
Size 36 kB (35695 bytes)
MD5 75737b3b7b2586619b43ab184c2f95bf
SHA1 89878f4f4aafb8637e9e9c50eedbba12e1cb74eb
SHA256 e05df009685a645cba141b9e0d534c8abd9b23ec997e0894e585702c73e04a5f
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/premium_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 35695
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "8b6f-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1723
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=816DptVXP8%2BuFbGdRVqMQYjb6HgXQ1W%2B2QwT%2B%2B2k6oeQvngm4LGE5QXWINYWSjOwbtVVvp8Huv2%2Fljs655v3TpHBsdf196yt745Jl3lZbUEOFaj8dntwMdKz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c83e0a56ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4172&min_rtt=1649&rtt_var=2693&sent=443&recv=38&lost=0&retrans=0&sent_bytes=493700&recv_bytes=8668&delivery_rate=3753020&cwnd=192000&unsent_bytes=0&cid=99d41842fc6daae7&ts=497&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/images/navbara.png
200 OK 22 kB URL
mexa.sh/images/navbara.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 1350 x 63, 8-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 102
Size 22 kB (22290 bytes)
MD5 e7c056eea6e071b1f5309d5db50c057a
SHA1 833e979751da5fffe28b8761b322d16481a24c2e
SHA256 34785757170123855e1669c212f2987c30f2714200d8d5e8738ca3418f79e4c9
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/navbara.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 22290
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5712-550b66eb244c0"
accept-ranges: bytes
x-test-header: 1
x-content-type-options: nosniff
age: 546
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6MHz3OrkRi7xz3j8LoP3qQT%2F%2FQZpmlOqUKus%2F1QX8elN949CJ9OxKz74TtMgP7BuL9qK%2F5Zb2fp14JNskep9AGR69yybTNmhAl5HChtwcRhHwLRC7fafmKTP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c83e0e56ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4172&min_rtt=1649&rtt_var=2693&sent=475&recv=38&lost=0&retrans=0&sent_bytes=531020&recv_bytes=8668&delivery_rate=3753020&cwnd=192000&unsent_bytes=0&cid=99d41842fc6daae7&ts=499&x=1", cfExtPri, cfHdrFlush;dur=0
GET www.googletagmanager.com/gtag/js?id=UA-79936000-1
200 OK 86 kB URL
www.googletagmanager.com/gtag/js?id=UA-79936000-1
IP / ASN
142.250.74.136
#15169 GOOGLE
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type JavaScript source, ASCII text, with very long lines (5268)
First Seen 2025-02-19
Last Seen 2025-02-19
Times Seen 1
Size 86 kB (85906 bytes)
MD5 a1c6844fb6ce37d4c6b219a7708f53de
SHA1 561017829984787134c4f88e77cc6e571c907101
SHA256 7efeee9009758ca297ffd20d39421bd68e7c3827f6c43ef7ee30f9ef0d63ad05
Certificate Info
Issuer Google Trust Services
Subject *.google-analytics.com
Fingerprint 65:8D:A3:B8:35:26:DF:86:1E:F6:68:B3:C0:3F:9A:71:5D:3D:F0:F1
Validity Mon, 27 Jan 2025 08:35:27 GMT - Mon, 21 Apr 2025 08:35:26 GMT
GET /gtag/js?id=UA-79936000-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 19 Feb 2025 21:27:47 GMT
expires: Wed, 19 Feb 2025 21:27:47 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1003:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1003:0
report-to: {"group":"ascgcycc:1003:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1003:0"}],}
server: Google Tag Manager
content-length: 85906
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET ni.aspcafarcie.com/rB5i0tSGtu5/115994
200 OK 20 kB URL
ni.aspcafarcie.com/rB5i0tSGtu5/115994
IP / ASN
23.109.170.86
#7979 SERVERS-COM
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type JavaScript source, ASCII text, with very long lines (61240), with no line terminators
First Seen 2025-02-19
Last Seen 2025-02-19
Times Seen 1
Size 20 kB (20487 bytes)
MD5 960d13b748a73320741b12e0a08690ec
SHA1 da5305b319edef911c3a94fa3632e4fbf1c9f93d
SHA256 7bd18bf171e37e5259ec2eab27b4f85e5689e046e7532198e83f8c2c4d78b058
Certificate Info
Issuer Let's Encrypt
Subject ni.aspcafarcie.com
Fingerprint 27:9A:13:53:80:6E:AD:47:31:D4:E7:81:F6:9C:DA:E0:71:FE:51:C4
Validity Thu, 02 Jan 2025 06:30:27 GMT - Wed, 02 Apr 2025 06:30:26 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /rB5i0tSGtu5/115994 HTTP/1.1
Host: ni.aspcafarcie.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Feb 2025 21:27:47 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mexa.sh
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Thu, 20-Feb-2025 21:27:47 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Thu, 20-Feb-2025 21:27:47 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
GET my.rtmark.net/gid.js?userId=008175bf6d964875ea72341d92c4c51f
200 OK 91 B URL
my.rtmark.net/gid.js?userId=008175bf6d964875ea72341d92c4c51f
IP / ASN
172.64.146.234
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type JSON text data
First Seen 2025-02-19
Last Seen 2025-02-19
Times Seen 1
Size 91 B (91 bytes)
MD5 a9064ddd8f7a479d0643dc610379cf3d
SHA1 1a509b6988d1dc65435e02d22b15fcf8810b526a
SHA256 5f38e3acbb5c72d59d35c887fbe67a414fc70736a0ca5f92bd79b7b7c98eec96
Certificate Info
Issuer Google Trust Services
Subject my.rtmark.net
Fingerprint 56:7F:53:10:57:2F:C3:F4:06:8B:DB:2F:C1:F7:6A:1D:68:59:14:3F
Validity Sat, 04 Jan 2025 10:02:11 GMT - Fri, 04 Apr 2025 11:00:33 GMT
GET /gid.js?userId=008175bf6d964875ea72341d92c4c51f HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mexa.sh
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
set-cookie: ID=008175bf6d964875ea72341d92c4c51f; expires=Thu, 19 Feb 2026 21:27:47 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 914957c9a9f1712e-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET mexa.sh/ev0rroa6k53h/favicon.ico
302 Found 0 B URL
mexa.sh/ev0rroa6k53h/favicon.ico
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5605878
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /ev0rroa6k53h/favicon.ico HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Wed, 19 Feb 2025 21:27:47 GMT
content-length: 0
location: https://mexa.sh/ev0rroa6k53h
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NuBMZDz8Kx9sHJfOatNzXAMJB7zkEm%2FZFMxnDejUYqQz5kHF7hwL8nH8zLH7CQxs6rir3Xuz%2BqougE1Mj0I4zeYVEbW8XbHbTj2Rll06mOWW%2Fmxtvv9LPWNz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c94f7056ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3706&min_rtt=1649&rtt_var=2352&sent=496&recv=41&lost=0&retrans=0&sent_bytes=554599&recv_bytes=9068&delivery_rate=2143003&cwnd=237000&unsent_bytes=0&cid=99d41842fc6daae7&ts=891&x=1", cfExtPri, cfHdrFlush;dur=0
OPTIONS duomoscrinkum.shop/cuid/?f=https%3A%2F%2Fmexa.sh
200 OK 32 B URL
duomoscrinkum.shop/cuid/?f=https%3A%2F%2Fmexa.sh
IP / ASN
212.117.184.4
#7979 SERVERS-COM
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type JSON text data
First Seen 2025-02-19
Last Seen 2025-02-19
Times Seen 1
Size 32 B (32 bytes)
MD5 12d68902f7025b2be71a4d490e9b7979
SHA1 b72f2330247f796850732570aed04beaea7e9d1a
SHA256 dfebf5cb5c13cbdead667aa6ead1274e0e77fe40585e3205faff3cab8f0ddb43
Certificate Info
Issuer Let's Encrypt
Subject duomoscrinkum.shop
Fingerprint 9F:47:EC:B9:44:5C:E5:DF:2F:EE:44:31:BB:2D:E6:6A:68:69:7E:82
Validity Tue, 11 Feb 2025 17:22:29 GMT - Mon, 12 May 2025 17:22:28 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /cuid/?f=https%3A%2F%2Fmexa.sh HTTP/1.1
Host: duomoscrinkum.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
Content-Type: application/json
Content-Length: 10
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Feb 2025 21:27:47 GMT
Content-Type: application/json
Content-Length: 32
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mexa.sh
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: a97fa794a0f9=67a628f9b523ddfef10704; expires=Mon, 17 Jun 2052 20:18:56 GMT; domain=duomoscrinkum.shop; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
GET mexa.sh/images/.png
404 Not Found 116 kB IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type HTML document, ASCII text
First Seen 2023-09-24
Last Seen 2025-07-27
Times Seen 61
Size 116 kB (115672 bytes)
MD5 f3c091a2b91e7970fa4602d60103dc67
SHA1 af5f70406fabc9e192b349e5aee7dc9a67d05f18
SHA256 6e9e4b1516efd000e0f4b2ce737cb6b418c14f8b6029733c23853db1ed532f14
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: text/html; charset=utf-8
last-modified: Tue, 17 Dec 2019 16:49:23 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 140
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wBfZprnembMrqxNdZRs%2Fsuv95vKfJiB%2FnrLM0GvcKPK%2B9XFnuABlTvoPtuxQgMfkPWK6csObqacYQv%2F8vnNJGkw%2BvaqBQlGCWC4%2BFssnR8YVupRW%2FnhsIhic"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c81dee56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5097&min_rtt=1697&rtt_var=2919&sent=244&recv=32&lost=0&retrans=0&sent_bytes=261844&recv_bytes=7096&delivery_rate=6385741&cwnd=192000&unsent_bytes=0&cid=99d41842fc6daae7&ts=477&x=1", cfExtPri, cfHdrFlush;dur=0
OPTIONS fouterwicket.shop/gd/115994?md=eyJhIjo4MDYzLCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9tZXhhLnNoL2V2MHJyb2E2azUzaC9BODI3MS5yYXIuaHRtbCIsImgiOjY0NDgsImwiOiJlbi1VUyIsInQiOjAsInoiOjkxNTgsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidG14NHpoYzg5bG4ycjBkIiwibyI6dHJ1ZSwibSI6MTc0MDAwMDQ2NzQ5MCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyRG93bmxvYWQlMjBBODI3MSUyMHJhciUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTIyYTgyNzElMjIlMkMlMjJyYXIlMjIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMnRoZSUzQTEzJTIyJTJDJTIyeW91JTNBMTAlMjIlMkMlMjJhbmQlM0ExMCUyMiUyQyUyMnlvdXIlM0ExMCUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6InVuY2hlY2tlZCIsInZyIjoidW5jaGVja2VkIiwiYWMiOjE2LCJjdCI6InVua25vd24iLCJjZXQiOiJ1bmtub3duIiwiY2RsbSI6LTEsImNkbCI6LTEsImNydHQiOi0xLCJ0bXMiOjYwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pr=Kkme4XgEMH..VcV0rdPRSA
200 OK 20 B URL
fouterwicket.shop/gd/115994?md=eyJhIjo4MDYzLCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9tZXhhLnNoL2V2MHJyb2E2azUzaC9BODI3MS5yYXIuaHRtbCIsImgiOjY0NDgsImwiOiJlbi1VUyIsInQiOjAsInoiOjkxNTgsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidG14NHpoYzg5bG4ycjBkIiwibyI6dHJ1ZSwibSI6MTc0MDAwMDQ2NzQ5MCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyRG93bmxvYWQlMjBBODI3MSUyMHJhciUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTIyYTgyNzElMjIlMkMlMjJyYXIlMjIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMnRoZSUzQTEzJTIyJTJDJTIyeW91JTNBMTAlMjIlMkMlMjJhbmQlM0ExMCUyMiUyQyUyMnlvdXIlM0ExMCUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6InVuY2hlY2tlZCIsInZyIjoidW5jaGVja2VkIiwiYWMiOjE2LCJjdCI6InVua25vd24iLCJjZXQiOiJ1bmtub3duIiwiY2RsbSI6LTEsImNkbCI6LTEsImNydHQiOi0xLCJ0bXMiOjYwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pr=Kkme4XgEMH..VcV0rdPRSA
IP / ASN
172.255.99.92
#7979 SERVERS-COM
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type gzip compressed data, from Unix
First Seen 2023-04-09
Last Seen 2025-03-02
Times Seen 229342
Size 20 B (20 bytes)
MD5 7029066c27ac6f5ef18d660d5741979a
SHA1 46c6643f07aa7f6bfe7118de926b86defc5087c4
SHA256 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Certificate Info
Issuer Let's Encrypt
Subject fouterwicket.shop
Fingerprint BA:8B:9A:CC:CA:80:77:87:BD:01:69:65:7E:F9:37:ED:3F:81:F2:DB
Validity Tue, 07 Jan 2025 13:18:25 GMT - Mon, 07 Apr 2025 13:18:24 GMT
OPTIONS /gd/115994?md=eyJhIjo4MDYzLCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9tZXhhLnNoL2V2MHJyb2E2azUzaC9BODI3MS5yYXIuaHRtbCIsImgiOjY0NDgsImwiOiJlbi1VUyIsInQiOjAsInoiOjkxNTgsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidG14NHpoYzg5bG4ycjBkIiwibyI6dHJ1ZSwibSI6MTc0MDAwMDQ2NzQ5MCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyRG93bmxvYWQlMjBBODI3MSUyMHJhciUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTIyYTgyNzElMjIlMkMlMjJyYXIlMjIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMnRoZSUzQTEzJTIyJTJDJTIyeW91JTNBMTAlMjIlMkMlMjJhbmQlM0ExMCUyMiUyQyUyMnlvdXIlM0ExMCUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6InVuY2hlY2tlZCIsInZyIjoidW5jaGVja2VkIiwiYWMiOjE2LCJjdCI6InVua25vd24iLCJjZXQiOiJ1bmtub3duIiwiY2RsbSI6LTEsImNkbCI6LTEsImNydHQiOi0xLCJ0bXMiOjYwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pr=Kkme4XgEMH..VcV0rdPRSA HTTP/1.1
Host: fouterwicket.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Feb 2025 21:27:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mexa.sh
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
GET waisheph.com/wrr?z=7359319&p_rid=277c4fcc-6645-48b9-8b90-149bfc4da8be&rb=Og9ZQFhLF4ZFC92fe-oggNxH2PPf6PvOCD1eAcBt0mIuWJY4Gh0_f_EtZduS6kW5t4CRIk92IBJvnnG3OqdgaFLdavaGqVsPiBGEE8N8MhDzfffRDHjP_2onrHGi6DegTHLUMlr72g3ibLlQAi4V-MGvXNSNeKq6Ilx14xdD-2V69zlM9tLAgpJie0A7SHxYbQibsQbv8y9wrO-ZvgCiIEgTcz9NTg3nsF82RCuzBHNUDKa1D7c23GJe-ZR9meIUEXjbBRKWaQDgH8r-Aqi1MGh1iuE=&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fev0rroa6k53h%2FA8271.rar.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1091.1-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&dmn=waisheph.com&userId=008175bf6d964875ea72341d92c4c51f
200 OK 2 B URL
waisheph.com/wrr?z=7359319&p_rid=277c4fcc-6645-48b9-8b90-149bfc4da8be&rb=Og9ZQFhLF4ZFC92fe-oggNxH2PPf6PvOCD1eAcBt0mIuWJY4Gh0_f_EtZduS6kW5t4CRIk92IBJvnnG3OqdgaFLdavaGqVsPiBGEE8N8MhDzfffRDHjP_2onrHGi6DegTHLUMlr72g3ibLlQAi4V-MGvXNSNeKq6Ilx14xdD-2V69zlM9tLAgpJie0A7SHxYbQibsQbv8y9wrO-ZvgCiIEgTcz9NTg3nsF82RCuzBHNUDKa1D7c23GJe-ZR9meIUEXjbBRKWaQDgH8r-Aqi1MGh1iuE=&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fev0rroa6k53h%2FA8271.rar.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1091.1-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&dmn=waisheph.com&userId=008175bf6d964875ea72341d92c4c51f
IP / ASN
139.45.197.119
#9002 RETN Limited
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type ASCII text, with no line terminators
First Seen 2023-03-08
Last Seen 2025-08-02
Times Seen 192541
Size 2 B (2 bytes)
MD5 444bcb3a3fcf8389296c49467f27e1d6
SHA1 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
SHA256 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Certificate Info
Issuer Let's Encrypt
Subject waisheph.com
Fingerprint 30:AF:A5:C7:3E:BA:46:88:53:69:78:5C:B8:06:7E:94:16:24:70:EF
Validity Tue, 21 Jan 2025 05:29:54 GMT - Mon, 21 Apr 2025 05:29:53 GMT
GET /wrr?z=7359319&p_rid=277c4fcc-6645-48b9-8b90-149bfc4da8be&rb=Og9ZQFhLF4ZFC92fe-oggNxH2PPf6PvOCD1eAcBt0mIuWJY4Gh0_f_EtZduS6kW5t4CRIk92IBJvnnG3OqdgaFLdavaGqVsPiBGEE8N8MhDzfffRDHjP_2onrHGi6DegTHLUMlr72g3ibLlQAi4V-MGvXNSNeKq6Ilx14xdD-2V69zlM9tLAgpJie0A7SHxYbQibsQbv8y9wrO-ZvgCiIEgTcz9NTg3nsF82RCuzBHNUDKa1D7c23GJe-ZR9meIUEXjbBRKWaQDgH8r-Aqi1MGh1iuE=&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fev0rroa6k53h%2FA8271.rar.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1091.1-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&dmn=waisheph.com&userId=008175bf6d964875ea72341d92c4c51f HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: text/plain
content-length: 2
x-trace-id: fa7e12f05705c40d2ddacb2ecc707cd3
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008175bf6d964875ea72341d92c4c51f; expires=Thu, 19 Feb 2026 21:27:47 GMT; path=/; secure; SameSite=None
oaidts=1740000467; expires=Thu, 19 Feb 2026 21:27:47 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 26 Feb 2025 21:27:47 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
OPTIONS fouterwicket.shop/gd/115994?md=eyJhIjo4MDYzLCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9tZXhhLnNoL2V2MHJyb2E2azUzaC9BODI3MS5yYXIuaHRtbCIsImgiOjY0NDgsImwiOiJlbi1VUyIsInQiOjAsInoiOjkxNTgsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidG14NHpoYzg5bG4ycjBkIiwibyI6dHJ1ZSwibSI6MTc0MDAwMDQ2NzQ5MCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyRG93bmxvYWQlMjBBODI3MSUyMHJhciUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTIyYTgyNzElMjIlMkMlMjJyYXIlMjIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMnRoZSUzQTEzJTIyJTJDJTIyeW91JTNBMTAlMjIlMkMlMjJhbmQlM0ExMCUyMiUyQyUyMnlvdXIlM0ExMCUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6InVuY2hlY2tlZCIsInZyIjoidW5jaGVja2VkIiwiYWMiOjE2LCJjdCI6InVua25vd24iLCJjZXQiOiJ1bmtub3duIiwiY2RsbSI6LTEsImNkbCI6LTEsImNydHQiOi0xLCJ0bXMiOjYwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pr=Kkme4XgEMH..VcV0rdPRSA
200 OK 551 B URL
fouterwicket.shop/gd/115994?md=eyJhIjo4MDYzLCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9tZXhhLnNoL2V2MHJyb2E2azUzaC9BODI3MS5yYXIuaHRtbCIsImgiOjY0NDgsImwiOiJlbi1VUyIsInQiOjAsInoiOjkxNTgsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidG14NHpoYzg5bG4ycjBkIiwibyI6dHJ1ZSwibSI6MTc0MDAwMDQ2NzQ5MCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyRG93bmxvYWQlMjBBODI3MSUyMHJhciUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTIyYTgyNzElMjIlMkMlMjJyYXIlMjIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMnRoZSUzQTEzJTIyJTJDJTIyeW91JTNBMTAlMjIlMkMlMjJhbmQlM0ExMCUyMiUyQyUyMnlvdXIlM0ExMCUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6InVuY2hlY2tlZCIsInZyIjoidW5jaGVja2VkIiwiYWMiOjE2LCJjdCI6InVua25vd24iLCJjZXQiOiJ1bmtub3duIiwiY2RsbSI6LTEsImNkbCI6LTEsImNydHQiOi0xLCJ0bXMiOjYwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pr=Kkme4XgEMH..VcV0rdPRSA
IP / ASN
172.255.99.92
#7979 SERVERS-COM
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type JSON text data
First Seen 2025-02-19
Last Seen 2025-02-19
Times Seen 1
Size 551 B (551 bytes)
MD5 07ecd48f217305d5045cbd700f6f0087
SHA1 80dfe19bfc0789a6f6c8dd93e194ded421497991
SHA256 da5553e8d931fbf5c3fe1da7622c98c1d49c2644f8ab86e4d21a118c6e29e219
Certificate Info
Issuer Let's Encrypt
Subject fouterwicket.shop
Fingerprint BA:8B:9A:CC:CA:80:77:87:BD:01:69:65:7E:F9:37:ED:3F:81:F2:DB
Validity Tue, 07 Jan 2025 13:18:25 GMT - Mon, 07 Apr 2025 13:18:24 GMT
POST /gd/115994?md=eyJhIjo4MDYzLCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9tZXhhLnNoL2V2MHJyb2E2azUzaC9BODI3MS5yYXIuaHRtbCIsImgiOjY0NDgsImwiOiJlbi1VUyIsInQiOjAsInoiOjkxNTgsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidG14NHpoYzg5bG4ycjBkIiwibyI6dHJ1ZSwibSI6MTc0MDAwMDQ2NzQ5MCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyRG93bmxvYWQlMjBBODI3MSUyMHJhciUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTIyYTgyNzElMjIlMkMlMjJyYXIlMjIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMnRoZSUzQTEzJTIyJTJDJTIyeW91JTNBMTAlMjIlMkMlMjJhbmQlM0ExMCUyMiUyQyUyMnlvdXIlM0ExMCUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6InVuY2hlY2tlZCIsInZyIjoidW5jaGVja2VkIiwiYWMiOjE2LCJjdCI6InVua25vd24iLCJjZXQiOiJ1bmtub3duIiwiY2RsbSI6LTEsImNkbCI6LTEsImNydHQiOi0xLCJ0bXMiOjYwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbH0&pr=Kkme4XgEMH..VcV0rdPRSA HTTP/1.1
Host: fouterwicket.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
Content-Type: application/json
Content-Length: 82
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Feb 2025 21:27:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mexa.sh
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Thu, 20-Feb-2025 21:27:47 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Thu, 20-Feb-2025 21:27:47 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
GET waisheph.com/5/7359319
200 OK 42 kB URL
waisheph.com/5/7359319
IP / ASN
139.45.197.119
#9002 RETN Limited
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type gzip compressed data, max speed, from Unix
First Seen 2025-02-19
Last Seen 2025-02-19
Times Seen 1
Size 42 kB (42253 bytes)
MD5 e826108f05f9e015737877362f9c1169
SHA1 d73c2bae8355f96792faf09f804a8db223fbc9b5
SHA256 23f6afb0ac61181702291bd86d10f9f2590d19b9d80ba70d7b6da406a5319546
Certificate Info
Issuer Let's Encrypt
Subject waisheph.com
Fingerprint 30:AF:A5:C7:3E:BA:46:88:53:69:78:5C:B8:06:7E:94:16:24:70:EF
Validity Tue, 21 Jan 2025 05:29:54 GMT - Mon, 21 Apr 2025 05:29:53 GMT
GET /5/7359319 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: application/javascript
x-trace-id: 545375f1501170a6a82df7dae1327696
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008175bf6d964875ea72341d92c4c51f; expires=Thu, 19 Feb 2026 21:27:47 GMT; path=/; secure; SameSite=None
oaidts=1740000467; expires=Thu, 19 Feb 2026 21:27:47 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
GET mexa.sh/ev0rroa6k53h
200 OK 33 kB IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type data
First Seen 2025-02-19
Last Seen 2025-02-19
Times Seen 1
Size 33 kB (33366 bytes)
MD5 01d62fa2f5f422fe7488a534627b4658
SHA1 e3b34bb3e285be15c11886fd996bb1b319b1081f
SHA256 ff401329f370d434666f0ebff84e7ed17554773a95e06496c2658fe77ea5fa7c
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /ev0rroa6k53h HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
DNT: 1
Connection: keep-alive
Cookie: lang=english; prefetchAd_7359319=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:48 GMT
content-type: text/html ; charset=UTF-8
expires: Tue, 18 Feb 2025 21:27:48 GMT
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4TWzMunHAKKvIwSvTNyjYwKSHY8suHjMqWc9nI52%2BjjTdMkpMWPSGECBJc1iNVuu1K5DbVU7RSBiYLVIAT3lnlDrDVp%2F3vPDIntkX9kov1zO4avnu7judiXp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 914957cc0c0f56ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5871&min_rtt=1649&rtt_var=6094&sent=498&recv=43&lost=0&retrans=0&sent_bytes=555296&recv_bytes=9432&delivery_rate=2582&cwnd=237000&unsent_bytes=0&cid=99d41842fc6daae7&ts=1325&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/css_newTheme/main.css
200 OK 35 kB URL
mexa.sh/css_newTheme/main.css
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type assembler source, ASCII text, with very long lines (1426)
First Seen 2023-04-11
Last Seen 2025-07-27
Times Seen 102
Size 35 kB (35326 bytes)
MD5 2f075bd8c1fed47ee1ebcaea76c5f036
SHA1 66e03118be7fa1415deebd13efa08362224f1ed9
SHA256 eb10cdca88afebbb0b6af470c50a76cbabfc864193b0c535d93dcea81321c49e
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /css_newTheme/main.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: text/css
last-modified: Sun, 13 Jan 2019 07:31:45 GMT
etag: W/"89fe-57f51eb945a40"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5556
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V0iq7Xz%2BGS94LVyoezT6N3tpYfAkt%2FnFMDWTFmZdzL2Ifoy8pXVqOwVQIicCivqP2N10MdkxymqXW7pfOpC%2B8S6VH7k1c0sM5htqRrm%2Bi6ycuNlnl8VUQWUS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c72c8156ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=8369&min_rtt=1697&rtt_var=5401&sent=14&recv=18&lost=0&retrans=0&sent_bytes=4107&recv_bytes=4670&delivery_rate=349856&cwnd=12000&unsent_bytes=0&cid=99d41842fc6daae7&ts=333&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/css_newTheme/style.css
200 OK 40 kB URL
mexa.sh/css_newTheme/style.css
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type ASCII text
First Seen 2023-04-11
Last Seen 2025-07-27
Times Seen 101
Size 40 kB (39810 bytes)
MD5 3c6420826cc1647abda78120299c0eb6
SHA1 bf10714579e64ee828627f828695fe093c5b810f
SHA256 3688ad50ef9e8944e982c4e017363d2454b84814b3a289af6dc9a341988180e7
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /css_newTheme/style.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: text/css
last-modified: Wed, 09 Aug 2017 05:59:44 GMT
etag: W/"9b82-5564bc956d400"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 5556
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e0YwABNMy5VG%2Fg3zgfQY5xARLqd70rxIIOxnSRCjw5O4FN1%2FV596CRt%2BKdkgBZX8LgP1xCZtAvNOQZGzXbzHDGH8dH%2BtbD%2BPH7tFFWmtv%2FJfWC3DOQ18uc81"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c72c7d56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6476&min_rtt=1697&rtt_var=5158&sent=102&recv=24&lost=0&retrans=0&sent_bytes=102125&recv_bytes=5974&delivery_rate=6332516&cwnd=48000&unsent_bytes=0&cid=99d41842fc6daae7&ts=345&x=1", cfExtPri, cfHdrFlush;dur=1
GET www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c>m=457e52d0za200
200 OK 348 kB URL
www.googletagmanager.com/gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c>m=457e52d0za200
IP / ASN
142.250.74.136
#15169 GOOGLE
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type JavaScript source, ASCII text, with very long lines (5960)
First Seen 2025-02-19
Last Seen 2025-02-19
Times Seen 1
Size 348 kB (348406 bytes)
MD5 cf6c1b6734a47decf7f0ac72958087ac
SHA1 6b8d0498a5b077948136eec3cc3884903fb7ee1a
SHA256 5d19579c2dbc308e23d706b30b602136faafc497fc94bf7b98853d59b349dcad
Certificate Info
Issuer Google Trust Services
Subject *.google-analytics.com
Fingerprint 65:8D:A3:B8:35:26:DF:86:1E:F6:68:B3:C0:3F:9A:71:5D:3D:F0:F1
Validity Mon, 27 Jan 2025 08:35:27 GMT - Mon, 21 Apr 2025 08:35:26 GMT
GET /gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c>m=457e52d0za200 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 19 Feb 2025 21:27:47 GMT
expires: Wed, 19 Feb 2025 21:27:47 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1003:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1003:0
report-to: {"group":"ascgcycc:1003:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1003:0"}],}
server: Google Tag Manager
content-length: 114828
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET mexa.sh/js/paging.js
200 OK 1.7 kB IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type HTML document, ASCII text, with very long lines (1778), with no line terminators
First Seen 2023-04-11
Last Seen 2025-04-06
Times Seen 292
Size 1.7 kB (1709 bytes)
MD5 cc6cc190d0f5515a00ac307c26fe033a
SHA1 b7028b457c314b3a61b4130bb98fc8f2cf3e769e
SHA256 030ef0e5188e0cff37c54520d654e321e69a6d88ec6379d1817e546db88b58ea
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /js/paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"6ad-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 547
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p1QDOIf5J6sfVlTVqpEHruYb522H8Odsysoz9CUFUor7n1TzAY5Bsqlup9M5aX9bEhHktkE02RsBCM1MnEunYIt5pgVDWkRJ%2FXnqeFo8whlgfG6MmnWBXNJd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c74ca256ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7086&min_rtt=1697&rtt_var=5252&sent=59&recv=23&lost=0&retrans=0&sent_bytes=54125&recv_bytes=5930&delivery_rate=7564000&cwnd=48000&unsent_bytes=0&cid=99d41842fc6daae7&ts=341&x=1", cfExtPri, cfHdrFlush;dur=0
GET waisheph.com/?rb=Og9ZQFhLF4ZFC92fe-oggNxH2PPf6PvOCD1eAcBt0mIuWJY4Gh0_f_EtZduS6kW5t4CRIk92IBJvnnG3OqdgaFLdavaGqVsPiBGEE8N8MhDzfffRDHjP_2onrHGi6DegTHLUMlr72g3ibLlQAi4V-MGvXNSNeKq6Ilx14xdD-2V69zlM9tLAgpJie0A7SHxYbQibsQbv8y9wrO-ZvgCiIEgTcz9NTg3nsF82RCuzBHNUDKa1D7c23GJe-ZR9meIUEXjbBRKWaQDgH8r-Aqi1MGh1iuE%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1091.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fev0rroa6k53h%2FA8271.rar.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1091.1-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=277c4fcc-6645-48b9-8b90-149bfc4da8be&wasm=1&userId=008175bf6d964875ea72341d92c4c51f&m=link
200 OK 2.2 kB URL
waisheph.com/?rb=Og9ZQFhLF4ZFC92fe-oggNxH2PPf6PvOCD1eAcBt0mIuWJY4Gh0_f_EtZduS6kW5t4CRIk92IBJvnnG3OqdgaFLdavaGqVsPiBGEE8N8MhDzfffRDHjP_2onrHGi6DegTHLUMlr72g3ibLlQAi4V-MGvXNSNeKq6Ilx14xdD-2V69zlM9tLAgpJie0A7SHxYbQibsQbv8y9wrO-ZvgCiIEgTcz9NTg3nsF82RCuzBHNUDKa1D7c23GJe-ZR9meIUEXjbBRKWaQDgH8r-Aqi1MGh1iuE%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1091.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fev0rroa6k53h%2FA8271.rar.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1091.1-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=277c4fcc-6645-48b9-8b90-149bfc4da8be&wasm=1&userId=008175bf6d964875ea72341d92c4c51f&m=link
IP / ASN
139.45.197.119
#9002 RETN Limited
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type troff or preprocessor input, ASCII text, with very long lines (2220), with no line terminators
First Seen 2025-02-19
Last Seen 2025-02-19
Times Seen 1
Size 2.2 kB (2202 bytes)
MD5 aa5173f2da13f8909848cfa80015449d
SHA1 1f0c727c700579d84a3638484a413ede97127db6
SHA256 6bab16b5e170111ef859adc2985518746e999ccb8a4e9c0a8a4ed8e7ebc461cc
Certificate Info
Issuer Let's Encrypt
Subject waisheph.com
Fingerprint 30:AF:A5:C7:3E:BA:46:88:53:69:78:5C:B8:06:7E:94:16:24:70:EF
Validity Tue, 21 Jan 2025 05:29:54 GMT - Mon, 21 Apr 2025 05:29:53 GMT
GET /?rb=Og9ZQFhLF4ZFC92fe-oggNxH2PPf6PvOCD1eAcBt0mIuWJY4Gh0_f_EtZduS6kW5t4CRIk92IBJvnnG3OqdgaFLdavaGqVsPiBGEE8N8MhDzfffRDHjP_2onrHGi6DegTHLUMlr72g3ibLlQAi4V-MGvXNSNeKq6Ilx14xdD-2V69zlM9tLAgpJie0A7SHxYbQibsQbv8y9wrO-ZvgCiIEgTcz9NTg3nsF82RCuzBHNUDKa1D7c23GJe-ZR9meIUEXjbBRKWaQDgH8r-Aqi1MGh1iuE%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1091.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2Fev0rroa6k53h%2FA8271.rar.html&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1091.1-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=277c4fcc-6645-48b9-8b90-149bfc4da8be&wasm=1&userId=008175bf6d964875ea72341d92c4c51f&m=link HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Cookie: OAID=008175bf6d964875ea72341d92c4c51f; oaidts=1740000467
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: application/json
x-trace-id: ebea3b0d3362c1975ea34a2b182f8908
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008175bf6d964875ea72341d92c4c51f; expires=Thu, 19 Feb 2026 21:27:47 GMT; path=/; secure; SameSite=None
oaidts=1740000467; expires=Thu, 19 Feb 2026 21:27:47 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 26 Feb 2025 21:27:47 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
GET mexa.sh/images/frechar.png
200 OK 67 kB URL
mexa.sh/images/frechar.png
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type PNG image data, 120 x 144, 16-bit/color RGBA, non-interlaced
First Seen 2023-05-01
Last Seen 2025-07-27
Times Seen 97
Size 67 kB (66710 bytes)
MD5 7adab309ecff73216286b6d34b795e7c
SHA1 f2791da7bcea6e23cb2ae8beb1724c6a003cb3c8
SHA256 1b2f0a33a03b71c4f76186a368adb3ebacf73dde3b770fe30b93cb4a54188078
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /images/frechar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: image/png
content-length: 66710
last-modified: Fri, 19 Jul 2024 07:38:56 GMT
etag: "10496-61d94c9aac4eb"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1723
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cCDcvvzmyAGZMqGFSkC%2FnC3V3PNS2WryuIuVXuQXCv7B3PXUBxaYyQQHXpaq917F%2Br%2BEVLw%2B%2FvOK7wHEv5odXRN%2Fd%2F266Rm5o5ZjctuEiNry0TD2SlFJhnkA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c82e0056ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4532&min_rtt=1697&rtt_var=2630&sent=295&recv=37&lost=0&retrans=0&sent_bytes=318205&recv_bytes=8623&delivery_rate=2731970&cwnd=192000&unsent_bytes=0&cid=99d41842fc6daae7&ts=490&x=1", cfExtPri, cfHdrFlush;dur=0
GET mexa.sh/ev0rroa6k53h/A8271.rar.html
200 OK 26 kB URL
mexa.sh/ev0rroa6k53h/A8271.rar.html
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Resource Info
File type HTML document, ASCII text, with very long lines (22688), with CRLF line terminators
First Seen 2025-02-19
Last Seen 2025-02-19
Times Seen 1
Size 26 kB (25789 bytes)
MD5 0112fe85a2bb2ac8747067b9c8bea4f5
SHA1 d9771143bacebb5d23c168506638274050b56b63
SHA256 53380bbbb9a8764f9f5da3ae5b5d69514a0c708de8358f5d39e9238bd487aa01
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /ev0rroa6k53h/A8271.rar.html HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 19 Feb 2025 21:27:46 GMT
content-type: text/html ; charset=UTF-8
expires: Tue, 18 Feb 2025 21:27:46 GMT
set-cookie: lang=english; domain=mexa.sh; path=/
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KLNinWuBBvesQSGOHxKo32Ss9dpmgE%2FrnoWYC4bPwWr%2Btlu%2B%2FNpPsERvzQepGWB3MbtnwWM%2FTXlz%2F5YO5MQPdIkH5WWk6hYNgsHxDO%2F%2Fpb3HO5tmjPFttLOr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 914957c47adb712e-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5878&min_rtt=548&rtt_var=10616&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3188&recv_bytes=1139&delivery_rate=4987370&cwnd=254&unsent_bytes=0&cid=398b65c3aff630ea&ts=130&x=0"
X-Firefox-Spdy: h2
GET mexa.sh/js/jquery-1.9.1.min.js
200 OK 93 kB URL
mexa.sh/js/jquery-1.9.1.min.js
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Requested by https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Resource Info
File type JavaScript source, ASCII text, with very long lines (32089)
First Seen 2023-03-07
Last Seen 2025-08-02
Times Seen 18469
Size 93 kB (92629 bytes)
MD5 397754ba49e9e0cf4e7c190da78dda05
SHA1 ae49e56999d82802727455f0ba83b63acd90a22b
SHA256 c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Certificate Info
Issuer Google Trust Services
Subject mexa.sh
Fingerprint 7A:13:6F:D1:49:B2:50:51:66:A7:90:2A:C7:17:20:2F:43:59:24:94
Validity Wed, 15 Jan 2025 03:31:19 GMT - Tue, 15 Apr 2025 04:26:16 GMT
GET /js/jquery-1.9.1.min.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/ev0rroa6k53h/A8271.rar.html
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 19 Feb 2025 21:27:47 GMT
content-type: application/javascript
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"169d5-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 547
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8HD9dBUXeEA3IjVaFiOtkDku7fs9rVlIQ6XSKNZvVIMVQFOgBAmuJF03UZ580v2UpVtP%2Fx9me4U2DH4YOCLIF2GsOzkiH9myKc%2FaaLBSQEywZcrb%2BN%2B67hPw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 914957c73c8556ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=8369&min_rtt=1697&rtt_var=5401&sent=14&recv=18&lost=0&retrans=0&sent_bytes=4107&recv_bytes=4670&delivery_rate=349856&cwnd=12000&unsent_bytes=0&cid=99d41842fc6daae7&ts=333&x=1", cfExtPri, cfHdrFlush;dur=1
