GET /images/navicon3.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: image/png
content-length: 15889
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KmpP65K%2BuUDRSWC3EIvG4GE6RxwrHQetMicgx2roLPxMxL5MHVPdWaPvTYLM707HtRItseNQla10U%2BrIihk2wPYfq%2BTlqyEcQ9r5%2BK9Ir6JL%2B9DRtv8pl7tX"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "3e11-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3172
accept-ranges: bytes
cf-ray: 93315dd4d8e25687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9746&min_rtt=1346&rtt_var=11673&sent=234&recv=106&lost=0&retrans=0&sent_bytes=181889&recv_bytes=9528&delivery_rate=6405200&cwnd=69000&unsent_bytes=0&cid=f94a06f933044996&ts=871&x=16"

GET /images/flags.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/style.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:06 GMT
content-type: image/png
content-length: 29723
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1pgQ1kKppDVOOivRcP3LfZ5kx69WyCY9ko4ClBL%2FBsNNce%2FZlNSYk4VSnTSqCLHZZijkWzwh7NnHrQsdPeX5kW5uPJdjxDt6GcOh3jxvFSqjFZyO8VFsVZ9E"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "741b-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3172
accept-ranges: bytes
cf-ray: 93315dd938f15687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6891&min_rtt=1346&rtt_var=6665&sent=332&recv=117&lost=0&retrans=0&sent_bytes=287372&recv_bytes=11573&delivery_rate=834006&cwnd=92400&unsent_bytes=0&cid=f94a06f933044996&ts=1560&x=16"

GET /images/frechar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:06 GMT
content-type: image/png
content-length: 66710
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UbLI%2BS4FPvM5w9PaxlzKdamJFlvaJ0%2FSMtU7IN%2Bi09%2BVtu7fYSpanDWHuhlCWSJOBICpvZnV6t8bG6M3kCdCSk3ndxm0hv8pVnoTBbP5AI5FHMAkNuYZtrwC"}],"group":"cf-nel","max_age":604800}
last-modified: Fri, 19 Jul 2024 07:38:56 GMT
etag: "10496-61d94c9aac4eb"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3173
accept-ranges: bytes
cf-ray: 93315dda68f35687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5795&min_rtt=1346&rtt_var=5706&sent=362&recv=120&lost=0&retrans=0&sent_bytes=320042&recv_bytes=11964&delivery_rate=1076214&cwnd=92400&unsent_bytes=0&cid=f94a06f933044996&ts=1749&x=16"

GET /gtag/js?id=G-SBML259V1V&l=dataLayer&cx=c&gtm=457e54g3za200&tag_exp=101509157~102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316~103130498~103130500 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 20 Apr 2025 02:56:07 GMT
expires: Sun, 20 Apr 2025 02:56:07 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1055:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1055:0
report-to: {"group":"ascgcycc:1055:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1055:0"}],}
server: Google Tag Manager
content-length: 127040
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET /pixel/sbs?c=1 HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:13 GMT
Content-Length: 0
Connection: keep-alive
Host: nannyirrationalacquainted.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET /48/ea/c2/48eac25e15d2aeed70d260fa57ee3c42.js HTTP/1.1
Host: obeseglobewimp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:06 GMT
Content-Type: application/javascript
Content-Length: 29684
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
set-cookie: 4b4e7ab587d59b22ad7bcd2439afc363_BS-624-popunder-new-3=0; expires=Sun, 20 Apr 2025 02:56:06 GMT; secure; SameSite=None
x-envoy-upstream-service-time: 3
Host: obeseglobewimp.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 447146dfba57012e34ca07fde21bbd09
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET /images/premchar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:06 GMT
content-type: image/png
content-length: 69808
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NTL4w%2BywluYKR02qu9uhykhq2xQ2kpV747YAQxqNSNkMDI1M3IaIhUAX4o75IcZ2kzcqpCDv71hvhtgnIRK%2BzVXqjCfJVwTkprV7jCwV%2B2Tkb6e%2B4l1ZmBnc"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "110b0-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3173
accept-ranges: bytes
cf-ray: 93315dda88f45687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5703&min_rtt=1346&rtt_var=4465&sent=422&recv=123&lost=0&retrans=0&sent_bytes=389160&recv_bytes=12615&delivery_rate=4656245&cwnd=92400&unsent_bytes=0&cid=f94a06f933044996&ts=1766&x=16"

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:08 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28255
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Host: recordedthereby.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 3431aef5f8808fbf73a8a09278e8a9a4
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Cookie: uid_id2=afa1b3c0-2728-4da9-af7d-df9fdd2cdc17:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:56:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mexa.sh
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:08 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 739fe2bdbe35ed49c8317c9c46fa9e6b
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

OPTIONS /pixel/pure HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:09 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET /css_newTheme/style.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k22MJmsd4Hlv9E0AmqVNbSJvGMrcwbS98eAHUn7snlMpY%2FiM7aYrRgCmQAGAABoZ16cHJUDEmKqYB8vFAr6oXveUlyPJkMuthG70Nv1%2Bni0zFUcmxKJdPzTH"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 09 Aug 2017 05:59:44 GMT
etag: W/"9b82-5564bc956d400"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1848
content-encoding: br
cf-ray: 93315dd488d95687-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=25842&min_rtt=1887&rtt_var=23238&sent=81&recv=88&lost=0&retrans=0&sent_bytes=16484&recv_bytes=5864&delivery_rate=2243&cwnd=12000&unsent_bytes=0&cid=f94a06f933044996&ts=817&x=16"

GET /images/navicon6.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: image/png
content-length: 1175
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Lfz5St1YRLDXbsqTEZeqU91vOUr4tKm1ftS917Asxtpjlk%2FmVpOfJydMCRVJ0y6diP3LqxlYgJjd%2FwdU8OUkA20mnrDoXLkiYNCtpWQdJA8UQrtzIsHLHC%2F"}],"group":"cf-nel","max_age":604800}
last-modified: Fri, 11 Jun 2021 12:43:51 GMT
etag: "497-5c47cdc166fc0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3172
accept-ranges: bytes
cf-ray: 93315dd4d8e45687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9746&min_rtt=1346&rtt_var=11673&sent=261&recv=106&lost=0&retrans=0&sent_bytes=214205&recv_bytes=9528&delivery_rate=6405200&cwnd=69000&unsent_bytes=0&cid=f94a06f933044996&ts=873&x=16"

GET /images/navicon5.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: image/png
content-length: 15551
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y5U%2B7QBwxriyEEHgA15xW%2BNFB9gtBUoV2SRQqYx9LB54qykcwXqls%2B4DcBIkggWygA83%2Be9oeFNPyUNbvsDB%2BTxrAhbs%2Bc9pMWSekVzVyRlpFudGNkvgFDcl"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3cbf-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3172
accept-ranges: bytes
cf-ray: 93315dd4d8e35687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=11801&min_rtt=1346&rtt_var=14214&sent=186&recv=103&lost=0&retrans=0&sent_bytes=128587&recv_bytes=9128&delivery_rate=1894146&cwnd=69000&unsent_bytes=0&cid=f94a06f933044996&ts=863&x=16"

GET /gid.js?userId=0081b15629a34837e03083e364d35101 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:56:07 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mexa.sh
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0081b15629a34837e03083e364d35101; expires=Mon, 20 Apr 2026 02:56:07 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 93315ddcfde456cb-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET /images/navbara.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:07 GMT
content-type: image/png
content-length: 22290
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fj%2FmQB22UoUDdRY2anEUxD9iNDaqPexJCxJOmdAmKhnj8CU54eM17eHZYSWQtGXDhafTEc5%2B4T3%2FSYCLuOaEI2F%2BQ0NnAMB%2FIOAVBGZnucnzu5sTc1ywiPw6"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5712-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3173
accept-ranges: bytes
cf-ray: 93315de149015687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4485&min_rtt=1346&rtt_var=3717&sent=546&recv=128&lost=0&retrans=0&sent_bytes=532748&recv_bytes=13359&delivery_rate=2837148&cwnd=92400&unsent_bytes=0&cid=f94a06f933044996&ts=2854&x=16"

GET /7qt3miwptxjr HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
DNT: 1
Connection: keep-alive
Cookie: lang=english; _ga_SBML259V1V=GS1.1.1745117767.1.0.1745117767.0.0.0; _ga=GA1.1.1848787700.1745117768; prefetchAd_7359319=true; pp_main_48eac25e15d2aeed70d260fa57ee3c42=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:09 GMT
content-type: text/html ; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mvjhjQKyuiJRL5GVeeRb0MBD%2B48kjmxyY7kNgxQqHJO2rkD5R88%2F0BCqvOovashcb4OHeqwM1yiqgkdsM8W4ezVpI0XqDYFJcn1WzHhXPHoIeA%2FxBxd1Ua0D"}],"group":"cf-nel","max_age":604800}
expires: Sat, 19 Apr 2025 02:56:09 GMT
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
cf-ray: 93315dec890e5687-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4552&min_rtt=1346&rtt_var=3025&sent=569&recv=132&lost=0&retrans=0&sent_bytes=556907&recv_bytes=14264&delivery_rate=2727&cwnd=92400&unsent_bytes=0&cid=f94a06f933044996&ts=4862&x=16"

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Cookie: uid_id2=afa1b3c0-2728-4da9-af7d-df9fdd2cdc17:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:56:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mexa.sh
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

GET /sb/ssp/utility/live-message/3-2/css/style.css HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:56:11 GMT
content-type: text/css
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:43 GMT
etag: W/"65aa84ff-22dc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: HIT
age: 1536833
cf-ray: 93315dfaad470afa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET /sb/ssp/utility/live-message/3-2/css/animate.css HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:56:12 GMT
content-type: text/css
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:43 GMT
etag: W/"65aa84ff-13365"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: HIT
age: 146337
cf-ray: 93315dfc1d730afa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 20 Apr 2025 02:56:12 GMT
date: Sun, 20 Apr 2025 02:56:12 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET /images/regicon.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: image/png
content-length: 19508
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Rw1IuLk07W1cdQcG9MnUzkcs1r%2FxJhZKz0n%2FuTzG3v%2BF0%2Frhw911xWR%2BPr%2F00jrxp9BawpeDw27Y6zwr0Zk%2FmOqboLNn6lOlbNRO5syGnUxCgDDOd5kpXJA"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4c34-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3172
accept-ranges: bytes
cf-ray: 93315dd4e8e65687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9746&min_rtt=1346&rtt_var=11673&sent=234&recv=106&lost=0&retrans=0&sent_bytes=181889&recv_bytes=9528&delivery_rate=6405200&cwnd=69000&unsent_bytes=0&cid=f94a06f933044996&ts=871&x=16"

GET /sb/ssp/utility/live-message/3-2/js/script.js HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:56:12 GMT
content-type: application/javascript
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:43 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 146337
etag: W/"65aa84ff-495"
content-encoding: br
cf-ray: 93315dffee100afa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET /js/jquery.cookie.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iWCIgy1vrYauQ4rNNuQFxGVi7rpaL1GayTazUHjTBYn94q3yCPEyKQ6LmhTg5iEZIQ8ev3QjlynbCq4bMsPoWuKc7aN1qupeEPM3erho6VlK8JmGdSpYwr0N"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"c31-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1793
content-encoding: br
cf-ray: 93315dd4a8dd5687-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18160&min_rtt=1425&rtt_var=18307&sent=127&recv=95&lost=0&retrans=0&sent_bytes=66180&recv_bytes=6901&delivery_rate=14513540&cwnd=34200&unsent_bytes=0&cid=f94a06f933044996&ts=834&x=16"

POST /pixel/pure HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 74
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:09 GMT
Content-Length: 0
Connection: keep-alive
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET /images/free_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:06 GMT
content-type: image/png
content-length: 32532
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HGtXBz0cwgD3xX6aE1nJKu%2FmeejIfcS%2FVXA9I0mgMYDVCliyJgv84u6G1zKLUEz3NsFlUPdltpWxXZCy6%2FsGgYgG8RWToZlIpJBedIXDDJ%2BPJ0wzCxMxKWYg"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "7f14-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3173
accept-ranges: bytes
cf-ray: 93315dda88f55687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5269&min_rtt=1346&rtt_var=4215&sent=483&recv=124&lost=0&retrans=0&sent_bytes=461415&recv_bytes=12661&delivery_rate=4797265&cwnd=92400&unsent_bytes=0&cid=f94a06f933044996&ts=1773&x=16"

GET /sb/au/18/52/6a/18526a6becad408914fcf53d946360f0/1651134763.html HTTP/1.1
Host: cdn.show-sb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:56:10 GMT
content-type: text/html
server: cloudflare
last-modified: Sat, 07 May 2022 03:21:27 GMT
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 93315df1add856a8-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F18%2F52%2F6a%2F18526a6becad408914fcf53d946360f0%2F1651134763.html&l=1558&fd=654 HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:11 GMT
Content-Length: 0
Connection: keep-alive
Host: nannyirrationalacquainted.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET /si/7f/49/71/7f4971a5ee0d7811082ed1177e959564/1683231389.png HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:56:12 GMT
content-type: image/png
content-length: 69364
server: nginx/1.21.6
last-modified: Thu, 04 May 2023 20:16:38 GMT
etag: "645412a6-10ef4"
expires: Tue, 22 Apr 2025 02:56:12 GMT
cache-control: max-age=172800
x-cdn-host-id: ah0543
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET /sb/ssp/utility/live-message/3-2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:56:12 GMT
content-type: application/javascript
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:43 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 347206
etag: W/"65aa84ff-15d94"
content-encoding: br
cf-ray: 93315dfd3b73b523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET /images/download1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: image/png
content-length: 23553
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mvLcAJgyMjG8rOLBpCYVgVaQRtuZb%2FqJPFd4HqGZCJYGRI9m43g4DC9FL5u%2F1EXRKdvRqJbtJrA8PQVrIZu9lQc1XUjwycM0A3%2BJ2tFNBnpQSNiQMD62RAyk"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:35 GMT
etag: "5c01-550b66eb244c0"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3172
accept-ranges: bytes
cf-ray: 93315dd538e75687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9057&min_rtt=1346&rtt_var=7884&sent=271&recv=110&lost=0&retrans=0&sent_bytes=221361&recv_bytes=10235&delivery_rate=746925&cwnd=92400&unsent_bytes=0&cid=f94a06f933044996&ts=918&x=16"

GET /images/.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sun, 20 Apr 2025 02:56:06 GMT
content-type: text/html; charset=utf-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=23jMWj8%2FAFJcmiVYF5SwKp%2FibcbTSND2DjiXF1kl85tU0jek8YB3NYqpJFFobjavRhWJ5icvqwJcyMjLCiReK8vzfhoUc3mtiX0AL%2BQWUXSm5dz7y3BwTTxq"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 17 Dec 2019 16:49:23 GMT
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: EXPIRED
content-encoding: br
cf-ray: 93315dd908ef5687-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6424&min_rtt=1346&rtt_var=5932&sent=359&recv=118&lost=0&retrans=0&sent_bytes=318514&recv_bytes=11619&delivery_rate=2634267&cwnd=92400&unsent_bytes=0&cid=f94a06f933044996&ts=1732&x=16"

GET /images/navbar.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:06 GMT
content-type: image/png
content-length: 22290
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CA%2Bw%2FYP5MDKTz5eXS4XMMZTqKaNh%2BGSyHRMVAlN%2BmsXuDX0yz%2Fkm4pmDPAAB%2B7svB%2BvKBrx%2FsQzPpGHbAInVlx2sRdTfHhE5CseEi8rD3UDu7GsyqKvNr6EK"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "5712-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3172
accept-ranges: bytes
cf-ray: 93315dd928f05687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7548&min_rtt=1346&rtt_var=7134&sent=311&recv=115&lost=0&retrans=0&sent_bytes=263848&recv_bytes=11229&delivery_rate=1554196&cwnd=92400&unsent_bytes=0&cid=f94a06f933044996&ts=1549&x=16"

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:56:08 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mexa.sh
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=afa1b3c0-2728-4da9-af7d-df9fdd2cdc17:3:1; expires=Wed, 18 Apr 2035 02:56:08 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET /?rb=-MX1BYQfutR0pq6Q6xw1dcrVriEzhDRfjW3ZsTyusk4R7pp0ziauN0sHIgVBpxvxFQ7PX4m1ghv4VL5l23tr71YlrVIPkRAxXtxA0cg1sn6aF7-36G5C4u8rq7Mjq0uNbeq7m4j_LVEV5v2DqVVNdguhgvMStwqlXoPfGtKsQqX241rUhYguzaqLQ-biXTcX4c5Gtm-1BUW_O5ORszUYnHCZxY7teRDzOvSO5idT84AXFhYFlZtjdUSeZ9iqeDwhUUrqAJMk8hPACmCwz5L3cvGBKqg%3D&request_ab2=0&zoneid=7359319&js_build=iclick-v1.1126.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=0&pl=https%3A%2F%2Fmexa.sh%2F7qt3miwptxjr%2FVoice-RJ01355781.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=llvmpipe&js_build=iclick-v1.1126.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=0af16176-0da9-4ee3-8df0-f993bf76215d&wasm=1&userId=0081b15629a34837e03083e364d35101&m=link HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Cookie: OAID=0081b15629a34837e03083e364d35101; oaidts=1745117766
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 20 Apr 2025 02:56:08 GMT
content-type: application/json
x-trace-id: 34866c37bb3ee89956546fcf6c262b1d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0081b15629a34837e03083e364d35101; expires=Mon, 20 Apr 2026 02:56:08 GMT; path=/; secure; SameSite=None
oaidts=1745117768; expires=Mon, 20 Apr 2026 02:56:08 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 27 Apr 2025 02:56:08 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Apr 2025 10:03:46 GMT
expires: Fri, 17 Apr 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 233547
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET /css_newTheme/main.css HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aGQfY%2BLZFLu52mbbsab32oirEXn2t2oUqbzqyqRZ9OnCJbfcw4GOFmWCQrA3qtdehLOApIdgT%2BOYfng3PftDZYWPX5C%2FKbH2frEG503fV5cDO2wbjhX1dF1b"}],"group":"cf-nel","max_age":604800}
last-modified: Sun, 13 Jan 2019 07:31:45 GMT
etag: W/"89fe-57f51eb945a40"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1848
content-encoding: br
cf-ray: 93315dd488da5687-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=25842&min_rtt=1887&rtt_var=23238&sent=72&recv=88&lost=0&retrans=0&sent_bytes=6892&recv_bytes=5864&delivery_rate=2243&cwnd=12000&unsent_bytes=0&cid=f94a06f933044996&ts=816&x=16"

GET /images/userin.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: image/png
content-length: 18182
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D8TxYahLWFbyVwg1Adyh9U2yn9wfnF7t0hibm10SfBN0KPqarRR1KugKB4DWRAAEZylkr0XAmsLFCtb2Vp%2BMj9H%2FrCUDJxDDhjf88No6MusHT1U2BuvLzNKR"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4706-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3172
accept-ranges: bytes
cf-ray: 93315dd4e8e55687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9746&min_rtt=1346&rtt_var=11673&sent=202&recv=106&lost=0&retrans=0&sent_bytes=145205&recv_bytes=9528&delivery_rate=6405200&cwnd=69000&unsent_bytes=0&cid=f94a06f933044996&ts=865&x=16"

POST /pixel/pure HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 74
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:10 GMT
Content-Length: 0
Connection: keep-alive
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET /si/09/95/ec/0995ecf56e3194702f2fe74a8e3dd68a/1683231434.png HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:56:12 GMT
content-type: image/png
content-length: 62035
server: nginx/1.21.6
last-modified: Thu, 04 May 2023 20:17:23 GMT
etag: "645412d3-f253"
expires: Tue, 22 Apr 2025 02:56:12 GMT
cache-control: max-age=172800
x-cdn-host-id: ah0543
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET /impr.gif?sid=H4sIAAAAAAAC_1RSz4scRRitnl1PCpIQvIgwBw8qzmz3dM_OjDkE15gQE5OQRBbxINVV1bPlVnd1qrqnJ3OKBiQHD4MnvfW-2WQxhqB_gKAzgocFwfG0hywE_QsUchTpycDod_h-9Psa3vdefb6XH5MAOT26-r4eSaXoRrvp1l_blgnXha1fvlH33KZ7ur4tk83gdH1YJTN4y_ODpvt6_bxgu3qj5Xqu67le_Zw0ItLDjQUKmT7sec2e2wxaTa8dYGj-P9vcgaUO-OCYnITk8xf_iD6CZFMk8Xdnhd3NdPrmu3GuaKYNBvzgg2Q30UWCeNVGxkGUHCy3oe2ckK9q0MnB8gLowX51AUI5J7WXHiNMDpY0EQ7uPWMaKogEIX8exWAKoaaQdAqm70Dy3wjAOC5fQRLfv6xNQW89Q2mFzsn6078hizlZf3wKSfxoS8lh_bpWeSZ1YjGMSsjhFLI_RZrPkI1qkMUMLPsMkv9KNp5eQhLvX7FKQ_KjV2lEvdBnbqPVaXUbAae9Bo06vMGjXsR5i3HmdRYSyWgKJcagdg25dZBLB3nkIE8dxPyoHrjdgHnU34x6nHXcgAYBF6Hb67Zcl_ZYBzmr-I-RpWMwNQYzt5Ga29iVY5j8R9idEpY7sBnBgJcoBEFhCQpKUEiCIiMoBuU9rmzLlve5snnoLWtrWf1yorP-Hr2ns75ICKgZw_ByX6Y37R2wbG0yiuzFia4SDbMHW9cbm92gEXzsTWjIy730mJyoRHa--Ocn7IqjOhO9tgj8yG-3feG5PAq63VbEaNvrdTwWtGFlCWlroNbBqHL8ja-RyjkhY4KQzmDVDEyeAM1fAS1K0J0So-QgFkPatDvgukSarSO75eypY_LywuHtX2YQ7PDMX0_OPzo1egJmSqSmxCfyZ4K-uju5pguyf00Xlnx_Jc1kLEe0cv96RjOx9uCiuFVowy-cteNv3mYVULUPbwibXaIJl0nfkm-3JOfCnNOGCfLDBbstwqu53dnKTZKnl66-c-5CnBphrdTJFLS6Z3oTTM7JyefY4mV7n_YgzRQmLxHnh2QZkHoGlt6GTVf8rSYwarUTpg6KvJyYVrj6qCSBEquZhiXsf-Zw1U8Mrf6mstyzd9E3NdDsDpK4xMCUGKgSVI1h87VJlprDM7_7i0CoapNQmdp-qIz6ciHznHz4wp-w8qge-aLFXLfb2fT8biQ8P-AsaneDHt-kru8LZHa-sx6-928AAAD__2BTF3nABAAA HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:13 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: nannyirrationalacquainted.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: c4916b44f53d6c8f8e34823e5c505ac6
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET /gtag/js?id=UA-79936000-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 20 Apr 2025 02:56:06 GMT
expires: Sun, 20 Apr 2025 02:56:06 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1055:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1055:0
report-to: {"group":"ascgcycc:1055:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1055:0"}],}
server: Google Tag Manager
content-length: 95686
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET /images/logo1_1x.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: image/png
content-length: 38035
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OS4jSFPnpO2ucQpdjOiIwrxxozigyYdRWRJwipMz56SViVh%2Fi2ua96TmhikNbMFY6xhN8TP5fo%2F4UgilkUQsmCUHoPIpYBidpxbHu6iqFX2QYMlDTBHZmeDd"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "9493-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1793
accept-ranges: bytes
cf-ray: 93315dd4c8df5687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=14520&min_rtt=1346&rtt_var=16698&sent=132&recv=98&lost=0&retrans=0&sent_bytes=69494&recv_bytes=7300&delivery_rate=954431&cwnd=34200&unsent_bytes=0&cid=f94a06f933044996&ts=849&x=16"

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Cookie: uid_id2=afa1b3c0-2728-4da9-af7d-df9fdd2cdc17:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:56:09 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mexa.sh
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

GET /pxf.gif?uuid=afa1b3c0-2728-4da9-af7d-df9fdd2cdc17&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=48eac25e15d2aeed70d260fa57ee3c42&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:10 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: unseenreport.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: bd1281e65cf4676c5384c0d0ff09bd00
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET /js/jquery-1.9.1.min.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FuE1YMtOugWVnE6hExQKcgBF9dhnmi3ifbqGxeRrWL5feYn7HWzfstP1EsLiEquLN9vIOFCegrSYUn0JEwKwdFI4QIeQaNr%2By2hLV1SgttqfeZVsvEn7uUQO"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"169d5-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1793
content-encoding: br
cf-ray: 93315dd498db5687-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21904&min_rtt=1472&rtt_var=20437&sent=92&recv=93&lost=0&retrans=0&sent_bytes=25997&recv_bytes=6812&delivery_rate=4776375&cwnd=19500&unsent_bytes=0&cid=f94a06f933044996&ts=829&x=16"

GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fanimate.css&l=78693&fd=1058 HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:12 GMT
Content-Length: 0
Connection: keep-alive
Host: nannyirrationalacquainted.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fjs%2Fscript.js&l=1173&fd=152 HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:13 GMT
Content-Length: 0
Connection: keep-alive
Host: nannyirrationalacquainted.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET /7qt3miwptxjr/Voice-RJ01355781.rar HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:56:04 GMT
content-type: text/html ; charset=UTF-8
server: cloudflare
expires: Sat, 19 Apr 2025 02:56:04 GMT
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
content-encoding: br
set-cookie: lang=english; Path=/; Domain=mexa.sh
cf-ray: 93315dcc1e2f56c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET /7qt3miwptxjr/favicon.ico HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english; _ga_SBML259V1V=GS1.1.1745117767.1.0.1745117767.0.0.0; _ga=GA1.1.1848787700.1745117768; prefetchAd_7359319=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Sun, 20 Apr 2025 02:56:08 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=14l2QIl51URGXRMhknbzs6Iy7ZKMg6abUsyDfKtaroJyJE%2BjliOzTS9ulDoGouhK3%2F5EgALzHBcXClkRHgmdyEa5hIYiZZSbUoKAaGpgY%2BQriH8GUP5VD7JT"}],"group":"cf-nel","max_age":604800}
location: https://mexa.sh/7qt3miwptxjr
x-test-header: 1
x-content-type-options: nosniff
cf-cache-status: BYPASS
cf-ray: 93315de619095687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4257&min_rtt=1346&rtt_var=3245&sent=567&recv=130&lost=0&retrans=0&sent_bytes=556268&recv_bytes=13801&delivery_rate=1836285&cwnd=92400&unsent_bytes=0&cid=f94a06f933044996&ts=3809&x=16"

GET /js/jquery.paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FcFbdhoQiSc4VjIZNuEdXzGgpLDurJtcwqvjkhOogjW4Cjnr3U8rzU329Jx05rLvMoZPa77tmyAxh4PuExoGW81Xj%2FeMCyOoEgodHxtTFAWU9YTu4oZjU%2BvO"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"4ba5-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1793
content-encoding: br
cf-ray: 93315dd4a8dc5687-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21904&min_rtt=1472&rtt_var=20437&sent=109&recv=93&lost=0&retrans=0&sent_bytes=45497&recv_bytes=6812&delivery_rate=4776375&cwnd=19500&unsent_bytes=0&cid=f94a06f933044996&ts=830&x=16"

GET /js/paging.js HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zKN7vxS7raThGwou6INsODOz3NlhQHnX6h%2FGZbcq5jlnMJqfH6AcwwvsnDRXFYAaOC722hPAuDsKehmhXPcnbwNehbFpJCk%2BaDqrVIKKBIP7%2Fghwf7ALZkkB"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:32 GMT
etag: W/"6ad-550b66e847e00"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1793
content-encoding: br
cf-ray: 93315dd4b8de5687-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=16402&min_rtt=1425&rtt_var=17245&sent=129&recv=96&lost=0&retrans=0&sent_bytes=68183&recv_bytes=6946&delivery_rate=437338&cwnd=34200&unsent_bytes=0&cid=f94a06f933044996&ts=838&x=16"

GET /images/yep_d.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: image/png
content-length: 15222
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EqrRvgUyalRItm%2FicAQijmEVYV6t2zZyU3xTrl6t69Yhnc%2F5ud25TGr4ssUjgOO9m431VO8%2BSZQ76TWQThTjA1PaRVYNTuRxYO1g5wJ74qtYfTvdGBCVSNKM"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "3b76-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3172
accept-ranges: bytes
cf-ray: 93315dd558e95687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=8421&min_rtt=1346&rtt_var=7184&sent=295&recv=112&lost=0&retrans=0&sent_bytes=247552&recv_bytes=10589&delivery_rate=1412245&cwnd=92400&unsent_bytes=0&cid=f94a06f933044996&ts=938&x=16"

GET /ce/95/e4/ce95e43f3553e10df4882fca51971c45.js HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:08 GMT
Content-Type: application/javascript
Content-Length: 15401
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
set-cookie: 4b4e7ab587d59b22ad7bcd2439afc363_BS-684-4=1; expires=Sun, 20 Apr 2025 02:56:08 GMT; secure; SameSite=None
x-envoy-upstream-service-time: 3
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 2f1b22c5b692e15fd8315675b4e28737
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET /gid.js?userId=0081b15629a34837e03083e364d35101 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Cookie: ID=0081b15629a34837e03083e364d35101
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:08 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mexa.sh
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0081b15629a34837e03083e364d35101; expires=Mon, 20 Apr 2026 02:56:08 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 93315de2ea55b4f9-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET /images/premium_download.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/css_newTheme/main.css
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:06 GMT
content-type: image/png
content-length: 35695
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yPl2i1Agz%2FSjYxBf4vVryvgMMOpWnJOBfenNBi74KpsWMUB2bBHHg5A3mvWIqGWmXmKxBiV6kje81NlCFDz1tYTo%2BqF%2BIpVQupgZMNQRUQnX%2BNThNPmy9zVZ"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Jul 2017 04:35:36 GMT
etag: "8b6f-55453b26c1600"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3173
accept-ranges: bytes
cf-ray: 93315ddaa8f65687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4826&min_rtt=1346&rtt_var=4049&sent=513&recv=126&lost=0&retrans=0&sent_bytes=495455&recv_bytes=13013&delivery_rate=7961631&cwnd=92400&unsent_bytes=0&cid=f94a06f933044996&ts=1789&x=16"

OPTIONS /wrr?z=7359319&p_rid=0af16176-0da9-4ee3-8df0-f993bf76215d&rb=-MX1BYQfutR0pq6Q6xw1dcrVriEzhDRfjW3ZsTyusk4R7pp0ziauN0sHIgVBpxvxFQ7PX4m1ghv4VL5l23tr71YlrVIPkRAxXtxA0cg1sn6aF7-36G5C4u8rq7Mjq0uNbeq7m4j_LVEV5v2DqVVNdguhgvMStwqlXoPfGtKsQqX241rUhYguzaqLQ-biXTcX4c5Gtm-1BUW_O5ORszUYnHCZxY7teRDzOvSO5idT84AXFhYFlZtjdUSeZ9iqeDwhUUrqAJMk8hPACmCwz5L3cvGBKqg=&dmn=waisheph.com&userId=0081b15629a34837e03083e364d35101 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sun, 20 Apr 2025 02:56:09 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

OPTIONS /pixel/pure HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mexa.sh/
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:10 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET /ren.gif?sid=H4sIAAAAAAAC_1RSz4scRRitnl1PCpIQvIgwBw8q7mz_mtlpcwiuMSEmJiGJLOJBqquqd8ut7upUdU9P5hQNSA4eBk96632zyWIMQf8AQWcFDwuC42kPWQj6FyjkKNKbgdHv8P3o9zW87736fKc8IiFKenj1fT2SStHVbsdtv7YhM64r2758o-25Hfd0e0NmvfB0e9gkM3jLC8KO-3r7vGDbetV3Pdf1XK99ThqR6OHqMQqZP4y8TuR2Qr_jdUMMzf9nWzqw1AEfHJGTkHz24h_JR5Bsiiz97qyw24XO33w3LRUttMGA732QbWe6ypAu2sQ4SLK9-Ta0nRHyVQs625tfAD3YbS5ALGek9dJjxNnenCbiwb1nTGMFkSHmz6MaTCHUFJJOwfQdSP4bARjH5SvI0vuXtanorWcobdAZWX76N2Q1I8uPTyFLH60rOWxf16ospM4shkkNOZxCbk6Rl_soRi3Iah-s-AyS_0pWn15Clu5esUpD8sNXaUK9OGDuir_m91dCTqMVmqzxFZ5ECec-48xbO5ZIJlMoMQa1Syitg1I6KBMHZe4g5Yft0O2HzKNBL4k4W3NDGoZcxG7U912XRmwNJWv4j1HkYzA1BjO3kZvb2JZjmPJH2K0aljuwBcGA16gEQWUJKkpQSYKqIKgG9T2urG_r-1zZMvbm1Z_XoJ7oYnOH3tPFpsgIqBnD8HpX5jftHbBiaTJK7MWJbhKNiwfr11d6_XAl_Nib0JjXO_kROdGI7Hzxz0_YFodtJqKuCIMk6HYD4bk8Cft9P2G060VrHgu7sLKGtC1Q62DUOP7G18jljJAxQUz3YdU-mDwBWr4CWtWgWzVG2V4qhrRjt8B1jbxYRnHL2VFH5OVjhzd-2YdgB2f-enL-0anREzBTIzc1PpE_E2yqu5NruiK713RlyfdX8kKmckQb968XtBBLDy6KW5U2_MJZO_7mbdYATfvwhrDFJZpxmW1a8u265FyYc9owQX64YDdEfLW0W-ulycr80tV3zl1IcyOslTqbgjb3TG-CyRk5-Rw7ftnepxGkmcKUNdLygMwDUu-D5bdh8wV_qwmMWuzEuYOqrCfGjxcflSRQYjHTuIb9zxwv-omhzd9U1jv2LjZNC7S4gyytMTA1BqoGVWPYcmlS5ObgzO_BcSBWrUmsTGs3VkZ9eSzzjHz4wp-w8rDd9eOg1-_3RNLjScADP-BR1xVRSKNeGIVdFHa2tRy_928AAAD__5w7h6fABAAA HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: nannyirrationalacquainted.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 193c138ddc9e9abab889bc90c7df56f9
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Futility%2Flive-message%2F3-2%2Fcss%2Fstyle.css&l=8924&fd=830 HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:12 GMT
Content-Length: 0
Connection: keep-alive
Host: nannyirrationalacquainted.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET /images/navicon2.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: image/png
content-length: 16374
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y8G3YOlJzdu5eerWxfl4uV2MAPwjuUnwyZp3IIuzXswnTKKHdtLoiXTQ6lqjO7y0RHBROjXuzrSzSJqZZUPWTF4VLfbXvURRKU37k2ebEICLpZhH0lnkOLW5"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:33 GMT
etag: "3ff6-550b66e93c040"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3172
accept-ranges: bytes
cf-ray: 93315dd4d8e15687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9746&min_rtt=1346&rtt_var=11673&sent=219&recv=106&lost=0&retrans=0&sent_bytes=164479&recv_bytes=9528&delivery_rate=6405200&cwnd=69000&unsent_bytes=0&cid=f94a06f933044996&ts=868&x=16"

GET /sb/ssp/utility/live-message/3-2/img/close.png HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Apr 2025 02:56:12 GMT
content-type: image/png
content-length: 5982
server: cloudflare
accept-ranges: bytes
last-modified: Fri, 19 Jan 2024 14:19:43 GMT
etag: "65aa84ff-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 699136
cf-ray: 93315dfd3b75b523-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Apr 2025 10:03:46 GMT
expires: Fri, 17 Apr 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 233547
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET /images/navicon1.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: image/png
content-length: 18288
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EphR9opXLMFQ1r6GPTQjYiZlc1M588%2BRYKQBa0A%2BQOGVyA5WTsu9T1ePtYpzm8S4hAzSg%2F3%2FO56rf7rJHbScrrVvt9SaRFJSNw7c3Tl6g%2FOt0dPZemn0mFcX"}],"group":"cf-nel","max_age":604800}
last-modified: Tue, 30 May 2017 04:42:34 GMT
etag: "4770-550b66ea30280"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 1793
accept-ranges: bytes
cf-ray: 93315dd4d8e05687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=11801&min_rtt=1346&rtt_var=14214&sent=169&recv=103&lost=0&retrans=0&sent_bytes=109202&recv_bytes=9128&delivery_rate=1894146&cwnd=69000&unsent_bytes=0&cid=f94a06f933044996&ts=859&x=16"

GET /images/no211.png HTTP/1.1
Host: mexa.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/7qt3miwptxjr/Voice-RJ01355781.rar
Cookie: lang=english
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Apr 2025 02:56:05 GMT
content-type: image/png
content-length: 720
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JyPX8Ys6QBB3iJMfjuUp1YU0InmLEvMZ%2BVLelnBz7Nwf%2F4%2FQQAvrsPxUUA5WO0b1f1MqfrxqqbjSi%2FVw3rHI0ipw800oRusoBHfsC%2B9LpTa4iHE1BieVr%2BWE"}],"group":"cf-nel","max_age":604800}
last-modified: Mon, 26 Aug 2019 15:38:33 GMT
etag: "2d0-59106f2ce7040"
x-test-header: 1
x-content-type-options: nosniff
cache-control: max-age=14400
cf-cache-status: HIT
age: 3172
accept-ranges: bytes
cf-ray: 93315dd538e85687-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9057&min_rtt=1346&rtt_var=7884&sent=292&recv=110&lost=0&retrans=0&sent_bytes=246124&recv_bytes=10235&delivery_rate=746925&cwnd=92400&unsent_bytes=0&cid=f94a06f933044996&ts=926&x=16"

POST /wrr?z=7359319&p_rid=0af16176-0da9-4ee3-8df0-f993bf76215d&rb=-MX1BYQfutR0pq6Q6xw1dcrVriEzhDRfjW3ZsTyusk4R7pp0ziauN0sHIgVBpxvxFQ7PX4m1ghv4VL5l23tr71YlrVIPkRAxXtxA0cg1sn6aF7-36G5C4u8rq7Mjq0uNbeq7m4j_LVEV5v2DqVVNdguhgvMStwqlXoPfGtKsQqX241rUhYguzaqLQ-biXTcX4c5Gtm-1BUW_O5ORszUYnHCZxY7teRDzOvSO5idT84AXFhYFlZtjdUSeZ9iqeDwhUUrqAJMk8hPACmCwz5L3cvGBKqg=&dmn=waisheph.com&userId=0081b15629a34837e03083e364d35101 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mexa.sh/
content-type: application/json
Content-Length: 2581
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sun, 20 Apr 2025 02:56:10 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:09 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28255
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Host: recordedthereby.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: c6be6541bd5ebe38345088ea3b6fce19
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET /5/7359319 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 20 Apr 2025 02:56:06 GMT
content-type: application/javascript
x-trace-id: f8140f2bc5b7d72665a825795b7d0a86
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081b15629a34837e03083e364d35101; expires=Mon, 20 Apr 2026 02:56:06 GMT; path=/; secure; SameSite=None
oaidts=1745117766; expires=Mon, 20 Apr 2026 02:56:06 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET /pixel/purst?dl=0&th=0&sc=0&rs=2738&rd=2738&fd=1325&bv=25.3.2388&tmpl=136 HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:08 GMT
Content-Length: 0
Connection: keep-alive
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET /sbar.json?key=ce95e43f3553e10df4882fca51971c45&abt=BS-684-4_1&uuid=afa1b3c0-2728-4da9-af7d-df9fdd2cdc17%3A3%3A1 HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mexa.sh
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:10 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
custom-referer: https://mexa.sh
access-control-allow-origin: https://mexa.sh
access-control-allow-credentials: true
set-cookie: uid_id2=afa1b3c0-2728-4da9-af7d-df9fdd2cdc17:3:1; expires=Sun, 27 Apr 2025 02:56:10 GMT; path=/; secure; SameSite=None
pdhtkv=true; expires=Mon, 21 Apr 2025 02:56:10 GMT; path=/; secure; SameSite=None
uncs=1; expires=Mon, 21 Apr 2025 02:56:10 GMT; path=/; secure; SameSite=None
pdhtkv29=true; expires=Mon, 21 Apr 2025 02:56:10 GMT; path=/; secure; SameSite=None
uncs29=1; expires=Mon, 21 Apr 2025 02:56:10 GMT; path=/; secure; SameSite=None
u_pl26017473=1; expires=Mon, 21 Apr 2025 02:56:10 GMT; path=/; secure; SameSite=None
slecce95e43f3553e10df4882fca51971c45=[5752771,5836004]; expires=Sun, 20 Apr 2025 02:56:15 GMT; path=/; secure; SameSite=None
x-envoy-upstream-service-time: 198
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: eff8bd1b89562f1cf27a35b4aebc8613
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET /pxf.gif?uuid=afa1b3c0-2728-4da9-af7d-df9fdd2cdc17&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=ce95e43f3553e10df4882fca51971c45&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mexa.sh/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Apr 2025 02:56:10 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: unseenreport.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: a281c75135a0e7f7b3c562a5c9cfb6bf
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains