Edit tour

Windows Analysis Report
Payment Confirmation (237 KB).msg

Overview

General Information

Sample name:	Payment Confirmation (237 KB).msg
Analysis ID:	1550380
MD5:	5e2f88d03079fb4e7577e6a638f622a6
SHA1:	19900505a99e955e3ec8ac196d03f814fd5e26c9
SHA256:	0236aa093f7326b46f646de0508b06bf6fbb8e15a5fada15e238e07cdc0583b5
Infos:

Detection

HTMLPhisher, Tycoon2FA

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Found malware configuration

Yara detected HtmlPhish10

Yara detected Tycoon 2FA PaaS

Office viewer loads remote template

Phishing site detected (based on logo match)

Phishing site detected (based on shot match)

Creates a window with clipboard capturing capabilities

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

IP address seen in connection with other malware

Invalid T&C link found

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Excel Network Connections

Sigma detected: Office Autorun Keys Modification

Sigma detected: Suspicious Office Outbound Connections

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 3112 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Payment Confirmation (237 KB).msg" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 4636 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6E799949-CC68-4C7D-ACF7-DFDB99ECC467" "1E1CE2FA-2E8B-476D-B466-DDE64F014E37" "3112" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

EXCEL.EXE (PID: 6516 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LF0A6GI2\Payment Copy.xlsb" MD5: 4A871771235598812032C822E6F68F19)

EXCEL.EXE (PID: 6576 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" /Embedding MD5: 4A871771235598812032C822E6F68F19)

chrome.exe (PID: 1856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://app.marmof.com/share/01jc0wzptpy7bepvzk4ner7dc5 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 2212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1860,i,6018047205410846205,15210405168536307558,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

splwow64.exe (PID: 780 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)

cleanup

Malware Configuration

Threatname: Tycoon2FA

{"websitenames": "[\"godaddy\", \"okta\"]", "bes": "[\"Apple.com\"]"}

Yara Signatures

HTML

Source	Rule	Description	Author
0.24.i.script.csv	JoeSecurity_Tycoon2FA	Yara detected Tycoon 2FA PaaS	Joe Security
2.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.5.pages.csv	JoeSecurity_Tycoon2FA	Yara detected Tycoon 2FA PaaS	Joe Security
2.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.6.pages.csv	JoeSecurity_Tycoon2FA	Yara detected Tycoon 2FA PaaS	Joe Security

Sigma Signatures

Sigma detected: Excel Network Connections

Source: Network Connection

Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 13.107.246.45, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6516, Protocol: tcp, SourceIp: 192.168.2.18, SourceIsIpv6: false, SourcePort: 49874

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3112, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Sigma detected: Suspicious Office Outbound Connections

Source: Network Connection

Author: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.18, DestinationIsIpv6: false, DestinationPort: 49874, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6516, Protocol: tcp, SourceIp: 13.107.246.45, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-06T16:54:46.890321+0100	2022930	1	A Network Trojan was detected	4.245.163.56	443	192.168.2.18	49705	TCP
2024-11-06T16:55:24.810125+0100	2022930	1	A Network Trojan was detected	4.245.163.56	443	192.168.2.18	49748	TCP

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-06T16:56:05.166870+0100	2028371	3	Unknown Traffic	192.168.2.18	49874	13.107.246.45	443	TCP
2024-11-06T16:56:11.019791+0100	2028371	3	Unknown Traffic	192.168.2.18	49891	13.107.246.45	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://ns.califragilist.com/GDSherpa-bold.woff	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/GDSherpa-bold.woff2	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/yf76EadsgQyK5Jwh8E6cIKXM1akRlkqgnjcDg3IU0lvqLFvh	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/cboOIeS9NKidIhE5DtVGZJdhr1AU8tkEd4AG7ei0Kkgcq	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/yzCIRquaPFUjERvoqJYr7I3cogJBrGklDFyrsAZD9QeqnvfO79zHfIab179	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/klb1Tb0pqjiiO0QC8iSkuvcrkAseyN0gijLfAJqw57BVylHDeKthwKOmF6apVvmVwx220	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/wxsGdcms1rtQz5l1cTKsINVaEcbHopXA7Zunk6vNV19QQVZ12130	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/qrXjbEVVLbAj1HnXmTFefBQ26ZHPam28i67132	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/xyAq43pQ3AarsEuef30	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/qrOghFHUJfJSFxz9cKcd4AueKjk04mMjNqxfmmstDVeA4AjY2yeMJmi1lZgTvAEOPcd240	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/34m8PEW3Ch1AL9UabKKEr8920	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/ijfp9iKnrTgHCYE8rTpOvmRwx1aOUavp0AinFOw6GvICG656170	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/uvvJrrwLawKtH7uvbTOLQFH5urwDkIf67DrJWCuu0sPsB6Cxztqv96T1CyIB9ef255	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/GDSherpa-regular.woff	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/exdlnqbmbchbkrnxhuntke151625768903329522495766gd0sztam2f63i24v08nret?71107507272637789503550UT0MURYOK2EBMVG64K4712	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/rsvqFqFKEhRzIVFcaSXFIFklJZjDuvi98kzxNrUiaZdwEP3buTKNzKLKef192	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/mnTXBHC8KHjpcgmT4J29cjPITNuPijXMtYQTHs1fF2R078145	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/34ZDG48CiIUIKX2LghMRxuoYEP67110	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/ijvpLYN3FAsYRkMp2S19m5x6bM7wkDZkl3hONe6DDp7xliNnk3uGhWQsRnx47i12202	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/GDSherpa-vf2.woff2	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/GDSherpa-regular.woff2	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/GDSherpa-vf.woff2	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/xyi0aNMuJJrB8y7WGAXkiQfmja4dMwqOBavMS5zthEqgNsefw	Avira URL Cloud: Label: phishing
Source: https://ns.califragilist.com/klsLwpUBDca0RxrYtZtR800jne0IqCzphswGY89y8d281n972UNwmgFEuHNXUPF6Bp4QvLcz5ab227	Avira URL Cloud: Label: phishing

Found malware configuration

Source: 2.5.pages.csv

Malware Configuration Extractor: Tycoon2FA {"websitenames": "[\"godaddy\", \"okta\"]", "bes": "[\"Apple.com\"]"}

Phishing

AI detected phishing page

Source: https://ns.califragilist.com/7PXU/

LLM: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'ns.califragilist.com' does not match the legitimate domain for Microsoft., The URL contains an unusual domain name 'califragilist.com' which is not associated with Microsoft., The presence of input fields related to Microsoft services (Email, phone, or Skype) on a non-Microsoft domain is suspicious., The URL does not contain any direct reference to Microsoft, which is a common tactic in phishing attempts. DOM: 2.6.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 0.24.i.script.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML

Phishing site detected (based on logo match)

Source: https://ns.califragilist.com/7PXU/

Matcher: Template: microsoft matched

Phishing site detected (based on shot match)

Source: https://ns.califragilist.com/7PXU/	Matcher: Template: captcha matched
Source: https://ns.califragilist.com/7PXU/	Matcher: Template: captcha matched

Source: https://ns.califragilist.com/7PXU/

HTTP Parser: Number of links: 0

Source: https://ns.califragilist.com/7PXU/

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://ns.califragilist.com/7PXU/

HTTP Parser: Title: does not match URL

Source: https://ns.califragilist.com/7PXU/	HTTP Parser: Invalid link: Terms of use
Source: https://ns.califragilist.com/7PXU/	HTTP Parser: Invalid link: Privacy & cookies
Source: https://ns.califragilist.com/7PXU/	HTTP Parser: Invalid link: Terms of use
Source: https://ns.califragilist.com/7PXU/	HTTP Parser: Invalid link: Privacy & cookies

Source: https://ns.califragilist.com/7PXU/

HTTP Parser: var websitenames = ["godaddy", "okta"];var bes = ["apple.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "x4v5i";var emailcheck = "0";var webname = "rtrim(/web8/, '/')";var urlo = "/yf76eadsgqyk5jwh8e6cikxm1akrlkqgnjcdg3iu0lvqlfvh";var gdf = "/ijnorcq8hot8jhdfhfstvn9uw8wiyyzxpyqckowhpuere79tcd120";var odf = "/ghu0zfkhmsupqodymb2ooyzw2vs7uv7vpbg8qab648";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "";let useragent = navigator.useragent;let browsername;let userip;let usercountry;var errorcodeexecuted = false;if(useragent.match(/chrome|chromium|crios/i)){ browsername = "chrome";} else if(userage...

Source: https://ns.califragilist.com/7PXU/

HTTP Parser: <input type="password" .../> found

Source: https://ns.califragilist.com/7PXU/	HTTP Parser: No favicon
Source: https://ns.califragilist.com/7PXU/	HTTP Parser: No favicon
Source: https://ns.califragilist.com/7PXU/	HTTP Parser: No favicon
Source: https://ns.califragilist.com/7PXU/	HTTP Parser: No favicon

Source: https://ns.califragilist.com/7PXU/	HTTP Parser: No <meta name="author".. found
Source: https://ns.califragilist.com/7PXU/	HTTP Parser: No <meta name="author".. found

Source: https://ns.califragilist.com/7PXU/	HTTP Parser: No <meta name="copyright".. found
Source: https://ns.califragilist.com/7PXU/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.18:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.18:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.18:49874 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.18:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.141:443 -> 192.168.2.18:49893 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 18.66.147.86 18.66.147.86
Source: Joe Sandbox View	IP Address: 13.107.246.45 13.107.246.45
Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.18:49874 -> 13.107.246.45:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.18:49891 -> 13.107.246.45:443
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.18:49705
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.18:49748

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.0

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1l7r34xy2ECzV4h&MD=O24uwPML HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /share/01jc0wzptpy7bepvzk4ner7dc5 HTTP/1.1Host: app.marmof.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rw.js HTTP/1.1Host: r.wdfl.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://app.marmof.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /build/assets/app-0b1f8530.css HTTP/1.1Host: app.marmof.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://app.marmof.com/share/01jc0wzptpy7bepvzk4ner7dc5Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /build/assets/app-49265ad1.js HTTP/1.1Host: app.marmof.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://app.marmof.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /api/?name=A+J&color=ffffff&background=f34b1d HTTP/1.1Host: ui-avatars.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.marmof.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rw.js HTTP/1.1Host: r.wdfl.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1l7r34xy2ECzV4h&MD=O24uwPML HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /js/script.js HTTP/1.1Host: plausible.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://app.marmof.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/?name=A+J&color=ffffff&background=f34b1d HTTP/1.1Host: ui-avatars.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma1zl7w0q5nw.woff2 HTTP/1.1Host: marmof.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://app.marmof.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://app.marmof.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /build/assets/app-49265ad1.js HTTP/1.1Host: app.marmof.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /build/assets/Document-d618b903.js HTTP/1.1Host: app.marmof.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://app.marmof.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /build/assets/logotype-original-6f3eac48.js HTTP/1.1Host: app.marmof.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://app.marmof.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /build/assets/Button-7c0475a9.js HTTP/1.1Host: app.marmof.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://app.marmof.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /js/script.js HTTP/1.1Host: plausible.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: app.marmof.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.marmof.com/share/01jc0wzptpy7bepvzk4ner7dc5Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /build/assets/Document-d618b903.js HTTP/1.1Host: app.marmof.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /build/assets/logotype-original-6f3eac48.js HTTP/1.1Host: app.marmof.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /site.webmanifest HTTP/1.1Host: app.marmof.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://app.marmof.com/share/01jc0wzptpy7bepvzk4ner7dc5Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /build/assets/Button-7c0475a9.js HTTP/1.1Host: app.marmof.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: app.marmof.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /7PXU/ HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ns.califragilist.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ns.califragilist.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ns.califragilist.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/22755d9a86c9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ns.califragilist.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/22755d9a86c9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6d6nj/0x4AAAAAAAxa-jBUtWqCblw0/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ns.califragilist.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8de644ce9b5745f6&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6d6nj/0x4AAAAAAAxa-jBUtWqCblw0/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6d6nj/0x4AAAAAAAxa-jBUtWqCblw0/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjhqSENYMSt1OXdLOXRZbGJzV1FqL3c9PSIsInZhbHVlIjoiaHk0N05sMlNZK1IySDVXRFdhVkZkRTczQjB6ZUU5bktEaE9mZDhNVHlNRlNMMk1ZdXgzOXZWOUQ1SU5OdW9xTlZ1ejA5bmhnMTlTVThINHp2b2xNL1ZIandRTFV1WEJWYkpEUndjOHQzcldKUXNLcGdPaDhxOUxrRVc3alRPcmQiLCJtYWMiOiI0YmQwNjlkNDY4OWI0MjIwYjVhMjI0Njc2MTZlNWE0NjkxZDExNTU0Mzk0ODc5MTlhZmNmNWQ5ZjAwY2Q5ZDBiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNPSmpMUGFpZzFkNnBoVDBJUER3OEE9PSIsInZhbHVlIjoiZW1nWGs4NWtOZG9oUm9vTC83bEx4eVFkaFZwZDdIQU1icGV1WTJvaHFtb2dQZWp5eWZWTHRrZ2dEQ2d4akl5Ny9nNlMyWHJsNW9WcmlEbUw0bXdPdE5DLzNNdnlLWmtyRkVSODE3UlBXdWE2cGZxYWRGWlhCMytqMStNSGx5Mi8iLCJtYWMiOiIyNzg5MTIxNTIwMWMxZDJhZWY3YTg0ODlhNWZkODdlYjIwMDdmOGNjMDA0NDBkNGYzYmZmM2M2NDExM2Y5ZjZmIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8de644ce9b5745f6&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/985987479:1730906859:VmyJFIL_Fq-MDv0sVVlGF-GoqYDiNITe2QXZJkrSh1A/8de644ce9b5745f6/10XP31l6VDq4aRF.l1vMbr2zWTHPyEyeCAoXvvvIE4s-1730908536-1.1.1.1-Hrda3SJhqm_EvUItSZWiY949ZTsoMWuaNLstz2Q8bvDRQiF19YNK.kkAtQW9f0js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8de644ce9b5745f6/1730908538244/21b1b96677c9e3ef37b23fb885bf7ea9a1606ccafad54ff0890341b4aacd38a1/1Xp8Bu6WhlXmVxt HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6d6nj/0x4AAAAAAAxa-jBUtWqCblw0/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8de644ce9b5745f6/1730908538244/-_ter8awBYLmx72 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6d6nj/0x4AAAAAAAxa-jBUtWqCblw0/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8de644ce9b5745f6/1730908538244/-_ter8awBYLmx72 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/985987479:1730906859:VmyJFIL_Fq-MDv0sVVlGF-GoqYDiNITe2QXZJkrSh1A/8de644ce9b5745f6/10XP31l6VDq4aRF.l1vMbr2zWTHPyEyeCAoXvvvIE4s-1730908536-1.1.1.1-Hrda3SJhqm_EvUItSZWiY949ZTsoMWuaNLstz2Q8bvDRQiF19YNK.kkAtQW9f0js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/985987479:1730906859:VmyJFIL_Fq-MDv0sVVlGF-GoqYDiNITe2QXZJkrSh1A/8de644ce9b5745f6/10XP31l6VDq4aRF.l1vMbr2zWTHPyEyeCAoXvvvIE4s-1730908536-1.1.1.1-Hrda3SJhqm_EvUItSZWiY949ZTsoMWuaNLstz2Q8bvDRQiF19YNK.kkAtQW9f0js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cboOIeS9NKidIhE5DtVGZJdhr1AU8tkEd4AG7ei0Kkgcq HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjJaYUtuem1IWVZsTCtNTzU4QzJKWXc9PSIsInZhbHVlIjoiU01IU1N3ZFBvdkhuYlVnaHVDL2MzeG16VEk5RUtJS0ZFWWhIOW5GcnFOS2J1dHpvTHJ4S1R4YUo1OFN5aHZhTXl6VytzWjVCWlJORGg0RDNsNlMxdm9TQ1VGcXFVMUxhRUFwUkc3VmN2VWtMMGQxbTBsZjNWbm5kT2dkMkI0alIiLCJtYWMiOiJjYWY5NzNjYmQwYmQ0ZTRhMTRjYTljYTZlNjFjZGQ2MGUwZTVmYzFkYTBhZmFmMzc4YzU4NzBhZTg4NTgwMGQ4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikljd0h3aUgwNUk1K0pkNUZKWnZKQkE9PSIsInZhbHVlIjoiaEw5Q1NMUEQ0cEIvZDJVbUd6RFliSTBHanJ2aTV1WTIza2pVckRxMnlwS0c5Z01SR2dMaTZJdVREYXJhZ2Npb2lQZ3dGMURleXZMMzZaVSszdjBXZk5IVERKRXArZWVUYTEwNnBJTWh0cytTQ1VvRmI3K2hOKytKN1dvYXdyS24iLCJtYWMiOiI4NTUyODc1MGVmMzBjOTM5NGQ1NTNjNGQwMDNiOGZiYjY0ZjZkNjU0NDZjNDEyZDViOTQxZWRhMmYyNDA4ZGQzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /7PXU/ HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjJaYUtuem1IWVZsTCtNTzU4QzJKWXc9PSIsInZhbHVlIjoiU01IU1N3ZFBvdkhuYlVnaHVDL2MzeG16VEk5RUtJS0ZFWWhIOW5GcnFOS2J1dHpvTHJ4S1R4YUo1OFN5aHZhTXl6VytzWjVCWlJORGg0RDNsNlMxdm9TQ1VGcXFVMUxhRUFwUkc3VmN2VWtMMGQxbTBsZjNWbm5kT2dkMkI0alIiLCJtYWMiOiJjYWY5NzNjYmQwYmQ0ZTRhMTRjYTljYTZlNjFjZGQ2MGUwZTVmYzFkYTBhZmFmMzc4YzU4NzBhZTg4NTgwMGQ4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikljd0h3aUgwNUk1K0pkNUZKWnZKQkE9PSIsInZhbHVlIjoiaEw5Q1NMUEQ0cEIvZDJVbUd6RFliSTBHanJ2aTV1WTIza2pVckRxMnlwS0c5Z01SR2dMaTZJdVREYXJhZ2Npb2lQZ3dGMURleXZMMzZaVSszdjBXZk5IVERKRXArZWVUYTEwNnBJTWh0cytTQ1VvRmI3K2hOKytKN1dvYXdyS24iLCJtYWMiOiI4NTUyODc1MGVmMzBjOTM5NGQ1NTNjNGQwMDNiOGZiYjY0ZjZkNjU0NDZjNDEyZDViOTQxZWRhMmYyNDA4ZGQzIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /xyi0aNMuJJrB8y7WGAXkiQfmja4dMwqOBavMS5zthEqgNsefw HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijd2QkhDZmlrS2dKUXpZTjFMV2pldmc9PSIsInZhbHVlIjoiaHJhNUIyTEtvVThkaldLM3oyTTU4M1hKUFZJV1k5bGUzdVAzZmxLUFhkSG8rOVQyZ3JLYkVTdmdxbkZ1RU04UHBvK2lXQWNxblgzMG0xT2xxL2tadEV6RzhGMWlYakxneVdOSk0vZlRncDVLY0c3dG9uZ2x2c1F5VXlwb3ZsajMiLCJtYWMiOiJlYWM3ZTMxOTBiZjMzYmM4ZTdmN2RiZjM3ZmI0YTY5ZmIyZjNhZWZiYTE4NzVlMWM3NDU0MzQwZDdhOWQ1M2NhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImxHU1hITFQ3SkZ6bVJBdHRPVWV4VlE9PSIsInZhbHVlIjoiT0JmdFJXd01EeG9qSjcrMTlCRWtVeUM0cjliUzZRMUxzM2hHaVVaMFFEdG5hcGM5R0VmRVd5amJKSTR4MWVTbFQ2RHNDUW5oNHFBaHU1OVRmMmZmTEQ5TmNhUCtmTk1na0hoMjc5OVdyTEwxNW1rZkcrQXlRNnhTTXVIazJRcHMiLCJtYWMiOiI3YWVmYzc4OGEwODFmMDZkNDc4NGRiZjlkMGJjNGQ3MjlhYWQzZjM4MGQ4YzllY2ZjMjA5MzMwODczNDRjNDMyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /exdlnqbmbchbkrnxhuntke151625768903329522495766gd0sztam2f63i24v08nret?71107507272637789503550UT0MURYOK2EBMVG64K4712 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijd2QkhDZmlrS2dKUXpZTjFMV2pldmc9PSIsInZhbHVlIjoiaHJhNUIyTEtvVThkaldLM3oyTTU4M1hKUFZJV1k5bGUzdVAzZmxLUFhkSG8rOVQyZ3JLYkVTdmdxbkZ1RU04UHBvK2lXQWNxblgzMG0xT2xxL2tadEV6RzhGMWlYakxneVdOSk0vZlRncDVLY0c3dG9uZ2x2c1F5VXlwb3ZsajMiLCJtYWMiOiJlYWM3ZTMxOTBiZjMzYmM4ZTdmN2RiZjM3ZmI0YTY5ZmIyZjNhZWZiYTE4NzVlMWM3NDU0MzQwZDdhOWQ1M2NhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImxHU1hITFQ3SkZ6bVJBdHRPVWV4VlE9PSIsInZhbHVlIjoiT0JmdFJXd01EeG9qSjcrMTlCRWtVeUM0cjliUzZRMUxzM2hHaVVaMFFEdG5hcGM5R0VmRVd5amJKSTR4MWVTbFQ2RHNDUW5oNHFBaHU1OVRmMmZmTEQ5TmNhUCtmTk1na0hoMjc5OVdyTEwxNW1rZkcrQXlRNnhTTXVIazJRcHMiLCJtYWMiOiI3YWVmYzc4OGEwODFmMDZkNDc4NGRiZjlkMGJjNGQ3MjlhYWQzZjM4MGQ4YzllY2ZjMjA5MzMwODczNDRjNDMyIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ns.califragilist.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ns.califragilist.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ns.califragilist.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ns.califragilist.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /exdlnqbmbchbkrnxhuntke151625768903329522495766gd0sztam2f63i24v08nret?71107507272637789503550UT0MURYOK2EBMVG64K4712 HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /34m8PEW3Ch1AL9UabKKEr8920 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /xyAq43pQ3AarsEuef30 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-bold.woff2 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ns.califragilist.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-bold.woff HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ns.califragilist.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-regular.woff2 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ns.califragilist.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-regular.woff HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ns.califragilist.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241106%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241106T155559Z&X-Amz-Expires=300&X-Amz-Signature=c35f79085d4530d97feeeba7c17e7b0be2f621881773f7b10a56f304666d5b45&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ns.califragilist.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241106%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241106T155559Z&X-Amz-Expires=300&X-Amz-Signature=c35f79085d4530d97feeeba7c17e7b0be2f621881773f7b10a56f304666d5b45&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /GDSherpa-vf.woff2 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ns.califragilist.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /GDSherpa-vf2.woff2 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ns.califragilist.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /34ZDG48CiIUIKX2LghMRxuoYEP67110 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /klb1Tb0pqjiiO0QC8iSkuvcrkAseyN0gijLfAJqw57BVylHDeKthwKOmF6apVvmVwx220 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /klsLwpUBDca0RxrYtZtR800jne0IqCzphswGY89y8d281n972UNwmgFEuHNXUPF6Bp4QvLcz5ab227 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /wxsGdcms1rtQz5l1cTKsINVaEcbHopXA7Zunk6vNV19QQVZ12130 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /klb1Tb0pqjiiO0QC8iSkuvcrkAseyN0gijLfAJqw57BVylHDeKthwKOmF6apVvmVwx220 HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /qrXjbEVVLbAj1HnXmTFefBQ26ZHPam28i67132 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /34ZDG48CiIUIKX2LghMRxuoYEP67110 HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnTXBHC8KHjpcgmT4J29cjPITNuPijXMtYQTHs1fF2R078145 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijfp9iKnrTgHCYE8rTpOvmRwx1aOUavp0AinFOw6GvICG656170 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /klsLwpUBDca0RxrYtZtR800jne0IqCzphswGY89y8d281n972UNwmgFEuHNXUPF6Bp4QvLcz5ab227 HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yzCIRquaPFUjERvoqJYr7I3cogJBrGklDFyrsAZD9QeqnvfO79zHfIab179 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /wxsGdcms1rtQz5l1cTKsINVaEcbHopXA7Zunk6vNV19QQVZ12130 HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /rsvqFqFKEhRzIVFcaSXFIFklJZjDuvi98kzxNrUiaZdwEP3buTKNzKLKef192 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /qrXjbEVVLbAj1HnXmTFefBQ26ZHPam28i67132 HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijvpLYN3FAsYRkMp2S19m5x6bM7wkDZkl3hONe6DDp7xliNnk3uGhWQsRnx47i12202 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /rules/excel.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /mnTXBHC8KHjpcgmT4J29cjPITNuPijXMtYQTHs1fF2R078145 HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /qrOghFHUJfJSFxz9cKcd4AueKjk04mMjNqxfmmstDVeA4AjY2yeMJmi1lZgTvAEOPcd240 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijfp9iKnrTgHCYE8rTpOvmRwx1aOUavp0AinFOw6GvICG656170 HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /uvvJrrwLawKtH7uvbTOLQFH5urwDkIf67DrJWCuu0sPsB6Cxztqv96T1CyIB9ef255 HTTP/1.1Host: ns.califragilist.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ns.califragilist.com/7PXU/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yzCIRquaPFUjERvoqJYr7I3cogJBrGklDFyrsAZD9QeqnvfO79zHfIab179 HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /rsvqFqFKEhRzIVFcaSXFIFklJZjDuvi98kzxNrUiaZdwEP3buTKNzKLKef192 HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjlsbDRKdnpIZUhKTm9hTnl5RnNvZXc9PSIsInZhbHVlIjoiSmw1cWVFeHdFRWVHV291bkk2ZkdkQ3owaXR6b3JWeUNIb1IrWHBsTFkxczZhUElyYnZnellWc3dqVGNyYXdVUTdUUDI5S05tZVJmRjVBR0ZYY05qZWhpRGg1ZU5vRGxocXRkdDBWbnVWbFZLS0ZIcHhNelVTeENzcGF2R2szU0kiLCJtYWMiOiJkZDY3MmQ5OGVhYWQ1YjhmNmQxMWIzOTFhNDIxOTZmODM5YTdkNmU2MmJkMGU3OTQwNTBjZDY4MWMzYjJjZDdmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhhdWJ1d0ExN3QzTHNxc3hUd2Y2NVE9PSIsInZhbHVlIjoiTVRHNlhqOTFRcStTT0MvY1c5TTh0THd1WmpyZUhZd2djMmxYa2o4M1V2aC9JVDRoM05lZ29ETTl5MXNQbzY3NkRkTjV5REhBdG1sMmR0cUZ0b3pzYlBRdWdHdVZVUzNpT2Y0bkNMdVN5T1RIYVNmV1lFT0NyTDU5TTRmbnVMMDgiLCJtYWMiOiIwZWJjMzU2OWYzY2Y5NmVkNzA3MGE0OGI5OGE1ZDExYjFmOTg3MmMzZDZhOWFlNjk3MWIwODIxZDRlZTFiZjRkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yf76EadsgQyK5Jwh8E6cIKXM1akRlkqgnjcDg3IU0lvqLFvh HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlRjNGdzdE1qREM0Y01uZmVRWnFBT2c9PSIsInZhbHVlIjoiSkd0UXJWbU9EYWxHZWZhN2lkNTY3YVJWcFJuaEI3UDhiNForZ1RvZml2eUlSTDgvakVWcEt2cHpITndCaTQ0QThqak9CS08wQWFXcjNJMURId2dCc2ZsdENpVlhyR2lMWXN6Q0U3a24xQWNYaU0xcE5KVCtiMkpHM2wyT1BYWVkiLCJtYWMiOiI2M2Q3ZjFkNGExMDQwNDcyOTcyNDgxZDZhNzU3M2QwNDI2ZTk3ZGFjMzk2NjFhMDE2ZDJiMTdkMDZiMzZhNTEwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkVLZzJQQ2lmcFZFbFF3SEdWbjRkU0E9PSIsInZhbHVlIjoiZ09nZDVxQnZqYkoyWndJOHVPeEgzR0RhNVB5bmNBOFo1WXpxTFVXYkRlbzdRS2R0SmFZZHpJV1BRRG9FbnNVczM2anliZCtCOHUvQmVDNmlhSEhLelpDSzhScGdnRUd2TXljVm1tWUJaeUdMZEg3M3YwaXNzU0NEL1g3akRVS0EiLCJtYWMiOiI4Yjk2N2YwYjJhZTY5OTk0ODJmZjNkYWI2NDMwZDk1YjIyNDJlMDMwMTY3OWFkMTNmODQ4ZmM3ZWQxOTRmNDQ1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijvpLYN3FAsYRkMp2S19m5x6bM7wkDZkl3hONe6DDp7xliNnk3uGhWQsRnx47i12202 HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlRjNGdzdE1qREM0Y01uZmVRWnFBT2c9PSIsInZhbHVlIjoiSkd0UXJWbU9EYWxHZWZhN2lkNTY3YVJWcFJuaEI3UDhiNForZ1RvZml2eUlSTDgvakVWcEt2cHpITndCaTQ0QThqak9CS08wQWFXcjNJMURId2dCc2ZsdENpVlhyR2lMWXN6Q0U3a24xQWNYaU0xcE5KVCtiMkpHM2wyT1BYWVkiLCJtYWMiOiI2M2Q3ZjFkNGExMDQwNDcyOTcyNDgxZDZhNzU3M2QwNDI2ZTk3ZGFjMzk2NjFhMDE2ZDJiMTdkMDZiMzZhNTEwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkVLZzJQQ2lmcFZFbFF3SEdWbjRkU0E9PSIsInZhbHVlIjoiZ09nZDVxQnZqYkoyWndJOHVPeEgzR0RhNVB5bmNBOFo1WXpxTFVXYkRlbzdRS2R0SmFZZHpJV1BRRG9FbnNVczM2anliZCtCOHUvQmVDNmlhSEhLelpDSzhScGdnRUd2TXljVm1tWUJaeUdMZEg3M3YwaXNzU0NEL1g3akRVS0EiLCJtYWMiOiI4Yjk2N2YwYjJhZTY5OTk0ODJmZjNkYWI2NDMwZDk1YjIyNDJlMDMwMTY3OWFkMTNmODQ4ZmM3ZWQxOTRmNDQ1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /qrOghFHUJfJSFxz9cKcd4AueKjk04mMjNqxfmmstDVeA4AjY2yeMJmi1lZgTvAEOPcd240 HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlRjNGdzdE1qREM0Y01uZmVRWnFBT2c9PSIsInZhbHVlIjoiSkd0UXJWbU9EYWxHZWZhN2lkNTY3YVJWcFJuaEI3UDhiNForZ1RvZml2eUlSTDgvakVWcEt2cHpITndCaTQ0QThqak9CS08wQWFXcjNJMURId2dCc2ZsdENpVlhyR2lMWXN6Q0U3a24xQWNYaU0xcE5KVCtiMkpHM2wyT1BYWVkiLCJtYWMiOiI2M2Q3ZjFkNGExMDQwNDcyOTcyNDgxZDZhNzU3M2QwNDI2ZTk3ZGFjMzk2NjFhMDE2ZDJiMTdkMDZiMzZhNTEwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkVLZzJQQ2lmcFZFbFF3SEdWbjRkU0E9PSIsInZhbHVlIjoiZ09nZDVxQnZqYkoyWndJOHVPeEgzR0RhNVB5bmNBOFo1WXpxTFVXYkRlbzdRS2R0SmFZZHpJV1BRRG9FbnNVczM2anliZCtCOHUvQmVDNmlhSEhLelpDSzhScGdnRUd2TXljVm1tWUJaeUdMZEg3M3YwaXNzU0NEL1g3akRVS0EiLCJtYWMiOiI4Yjk2N2YwYjJhZTY5OTk0ODJmZjNkYWI2NDMwZDk1YjIyNDJlMDMwMTY3OWFkMTNmODQ4ZmM3ZWQxOTRmNDQ1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /uvvJrrwLawKtH7uvbTOLQFH5urwDkIf67DrJWCuu0sPsB6Cxztqv96T1CyIB9ef255 HTTP/1.1Host: ns.califragilist.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlRjNGdzdE1qREM0Y01uZmVRWnFBT2c9PSIsInZhbHVlIjoiSkd0UXJWbU9EYWxHZWZhN2lkNTY3YVJWcFJuaEI3UDhiNForZ1RvZml2eUlSTDgvakVWcEt2cHpITndCaTQ0QThqak9CS08wQWFXcjNJMURId2dCc2ZsdENpVlhyR2lMWXN6Q0U3a24xQWNYaU0xcE5KVCtiMkpHM2wyT1BYWVkiLCJtYWMiOiI2M2Q3ZjFkNGExMDQwNDcyOTcyNDgxZDZhNzU3M2QwNDI2ZTk3ZGFjMzk2NjFhMDE2ZDJiMTdkMDZiMzZhNTEwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkVLZzJQQ2lmcFZFbFF3SEdWbjRkU0E9PSIsInZhbHVlIjoiZ09nZDVxQnZqYkoyWndJOHVPeEgzR0RhNVB5bmNBOFo1WXpxTFVXYkRlbzdRS2R0SmFZZHpJV1BRRG9FbnNVczM2anliZCtCOHUvQmVDNmlhSEhLelpDSzhScGdnRUd2TXljVm1tWUJaeUdMZEg3M3YwaXNzU0NEL1g3akRVS0EiLCJtYWMiOiI4Yjk2N2YwYjJhZTY5OTk0ODJmZjNkYWI2NDMwZDk1YjIyNDJlMDMwMTY3OWFkMTNmODQ4ZmM3ZWQxOTRmNDQ1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -300X-DeviceID: 01000A410900B03DX-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Search-TimeZone: Bias=300; StandardBias=0; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAbW4Es2hMpK5%2BddDfrXHLRCOrS5qJBXtwmrW1l7DH9IXk92VZIQUjsdnGGTcmrgftbAv6lYViiBDcm4F/QmhXUSVKzR/iEVer%2BZY5ZcADrFAEV8w9jd2YRGacQ3JiIbuMnvcUaNkeYpe%2BIH1AdG2p%2Bmzxn1tO0bkrTeTjqxas9EwyiokS5uKCY1yszHAzulNyjfNX2KjRHTT0JGWXNldPgdl1pv/Qa3vYqQKp54VBDOW9qkyNnbo991eXwsZZKEsH3SlIrRVEDfxWOWBdcucbcT2cENqSMwc83zgIcoz0vPO3xO6vBfQeKvGcQueiiArjFYqE3lzxnWGmNtAThL0SL4QZgAAEFUl6hgu/QaViKb6gFpDkeqwAUcGgkA/SRRLec4QiMWli7Qd4KfGl23Rv4R3VMEiRL7NPjYdphvDBTDvhFYcEqYJgiss79IvYJY1GNWiMe8hnvEBVgalpHyA0NSGuqUxzkhF1y%2BG/uwpfjvYkocCpUp1%2BQbMddvazsSSbU5In53rCD0E8VI7XMN6RV4d%2BG4WlRJ2PWyRyI4Xyams4DKXQ3YcVpp8ZddLwVgEE8y131a4AfJG7saNlt3twgsGT//q4UR9KmXFuG51ZavertC/JVQo0ouQOHyYF4wvBFO%2BNUlQT1rYqkmoxkCvwBh/0Mi7mPE6y8SC2v02zQtN%2BQ3zQ7M%2BEWBy8LERaaYkC64MZvSIlb4cQNyDbSaWf3IAV7IYE%2BDHOMNJc7ZKloB8HpY0CoKlyr4ehXUQMKYl2LsVmJfS7K7uPZG1hzj1ZAcREpV2snKxiDoZd1T%2B0BMaewBtcSpd90QivcXrNcD/1EaFUloxokDwtHAeY3SygSqz332L3iBvlQNGD1u55XN2TV0xfx03YI7VJiy/RZdP3j4gZz0OtnMuCZnbdJqLQJz0UZElwSRDKXcVbcJnwGxiTlt2dY1y/9oB%26p%3DX-Agent-DeviceId: 01000A410900B03DX-BM-CBT: 1730908570User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: BFC66F85B991465C9E514F75CCD2F1B6X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=B4BB39E5F80E411D94C438C0FA7ACF94&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&LUT=1707317051026&IPMH=6b344233&IPMID=1707317270835&HV=1707317277; ANON=A=680C1B1A649CBD64DD40EBFCFFFFFFFF; MUID=BC76BB0020D345C1A049A4820CB4C03C; MUIDB=BC76BB0020D345C1A049A4820CB4C03C

Source: chromecache_1007.14.dr	String found in binary or memory: <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Organization","name":"Marmof","url":"https:\/\/marmof.com","logo":"https:\/\/app.marmof.com\/img\/logo.svg","sameAs":["https:\/\/www.facebook.com\/marmofcom","https:\/\/www.instagram.com\/marmof_com","https:\/\/www.linkedin.com\/company\/marmof","https:\/\/twitter.com\/marmofcom"]}</script> equals www.facebook.com (Facebook)
Source: chromecache_1007.14.dr	String found in binary or memory: <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Organization","name":"Marmof","url":"https:\/\/marmof.com","logo":"https:\/\/app.marmof.com\/img\/logo.svg","sameAs":["https:\/\/www.facebook.com\/marmofcom","https:\/\/www.instagram.com\/marmof_com","https:\/\/www.linkedin.com\/company\/marmof","https:\/\/twitter.com\/marmofcom"]}</script> equals www.linkedin.com (Linkedin)
Source: chromecache_1007.14.dr	String found in binary or memory: <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Organization","name":"Marmof","url":"https:\/\/marmof.com","logo":"https:\/\/app.marmof.com\/img\/logo.svg","sameAs":["https:\/\/www.facebook.com\/marmofcom","https:\/\/www.instagram.com\/marmof_com","https:\/\/www.linkedin.com\/company\/marmof","https:\/\/twitter.com\/marmofcom"]}</script> equals www.twitter.com (Twitter)
Source: chromecache_1023.14.dr, chromecache_1033.14.dr	String found in binary or memory: return b}lD.F="internal.enableAutoEventOnTimer";var Yb=ka(["data-gtm-yt-inspected-"]),nD=["www.youtube.com","www.youtube-nocookie.com"],oD,pD=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: augloop.office.com
Source: global traffic	DNS traffic detected: DNS query: app.marmof.com
Source: global traffic	DNS traffic detected: DNS query: r.wdfl.co
Source: global traffic	DNS traffic detected: DNS query: ui-avatars.com
Source: global traffic	DNS traffic detected: DNS query: plausible.io
Source: global traffic	DNS traffic detected: DNS query: marmof.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ns.califragilist.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: ok4static.oktacdn.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com

Source: unknown

HTTP traffic detected: POST /api/event HTTP/1.1Host: plausible.ioConnection: keep-aliveContent-Length: 96sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plainAccept: */*Origin: https://app.marmof.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://app.marmof.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 15:55:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w1RxPFelQCu0PdU74vtLhs%2FDGY48xdLJUX2eveSxk9zIslKi6XvmNzk5ALlpPKZJlZvYV2Ls86JP3a0woJTzolxDT2PRV0FB5rCU6hgUqDYoeClPh3ZuW5lP9Kocsg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=3254&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2245&delivery_rate=878374&cwnd=243&unsent_bytes=0&cid=886ef739cb31a901&ts=194&x=0"CF-Cache-Status: MISSServer: cloudflareCF-RAY: 8de644d6f8b4e759-DENserver-timing: cfL4;desc="?proto=TCP&rtt=19080&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2843&recv_bytes=1902&delivery_rate=151781&cwnd=32&unsent_bytes=0&cid=9118dc92d1985769&ts=5067&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 15:55:39 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: MdDY5lPLGJ8NXof53kYBHUBLHtH3dRxhF34=$5ISA1a28wFb5R5K2cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8de644e37f69e752-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 15:55:43 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: sHkok9d8lfoxCk5lz9A92TUuNeJv+EQRSCA=$q45bJ9LhhvxFX5M1Server: cloudflareCF-RAY: 8de644fba85f2e72-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 15:55:47 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: Z644eyuaiUoaJfZoVSiTluYcEb7EMRdoFRc=$LlyULDz+gQCr1JHfcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8de645157f66e792-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 15:55:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qFFVr271l2a9EeURYHzfk7ak8hcT9zYnYZhNYub4hdjg7WhZaYlcua9Gn3EYByJADDeKZyOF1QG7hXtj2NuoaWeb7%2BxzAoxtrvU2h8kjimcuZ4Y0od7xc0zWwHqqYg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=3498&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2032&delivery_rate=788671&cwnd=251&unsent_bytes=0&cid=382db266d51f68bb&ts=129&x=0"Server: cloudflareCF-RAY: 8de645436ffb6c33-DFWserver-timing: cfL4;desc="?proto=TCP&rtt=1156&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2843&recv_bytes=1690&delivery_rate=2358306&cwnd=251&unsent_bytes=0&cid=526bd5aa033b531d&ts=1501&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 15:55:57 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cfn2S7Olj0%2B7Ydr7UFyw3BZJMT60l1MmzaauejYHc%2B2rZyslmGbERO9PZ5wcu7PbuH1QD8ZHx1240f5B4dKq67bR%2FKa9X3iGX%2BtH2KIAdNXkHigSseJYvHiZp1WJFg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=3356&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2038&delivery_rate=879975&cwnd=251&unsent_bytes=0&cid=4c09ddd5e3fd42ba&ts=121&x=0"Server: cloudflareCF-RAY: 8de645519b1d2cb0-DFWserver-timing: cfL4;desc="?proto=TCP&rtt=1312&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2844&recv_bytes=1694&delivery_rate=2172543&cwnd=251&unsent_bytes=0&cid=8a26df0ced4c51b3&ts=519&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 15:55:59 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NvQXR867hHHaMXFPotOwNLC7jl8B01m8O5Gz%2F5Y9UPTd11sRU1G5dFfrT9le%2B2z26dt0RYEwePi7v9xLevKxo%2FlINBGdPfbG7xgS%2BTovxDCIgZghH0HkG%2B9h1R1W3g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=3452&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2102&delivery_rate=834101&cwnd=251&unsent_bytes=0&cid=f9c11eaaba2b0303&ts=149&x=0"Server: cloudflareCF-RAY: 8de6455f8c5f6bb3-DFWserver-timing: cfL4;desc="?proto=TCP&rtt=992&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2843&recv_bytes=1759&delivery_rate=2803484&cwnd=251&unsent_bytes=0&cid=62635c2cc0310897&ts=547&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 15:56:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DIMmxHdUAdJDVYR%2FHhu%2F2x7Q%2BXf6CYX1JPIshrOr4ZqVSm5aVNFzWWyxA71FmbQx7Y%2BjsuC1S71OBszqp1cr8sV0Lim3gKZq2RgIDlanPKeSAOtYNULu6c8VsAwAmg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=3344&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=2034&delivery_rate=859092&cwnd=32&unsent_bytes=0&cid=78e4a5e3f1d097db&ts=127&x=0"Server: cloudflareCF-RAY: 8de6458e4b96e743-DENserver-timing: cfL4;desc="?proto=TCP&rtt=19126&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2843&recv_bytes=1693&delivery_rate=151401&cwnd=32&unsent_bytes=0&cid=d518705fee0f76f4&ts=562&x=0"

Source: prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache.0.dr	String found in binary or memory: http://augloop.office.com/settings.json
Source: chromecache_1022.14.dr, chromecache_1024.14.dr	String found in binary or memory: http://github.com/fent/randexp.js/raw/master/LICENSE
Source: prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache.0.dr	String found in binary or memory: http://json-schema.org/draft-07/schema#
Source: chromecache_979.14.dr, chromecache_1030.14.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_1007.14.dr	String found in binary or memory: https://app.marmof.com/build/assets/app-0b1f8530.css
Source: chromecache_1007.14.dr	String found in binary or memory: https://app.marmof.com/build/assets/app-49265ad1.js
Source: App1730908482691485400_D7CEFE08-05E6-4809-B291-F3E04FAC7956.log.0.dr	String found in binary or memory: https://augloop.office.com
Source: chromecache_1023.14.dr, chromecache_1033.14.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_1022.14.dr, chromecache_1024.14.dr	String found in binary or memory: https://github.com/fent)
Source: chromecache_979.14.dr, chromecache_1030.14.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_979.14.dr, chromecache_1030.14.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_1007.14.dr	String found in binary or memory: https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma0zl7w0q5n-wu.wo
Source: chromecache_1007.14.dr	String found in binary or memory: https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma1pl7w0q5n-wu.wo
Source: chromecache_1007.14.dr	String found in binary or memory: https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma1zl7w0q5nw.woff
Source: chromecache_1007.14.dr	String found in binary or memory: https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma25l7w0q5n-wu.wo
Source: chromecache_1007.14.dr	String found in binary or memory: https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma2jl7w0q5n-wu.wo
Source: chromecache_1007.14.dr	String found in binary or memory: https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma2pl7w0q5n-wu.wo
Source: chromecache_1007.14.dr	String found in binary or memory: https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma2zl7w0q5n-wu.wo
Source: chromecache_979.14.dr, chromecache_1030.14.dr	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: chromecache_979.14.dr, chromecache_1030.14.dr	String found in binary or memory: https://openjsf.org/
Source: chromecache_1023.14.dr, chromecache_1033.14.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_1023.14.dr, chromecache_1033.14.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_1007.14.dr	String found in binary or memory: https://r.wdfl.co/rw.js
Source: chromecache_1023.14.dr, chromecache_1033.14.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_1023.14.dr, chromecache_1033.14.dr	String found in binary or memory: https://www.google.com
Source: chromecache_1023.14.dr, chromecache_1033.14.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_1033.14.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_1007.14.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_1007.14.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-MC7CMZBF

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.18:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.18:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.18:49874 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.18:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.141:443 -> 192.168.2.18:49893 version: TLS 1.2

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

Source: classification engine

Classification label: mal92.phis.evad.winMSG@26/148@53/22

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241106T1054420461-3112.etl

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Payment Confirmation (237 KB).msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6E799949-CC68-4C7D-ACF7-DFDB99ECC467" "1E1CE2FA-2E8B-476D-B466-DDE64F014E37" "3112" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LF0A6GI2\Payment Copy.xlsb"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" /Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://app.marmof.com/share/01jc0wzptpy7bepvzk4ner7dc5
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1860,i,6018047205410846205,15210405168536307558,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6E799949-CC68-4C7D-ACF7-DFDB99ECC467" "1E1CE2FA-2E8B-476D-B466-DDE64F014E37" "3112" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LF0A6GI2\Payment Copy.xlsb"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" /Embedding	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://app.marmof.com/share/01jc0wzptpy7bepvzk4ner7dc5	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1860,i,6018047205410846205,15210405168536307558,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Jump to behavior

Source: Google Drive.lnk.13.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.13.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.13.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.13.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.13.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.13.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Jump to behavior

Persistence and Installation Behavior

Office viewer loads remote template

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Section loaded: netapi32.dll and davhlpr.dll loaded

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\splwow64.exe

Window / User API: threadDelayed 464

Jump to behavior

Source: C:\Windows\splwow64.exe	Last function: Thread delayed
Source: C:\Windows\splwow64.exe	Last function: Thread delayed

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	File Volume queried: C:\Windows\SysWOW64 FullSizeInformation			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	File Volume queried: C:\Windows\SysWOW64 FullSizeInformation			Jump to behavior

Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000			Jump to behavior
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000			Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	1 Clipboard Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 DLL Side-Loading	1 Process Injection	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	13 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://ns.califragilist.com/GDSherpa-bold.woff	100%	Avira URL Cloud	phishing
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma1zl7w0q5nw.woff2	0%	Avira URL Cloud	safe
https://app.marmof.com/build/assets/Document-d618b903.js	0%	Avira URL Cloud	safe
https://ns.califragilist.com/GDSherpa-bold.woff2	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/yf76EadsgQyK5Jwh8E6cIKXM1akRlkqgnjcDg3IU0lvqLFvh	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/cboOIeS9NKidIhE5DtVGZJdhr1AU8tkEd4AG7ei0Kkgcq	100%	Avira URL Cloud	phishing
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma0zl7w0q5n-wu.wo	0%	Avira URL Cloud	safe
https://ns.califragilist.com/yzCIRquaPFUjERvoqJYr7I3cogJBrGklDFyrsAZD9QeqnvfO79zHfIab179	100%	Avira URL Cloud	phishing
https://app.marmof.com/build/assets/Button-7c0475a9.js	0%	Avira URL Cloud	safe
https://ns.califragilist.com/klb1Tb0pqjiiO0QC8iSkuvcrkAseyN0gijLfAJqw57BVylHDeKthwKOmF6apVvmVwx220	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/wxsGdcms1rtQz5l1cTKsINVaEcbHopXA7Zunk6vNV19QQVZ12130	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/qrXjbEVVLbAj1HnXmTFefBQ26ZHPam28i67132	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/xyAq43pQ3AarsEuef30	100%	Avira URL Cloud	phishing
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma1zl7w0q5nw.woff	0%	Avira URL Cloud	safe
https://app.marmof.com/favicon-32x32.png	0%	Avira URL Cloud	safe
https://ns.califragilist.com/qrOghFHUJfJSFxz9cKcd4AueKjk04mMjNqxfmmstDVeA4AjY2yeMJmi1lZgTvAEOPcd240	100%	Avira URL Cloud	phishing
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma2zl7w0q5n-wu.wo	0%	Avira URL Cloud	safe
https://app.marmof.com/build/assets/app-49265ad1.js	0%	Avira URL Cloud	safe
https://app.marmof.com/build/assets/logotype-original-6f3eac48.js	0%	Avira URL Cloud	safe
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma25l7w0q5n-wu.wo	0%	Avira URL Cloud	safe
https://ns.califragilist.com/34m8PEW3Ch1AL9UabKKEr8920	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/ijfp9iKnrTgHCYE8rTpOvmRwx1aOUavp0AinFOw6GvICG656170	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/uvvJrrwLawKtH7uvbTOLQFH5urwDkIf67DrJWCuu0sPsB6Cxztqv96T1CyIB9ef255	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/GDSherpa-regular.woff	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/exdlnqbmbchbkrnxhuntke151625768903329522495766gd0sztam2f63i24v08nret?71107507272637789503550UT0MURYOK2EBMVG64K4712	100%	Avira URL Cloud	phishing
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma1pl7w0q5n-wu.wo	0%	Avira URL Cloud	safe
https://ns.califragilist.com/rsvqFqFKEhRzIVFcaSXFIFklJZjDuvi98kzxNrUiaZdwEP3buTKNzKLKef192	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/mnTXBHC8KHjpcgmT4J29cjPITNuPijXMtYQTHs1fF2R078145	100%	Avira URL Cloud	phishing
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma2pl7w0q5n-wu.wo	0%	Avira URL Cloud	safe
https://ns.califragilist.com/favicon.ico	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/34ZDG48CiIUIKX2LghMRxuoYEP67110	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/ijvpLYN3FAsYRkMp2S19m5x6bM7wkDZkl3hONe6DDp7xliNnk3uGhWQsRnx47i12202	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/GDSherpa-vf2.woff2	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/GDSherpa-regular.woff2	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/GDSherpa-vf.woff2	100%	Avira URL Cloud	phishing
https://ns.califragilist.com/xyi0aNMuJJrB8y7WGAXkiQfmja4dMwqOBavMS5zthEqgNsefw	100%	Avira URL Cloud	phishing
https://app.marmof.com/site.webmanifest	0%	Avira URL Cloud	safe
https://app.marmof.com/build/assets/app-0b1f8530.css	0%	Avira URL Cloud	safe
https://ns.califragilist.com/klsLwpUBDca0RxrYtZtR800jne0IqCzphswGY89y8d281n972UNwmgFEuHNXUPF6Bp4QvLcz5ab227	100%	Avira URL Cloud	phishing
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma2jl7w0q5n-wu.wo	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
plausible.io	169.150.236.104	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
ns.califragilist.com	188.114.97.3	true	false	high
github.com	140.82.121.4	true	false	high
marmof.com	159.69.48.31	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
ui-avatars.com	104.26.8.185	true	false	high
app.marmof.com	159.69.48.31	true	false	high
code.jquery.com	151.101.2.137	true	false	high
d2qumtq956sbet.cloudfront.net	18.66.147.86	true	false	unknown
cdnjs.cloudflare.com	104.17.25.14	true	false	high
challenges.cloudflare.com	104.18.94.41	true	false	high
www.google.com	142.250.186.132	true	false	high
d19d360lklgih4.cloudfront.net	13.33.187.120	true	false	unknown
objects.githubusercontent.com	185.199.110.133	true	false	high
r.wdfl.co	unknown	unknown	false	high
augloop.office.com	unknown	unknown	false	high
ok4static.oktacdn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7	false		high
https://ns.califragilist.com/GDSherpa-bold.woff	true	Avira URL Cloud: phishing	unknown
https://a.nel.cloudflare.com/report/v4?s=4%2BsN3PZc97n6PKudD929%2FFkUrxNi6P45%2BA5%2FZoIdl6gmKsT4Jjb5aPVxKvKnboZaVG003A0NU44c5TgMDQUcn%2B2%2FnhKPjAHRzV%2FRwsTMOsIrLAUSVgQ%2FPWxyXChG3g%3D%3D	false		high
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://app.marmof.com/share/01jc0wzptpy7bepvzk4ner7dc5	false		unknown
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma1zl7w0q5nw.woff2	false	Avira URL Cloud: safe	unknown
https://app.marmof.com/build/assets/Document-d618b903.js	false	Avira URL Cloud: safe	unknown
https://ns.califragilist.com/GDSherpa-bold.woff2	true	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/yf76EadsgQyK5Jwh8E6cIKXM1akRlkqgnjcDg3IU0lvqLFvh	true	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/yzCIRquaPFUjERvoqJYr7I3cogJBrGklDFyrsAZD9QeqnvfO79zHfIab179	true	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/6d6nj/0x4AAAAAAAxa-jBUtWqCblw0/auto/fbE/normal/auto/	false		high
https://ui-avatars.com/api/?name=A+J&color=ffffff&background=f34b1d	false		high
https://ns.califragilist.com/klb1Tb0pqjiiO0QC8iSkuvcrkAseyN0gijLfAJqw57BVylHDeKthwKOmF6apVvmVwx220	true	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/cboOIeS9NKidIhE5DtVGZJdhr1AU8tkEd4AG7ei0Kkgcq	true	Avira URL Cloud: phishing	unknown
https://app.marmof.com/build/assets/Button-7c0475a9.js	false	Avira URL Cloud: safe	unknown
https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1	false		high
https://ns.califragilist.com/wxsGdcms1rtQz5l1cTKsINVaEcbHopXA7Zunk6vNV19QQVZ12130	false	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/qrXjbEVVLbAj1HnXmTFefBQ26ZHPam28i67132	false	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/xyAq43pQ3AarsEuef30	false	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/qrOghFHUJfJSFxz9cKcd4AueKjk04mMjNqxfmmstDVeA4AjY2yeMJmi1lZgTvAEOPcd240	false	Avira URL Cloud: phishing	unknown
https://app.marmof.com/favicon-32x32.png	false	Avira URL Cloud: safe	unknown
https://app.marmof.com/build/assets/app-49265ad1.js	false	Avira URL Cloud: safe	unknown
https://plausible.io/api/event	false		high
https://plausible.io/js/script.js	false		high
https://app.marmof.com/build/assets/logotype-original-6f3eac48.js	false	Avira URL Cloud: safe	unknown
https://ns.califragilist.com/34m8PEW3Ch1AL9UabKKEr8920	false	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/7PXU/	true		unknown
https://challenges.cloudflare.com/turnstile/v0/b/22755d9a86c9/api.js	false		high
https://ns.califragilist.com/ijfp9iKnrTgHCYE8rTpOvmRwx1aOUavp0AinFOw6GvICG656170	false	Avira URL Cloud: phishing	unknown
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	false		high
https://ns.califragilist.com/GDSherpa-regular.woff	false	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/exdlnqbmbchbkrnxhuntke151625768903329522495766gd0sztam2f63i24v08nret?71107507272637789503550UT0MURYOK2EBMVG64K4712	false	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/uvvJrrwLawKtH7uvbTOLQFH5urwDkIf67DrJWCuu0sPsB6Cxztqv96T1CyIB9ef255	false	Avira URL Cloud: phishing	unknown
https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css	false		high
https://ns.califragilist.com/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8de644ce9b5745f6/1730908538244/-_ter8awBYLmx72	false		high
https://ns.califragilist.com/rsvqFqFKEhRzIVFcaSXFIFklJZjDuvi98kzxNrUiaZdwEP3buTKNzKLKef192	false	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/mnTXBHC8KHjpcgmT4J29cjPITNuPijXMtYQTHs1fF2R078145	false	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8de644ce9b5745f6&lang=auto	false		high
https://ns.califragilist.com/34ZDG48CiIUIKX2LghMRxuoYEP67110	false	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/ijvpLYN3FAsYRkMp2S19m5x6bM7wkDZkl3hONe6DDp7xliNnk3uGhWQsRnx47i12202	false	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/GDSherpa-vf2.woff2	false	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/GDSherpa-vf.woff2	false	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/xyi0aNMuJJrB8y7WGAXkiQfmja4dMwqOBavMS5zthEqgNsefw	false	Avira URL Cloud: phishing	unknown
https://ns.califragilist.com/GDSherpa-regular.woff2	false	Avira URL Cloud: phishing	unknown
https://r.wdfl.co/rw.js	false		high
https://ns.califragilist.com/klsLwpUBDca0RxrYtZtR800jne0IqCzphswGY89y8d281n972UNwmgFEuHNXUPF6Bp4QvLcz5ab227	false	Avira URL Cloud: phishing	unknown
https://app.marmof.com/build/assets/app-0b1f8530.css	false	Avira URL Cloud: safe	unknown
https://app.marmof.com/site.webmanifest	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://npms.io/search?q=ponyfill.	chromecache_979.14.dr, chromecache_1030.14.dr	false		high
http://augloop.office.com/settings.json	prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache.0.dr	false		high
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma0zl7w0q5n-wu.wo	chromecache_1007.14.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com	chromecache_1023.14.dr, chromecache_1033.14.dr	false		high
https://github.com/fent)	chromecache_1022.14.dr, chromecache_1024.14.dr	false		high
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma1zl7w0q5nw.woff	chromecache_1007.14.dr	false	Avira URL Cloud: safe	unknown
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma25l7w0q5n-wu.wo	chromecache_1007.14.dr	false	Avira URL Cloud: safe	unknown
https://openjsf.org/	chromecache_979.14.dr, chromecache_1030.14.dr	false		high
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma2zl7w0q5n-wu.wo	chromecache_1007.14.dr	false	Avira URL Cloud: safe	unknown
http://json-schema.org/draft-07/schema#	prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache.0.dr	false		high
https://lodash.com/	chromecache_979.14.dr, chromecache_1030.14.dr	false		high
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma2pl7w0q5n-wu.wo	chromecache_1007.14.dr	false	Avira URL Cloud: safe	unknown
https://augloop.office.com	App1730908482691485400_D7CEFE08-05E6-4809-B291-F3E04FAC7956.log.0.dr	false		high
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma1pl7w0q5n-wu.wo	chromecache_1007.14.dr	false	Avira URL Cloud: safe	unknown
https://cct.google/taggy/agent.js	chromecache_1023.14.dr, chromecache_1033.14.dr	false		high
http://underscorejs.org/LICENSE	chromecache_979.14.dr, chromecache_1030.14.dr	false		high
https://td.doubleclick.net	chromecache_1023.14.dr, chromecache_1033.14.dr	false		high
https://lodash.com/license	chromecache_979.14.dr, chromecache_1030.14.dr	false		high
https://marmof.com/storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma2jl7w0q5n-wu.wo	chromecache_1007.14.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.66.147.86	d2qumtq956sbet.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
185.199.111.133	unknown	Netherlands	54113	FASTLYUS	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
185.199.110.133	objects.githubusercontent.com	Netherlands	54113	FASTLYUS	false
13.33.187.120	d19d360lklgih4.cloudfront.net	United States	16509	AMAZON-02US	false
104.26.8.185	ui-avatars.com	United States	13335	CLOUDFLARENETUS	false
104.18.95.41	unknown	United States	13335	CLOUDFLARENETUS	false
140.82.121.4	github.com	United States	36459	GITHUBUS	false
169.150.221.147	unknown	United States	2711	SPIRITTEL-ASUS	false
159.69.48.31	marmof.com	Germany	24940	HETZNER-ASDE	false
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
169.150.236.104	plausible.io	United States	2711	SPIRITTEL-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	ns.califragilist.com	European Union	13335	CLOUDFLARENETUS	false
13.33.187.96	unknown	United States	16509	AMAZON-02US	false
188.114.96.3	unknown	European Union	13335	CLOUDFLARENETUS	false
18.66.147.68	unknown	United States	3	MIT-GATEWAYSUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.18

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1550380
Start date and time:	2024-11-06 16:53:58 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Payment Confirmation (237 KB).msg
Detection:	MAL
Classification:	mal92.phis.evad.winMSG@26/148@53/22
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .msg

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, MavInject32.exe
Excluded IPs from analysis (whitelisted): 52.113.194.132, 184.28.90.27, 52.111.231.26, 52.111.231.24, 52.111.231.23, 52.111.231.25, 52.111.243.4, 52.168.117.168, 52.109.89.119, 52.109.28.46, 20.42.72.131, 216.58.212.163, 172.217.23.110, 142.250.110.84, 34.104.35.123, 142.250.185.104, 216.58.206.72, 40.74.98.192, 20.42.73.25, 142.250.186.131, 142.250.74.206
Excluded domains from analysis (whitelisted): odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, otelrules.afd.azureedge.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, augloop-prod-pd03.westeurope.cloudapp.azure.com, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, osiprod-weu-bronze-azsc-000.westeurope.cloudapp.azure.com, clients2.google.com, www.googletagmanager.com, e16604.g.akamaiedge.net, onedscolprdeus06.eastus.cloudapp.azure.com, update.googleapis.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, onedscolprdjpw00.japanwest.cloudapp.azure.com, www.bing.com, clients1.google.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, augloop-prod.trafficmanager.net, weu-azsc-000.odc.officeapps.live.com, s-0005-office.c
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Payment Confirmation (237 KB).msg

Simulations

Behavior and APIs

Time	Type	Description
10:56:00	API Interceptor	484x Sleep call for process: splwow64.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
18.66.147.86	https://u47872954.ct.sendgrid.net/ls/click?upn=u001.fn1BsYIkFXRWxBLF12AvXhKUqktmOI7EPkchHYpa8lb2yJr9vm47Biq1iwhYH4x0W6E6_1tlZTUgFpToOJRvXeJjZ1lQQtiPaV281MW3UjMlmRxOXQrHf3E28Ct8cWw3pFJv8ww35QVlHVAsV9LrE8WJ-2FqWVvVFyUxLS7XbjE4ioBaNzI7Y9AQvglzmjEqljOvLuB-2FqyLAOnwfIZ8a2UOhb0kq4DsltFbCSVl8L5tTVcXPovhejZuw7J5gFYEuhvfLU6jp9IiI6bOp4vutoVple794Svog7VmNTHCQykEIajsBwvsIA9xBhrTaUhPe3riTZOj5RQVgP8LolzHF5ds6ImaI4Q1KNsmEF06CineSoPu7BKGd-2B4IINKzojAY3yUTkdWQLuCwDcmh7vK-2Fm4MQ0xAiPJ-2BNim16FZPVrX44e4DFM1rc1r1ZYN2APdeEIThalu0Ag-2BNzl5TCF9-2F-2B4cIgV-2B8ceF573hvcKOOmdD1jbxRbFryn-2FGT77SPyR6cNo7joqYajHU5-2F1gyPof24NnmOIwvhn7qKr0Ihz3SIWFLubPXV0GdcG6guT-2FBjwN6h83YPSF-2F5Pk0uzrf9DG4ZRnISsjJaazqmdBRAAsyoWwP5iXWDQEfiJXubX9fD-2BREtQifDIoI36c8qvCy5hrOP9aAfzd2djtg-2B8gR7MvgWYCa5sA7wAgdCKrrNRjX7eeAtG5StCtmRi-2BsSO4PCFgsA4QlR8AVRyhdPdKhSYzgA-2F1BCyYmRsFeWn4YzRn0mexGeZM3PwhHAdqlfom16LJGSiVeG98p5ZK5N-2BZQuMTlINorxwlmSmaGarY5x7TUyztB-2Bv8L8gRhXdcDKSzxiMknwYCjp3XaQdwr-2Fp8kePQSl33tJvX1ITAiP7FBhlwoPgNxbRoTwVzl0I2Q2bE71pQB2jeSQldBukVcgJT-2BrmpKQA1GW5-2B59frk-3D	Get hash	malicious	Unknown	Browse
	https://phase-thief-0566.typedream.app/	Get hash	malicious	Unknown	Browse
	Endermanch@MEMZ.exe	Get hash	malicious	Bdaejec, KillMBR	Browse
	http://qilhj.vesiz.cc/34546de4235m342356	Get hash	malicious	Unknown	Browse
	https://app.jetadmin.io/public/ssw2evf3h0dnz648cv2yppi5ic4rr7md	Get hash	malicious	Unknown	Browse
	#U25b6 #Ud83d#Udd18#U2500 28sec vm_20220526_800598XXXX.wav.htm	Get hash	malicious	HTMLPhisher	Browse
	https://5bu242nyepzsusogzetj7t2kwwmgvyhy746up3arhfxa4u3unc3q.arweave.net/6Gmuabgj8ypJxskmn89KtZhq4Pj_PUfsETluDlN0aLc/	Get hash	malicious	HTMLPhisher	Browse
13.107.246.45	https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4	Get hash	malicious	HTMLPhisher	Browse	nam.dcv.ms/BxPVLH2cz4
104.18.94.41	http://go.wafykoe.com/0nbe	Get hash	malicious	HTMLPhisher	Browse
	Play____Now_AUD__autoresponsed50001b20f2d0a072379154d3aab44a3a4736f9c.htm	Get hash	malicious	Unknown	Browse
	https://qr.link/YzVlSa	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	Iamgold_Docs_Access3aecd483-6211-46f6-ad1d-bba6268615a6_OFZCB.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://Saic.anastaclooverseas.com/zwfgemvfcbcitui/xivyvjldaquzs/Zgktmgjdfgpirwe89g0xmaersk/ixiswwcbzmfgee/jebqtppyunp/andrew.ma/inpoxqhfiww/saic.com/ozwunijponqp8	Get hash	malicious	HTMLPhisher	Browse
	https://krtra.com/t/onJtp2YcgmoQ	Get hash	malicious	Unknown	Browse
	http://loginmcsoftmlcrosoftoni365.madrides.copypremium.com/?reactivador/ahora0D1%20/=YWxvbnNvYmFAbWFkcmlkLmVz	Get hash	malicious	Unknown	Browse
	https://media.nomadsport.net/Culture/SetCulture?culture=en&returnUrl=https://t.ly/qrCwt	Get hash	malicious	Unknown	Browse
	http://frenzelit.powerappsportals.com	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://patient-monkey-3045e7.instawp.xyz/wp-content/uploads/2024/11/PAYMENT-1.pdf	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0017.t-0009.t-msedge.net	NVWLJmqmzn.dll	Get hash	malicious	Strela Stealer	Browse	13.107.246.45
	x6BqJ693rc.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	13.107.246.45
	wmKmOQ868z.exe	Get hash	malicious	FormBook, GuLoader	Browse	13.107.246.45
	http://go.wafykoe.com/0nbe	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	YESOHDKMIm.exe	Get hash	malicious	Remcos	Browse	13.107.246.45
	https://www.google.co.in/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=sf_rand_string_mixed(5)FgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fir.nbaikp3.sa.com%2Fdelaw%2Flawn%2Fkoo%2Fsf_rand_string_mixed(24)/braswells@helenaindustries.com	Get hash	malicious	Unknown	Browse	13.107.246.45
	fIwP4c7xYt.exe	Get hash	malicious	GuLoader	Browse	13.107.246.45
	2CUvvDyapb.exe	Get hash	malicious	Remcos	Browse	13.107.246.45
	DHOYXfCAeB.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	13.107.246.45
	http://blacksaltys.com	Get hash	malicious	Unknown	Browse	13.107.246.45
github.com	19532311200120230008100 Responsabilidad Civil Contractual extracontractual.bat	Get hash	malicious	Unknown	Browse	140.82.121.4
	3KOX6gQCoE.bat	Get hash	malicious	Unknown	Browse	140.82.121.4
	QzX4KXBXPq.exe	Get hash	malicious	LummaC	Browse	140.82.121.3
	SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe	Get hash	malicious	Unknown	Browse	140.82.121.4
	malware-DONT-RUN.ps1	Get hash	malicious	Unknown	Browse	140.82.121.4
	VjVu82WknO.lnk	Get hash	malicious	Unknown	Browse	140.82.121.3
	R5h25B8i22.lnk	Get hash	malicious	Unknown	Browse	140.82.121.3
	SecuriteInfo.com.Win64.Riskware.ExplorerPatcher.B.21185.8531.exe	Get hash	malicious	Unknown	Browse	140.82.121.4
	SecuriteInfo.com.Win64.Riskware.ExplorerPatcher.B.21185.8531.exe	Get hash	malicious	Unknown	Browse	140.82.121.3
	SecuriteInfo.com.Trojan.GenericKD.74442994.24259.8937.exe	Get hash	malicious	Unknown	Browse	140.82.121.4
plausible.io	https://parrots-run-fjh.craft.me/kKsdDph47M82kH	Get hash	malicious	Unknown	Browse	169.150.247.38
	https://8jkfw9cqp7ep.z13.web.core.windows.net/?zpbid=78432_55610c1d-9229-11ef-824f-03718b6de7bb#	Get hash	malicious	HTMLPhisher, TechSupportScam	Browse	169.150.247.36
	https://app.writesonic.com/share/writing-assistant/d140c48b-3642-43bf-a085-e258c1fb4f03	Get hash	malicious	Unknown	Browse	169.150.221.147
	https://whimsical.com/maryland-deli-provisions-BvzVjYjzBeaob2dyDXoWU7	Get hash	malicious	Unknown	Browse	169.150.247.36
	https://ipfs.io/ipfs/QmNRP5R9QkxB8MVgk2kWzrmB6GoTVL3gcLheGnJuUDPaXv?filename=forme.html#jstubblefield@securustechnologies.com	Get hash	malicious	HTMLPhisher	Browse	169.150.247.39
	https://s.craft.me/yB5midhwwaHUPW	Get hash	malicious	HTMLPhisher	Browse	169.150.247.39
	https://free-5479402.webadorsite.com/	Get hash	malicious	Unknown	Browse	169.150.247.37
	https://free-5476373.webadorsite.com/	Get hash	malicious	Unknown	Browse	169.150.247.38
	https://free-5464198.webadorsite.com/	Get hash	malicious	HTMLPhisher	Browse	169.150.247.37
	https://free-5464113.webadorsite.com/	Get hash	malicious	Unknown	Browse	169.150.247.37

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	[EXTERNAL] Complete with Docusign_ Review_&_sign_Docu #526890 Contract_Agreement.pdf.eml	Get hash	malicious	Unknown	Browse	52.109.28.47
	2CUvvDyapb.exe	Get hash	malicious	Remcos	Browse	13.107.253.45
	BkZqIS5vlv.exe	Get hash	malicious	FormBook	Browse	20.2.217.253
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.208.16.88
	doc20247622056002_pentamix.bat	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	52.182.143.212
	lime_single.exe	Get hash	malicious	LimeRAT	Browse	51.103.213.187
	yakuza.sparc.elf	Get hash	malicious	Unknown	Browse	22.229.157.187
	yakuza.m68k.elf	Get hash	malicious	Unknown	Browse	21.77.38.197
	yakuza.ppc.elf	Get hash	malicious	Unknown	Browse	22.97.58.117
	yakuza.sh.elf	Get hash	malicious	Unknown	Browse	20.189.220.242
MIT-GATEWAYSUS	yakuza.sparc.elf	Get hash	malicious	Unknown	Browse	19.88.63.120
	https://pub.lucidpress.com/50f1c535-8058-4eec-b469-2bd69fae4557/	Get hash	malicious	Unknown	Browse	18.173.205.23
	yakuza.mipsel.elf	Get hash	malicious	Unknown	Browse	19.217.63.83
	yakuza.arm5.elf	Get hash	malicious	Unknown	Browse	18.73.60.28
	IGz.arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	18.128.125.247
	example.html	Get hash	malicious	Unknown	Browse	18.66.122.54
	1V4xpXT91O.exe	Get hash	malicious	Stealc, Vidar	Browse	18.161.170.87
	Remittance_Ref;-49743170932be73dd68e9130949b1b5dbf8aa216bc0f0729cd.html	Get hash	malicious	Unknown	Browse	18.172.103.101
	Setup.exe	Get hash	malicious	Unknown	Browse	18.164.116.25
	https://eu-west-1.protection.sophos.com/?d=shareholds.com&u=aHR0cHM6Ly93d3cuc2hhcmVob2xkcy5jb20vY2FuL2Y2NWZmODM4LWIzNTgtNDBkMC05NmM4LTNjM2Y4MGYzMDFlNy81YzFhNzVlYS02N2QwLTQ2NDItODY2Mi0yMWQyZjgwOWUxMmMvYTIwOTRiNjUtZjQxZi00OGE1LWE0ZmYtNDY5NzAwMTU4NWFjL2xvZ2luP2lkPWJtMXNXRU14VURNeVFWTmpjVWhpWlVwcVN6TmtXRXhoTWxCV2VFOW1NMlJ2ZURNNVVITkxjVlpUYjFwUlNIcEVXWE5MYUdRNVNVcFNiV1JEUjNCVGIybDNaSGcwWW5kS1R6VlFUbnB1VUc1TWQyRkZSVlY2Y201RVFWcFhXR2RNWVRBclJscGFPVkJJY2pRM0szaHhVbEZYY1ZSaWVUTXpOVEZRU1RscE1VNUZjakZTYlZKS0t6UjNiMWs1U1hsS1R6Z3pVVkYxTVRGelJsWkpVMjh6UzNoblRrd3dLMnAzWWpCb05teGhiV3BaYTB0b2VqZHZjMGR3V2xwVE5WVk9Nek5GV21GdWJ6UXpWSFJqU0RGbU1HUnZTMmRHTWxsMFJsZDVVM1l2TWtwWlNrTXhUWEJITVdWalpFcEdXbTl2WlRkVmVreGpOak5ETkU1MFdIUm5iM3AzV0dwNGVqSXpNbU41U1dWUE5rWm5WWGR0Vlc1MGVXOXpOMDFWZHpKS2MzSndSMjEyTmxaVGRFbFlPRGwzT1VZeVMwRk5NbXBMV2xoc2RIUjFlVnB3UlRONGJGVlBlRmxyUTNrMWVrTkRhVkF4UzBGbU1rOUtWVGhoZEZscWJUbHFWa0pGTjBWNFRISllhWGcyZWt4NWF6aFdWeTkxTW1NMlVYTXpRWFZNTjJSa1ZFRkNiM04wVG5odlIwTlBWMjEyU2tKVWR6MDk=&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=V1RwZWdZMHRiYXhkTGY2UWtPR2VjUk1qc2QwbzdWUUhONmJhOFpjR2pubz0=&h=8d76ce21ce5147a9bbdd13bf0a0144cd&s=AVNPUEhUT0NFTkNSWVBUSVZfm1n22-u3VWWBUYPyz6tx0fxbloavhv4fIjvgwGfzhA	Get hash	malicious	Unknown	Browse	18.173.205.68
FASTLYUS	Play____Now_AUD__autoresponsed50001b20f2d0a072379154d3aab44a3a4736f9c.htm	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://qr.link/YzVlSa	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	151.101.2.137
	Report_7526.html	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://Saic.anastaclooverseas.com/zwfgemvfcbcitui/xivyvjldaquzs/Zgktmgjdfgpirwe89g0xmaersk/ixiswwcbzmfgee/jebqtppyunp/andrew.ma/inpoxqhfiww/saic.com/ozwunijponqp8	Get hash	malicious	HTMLPhisher	Browse	199.232.192.193
	https://krtra.com/t/onJtp2YcgmoQ	Get hash	malicious	Unknown	Browse	151.101.129.229
	SecuriteInfo.com.Heur.22899.6422.exe	Get hash	malicious	Unknown	Browse	185.199.111.133
	Invoice.msg	Get hash	malicious	Unknown	Browse	199.232.210.172
	SecuriteInfo.com.Heur.22899.6422.exe	Get hash	malicious	Unknown	Browse	185.199.111.133
	SpamLog.pptx	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://loginmcsoftmlcrosoftoni365.madrides.copypremium.com/?reactivador/ahora0D1%20/=YWxvbnNvYmFAbWFkcmlkLmVz	Get hash	malicious	Unknown	Browse	151.101.1.148
CLOUDFLARENETUS	[EXTERNAL] Complete with Docusign_ Review_&_sign_Docu #526890 Contract_Agreement.pdf.eml	Get hash	malicious	Unknown	Browse	1.1.1.1
	x6BqJ693rc.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.21.5.155
	PV2Ch2EAZe.exe	Get hash	malicious	LummaC	Browse	172.67.187.9
	http://go.wafykoe.com/0nbe	Get hash	malicious	HTMLPhisher	Browse	104.16.124.96
	WTz1CiJLNZ.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	IF787e5nei.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	z349dth1eOtMzxuuRN.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	https://links.giveawayoftheday.com/external?url=https%3A%2F%2Fcertify.us.org/B4G4RAI1Aanz01haD5Qm3TI1Anw4GD5Q2APnufoTxun4DCam3TI1AoTxnz01oTx4RAw4G	Get hash	malicious	Unknown	Browse	188.114.96.3
	BkZqIS5vlv.exe	Get hash	malicious	FormBook	Browse	104.21.22.22

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://www.google.com/url?q=https://alhmusa.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPVdIUkpVa009JnVpZD1VU0VSMTUxMDIwMjRVMDExMDE1NDE%3D&sa=D&source=editors&ust=1730911677097978&usg=AOvVaw0lzPnbpui3_6j_tDBkURnO	Get hash	malicious	Unknown	Browse	4.245.163.56 20.190.159.0
	http://go.wafykoe.com/0nbe	Get hash	malicious	HTMLPhisher	Browse	4.245.163.56 20.190.159.0
	https://www.google.co.in/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=sf_rand_string_mixed(5)FgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fir.nbaikp3.sa.com%2Fdelaw%2Flawn%2Fkoo%2Fsf_rand_string_mixed(24)/braswells@helenaindustries.com	Get hash	malicious	Unknown	Browse	4.245.163.56 20.190.159.0
	https://links.giveawayoftheday.com/external?url=https%3A%2F%2Fcertify.us.org/B4G4RAI1Aanz01haD5Qm3TI1Anw4GD5Q2APnufoTxun4DCam3TI1AoTxnz01oTx4RAw4G	Get hash	malicious	Unknown	Browse	4.245.163.56 20.190.159.0
	2CUvvDyapb.exe	Get hash	malicious	Remcos	Browse	4.245.163.56 20.190.159.0
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	4.245.163.56 20.190.159.0
	Play____Now_AUD__autoresponsed50001b20f2d0a072379154d3aab44a3a4736f9c.htm	Get hash	malicious	Unknown	Browse	4.245.163.56 20.190.159.0
	https://qr.link/YzVlSa	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	4.245.163.56 20.190.159.0
	https://pub.lucidpress.com/50f1c535-8058-4eec-b469-2bd69fae4557/	Get hash	malicious	Unknown	Browse	4.245.163.56 20.190.159.0
	https://nfetgz.hascl.co.uk/YvkFcBQO	Get hash	malicious	Unknown	Browse	4.245.163.56 20.190.159.0
6271f898ce5be7dd52b0fc260d0662b3	https://qr.link/YzVlSa	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	2.23.209.141
	https://online.telecoms.click/provisional.html?private=yummy.burger@saic.com	Get hash	malicious	Unknown	Browse	2.23.209.141
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	2.23.209.141
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFnKMUa7un9eFMg0JUHf71Dy-2Fi7dgW0zG7NN7FnX-2BRfWJPxmxdpUDiRF-2Fra5O27kwvA-3D-3DUvZW_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZPe5eIaMAcaNYEFc8XJVUZkedrdLKhhnsZ-2BYGpL8Aexp5QfDYeLBDn2jKVmp7oADiMjLLiOLEX0yzDO9WsfbA3D-2B-2FRfY-2FLM-2FZL819bIeqi10r3tMBkA5tIJ3L06KhQPsl4VgIlimoGLXnuduW-2FXkk1JtF3sDOE7yxjbo68R-2Br0Xg-2BJqttxfjS-2BU2vScHQ9Tk4Yb5q9NkRDH2-2FfmFoaCrG767CAizSCoM8egZuTS7qFpzgz7LaiLstYCh9bj8z-2BdwW4-3D#Cmariabilan@pointloma.edu	Get hash	malicious	HTMLPhisher	Browse	2.23.209.141
	https://na2.documents.adobe.com/public/esignWidget?wid=CBFCIBAA3AAABLblqZhCX_CdmV54WhbwmGNmUgUY27Kzb0iIqbw3x78Nfs8Z-Ky9Jbk1e_ZUruh3S8n-MZ1k	Get hash	malicious	HTMLPhisher	Browse	2.23.209.141
	A Wireless Caller left a recording #iE0rfKd.eml	Get hash	malicious	Unknown	Browse	2.23.209.141
	VisitorLevy.exe	Get hash	malicious	Vidar	Browse	2.23.209.141
	https://email.abprotector.com/c/eJwUzU2OrCAQAODTwE4DBc3PgsXbeA1TUuWTDDadBsfJnH7SB_jyUbIRYDeSk_ZGuQA6RHkkAJfRs995x93paDmToYhsSONmUJbkPARNlh5b9LiCecRgLQQvrAIm0OTdtG0WJ-uUnTYinBwhZ_ocIc4nliprOsZ4dWH-CVgELPd9z6_8v2Lv3OfcTgFL53y9mdbrt62v9h5YBSzlSfwzH-Os8p36WcbRbn5a9RBWtWvU1r4-XI5yci1PXgslbYwJwSvj5XeCvwAAAP__4WRNQg#c2VkZGlrLmJlbmFyYmlhQGF1Yi1zYW50ZS5mcg==	Get hash	malicious	Unknown	Browse	2.23.209.141
	Reminder - you have been asked to complete a Mitek ID confirmation.eml	Get hash	malicious	Unknown	Browse	2.23.209.141
	https://hubs.ly/Q02WCPYS0	Get hash	malicious	Unknown	Browse	2.23.209.141
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	13.107.246.45
	PV2Ch2EAZe.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	WTz1CiJLNZ.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	13.107.246.45
	ozuYzTKalo.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	2tKeEoCCCw.exe	Get hash	malicious	DBatLoader, PureLog Stealer, Snake Keylogger	Browse	13.107.246.45
	vVVLp9JVxK.exe	Get hash	malicious	DBatLoader	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	SecuriteInfo.com.W32.MSIL_Kryptik.KHA.gen.Eldorado.19300.19769.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc	Browse	13.107.246.45

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	231348
Entropy (8bit):	4.378592256465834
Encrypted:	false
SSDEEP:	3072:gsgiSWgWAmiGu22qoQPzrt0FvNF24Ee7FA:gr8Ami2Dtk24Ee7G
MD5:	62BB715EB8B9D2AAA01226064FF77D28
SHA1:	6FA773AA6CD0B43447D1824ACDB1EBB5D98954C2
SHA-256:	AB420C77CF927433EF3BBF4A50162AFA5EF79D5E6CCF09114183E667D725D572
SHA-512:	6D27BAE679DD9EFCF94F7B1BDFAB28BD95BB882E6552C78FBD7D53E87AC3EE99A63546BB5E8B8B9AFB921DBA44878DC2A086565435DF6AF73015B0E83B601EEC
Malicious:	false
Reputation:	low
Preview:	TH02...... ....%d0......SM01X...,...0..%d0..........IPM.Activity...........h...............h............H..h.......nr. ...h..........w.H..h\nor ...ppDa...h.po.0...0......h.w.K...........h........_`.k...h.p.K@...I..w...h....H...8..k...0....T...............d.........2h...............k..............!h.............. h;.p.....H.....#h....8.........$h..w.....8....."h..p.......p...'h..S...........1h.w.K<.........0h....4....k../h....h......kH..hh...p........-h .......t.....+h6w.K....................... ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 6 14:55:22 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9778176521739597
Encrypted:	false
SSDEEP:	48:8nwdMT5YDGHridAKZdA1rehwiZUklqehey+3:8nvVYD0xy
MD5:	6C8FD610CBA617E0C847ED64420E487F
SHA1:	7E98A3C833915E29EB2078F7048F41B8043B6112
SHA-256:	67C09A934691B75D2E24406AA94729D158007BD142115AE79B1D0CCDE50769ED
SHA-512:	B8605A6E7E0D72BF535873F0915AB11DC295AF420F1C98D60C5807EF6ADA9CA94706A64FAB13F50AE8742370B28FDAADEACBF1AF106CE3702462D1DF65AE398E
Malicious:	false
Preview:	L..................F.@.. ...$+.,....yQ.Id0......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IfY.~....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VfY.~....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VfY.~....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VfY.~...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VfY.~.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	CDFV2 Microsoft Outlook Message
Entropy (8bit):	7.875277879144669
TrID:	Outlook Message (71009/1) 58.92% Outlook Form Template (41509/1) 34.44% Generic OLE2 / Multistream Compound File (8008/1) 6.64%
File name:	Payment Confirmation (237 KB).msg
File size:	248'320 bytes
MD5:	5e2f88d03079fb4e7577e6a638f622a6
SHA1:	19900505a99e955e3ec8ac196d03f814fd5e26c9
SHA256:	0236aa093f7326b46f646de0508b06bf6fbb8e15a5fada15e238e07cdc0583b5
SHA512:	362debdfd66478a95d9909b4c07eb5dcf4062f1c0d489d5e5b573cb4b876e9c7879a29e41e6179affc9655f265dad1718e4930be822a3cf2711e9380b607d016
SSDEEP:	6144:zM1Av7GR5lRVEhK7Vkmlwwzog7KRVGhxKko5VaJ:z+Eq7hskVkenjQIh1o
TLSH:	EE34129034AE5B08F0BD147699D5C6839743FC8F7E01FB0F3584F39E68321A6A5A7689
File Content Preview:	........................>......................................................................................................................................................................................................................................

Subject:	Payment Confirmation
From:
To:
Cc:
BCC:
Date:
Communications:
Attachments:	Payment Copy.xlsb

Key	Value
X-Unsent	1
Subject	Payment Confirmation
Thread-Topic	Payment Confirmation
Thread-Index	AQHbMFasTC2gzk0S9UmKO4QdlMlJ/Q==
Date	Wed, 6 Nov 2024 14:17:55 +0000
Message-ID	<SN7PR06MB7055F89F425B6BE8C918860492532@SN7PR06MB7055.namprd06.prod.outlook.com>
Content-Language	en-US
X-MS-Has-Attach	yes
X-MS-TNEF-Correlator	msip_labels:
Content-Type	multipart/mixed;
MIME-Version	1.0
date

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 6, 2024 16:54:45.731514931 CET	60251	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:20.639384985 CET	57916	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:20.639631033 CET	51931	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:20.641174078 CET	53	60923	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:20.656721115 CET	53	51931	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:20.660300016 CET	53	57916	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:20.768707991 CET	53	61360	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:22.061707020 CET	53	62216	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:22.341057062 CET	51998	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:22.341238976 CET	54209	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:22.348820925 CET	53	54209	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:22.352125883 CET	53	51998	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:22.368702888 CET	53	54984	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:23.571391106 CET	52867	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:23.571610928 CET	58193	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:23.572779894 CET	62875	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:23.572979927 CET	54950	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:23.578794956 CET	53	52867	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:23.579144955 CET	53	58193	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:23.580610037 CET	53	62875	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:23.581581116 CET	53	54950	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:23.944710016 CET	53	58761	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:23.953054905 CET	49555	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:23.953180075 CET	57555	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:23.961045980 CET	53	49555	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:23.961275101 CET	53	57555	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:24.187949896 CET	54630	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:24.188087940 CET	57579	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:24.200484037 CET	53	54630	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:24.225905895 CET	53	57579	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:24.343249083 CET	50325	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:24.343337059 CET	51786	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:24.364249945 CET	53	50325	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:24.382195950 CET	53	51786	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:24.400418043 CET	63673	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:24.400583029 CET	56152	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:24.407545090 CET	53	63673	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:24.409379005 CET	53	56152	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:24.765001059 CET	50343	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:24.765187979 CET	61266	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:24.774667025 CET	53	61266	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:24.775310040 CET	53	50343	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:25.458441019 CET	51475	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:25.458781958 CET	52347	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:25.465851068 CET	53	51475	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:25.465867043 CET	53	52347	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:31.432622910 CET	51994	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:31.432854891 CET	54450	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:31.611038923 CET	53	54450	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:31.631236076 CET	53	51994	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:33.557737112 CET	61593	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:33.557957888 CET	54249	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:33.559170961 CET	55664	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:33.559333086 CET	49878	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:33.559806108 CET	65008	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:33.560064077 CET	57634	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:33.564779997 CET	53	61593	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:33.564811945 CET	53	54249	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:33.566498041 CET	53	49878	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:33.566514969 CET	53	55664	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:33.566530943 CET	53	65008	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:33.566853046 CET	53	57634	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:34.557471991 CET	64040	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:34.557658911 CET	62931	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:34.564503908 CET	53	62931	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:34.565190077 CET	53	64040	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:34.582259893 CET	57111	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:34.582420111 CET	51149	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:34.588970900 CET	53	57111	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:34.589087963 CET	53	51149	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:35.370038033 CET	54326	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:35.370220900 CET	57618	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:35.376774073 CET	53	54326	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:35.378806114 CET	53	57618	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:35.386511087 CET	58588	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:35.386696100 CET	60498	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:35.393449068 CET	53	58588	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:35.393709898 CET	53	60498	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:37.948371887 CET	54793	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:37.948530912 CET	51879	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:37.955176115 CET	53	51879	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:37.955204010 CET	53	54793	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:38.995613098 CET	53	56825	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:45.715492010 CET	138	138	192.168.2.18	192.168.2.255
Nov 6, 2024 16:55:52.464155912 CET	54667	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:52.464510918 CET	60133	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:52.500078917 CET	53	54667	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:52.501843929 CET	53	60133	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:57.784951925 CET	53	51179	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:57.972572088 CET	51568	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:57.972743988 CET	57193	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:57.980202913 CET	63303	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:57.980350971 CET	59822	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:57.980462074 CET	53	51568	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:57.981357098 CET	53	57193	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:57.988167048 CET	53	63303	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:58.012017012 CET	53	59822	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:59.135256052 CET	63744	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:59.135337114 CET	64279	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:59.155194044 CET	53	63744	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:59.180268049 CET	53	64279	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:59.235991955 CET	57841	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:59.236146927 CET	54159	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:55:59.242856979 CET	53	57841	1.1.1.1	192.168.2.18
Nov 6, 2024 16:55:59.242986917 CET	53	54159	1.1.1.1	192.168.2.18
Nov 6, 2024 16:56:00.186973095 CET	62903	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:56:00.187123060 CET	51782	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:56:00.195177078 CET	53	62903	1.1.1.1	192.168.2.18
Nov 6, 2024 16:56:00.195321083 CET	53	51782	1.1.1.1	192.168.2.18
Nov 6, 2024 16:56:20.128360033 CET	53	53638	1.1.1.1	192.168.2.18
Nov 6, 2024 16:56:20.645009041 CET	53	62330	1.1.1.1	192.168.2.18
Nov 6, 2024 16:56:37.956290960 CET	52788	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:56:37.956290960 CET	52686	53	192.168.2.18	1.1.1.1
Nov 6, 2024 16:56:37.964823008 CET	53	52686	1.1.1.1	192.168.2.18
Nov 6, 2024 16:56:37.964847088 CET	53	52788	1.1.1.1	192.168.2.18
Nov 6, 2024 16:56:49.072864056 CET	53	58407	1.1.1.1	192.168.2.18

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 6, 2024 16:55:24.226023912 CET	192.168.2.18	1.1.1.1	c22a	(Port unreachable)	Destination Unreachable
Nov 6, 2024 16:55:58.012137890 CET	192.168.2.18	1.1.1.1	c278	(Port unreachable)	Destination Unreachable
Nov 6, 2024 16:55:59.180413008 CET	192.168.2.18	1.1.1.1	c278	(Port unreachable)	Destination Unreachable

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 6, 2024 16:54:45.738940954 CET	1.1.1.1	192.168.2.18	0x1629	No error (0)	augloop.office.com	augloop-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 6, 2024 16:55:20.660300016 CET	1.1.1.1	192.168.2.18	0xd8d8	No error (0)	app.marmof.com		159.69.48.31	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:22.348820925 CET	1.1.1.1	192.168.2.18	0x4710	No error (0)	r.wdfl.co	d2qumtq956sbet.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 6, 2024 16:55:22.352125883 CET	1.1.1.1	192.168.2.18	0x6c55	No error (0)	r.wdfl.co	d2qumtq956sbet.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 6, 2024 16:55:22.352125883 CET	1.1.1.1	192.168.2.18	0x6c55	No error (0)	d2qumtq956sbet.cloudfront.net		18.66.147.86	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:22.352125883 CET	1.1.1.1	192.168.2.18	0x6c55	No error (0)	d2qumtq956sbet.cloudfront.net		18.66.147.68	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:22.352125883 CET	1.1.1.1	192.168.2.18	0x6c55	No error (0)	d2qumtq956sbet.cloudfront.net		18.66.147.126	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:22.352125883 CET	1.1.1.1	192.168.2.18	0x6c55	No error (0)	d2qumtq956sbet.cloudfront.net		18.66.147.74	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:23.578794956 CET	1.1.1.1	192.168.2.18	0x7c6d	No error (0)	ui-avatars.com		104.26.8.185	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:23.578794956 CET	1.1.1.1	192.168.2.18	0x7c6d	No error (0)	ui-avatars.com		104.26.9.185	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:23.578794956 CET	1.1.1.1	192.168.2.18	0x7c6d	No error (0)	ui-avatars.com		172.67.75.120	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:23.579144955 CET	1.1.1.1	192.168.2.18	0x7c1f	No error (0)	ui-avatars.com			65	IN (0x0001)	false
Nov 6, 2024 16:55:23.580610037 CET	1.1.1.1	192.168.2.18	0xc159	No error (0)	r.wdfl.co	d2qumtq956sbet.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 6, 2024 16:55:23.580610037 CET	1.1.1.1	192.168.2.18	0xc159	No error (0)	d2qumtq956sbet.cloudfront.net		18.66.147.68	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:23.580610037 CET	1.1.1.1	192.168.2.18	0xc159	No error (0)	d2qumtq956sbet.cloudfront.net		18.66.147.74	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:23.580610037 CET	1.1.1.1	192.168.2.18	0xc159	No error (0)	d2qumtq956sbet.cloudfront.net		18.66.147.126	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:23.580610037 CET	1.1.1.1	192.168.2.18	0xc159	No error (0)	d2qumtq956sbet.cloudfront.net		18.66.147.86	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:23.581581116 CET	1.1.1.1	192.168.2.18	0xd3ae	No error (0)	r.wdfl.co	d2qumtq956sbet.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 6, 2024 16:55:23.961045980 CET	1.1.1.1	192.168.2.18	0x870b	No error (0)	plausible.io		169.150.236.104	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:24.200484037 CET	1.1.1.1	192.168.2.18	0x4474	No error (0)	marmof.com		159.69.48.31	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:24.364249945 CET	1.1.1.1	192.168.2.18	0x3eca	No error (0)	app.marmof.com		159.69.48.31	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:24.407545090 CET	1.1.1.1	192.168.2.18	0x23ad	No error (0)	ui-avatars.com		104.26.8.185	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:24.407545090 CET	1.1.1.1	192.168.2.18	0x23ad	No error (0)	ui-avatars.com		172.67.75.120	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:24.407545090 CET	1.1.1.1	192.168.2.18	0x23ad	No error (0)	ui-avatars.com		104.26.9.185	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:24.409379005 CET	1.1.1.1	192.168.2.18	0x7e42	No error (0)	ui-avatars.com			65	IN (0x0001)	false
Nov 6, 2024 16:55:24.775310040 CET	1.1.1.1	192.168.2.18	0xda1	No error (0)	plausible.io		169.150.221.147	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:25.465851068 CET	1.1.1.1	192.168.2.18	0xf81c	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:25.465867043 CET	1.1.1.1	192.168.2.18	0x53	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 6, 2024 16:55:31.611038923 CET	1.1.1.1	192.168.2.18	0xa25b	No error (0)	ns.califragilist.com			65	IN (0x0001)	false
Nov 6, 2024 16:55:31.631236076 CET	1.1.1.1	192.168.2.18	0x1134	No error (0)	ns.califragilist.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:31.631236076 CET	1.1.1.1	192.168.2.18	0x1134	No error (0)	ns.califragilist.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:33.564779997 CET	1.1.1.1	192.168.2.18	0xc4db	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:33.564779997 CET	1.1.1.1	192.168.2.18	0xc4db	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:33.564779997 CET	1.1.1.1	192.168.2.18	0xc4db	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:33.564779997 CET	1.1.1.1	192.168.2.18	0xc4db	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:33.566498041 CET	1.1.1.1	192.168.2.18	0x3059	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Nov 6, 2024 16:55:33.566514969 CET	1.1.1.1	192.168.2.18	0x43cc	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:33.566514969 CET	1.1.1.1	192.168.2.18	0x43cc	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:33.566530943 CET	1.1.1.1	192.168.2.18	0x6922	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:33.566530943 CET	1.1.1.1	192.168.2.18	0x6922	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:33.566853046 CET	1.1.1.1	192.168.2.18	0x44be	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Nov 6, 2024 16:55:34.565190077 CET	1.1.1.1	192.168.2.18	0x42a6	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:34.565190077 CET	1.1.1.1	192.168.2.18	0x42a6	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:34.565190077 CET	1.1.1.1	192.168.2.18	0x42a6	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:34.565190077 CET	1.1.1.1	192.168.2.18	0x42a6	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:34.588970900 CET	1.1.1.1	192.168.2.18	0x58d6	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:34.588970900 CET	1.1.1.1	192.168.2.18	0x58d6	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:34.589087963 CET	1.1.1.1	192.168.2.18	0x9d53	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Nov 6, 2024 16:55:35.376774073 CET	1.1.1.1	192.168.2.18	0x2023	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:35.376774073 CET	1.1.1.1	192.168.2.18	0x2023	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:35.378806114 CET	1.1.1.1	192.168.2.18	0xc56	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Nov 6, 2024 16:55:35.393449068 CET	1.1.1.1	192.168.2.18	0x42c8	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:35.393449068 CET	1.1.1.1	192.168.2.18	0x42c8	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:35.393709898 CET	1.1.1.1	192.168.2.18	0x91a0	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Nov 6, 2024 16:55:37.955204010 CET	1.1.1.1	192.168.2.18	0x9489	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:52.500078917 CET	1.1.1.1	192.168.2.18	0x5b12	No error (0)	ns.califragilist.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:52.500078917 CET	1.1.1.1	192.168.2.18	0x5b12	No error (0)	ns.califragilist.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:52.501843929 CET	1.1.1.1	192.168.2.18	0xa40f	No error (0)	ns.califragilist.com			65	IN (0x0001)	false
Nov 6, 2024 16:55:57.980462074 CET	1.1.1.1	192.168.2.18	0x649d	No error (0)	github.com		140.82.121.4	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:57.988167048 CET	1.1.1.1	192.168.2.18	0xd523	No error (0)	ok4static.oktacdn.com	d19d360lklgih4.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 6, 2024 16:55:57.988167048 CET	1.1.1.1	192.168.2.18	0xd523	No error (0)	d19d360lklgih4.cloudfront.net		13.33.187.120	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:57.988167048 CET	1.1.1.1	192.168.2.18	0xd523	No error (0)	d19d360lklgih4.cloudfront.net		13.33.187.96	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:57.988167048 CET	1.1.1.1	192.168.2.18	0xd523	No error (0)	d19d360lklgih4.cloudfront.net		13.33.187.68	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:57.988167048 CET	1.1.1.1	192.168.2.18	0xd523	No error (0)	d19d360lklgih4.cloudfront.net		13.33.187.14	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:58.012017012 CET	1.1.1.1	192.168.2.18	0x99c9	No error (0)	ok4static.oktacdn.com	d19d360lklgih4.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 6, 2024 16:55:59.155194044 CET	1.1.1.1	192.168.2.18	0x780f	No error (0)	ok4static.oktacdn.com	d19d360lklgih4.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 6, 2024 16:55:59.155194044 CET	1.1.1.1	192.168.2.18	0x780f	No error (0)	d19d360lklgih4.cloudfront.net		13.33.187.96	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:59.155194044 CET	1.1.1.1	192.168.2.18	0x780f	No error (0)	d19d360lklgih4.cloudfront.net		13.33.187.68	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:59.155194044 CET	1.1.1.1	192.168.2.18	0x780f	No error (0)	d19d360lklgih4.cloudfront.net		13.33.187.14	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:59.155194044 CET	1.1.1.1	192.168.2.18	0x780f	No error (0)	d19d360lklgih4.cloudfront.net		13.33.187.120	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:59.180268049 CET	1.1.1.1	192.168.2.18	0xe5ba	No error (0)	ok4static.oktacdn.com	d19d360lklgih4.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 6, 2024 16:55:59.242856979 CET	1.1.1.1	192.168.2.18	0x25a2	No error (0)	objects.githubusercontent.com		185.199.110.133	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:59.242856979 CET	1.1.1.1	192.168.2.18	0x25a2	No error (0)	objects.githubusercontent.com		185.199.111.133	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:59.242856979 CET	1.1.1.1	192.168.2.18	0x25a2	No error (0)	objects.githubusercontent.com		185.199.109.133	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:55:59.242856979 CET	1.1.1.1	192.168.2.18	0x25a2	No error (0)	objects.githubusercontent.com		185.199.108.133	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:56:00.195177078 CET	1.1.1.1	192.168.2.18	0xeff4	No error (0)	objects.githubusercontent.com		185.199.111.133	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:56:00.195177078 CET	1.1.1.1	192.168.2.18	0xeff4	No error (0)	objects.githubusercontent.com		185.199.110.133	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:56:00.195177078 CET	1.1.1.1	192.168.2.18	0xeff4	No error (0)	objects.githubusercontent.com		185.199.109.133	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:56:00.195177078 CET	1.1.1.1	192.168.2.18	0xeff4	No error (0)	objects.githubusercontent.com		185.199.108.133	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:56:04.402343988 CET	1.1.1.1	192.168.2.18	0x18ba	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 6, 2024 16:56:04.402343988 CET	1.1.1.1	192.168.2.18	0x18ba	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 6, 2024 16:56:37.964847088 CET	1.1.1.1	192.168.2.18	0x1b40	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:54:46 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1l7r34xy2ECzV4h&MD=O24uwPML HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-06 15:54:46 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 8e722e34-e7a5-422f-b136-86ee46f02e89 MS-RequestId: 751ff152-b560-4561-87bc-8966f7883a67 MS-CV: ZYaFtEzpY0i9SZdz.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 06 Nov 2024 15:54:46 GMT Connection: close Content-Length: 24490
2024-11-06 15:54:46 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-06 15:54:46 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:21 UTC	689	OUT	GET /share/01jc0wzptpy7bepvzk4ner7dc5 HTTP/1.1 Host: app.marmof.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-06 15:55:22 UTC	1229	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Cache-Control: no-cache, private Date: Wed, 06 Nov 2024 15:55:22 GMT Vary: X-Inertia Set-Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; expires=Sat, 09 Nov 2024 15:55:22 GMT; Max-Age=259200; path=/; samesite=lax Set-Cookie: marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D; expires=Sat, 09 Nov 2024 15:55:22 GMT; Max-Age=259200; path=/; httponly; samesite=lax X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff
2024-11-06 15:55:22 UTC	15155	IN	Data Raw: 31 62 65 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 3e 0a 20 20 20 20 3c 6c 69 Data Ascii: 1be8<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> ... Favicons --> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> <li
2024-11-06 15:55:22 UTC	16384	IN	Data Raw: 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a 3d 64 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 73 29 2c 64 6c 3d 6c 21 3d 27 64 61 74 61 4c 61 79 65 72 27 3f 27 26 6c 3d 27 2b 6c 3a 27 27 3b 6a 2e 61 73 79 6e 63 3d 74 72 75 65 3b 6a 2e 73 72 63 3d 0a 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 0d 0a 32 30 30 30 0d 0a 67 6f 6f 67 6c 65 74 61 67 6d 61 6e 61 67 65 72 2e 63 6f 6d 2f 67 74 6d 2e 6a 73 3f 69 64 3d 27 2b 69 2b 64 6c 3b 66 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 Data Ascii: w[l]=w[l]\|\|[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.2000googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.i
2024-11-06 15:55:22 UTC	16384	IN	Data Raw: 74 65 72 73 22 3a 5b 22 64 6f 63 75 6d 65 6e 74 22 5d 2c 22 62 69 6e 64 69 6e 67 73 22 3a 7b 22 64 6f 63 75 6d 65 6e 74 22 3a 22 69 64 22 7d 7d 2c 22 64 6f 63 75 6d 65 6e 74 73 2e 64 65 73 74 72 6f 79 22 3a 7b 22 75 72 69 22 3a 22 64 6f 63 75 6d 65 6e 74 73 22 2c 22 6d 65 74 68 6f 64 73 22 3a 5b 22 44 45 4c 45 54 45 22 5d 2c 22 64 6f 6d 61 69 6e 22 3a 22 61 70 70 2e 6d 61 72 6d 6f 66 2e 63 6f 6d 22 7d 2c 22 64 6f 63 75 6d 65 6e 74 73 2e 69 6e 64 65 78 22 3a 7b 22 75 72 69 22 3a 22 64 6f 63 75 6d 65 6e 74 73 22 2c 22 6d 65 74 68 6f 64 73 22 3a 5b 22 47 45 54 22 2c 22 48 45 41 44 22 5d 2c 22 64 6f 6d 61 69 6e 22 3a 22 61 70 70 0d 0a 31 30 30 30 0d 0a 2e 6d 61 72 6d 6f 66 2e 63 6f 6d 22 7d 2c 22 64 6f 63 75 6d 65 6e 74 73 2e 63 72 65 61 74 65 22 3a 7b 22 75 Data Ascii: ters":["document"],"bindings":{"document":"id"}},"documents.destroy":{"uri":"documents","methods":["DELETE"],"domain":"app.marmof.com"},"documents.index":{"uri":"documents","methods":["GET","HEAD"],"domain":"app1000.marmof.com"},"documents.create":{"u
2024-11-06 15:55:22 UTC	16384	IN	Data Raw: 61 79 73 7c 7c 22 22 21 3d 3d 61 3f 21 69 73 4e 61 4e 28 63 29 26 26 66 21 3d 3d 61 26 26 53 74 72 69 6e 67 28 63 29 3d 3d 3d 61 26 26 63 3e 3d 30 26 26 65 2e 70 61 72 73 65 41 72 72 61 79 73 26 26 63 3c 3d 65 2e 61 72 72 61 79 4c 69 6d 69 74 3f 28 75 3d 5b 5d 29 5b 63 5d 3d 6f 3a 22 5f 5f 70 72 6f 74 6f 5f 5f 22 21 3d 3d 61 26 26 28 75 5b 61 5d 3d 6f 29 3a 75 3d 7b 30 3a 6f 7d 7d 6f 3d 75 7d 72 65 74 75 72 6e 20 6f 7d 28 61 2c 72 2c 65 2c 6e 29 7d 7d 2c 24 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 72 29 7b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 21 74 29 72 65 74 75 72 6e 20 78 3b 69 66 28 6e 75 6c 6c 21 3d 74 2e 64 65 63 6f 64 65 72 26 26 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 74 2e 64 65 63 6f 64 65 72 29 74 68 72 6f Data Ascii: ays\|\|""!==a?!isNaN(c)&&f!==a&&String(c)===a&&c>=0&&e.parseArrays&&c<=e.arrayLimit?(u=[])[c]=o:"__proto__"!==a&&(u[a]=o):u={0:o}}o=u}return o}(a,r,e,n)}},$=function(t,r){var e=function(t){if(!t)return x;if(null!=t.decoder&&"function"!=typeof t.decoder)thro
2024-11-06 15:55:22 UTC	16384	IN	Data Raw: 2e 31 35 38 33 20 31 30 39 2e 32 34 32 20 31 36 2e 37 38 20 31 30 31 2e 34 20 31 36 2e 37 38 48 37 34 2e 34 36 56 33 2e 35 36 30 30 31 43 37 34 2e 34 36 20 32 2e 32 30 31 39 34 20 37 33 2e 33 35 38 31 20 31 2e 31 30 30 30 31 20 37 32 20 31 2e 31 30 30 30 31 5a 4d 31 30 31 2e 34 20 32 31 2e 37 43 31 30 36 2e 35 32 39 20 32 31 2e 37 20 31 31 30 2e 37 20 32 35 2e 38 37 34 33 20 31 31 30 2e 37 20 33 31 56 35 38 2e 34 34 43 31 31 30 2e 37 20 36 33 2e 35 36 35 38 20 31 30 36 2e 35 32 39 20 36 37 2e 37 34 20 31 30 31 2e 34 20 36 37 2e 37 34 48 34 32 2e 36 43 33 37 2e 34 37 30 36 20 36 37 2e 37 34 20 33 33 2e 33 20 36 33 2e 35 36 35 38 20 33 33 2e 33 20 35 38 2e 34 34 56 33 31 43 33 33 2e 33 20 32 35 2e 38 37 34 33 20 33 37 2e 34 37 30 36 20 32 31 2e 37 20 34 32 Data Ascii: .1583 109.242 16.78 101.4 16.78H74.46V3.56001C74.46 2.20194 73.3581 1.10001 72 1.10001ZM101.4 21.7C106.529 21.7 110.7 25.8743 110.7 31V58.44C110.7 63.5658 106.529 67.74 101.4 67.74H42.6C37.4706 67.74 33.3 63.5658 33.3 58.44V31C33.3 25.8743 37.4706 21.7 42
2024-11-06 15:55:22 UTC	16384	IN	Data Raw: 65 20 77 61 79 20 74 6f 20 77 72 69 74 65 20 74 68 65 20 74 65 78 74 20 74 68 61 74 20 73 65 6c 6c 73 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 64 65 73 63 72 69 70 74 69 6f 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 54 68 69 73 20 74 6f 6f 6c 20 69 73 20 61 6e 20 65 66 66 65 63 74 69 76 65 20 77 61 79 20 74 6f 20 77 72 69 74 65 20 74 65 78 74 20 74 68 61 74 20 73 65 6c 6c 73 2e 20 49 74 20 70 72 6f 76 69 64 65 73 20 61 20 73 74 65 70 2d 62 79 2d 73 74 65 70 20 67 75 69 64 65 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 63 72 65 61 74 65 20 70 65 72 73 75 61 73 69 76 65 2c 20 63 6f 6d 70 65 6c 6c 69 6e 67 2c 20 61 6e 64 20 69 6e 74 65 72 65 73 74 69 6e 67 20 73 61 6c 65 73 20 74 65 78 74 2e 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 67 65 6e 65 72 61 74 69 6f 6e 5f 72 Data Ascii: e way to write the text that sells","description":"This tool is an effective way to write text that sells. It provides a step-by-step guide to help you create persuasive, compelling, and interesting sales text.","generation_r
2024-11-06 15:55:22 UTC	16384	IN	Data Raw: 3b 68 6f 72 69 7a 6f 6e 2f 61 70 69 2f 6d 6f 6e 69 74 6f 72 69 6e 67 2f 7b 74 61 67 7d 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6d 65 74 68 6f 64 73 26 71 75 6f 74 3b 3a 5b 26 71 75 6f 74 3b 47 45 54 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 48 45 41 44 26 71 75 6f 74 3b 5d 2c 26 71 75 6f 74 3b 70 61 72 61 6d 65 74 65 72 73 26 71 75 6f 74 3b 3a 5b 26 71 75 6f 74 3b 74 61 67 26 71 75 6f 74 3b 5d 7d 2c 26 71 75 6f 74 3b 68 6f 72 69 7a 6f 6e 2e 6d 6f 6e 69 74 6f 72 69 6e 67 2d 74 61 67 2e 64 65 73 74 72 6f 79 26 71 75 6f 74 3b 3a 7b 26 71 75 6f 74 3b 75 72 69 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 6f 72 69 7a 6f 6e 2f 61 70 69 2f 6d 6f 6e 69 74 6f 72 69 6e 67 2f 7b 74 61 67 7d 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6d 65 74 68 6f 64 73 26 71 75 6f 74 3b 3a 5b Data Ascii: ;horizon/api/monitoring/{tag}","methods":["GET","HEAD"],"parameters":["tag"]},"horizon.monitoring-tag.destroy":{"uri":"horizon/api/monitoring/{tag}","methods":[
2024-11-06 15:55:22 UTC	16384	IN	Data Raw: 3a 26 71 75 6f 74 3b 61 70 70 2e 6d 61 72 6d 6f 66 2e 63 6f 6d 26 71 75 6f 74 3b 7d 2c 26 71 75 6f 74 3b 64 61 74 61 2d 68 75 62 2e 69 6e 64 65 78 26 71 75 6f 74 3b 3a 7b 26 71 75 6f 74 3b 75 72 69 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 64 61 74 61 2d 68 75 62 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 6d 65 74 68 6f 64 73 26 71 75 6f 74 3b 3a 5b 26 71 75 6f 74 3b 47 45 54 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 48 45 41 44 26 71 75 6f 74 3b 5d 2c 26 71 75 6f 74 3b 64 6f 6d 61 69 6e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 61 70 70 2e 6d 61 72 6d 6f 66 2e 63 6f 6d 26 71 75 6f 74 3b 7d 2c 26 71 75 6f 74 3b 64 61 74 61 2d 68 75 62 2e 73 74 6f 72 65 26 71 75 6f 74 3b 3a 7b 26 71 75 6f 74 3b 75 72 69 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 64 61 74 61 2d 68 75 62 2f Data Ascii: :"app.marmof.com"},"data-hub.index":{"uri":"data-hub","methods":["GET","HEAD"],"domain":"app.marmof.com"},"data-hub.store":{"uri":"data-hub/
2024-11-06 15:55:22 UTC	938	IN	Data Raw: 6f 73 65 2d 78 73 20 6d 78 2d 61 75 74 6f 20 6d 61 78 2d 77 2d 34 78 6c 20 73 70 61 63 65 2d 79 2d 35 20 70 78 2d 33 20 73 6d 3a 70 78 2d 31 30 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 63 65 6e 74 65 72 22 3e 3c 68 31 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 73 65 6d 69 62 6f 6c 64 22 3e 32 30 32 34 2d 31 31 2d 30 36 20 55 6e 74 69 74 6c 65 64 20 44 6f 63 75 6d 65 6e 74 3c 2f 68 31 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 72 6f 75 6e 64 65 64 2d 78 6c 20 62 67 2d 67 72 61 79 2d 35 30 20 70 2d 32 20 74 65 78 74 2d 73 6d 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 72 2d 35 20 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 Data Ascii: ose-xs mx-auto max-w-4xl space-y-5 px-3 sm:px-10"><div class="text-center"><h1 class="font-semibold">2024-11-06 Untitled Document</h1></div><div class="flex items-center justify-center rounded-xl bg-gray-50 p-2 text-sm"><div class="mr-5 flex items-center

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:23 UTC	512	OUT	GET /rw.js HTTP/1.1 Host: r.wdfl.co Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://app.marmof.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-06 15:55:23 UTC	530	IN	HTTP/1.1 200 OK Content-Type: text/javascript Content-Length: 18631 Connection: close Last-Modified: Tue, 05 Nov 2024 07:12:21 GMT x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Date: Wed, 06 Nov 2024 15:55:23 GMT Cache-Control: max-age=3600 ETag: "05550215707fb77f6d07bcc793526e28" X-Cache: Hit from cloudfront Via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P4 X-Amz-Cf-Id: Ki_yBWyOJjGNW_kaovhhoRwvaALg7ZAyxYM37Po0HAIN1nUNOEIS-g== Age: 850
2024-11-06 15:55:23 UTC	15854	IN	Data Raw: 2f 2a 21 20 42 75 69 6c 64 20 34 37 31 35 62 63 63 64 35 38 64 39 39 35 39 35 34 36 36 61 30 62 36 36 34 30 61 33 35 36 64 65 32 37 36 37 62 35 39 39 3a 31 37 33 30 37 33 34 38 33 38 34 35 30 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 72 28 6e 29 7b 69 66 28 74 5b 6e 5d 29 72 65 74 75 72 6e 20 74 5b 6e 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 6f 3d 74 5b 6e 5d 3d 7b 69 3a 6e 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 6e 5d 2e 63 61 6c 6c 28 6f 2e 65 78 70 6f 72 74 73 2c 6f 2c 6f 2e 65 78 70 6f 72 74 73 2c 72 29 2c 6f 2e 6c 3d 21 30 2c 6f 2e 65 78 70 6f 72 74 73 7d 72 2e 6d 3d 65 2c 72 2e 63 3d 74 2c 72 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 Data Ascii: /! Build 4715bccd58d99595466a0b6640a356de2767b599:1730734838450 /!function(e){var t={};function r(n){if(t[n])return t[n].exports;var o=t[n]={i:n,l:!1,exports:{}};return e[n].call(o.exports,o,o.exports,r),o.l=!0,o.exports}r.m=e,r.c=t,r.d=function(e,t,n)
2024-11-06 15:55:23 UTC	2777	IN	Data Raw: 74 2c 22 70 72 6f 74 6f 74 79 70 65 22 2c 7b 77 72 69 74 61 62 6c 65 3a 21 31 7d 29 2c 65 7d 28 29 2c 42 3d 49 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 5f 72 65 77 61 72 64 66 75 6c 5f 6c 6f 61 64 65 64 29 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 52 65 77 61 72 64 66 75 6c 20 69 73 20 61 6c 72 65 61 64 79 20 6c 6f 61 64 65 64 2e 22 29 3b 65 6c 73 65 7b 77 69 6e 64 6f 77 2e 5f 72 65 77 61 72 64 66 75 6c 5f 6c 6f 61 64 65 64 3d 21 30 3b 74 72 79 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 73 63 72 69 70 74 5b 64 61 74 61 2d 72 65 77 61 72 64 66 75 6c 5d 22 29 3b 69 66 28 65 29 7b 77 69 6e 64 6f 77 2e 52 65 77 61 72 64 66 75 6c 3d 4c 2c 4c 2e 73 65 74 75 70 Data Ascii: t,"prototype",{writable:!1}),e}(),B=I;!function(){if(window&&window._rewardful_loaded)console.warn("Rewardful is already loaded.");else{window._rewardful_loaded=!0;try{var e=document.querySelector("script[data-rewardful]");if(e){window.Rewardful=L,L.setup

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:23 UTC	1310	OUT	GET /build/assets/app-0b1f8530.css HTTP/1.1 Host: app.marmof.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://app.marmof.com/share/01jc0wzptpy7bepvzk4ner7dc5 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
2024-11-06 15:55:23 UTC	348	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Nov 2024 15:55:23 GMT Content-Type: text/css Content-Length: 329656 Last-Modified: Fri, 21 Jun 2024 14:30:40 GMT Connection: close Vary: Accept-Encoding ETag: "66758e90-507b8" X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Accept-Ranges: bytes
2024-11-06 15:55:23 UTC	16036	IN	Data Raw: 2f 2a 21 20 74 61 69 6c 77 69 6e 64 63 73 73 20 76 33 2e 33 2e 35 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 68 74 74 70 73 3a 2f 2f 74 61 69 6c 77 69 6e 64 63 73 73 2e 63 6f 6d 2a 2f 2a 2c 3a 61 66 74 65 72 2c 3a 62 65 66 6f 72 65 7b 62 6f 72 64 65 72 3a 30 20 73 6f 6c 69 64 20 23 65 35 65 37 65 62 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 3a 61 66 74 65 72 2c 3a 62 65 66 6f 72 65 7b 2d 2d 74 77 2d 63 6f 6e 74 65 6e 74 3a 22 22 7d 68 74 6d 6c 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 66 6f 6e 74 2d 66 65 61 74 75 72 65 2d 73 65 74 74 69 6e 67 73 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 49 6e 74 65 72 2c 75 69 2d 73 61 6e 73 2d 73 65 72 69 66 2c 73 79 Data Ascii: /! tailwindcss v3.3.5 \| MIT License \| https://tailwindcss.com/*,:after,:before{border:0 solid #e5e7eb;box-sizing:border-box}:after,:before{--tw-content:""}html{-webkit-text-size-adjust:100%;font-feature-settings:normal;font-family:Inter,ui-sans-serif,sy
2024-11-06 15:55:23 UTC	16384	IN	Data Raw: 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 20 2a 29 29 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 2e 70 72 6f 73 65 20 3a 77 68 65 72 65 28 68 32 20 63 6f 64 65 29 3a 6e 6f 74 28 3a 77 68 65 72 65 28 5b 63 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 2c 5b 63 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 20 2a 29 29 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 37 35 65 6d 7d 2e 70 72 6f 73 65 20 3a 77 68 65 72 65 28 68 33 20 63 6f 64 65 29 3a 6e 6f 74 28 3a 77 68 65 72 65 28 5b 63 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 2c 5b 63 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 20 2a 29 29 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 39 65 6d 7d 2e 70 72 6f 73 65 20 3a Data Ascii: lass~=not-prose] )){color:inherit}.prose :where(h2 code):not(:where([class~=not-prose],[class~=not-prose] )){color:inherit;font-size:.875em}.prose :where(h3 code):not(:where([class~=not-prose],[class~=not-prose] *)){color:inherit;font-size:.9em}.prose :
2024-11-06 15:55:23 UTC	16384	IN	Data Raw: 3a 77 68 65 72 65 28 5b 63 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 2c 5b 63 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 20 2a 29 29 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 7d 2e 70 72 6f 73 65 2d 62 61 73 65 20 3a 77 68 65 72 65 28 68 33 2b 2a 29 3a 6e 6f 74 28 3a 77 68 65 72 65 28 5b 63 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 2c 5b 63 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 20 2a 29 29 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 7d 2e 70 72 6f 73 65 2d 62 61 73 65 20 3a 77 68 65 72 65 28 68 34 2b 2a 29 3a 6e 6f 74 28 3a 77 68 65 72 65 28 5b 63 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 2c 5b 63 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 20 2a 29 29 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 7d 2e 70 72 6f 73 65 2d 62 61 73 65 Data Ascii: :where([class~=not-prose],[class~=not-prose] )){margin-top:0}.prose-base :where(h3+):not(:where([class~=not-prose],[class~=not-prose] )){margin-top:0}.prose-base :where(h4+):not(:where([class~=not-prose],[class~=not-prose] *)){margin-top:0}.prose-base
2024-11-06 15:55:23 UTC	16384	IN	Data Raw: 3a 31 72 65 6d 7d 2e 6d 69 6e 2d 77 2d 5c 5b 74 68 65 6d 65 5c 28 73 70 61 63 69 6e 67 5c 2e 35 5c 29 5c 5d 7b 6d 69 6e 2d 77 69 64 74 68 3a 31 2e 32 35 72 65 6d 7d 2e 6d 69 6e 2d 77 2d 5c 5b 74 68 65 6d 65 5c 28 73 70 61 63 69 6e 67 5c 2e 36 5c 29 5c 5d 7b 6d 69 6e 2d 77 69 64 74 68 3a 31 2e 35 72 65 6d 7d 2e 6d 69 6e 2d 77 2d 5c 5b 74 68 65 6d 65 5c 28 73 70 61 63 69 6e 67 5c 2e 38 5c 29 5c 5d 7b 6d 69 6e 2d 77 69 64 74 68 3a 32 72 65 6d 7d 2e 6d 61 78 2d 77 2d 32 78 6c 7b 6d 61 78 2d 77 69 64 74 68 3a 34 32 72 65 6d 7d 2e 6d 61 78 2d 77 2d 35 78 6c 7b 6d 61 78 2d 77 69 64 74 68 3a 36 34 72 65 6d 7d 2e 6d 61 78 2d 77 2d 36 78 6c 7b 6d 61 78 2d 77 69 64 74 68 3a 37 32 72 65 6d 7d 2e 6d 61 78 2d 77 2d 5c 5b 31 34 72 65 6d 5c 5d 7b 6d 61 78 2d 77 69 64 74 Data Ascii: :1rem}.min-w-\[theme\(spacing\.5\)\]{min-width:1.25rem}.min-w-\[theme\(spacing\.6\)\]{min-width:1.5rem}.min-w-\[theme\(spacing\.8\)\]{min-width:2rem}.max-w-2xl{max-width:42rem}.max-w-5xl{max-width:64rem}.max-w-6xl{max-width:72rem}.max-w-\[14rem\]{max-widt
2024-11-06 15:55:23 UTC	16384	IN	Data Raw: 20 36 38 2f 76 61 72 28 2d 2d 74 77 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 29 29 7d 2e 62 6f 72 64 65 72 2d 72 65 64 2d 36 30 30 7b 2d 2d 74 77 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 3a 31 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 72 67 62 28 32 32 30 20 33 38 20 33 38 2f 76 61 72 28 2d 2d 74 77 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 29 29 7d 2e 62 6f 72 64 65 72 2d 72 65 64 2d 38 30 30 7b 2d 2d 74 77 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 3a 31 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 72 67 62 28 31 35 33 20 32 37 20 32 37 2f 76 61 72 28 2d 2d 74 77 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 29 29 7d 2e 62 6f 72 64 65 72 2d 73 65 63 6f 6e 64 61 72 79 2d 31 30 30 30 7b 2d 2d 74 77 2d 62 6f 72 64 65 72 2d 6f 70 61 63 69 74 79 3a Data Ascii: 68/var(--tw-border-opacity))}.border-red-600{--tw-border-opacity:1;border-color:rgb(220 38 38/var(--tw-border-opacity))}.border-red-800{--tw-border-opacity:1;border-color:rgb(153 27 27/var(--tw-border-opacity))}.border-secondary-1000{--tw-border-opacity:
2024-11-06 15:55:23 UTC	16384	IN	Data Raw: 33 35 2f 76 61 72 28 2d 2d 74 77 2d 72 69 6e 67 2d 6f 70 61 63 69 74 79 29 29 7d 2e 72 69 6e 67 2d 67 72 61 79 2d 33 30 30 7b 2d 2d 74 77 2d 72 69 6e 67 2d 6f 70 61 63 69 74 79 3a 31 3b 2d 2d 74 77 2d 72 69 6e 67 2d 63 6f 6c 6f 72 3a 72 67 62 28 32 30 39 20 32 31 33 20 32 31 39 2f 76 61 72 28 2d 2d 74 77 2d 72 69 6e 67 2d 6f 70 61 63 69 74 79 29 29 7d 2e 72 69 6e 67 2d 67 72 61 79 2d 36 30 30 5c 2f 31 30 7b 2d 2d 74 77 2d 72 69 6e 67 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 37 35 2c 38 35 2c 39 39 2c 2e 31 29 7d 2e 72 69 6e 67 2d 67 72 61 79 2d 39 30 30 5c 2f 31 30 7b 2d 2d 74 77 2d 72 69 6e 67 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 31 37 2c 32 34 2c 33 39 2c 2e 31 29 7d 2e 72 69 6e 67 2d 67 72 61 79 2d 39 35 30 5c 2f 31 30 7b 2d 2d 74 77 2d 72 69 6e 67 2d 63 6f Data Ascii: 35/var(--tw-ring-opacity))}.ring-gray-300{--tw-ring-opacity:1;--tw-ring-color:rgb(209 213 219/var(--tw-ring-opacity))}.ring-gray-600\/10{--tw-ring-color:rgba(75,85,99,.1)}.ring-gray-900\/10{--tw-ring-color:rgba(17,24,39,.1)}.ring-gray-950\/10{--tw-ring-co
2024-11-06 15:55:24 UTC	16384	IN	Data Raw: 30 7d 2e 6c 67 5c 3a 70 72 6f 73 65 2d 6c 67 20 3a 77 68 65 72 65 28 74 62 6f 64 79 20 74 64 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 74 66 6f 6f 74 20 74 64 3a 6c 61 73 74 2d 63 68 69 6c 64 29 3a 6e 6f 74 28 3a 77 68 65 72 65 28 5b 63 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 2c 5b 63 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 20 2a 29 29 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 2e 6c 67 5c 3a 70 72 6f 73 65 2d 6c 67 20 3a 77 68 65 72 65 28 66 69 67 75 72 65 29 3a 6e 6f 74 28 3a 77 68 65 72 65 28 5b 63 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 2c 5b 63 6c 61 73 73 7e 3d 6e 6f 74 2d 70 72 6f 73 65 5d 20 2a 29 29 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 2e 37 37 37 37 37 37 38 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 2e 37 Data Ascii: 0}.lg\:prose-lg :where(tbody td:last-child,tfoot td:last-child):not(:where([class~=not-prose],[class~=not-prose] )){padding-right:0}.lg\:prose-lg :where(figure):not(:where([class~=not-prose],[class~=not-prose] )){margin-bottom:1.7777778em;margin-top:1.7
2024-11-06 15:55:24 UTC	16384	IN	Data Raw: 72 28 2d 2d 74 77 2d 62 67 2d 6f 70 61 63 69 74 79 29 29 7d 2e 66 6f 63 75 73 5c 3a 62 67 2d 69 6e 64 69 67 6f 2d 31 30 30 3a 66 6f 63 75 73 7b 2d 2d 74 77 2d 62 67 2d 6f 70 61 63 69 74 79 3a 31 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 28 32 32 34 20 32 33 31 20 32 35 35 2f 76 61 72 28 2d 2d 74 77 2d 62 67 2d 6f 70 61 63 69 74 79 29 29 7d 2e 66 6f 63 75 73 5c 3a 62 67 2d 69 6e 64 69 67 6f 2d 36 30 30 3a 66 6f 63 75 73 7b 2d 2d 74 77 2d 62 67 2d 6f 70 61 63 69 74 79 3a 31 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 28 37 39 20 37 30 20 32 32 39 2f 76 61 72 28 2d 2d 74 77 2d 62 67 2d 6f 70 61 63 69 74 79 29 29 7d 2e 66 6f 63 75 73 5c 3a 62 67 2d 70 72 69 6d 61 72 79 2d 31 30 30 3a 66 6f 63 75 73 7b 2d 2d 74 77 2d 62 Data Ascii: r(--tw-bg-opacity))}.focus\:bg-indigo-100:focus{--tw-bg-opacity:1;background-color:rgb(224 231 255/var(--tw-bg-opacity))}.focus\:bg-indigo-600:focus{--tw-bg-opacity:1;background-color:rgb(79 70 229/var(--tw-bg-opacity))}.focus\:bg-primary-100:focus{--tw-b
2024-11-06 15:55:24 UTC	16384	IN	Data Raw: 65 2d 79 29 29 20 72 6f 74 61 74 65 28 76 61 72 28 2d 2d 74 77 2d 72 6f 74 61 74 65 29 29 20 73 6b 65 77 28 76 61 72 28 2d 2d 74 77 2d 73 6b 65 77 2d 78 29 29 20 73 6b 65 77 59 28 76 61 72 28 2d 2d 74 77 2d 73 6b 65 77 2d 79 29 29 20 73 63 61 6c 65 58 28 76 61 72 28 2d 2d 74 77 2d 73 63 61 6c 65 2d 78 29 29 20 73 63 61 6c 65 59 28 76 61 72 28 2d 2d 74 77 2d 73 63 61 6c 65 2d 79 29 29 7d 3a 69 73 28 5b 64 69 72 3d 72 74 6c 5d 20 2e 72 74 6c 5c 3a 2d 74 72 61 6e 73 6c 61 74 65 2d 78 2d 66 75 6c 6c 29 7b 2d 2d 74 77 2d 74 72 61 6e 73 6c 61 74 65 2d 78 3a 2d 31 30 30 25 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 76 61 72 28 2d 2d 74 77 2d 74 72 61 6e 73 6c 61 74 65 2d 78 29 2c 76 61 72 28 2d 2d 74 77 2d 74 72 61 6e 73 6c 61 74 65 2d 79 29 Data Ascii: e-y)) rotate(var(--tw-rotate)) skew(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}:is([dir=rtl] .rtl\:-translate-x-full){--tw-translate-x:-100%;transform:translate(var(--tw-translate-x),var(--tw-translate-y)
2024-11-06 15:55:24 UTC	16384	IN	Data Raw: 64 64 69 6e 67 2d 74 6f 70 3a 2e 33 37 35 72 65 6d 7d 2e 73 6d 5c 3a 70 74 2d 32 34 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 36 72 65 6d 7d 2e 73 6d 5c 3a 74 65 78 74 2d 6c 65 66 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 73 6d 5c 3a 74 65 78 74 2d 63 65 6e 74 65 72 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 73 6d 5c 3a 74 65 78 74 2d 32 78 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 72 65 6d 7d 2e 73 6d 5c 3a 74 65 78 74 2d 33 78 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 32 35 72 65 6d 7d 2e 73 6d 5c 3a 74 65 78 74 2d 38 78 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 36 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 Data Ascii: dding-top:.375rem}.sm\:pt-24{padding-top:6rem}.sm\:text-left{text-align:left}.sm\:text-center{text-align:center}.sm\:text-2xl{font-size:1.5rem;line-height:2rem}.sm\:text-3xl{font-size:1.875rem;line-height:2.25rem}.sm\:text-8xl{font-size:6rem;line-height:1

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:23 UTC	1258	OUT	GET /build/assets/app-49265ad1.js HTTP/1.1 Host: app.marmof.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://app.marmof.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
2024-11-06 15:55:23 UTC	377	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Nov 2024 15:55:23 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 364728 Last-Modified: Fri, 21 Jun 2024 14:30:40 GMT Connection: close Vary: Accept-Encoding ETag: "66758e90-590b8" X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Accept-Ranges: bytes
2024-11-06 15:55:23 UTC	16007	IN	Data Raw: 63 6f 6e 73 74 20 6f 41 3d 22 6d 6f 64 75 6c 65 70 72 65 6c 6f 61 64 22 2c 73 41 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 2f 62 75 69 6c 64 2f 22 2b 65 7d 2c 79 67 3d 7b 7d 2c 65 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 69 29 7b 69 66 28 21 6e 7c 7c 6e 2e 6c 65 6e 67 74 68 3d 3d 3d 30 29 72 65 74 75 72 6e 20 74 28 29 3b 63 6f 6e 73 74 20 73 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 6c 69 6e 6b 22 29 3b 72 65 74 75 72 6e 20 50 72 6f 6d 69 73 65 2e 61 6c 6c 28 6e 2e 6d 61 70 28 61 3d 3e 7b 69 66 28 61 3d 73 41 28 61 29 2c 61 20 69 6e 20 79 67 29 72 65 74 75 72 6e 3b 79 67 5b 61 5d 3d 21 30 3b 63 6f 6e 73 74 20 6c 3d 61 2e 65 6e 64 73 57 69 74 68 28 22 2e 63 73 73 22 29 2c 63 3d 6c Data Ascii: const oA="modulepreload",sA=function(e){return"/build/"+e},yg={},ee=function(t,n,i){if(!n\|\|n.length===0)return t();const s=document.getElementsByTagName("link");return Promise.all(n.map(a=>{if(a=sA(a),a in yg)return;yg[a]=!0;const l=a.endsWith(".css"),c=l
2024-11-06 15:55:23 UTC	16384	IN	Data Raw: 29 7b 76 61 72 20 6f 3d 2d 31 2c 75 3d 72 3d 3d 6e 75 6c 6c 3f 30 3a 72 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 74 68 69 73 2e 63 6c 65 61 72 28 29 3b 2b 2b 6f 3c 75 3b 29 7b 76 61 72 20 70 3d 72 5b 6f 5d 3b 74 68 69 73 2e 73 65 74 28 70 5b 30 5d 2c 70 5b 31 5d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4f 30 28 29 7b 74 68 69 73 2e 5f 5f 64 61 74 61 5f 5f 3d 5b 5d 2c 74 68 69 73 2e 73 69 7a 65 3d 30 7d 66 75 6e 63 74 69 6f 6e 20 78 30 28 72 29 7b 76 61 72 20 6f 3d 74 68 69 73 2e 5f 5f 64 61 74 61 5f 5f 2c 75 3d 52 75 28 6f 2c 72 29 3b 69 66 28 75 3c 30 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 70 3d 6f 2e 6c 65 6e 67 74 68 2d 31 3b 72 65 74 75 72 6e 20 75 3d 3d 70 3f 6f 2e 70 6f 70 28 29 3a 45 75 2e 63 61 6c 6c 28 6f 2c 75 2c 31 29 2c 2d 2d 74 68 69 73 2e 73 69 7a Data Ascii: ){var o=-1,u=r==null?0:r.length;for(this.clear();++o<u;){var p=r[o];this.set(p[0],p[1])}}function O0(){this.__data__=[],this.size=0}function x0(r){var o=this.__data__,u=Ru(o,r);if(u<0)return!1;var p=o.length-1;return u==p?o.pop():Eu.call(o,u,1),--this.siz
2024-11-06 15:55:23 UTC	16384	IN	Data Raw: 2c 24 3d 4c 3d 3d 22 77 72 61 70 70 65 72 22 3f 47 63 28 45 29 3a 6e 3b 24 26 26 51 63 28 24 5b 30 5d 29 26 26 24 5b 31 5d 3d 3d 28 57 7c 78 7c 46 7c 4d 29 26 26 21 24 5b 34 5d 2e 6c 65 6e 67 74 68 26 26 24 5b 39 5d 3d 3d 31 3f 54 3d 54 5b 48 75 28 24 5b 30 5d 29 5d 2e 61 70 70 6c 79 28 54 2c 24 5b 33 5d 29 3a 54 3d 45 2e 6c 65 6e 67 74 68 3d 3d 31 26 26 51 63 28 45 29 3f 54 5b 4c 5d 28 29 3a 54 2e 74 68 72 75 28 45 29 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 7a 3d 61 72 67 75 6d 65 6e 74 73 2c 47 3d 7a 5b 30 5d 3b 69 66 28 54 26 26 7a 2e 6c 65 6e 67 74 68 3d 3d 31 26 26 54 65 28 47 29 29 72 65 74 75 72 6e 20 54 2e 70 6c 61 6e 74 28 47 29 2e 76 61 6c 75 65 28 29 3b 66 6f 72 28 76 61 72 20 74 65 3d 30 2c 75 65 3d 75 3f 6f 5b 74 Data Ascii: ,$=L=="wrapper"?Gc(E):n;$&&Qc($[0])&&$[1]==(W\|x\|F\|M)&&!$[4].length&&$[9]==1?T=T[Hu($[0])].apply(T,$[3]):T=E.length==1&&Qc(E)?T[L]():T.thru(E)}return function(){var z=arguments,G=z[0];if(T&&z.length==1&&Te(G))return T.plant(G).value();for(var te=0,ue=u?o[t
2024-11-06 15:55:23 UTC	16384	IN	Data Raw: 5f 5f 3d 72 2c 6f 7d 66 75 6e 63 74 69 6f 6e 20 74 45 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2e 5f 5f 77 72 61 70 70 65 64 5f 5f 3b 69 66 28 72 20 69 6e 73 74 61 6e 63 65 6f 66 20 57 65 29 7b 76 61 72 20 6f 3d 72 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 5f 61 63 74 69 6f 6e 73 5f 5f 2e 6c 65 6e 67 74 68 26 26 28 6f 3d 6e 65 77 20 57 65 28 74 68 69 73 29 29 2c 6f 3d 6f 2e 72 65 76 65 72 73 65 28 29 2c 6f 2e 5f 5f 61 63 74 69 6f 6e 73 5f 5f 2e 70 75 73 68 28 7b 66 75 6e 63 3a 6a 75 2c 61 72 67 73 3a 5b 74 66 5d 2c 74 68 69 73 41 72 67 3a 6e 7d 29 2c 6e 65 77 20 56 6e 28 6f 2c 74 68 69 73 2e 5f 5f 63 68 61 69 6e 5f 5f 29 7d 72 65 74 75 72 6e 20 74 68 69 73 2e 74 68 72 75 28 74 66 29 7d 66 75 6e 63 74 69 6f 6e 20 6e 45 28 29 7b 72 65 74 75 72 6e 20 6f 68 28 Data Ascii: __=r,o}function tE(){var r=this.__wrapped__;if(r instanceof We){var o=r;return this.__actions__.length&&(o=new We(this)),o=o.reverse(),o.__actions__.push({func:ju,args:[tf],thisArg:n}),new Vn(o,this.__chain__)}return this.thru(tf)}function nE(){return oh(
2024-11-06 15:55:23 UTC	16384	IN	Data Raw: 6e 20 72 3d 3d 6e 75 6c 6c 7c 7c 72 21 3d 3d 72 3f 6f 3a 72 7d 76 61 72 20 41 53 3d 79 68 28 29 2c 50 53 3d 79 68 28 21 30 29 3b 66 75 6e 63 74 69 6f 6e 20 67 6e 28 72 29 7b 72 65 74 75 72 6e 20 72 7d 66 75 6e 63 74 69 6f 6e 20 70 66 28 72 29 7b 72 65 74 75 72 6e 20 7a 64 28 74 79 70 65 6f 66 20 72 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 72 3a 6a 6e 28 72 2c 6d 29 29 7d 66 75 6e 63 74 69 6f 6e 20 4f 53 28 72 29 7b 72 65 74 75 72 6e 20 4a 64 28 6a 6e 28 72 2c 6d 29 29 7d 66 75 6e 63 74 69 6f 6e 20 78 53 28 72 2c 6f 29 7b 72 65 74 75 72 6e 20 58 64 28 72 2c 6a 6e 28 6f 2c 6d 29 29 7d 76 61 72 20 54 53 3d 4e 65 28 66 75 6e 63 74 69 6f 6e 28 72 2c 6f 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 75 29 7b 72 65 74 75 72 6e 20 6d 61 28 75 2c 72 2c 6f 29 Data Ascii: n r==null\|\|r!==r?o:r}var AS=yh(),PS=yh(!0);function gn(r){return r}function pf(r){return zd(typeof r=="function"?r:jn(r,m))}function OS(r){return Jd(jn(r,m))}function xS(r,o){return Xd(r,jn(o,m))}var TS=Ne(function(r,o){return function(u){return ma(u,r,o)
2024-11-06 15:55:23 UTC	16384	IN	Data Raw: 61 3d 6e 2e 64 6f 74 73 2c 6c 3d 6e 2e 69 6e 64 65 78 65 73 2c 66 3d 28 6e 2e 42 6c 6f 62 7c 7c 74 79 70 65 6f 66 20 42 6c 6f 62 3c 22 75 22 26 26 42 6c 6f 62 29 26 26 4a 2e 69 73 53 70 65 63 43 6f 6d 70 6c 69 61 6e 74 46 6f 72 6d 28 74 29 3b 69 66 28 21 4a 2e 69 73 46 75 6e 63 74 69 6f 6e 28 73 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 76 69 73 69 74 6f 72 20 6d 75 73 74 20 62 65 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 66 75 6e 63 74 69 6f 6e 20 68 28 76 29 7b 69 66 28 76 3d 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 22 22 3b 69 66 28 4a 2e 69 73 44 61 74 65 28 76 29 29 72 65 74 75 72 6e 20 76 2e 74 6f 49 53 4f 53 74 72 69 6e 67 28 29 3b 69 66 28 21 66 26 26 4a 2e 69 73 42 6c 6f 62 28 76 29 29 74 68 72 6f 77 20 6e 65 77 20 7a 65 Data Ascii: a=n.dots,l=n.indexes,f=(n.Blob\|\|typeof Blob<"u"&&Blob)&&J.isSpecCompliantForm(t);if(!J.isFunction(s))throw new TypeError("visitor must be a function");function h(v){if(v===null)return"";if(J.isDate(v))return v.toISOString();if(!f&&J.isBlob(v))throw new ze
2024-11-06 15:55:24 UTC	16384	IN	Data Raw: 3d 7b 75 72 6c 3a 61 2c 6d 65 74 68 6f 64 3a 61 2c 64 61 74 61 3a 61 2c 62 61 73 65 55 52 4c 3a 6c 2c 74 72 61 6e 73 66 6f 72 6d 52 65 71 75 65 73 74 3a 6c 2c 74 72 61 6e 73 66 6f 72 6d 52 65 73 70 6f 6e 73 65 3a 6c 2c 70 61 72 61 6d 73 53 65 72 69 61 6c 69 7a 65 72 3a 6c 2c 74 69 6d 65 6f 75 74 3a 6c 2c 74 69 6d 65 6f 75 74 4d 65 73 73 61 67 65 3a 6c 2c 77 69 74 68 43 72 65 64 65 6e 74 69 61 6c 73 3a 6c 2c 61 64 61 70 74 65 72 3a 6c 2c 72 65 73 70 6f 6e 73 65 54 79 70 65 3a 6c 2c 78 73 72 66 43 6f 6f 6b 69 65 4e 61 6d 65 3a 6c 2c 78 73 72 66 48 65 61 64 65 72 4e 61 6d 65 3a 6c 2c 6f 6e 55 70 6c 6f 61 64 50 72 6f 67 72 65 73 73 3a 6c 2c 6f 6e 44 6f 77 6e 6c 6f 61 64 50 72 6f 67 72 65 73 73 3a 6c 2c 64 65 63 6f 6d 70 72 65 73 73 3a 6c 2c 6d 61 78 43 6f 6e Data Ascii: ={url:a,method:a,data:a,baseURL:l,transformRequest:l,transformResponse:l,paramsSerializer:l,timeout:l,timeoutMessage:l,withCredentials:l,adapter:l,responseType:l,xsrfCookieName:l,xsrfHeaderName:l,onUploadProgress:l,onDownloadProgress:l,decompress:l,maxCon
2024-11-06 15:55:24 UTC	16384	IN	Data Raw: 6d 5b 30 5d 29 2c 67 28 6d 5b 31 5d 29 5d 3a 67 28 6d 29 2c 64 6f 6e 65 3a 5f 7d 7d 2c 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 41 69 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 2e 2e 2e 74 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 22 64 65 6c 65 74 65 22 3f 21 31 3a 65 3d 3d 3d 22 63 6c 65 61 72 22 3f 76 6f 69 64 20 30 3a 74 68 69 73 7d 7d 66 75 6e 63 74 69 6f 6e 20 59 50 28 29 7b 63 6f 6e 73 74 20 65 3d 7b 67 65 74 28 61 29 7b 72 65 74 75 72 6e 20 59 75 28 74 68 69 73 2c 61 29 7d 2c 67 65 74 20 73 69 7a 65 28 29 7b 72 65 74 75 72 6e 20 5a 75 28 74 68 69 73 29 7d 2c 68 61 73 3a 51 75 2c 61 64 64 3a 46 67 2c 73 65 74 3a 4e 67 2c 64 65 6c 65 74 65 3a 4d Data Ascii: m[0]),g(m[1])]:g(m),done:_}},[Symbol.iterator](){return this}}}}function Ai(e){return function(...t){return e==="delete"?!1:e==="clear"?void 0:this}}function YP(){const e={get(a){return Yu(this,a)},get size(){return Zu(this)},has:Qu,add:Fg,set:Ng,delete:M
2024-11-06 15:55:24 UTC	16384	IN	Data Raw: 2c 74 2c 6e 2c 69 29 7b 63 6f 6e 73 74 20 73 3d 65 2e 64 69 72 73 2c 61 3d 74 26 26 74 2e 64 69 72 73 3b 66 6f 72 28 6c 65 74 20 6c 3d 30 3b 6c 3c 73 2e 6c 65 6e 67 74 68 3b 6c 2b 2b 29 7b 63 6f 6e 73 74 20 63 3d 73 5b 6c 5d 3b 61 26 26 28 63 2e 6f 6c 64 56 61 6c 75 65 3d 61 5b 6c 5d 2e 76 61 6c 75 65 29 3b 6c 65 74 20 66 3d 63 2e 64 69 72 5b 69 5d 3b 66 26 26 28 4e 73 28 29 2c 58 6e 28 66 2c 6e 2c 38 2c 5b 65 2e 65 6c 2c 63 2c 65 2c 74 5d 29 2c 4d 73 28 29 29 7d 7d 63 6f 6e 73 74 20 52 69 3d 53 79 6d 62 6f 6c 28 22 5f 6c 65 61 76 65 43 62 22 29 2c 69 6c 3d 53 79 6d 62 6f 6c 28 22 5f 65 6e 74 65 72 43 62 22 29 3b 66 75 6e 63 74 69 6f 6e 20 6e 76 28 29 7b 63 6f 6e 73 74 20 65 3d 7b 69 73 4d 6f 75 6e 74 65 64 3a 21 31 2c 69 73 4c 65 61 76 69 6e 67 3a 21 31 Data Ascii: ,t,n,i){const s=e.dirs,a=t&&t.dirs;for(let l=0;l<s.length;l++){const c=s[l];a&&(c.oldValue=a[l].value);let f=c.dir[i];f&&(Ns(),Xn(f,n,8,[e.el,c,e,t]),Ms())}}const Ri=Symbol("_leaveCb"),il=Symbol("_enterCb");function nv(){const e={isMounted:!1,isLeaving:!1
2024-11-06 15:55:24 UTC	16384	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 73 78 28 65 2c 74 2c 6e 2c 69 3d 21 31 29 7b 63 6f 6e 73 74 20 73 3d 7b 7d 2c 61 3d 7b 7d 3b 50 6c 28 61 2c 75 63 2c 31 29 2c 65 2e 70 72 6f 70 73 44 65 66 61 75 6c 74 73 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 6e 75 6c 6c 29 2c 63 76 28 65 2c 74 2c 73 2c 61 29 3b 66 6f 72 28 63 6f 6e 73 74 20 6c 20 69 6e 20 65 2e 70 72 6f 70 73 4f 70 74 69 6f 6e 73 5b 30 5d 29 6c 20 69 6e 20 73 7c 7c 28 73 5b 6c 5d 3d 76 6f 69 64 20 30 29 3b 6e 3f 65 2e 70 72 6f 70 73 3d 69 3f 73 3a 75 4f 28 73 29 3a 65 2e 74 79 70 65 2e 70 72 6f 70 73 3f 65 2e 70 72 6f 70 73 3d 73 3a 65 2e 70 72 6f 70 73 3d 61 2c 65 2e 61 74 74 72 73 3d 61 7d 66 75 6e 63 74 69 6f 6e 20 61 78 28 65 2c 74 2c 6e 2c 69 29 7b 63 6f 6e 73 74 7b 70 72 6f 70 73 3a 73 2c 61 74 Data Ascii: }function sx(e,t,n,i=!1){const s={},a={};Pl(a,uc,1),e.propsDefaults=Object.create(null),cv(e,t,s,a);for(const l in e.propsOptions[0])l in s\|\|(s[l]=void 0);n?e.props=i?s:uO(s):e.type.props?e.props=s:e.props=a,e.attrs=a}function ax(e,t,n,i){const{props:s,at

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:24 UTC	616	OUT	GET /api/?name=A+J&color=ffffff&background=f34b1d HTTP/1.1 Host: ui-avatars.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://app.marmof.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-06 15:55:24 UTC	1202	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 15:55:24 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close vary: Accept-Encoding pragma: public access-control-allow-origin: * access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-credentials: true access-control-allow-methods: GET, OPTIONS access-control-allow-methods: GET, OPTIONS access-control-max-age: 31536000 access-control-max-age: 31536000 access-control-allow-headers: Content-Type, Accept, X-Requested-With, remember-me, cache-control access-control-allow-headers: Content-Type, Accept, X-Requested-With, remember-me, cache-control Cache-Control: public, max-age=31536000 expires: Thu, 06 Nov 2025 11:06:47 GMT Last-Modified: Wed, 06 Nov 2024 11:06:47 GMT CF-Cache-Status: HIT Age: 5318 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PUim%2BSFO%2FXClaNl4i3ZDxc3tAGLcuJL2h6%2BRYTrcO7uf%2FcwqZFB8jQ1d9RQtHR2O4ILH3yoLF%2BpvZQt8G5%2BDbODUmoeBljY9IF9W%2BbBMxhGDgVsIstuspDput5UfcTA7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de64484ca436900-DFW
2024-11-06 15:55:24 UTC	191	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 31 38 31 26 73 65 6e 74 3d 34 26 72 65 63 76 3d 36 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 33 34 26 72 65 63 76 5f 62 79 74 65 73 3d 31 31 39 34 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 32 34 30 31 33 32 36 26 63 77 6e 64 3d 32 32 38 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 63 31 34 39 31 66 37 31 63 33 35 31 39 66 34 64 26 74 73 3d 31 36 33 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=1181&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1194&delivery_rate=2401326&cwnd=228&unsent_bytes=0&cid=c1491f71c3519f4d&ts=163&x=0"
2024-11-06 15:55:24 UTC	576	IN	Data Raw: 32 33 39 0d 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 77 69 64 74 68 3d 22 36 34 70 78 22 20 68 65 69 67 68 74 3d 22 36 34 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 36 34 20 36 34 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 3c 72 65 63 74 20 66 69 6c 6c 3d 22 23 66 33 34 62 31 64 22 20 63 78 3d 22 33 32 22 20 77 69 64 74 68 3d 22 36 34 22 20 68 65 69 67 68 74 3d 22 36 34 22 20 63 79 3d 22 33 32 22 20 72 3d 22 33 32 22 2f 3e 3c 74 65 78 74 20 78 3d 22 35 30 25 22 20 79 3d 22 35 30 25 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 Data Ascii: 239<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="64px" height="64px" viewBox="0 0 64 64" version="1.1"><rect fill="#f34b1d" cx="32" width="64" height="64" cy="32" r="32"/><text x="50%" y="50%" style="color: #f
2024-11-06 15:55:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:24 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1l7r34xy2ECzV4h&MD=O24uwPML HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-06 15:55:24 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: e6487efa-2163-47fd-bb15-45888b3a6b73 MS-RequestId: 4198e4d0-d379-451e-b80e-16999036ae7d MS-CV: r6vT9CAJrUu6aREj.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 06 Nov 2024 15:55:23 GMT Connection: close Content-Length: 30005
2024-11-06 15:55:24 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-06 15:55:24 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:24 UTC	522	OUT	GET /js/script.js HTTP/1.1 Host: plausible.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://app.marmof.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-06 15:55:24 UTC	747	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 15:55:24 GMT Content-Type: application/javascript Content-Length: 1407 Connection: close Vary: Accept-Encoding Server: BunnyCDN-IL1-1206 CDN-PullZone: 682664 CDN-Uid: 153cb5b1-399a-48ef-b5bf-098c03770254 CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate, max-age=86400 application: 127.0.0.1 cross-origin-resource-policy: cross-origin permissions-policy: interest-cohort=() X-Content-Type-Options: nosniff CDN-ProxyVer: 1.06 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 11/06/2024 13:01:02 CDN-EdgeStorageId: 718 CDN-Status: 200 CDN-RequestTime: 0 CDN-RequestId: 8f1de1c92c24a1679ea8378dc9d9073a CDN-Cache: HIT
2024-11-06 15:55:24 UTC	1407	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 61 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 6f 3d 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2c 74 3d 6f 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 2c 72 3d 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 61 70 69 22 29 7c 7c 6e 65 77 20 55 52 4c 28 74 2e 73 72 63 29 2e 6f 72 69 67 69 6e 2b 22 2f 61 70 69 2f 65 76 65 6e 74 22 2c 6c 3d 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 64 6f 6d 61 69 6e 22 29 3b 66 75 6e 63 74 69 6f 6e 20 73 28 74 2c 65 29 7b 74 26 26 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 49 67 6e 6f 72 69 6e 67 20 45 76 65 6e 74 3a 20 22 2b 74 29 2c 65 26 26 65 2e 63 61 6c 6c 62 61 63 6b 26 26 65 2e 63 61 6c 6c Data Ascii: !function(){"use strict";var a=window.location,o=window.document,t=o.currentScript,r=t.getAttribute("data-api")\|\|new URL(t.src).origin+"/api/event",l=t.getAttribute("data-domain");function s(t,e){t&&console.warn("Ignoring Event: "+t),e&&e.callback&&e.call

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:25 UTC	382	OUT	GET /api/?name=A+J&color=ffffff&background=f34b1d HTTP/1.1 Host: ui-avatars.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-06 15:55:25 UTC	1196	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 15:55:25 GMT Content-Type: image/svg+xml Transfer-Encoding: chunked Connection: close vary: Accept-Encoding pragma: public access-control-allow-origin: * access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-credentials: true access-control-allow-methods: GET, OPTIONS access-control-allow-methods: GET, OPTIONS access-control-max-age: 31536000 access-control-max-age: 31536000 access-control-allow-headers: Content-Type, Accept, X-Requested-With, remember-me, cache-control access-control-allow-headers: Content-Type, Accept, X-Requested-With, remember-me, cache-control Cache-Control: public, max-age=31536000 expires: Thu, 06 Nov 2025 11:06:47 GMT Last-Modified: Wed, 06 Nov 2024 11:06:47 GMT CF-Cache-Status: HIT Age: 5319 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g9gpasKzHGkhe2CeP6Vkxu9o53Qi6cJ%2B8GmHoWtIo0qgTa1%2FETfq3M%2B8K1Ky6RteUAnPaD534lDCvxetFhavddDnPwCARLqJpo44ZjVz6y5DBciKMBRMw0%2BjycfUHXrD"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8de6448a78963588-DFW
2024-11-06 15:55:25 UTC	190	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 31 36 34 26 73 65 6e 74 3d 33 26 72 65 63 76 3d 35 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 33 35 26 72 65 63 76 5f 62 79 74 65 73 3d 39 36 30 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 32 34 32 39 35 33 30 26 63 77 6e 64 3d 32 35 31 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 62 63 63 66 36 34 34 35 33 33 64 39 36 34 62 61 26 74 73 3d 32 30 34 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=1164&sent=3&recv=5&lost=0&retrans=0&sent_bytes=2835&recv_bytes=960&delivery_rate=2429530&cwnd=251&unsent_bytes=0&cid=bccf644533d964ba&ts=204&x=0"
2024-11-06 15:55:25 UTC	576	IN	Data Raw: 32 33 39 0d 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 6d 6c 6e 73 3a 78 6c 69 6e 6b 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 6c 69 6e 6b 22 20 77 69 64 74 68 3d 22 36 34 70 78 22 20 68 65 69 67 68 74 3d 22 36 34 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 36 34 20 36 34 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 3c 72 65 63 74 20 66 69 6c 6c 3d 22 23 66 33 34 62 31 64 22 20 63 78 3d 22 33 32 22 20 77 69 64 74 68 3d 22 36 34 22 20 68 65 69 67 68 74 3d 22 36 34 22 20 63 79 3d 22 33 32 22 20 72 3d 22 33 32 22 2f 3e 3c 74 65 78 74 20 78 3d 22 35 30 25 22 20 79 3d 22 35 30 25 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 66 Data Ascii: 239<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="64px" height="64px" viewBox="0 0 64 64" version="1.1"><rect fill="#f34b1d" cx="32" width="64" height="64" cy="32" r="32"/><text x="50%" y="50%" style="color: #f
2024-11-06 15:55:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:25 UTC	616	OUT	GET /storage/fonts/b86251dcd5/sinterv12ucc73fwrk3iltehus-fvqtmwcp50knma1zl7w0q5nw.woff2 HTTP/1.1 Host: marmof.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://app.marmof.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://app.marmof.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-06 15:55:25 UTC	325	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Nov 2024 15:55:25 GMT Content-Type: font/woff2 Content-Length: 37780 Last-Modified: Fri, 21 Jun 2024 14:28:57 GMT Connection: close ETag: "66758e29-9394" X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Accept-Ranges: bytes
2024-11-06 15:55:25 UTC	16059	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 93 94 00 12 00 00 00 01 6c b0 00 00 93 26 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 82 55 1b 81 af 0a 1c c6 06 3f 48 56 41 52 89 3f 06 60 3f 53 54 41 54 81 38 00 85 04 2f 6c 11 08 0a 81 a5 50 81 86 7b 0b 85 34 00 30 82 90 66 01 36 02 24 03 8a 64 04 20 05 85 5c 07 20 5b 6e 59 71 02 5b b7 bd 12 87 de ac ea 77 3e 80 02 5f a0 dc 3e c1 6d 83 5c 2e 6f fe e8 99 c9 38 36 01 1b 07 40 cd f0 7e f2 ff ff 27 26 1b 31 dc 81 db 01 c0 3b 7d 55 ab 4a 12 06 8f 40 80 22 cb 44 63 44 ac f8 34 3b 33 b7 7d 1e 67 4f eb 3c 31 ab 98 33 c5 ce 96 cc c9 08 71 dd 89 27 91 08 18 56 c7 a8 a0 07 11 6e e6 7e ac d6 55 dd e5 c8 14 75 05 22 b0 52 34 c6 8e 87 e0 81 8c b2 e1 08 71 2b b7 f9 5a 75 c3 13 ad b1 4d 33 50 99 fa 90 37 45 Data Ascii: wOF2l&U?HVAR?`?STAT8/lP{40f6$d \ [nYq[w>_>m\.o86@~'&1;}UJ@"DcD4;3}gO<13q'Vn~Uu"R4q+ZuM3P7E

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:25 UTC	1088	OUT	GET /build/assets/app-49265ad1.js HTTP/1.1 Host: app.marmof.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
2024-11-06 15:55:25 UTC	377	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Nov 2024 15:55:25 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 364728 Last-Modified: Fri, 21 Jun 2024 14:30:40 GMT Connection: close Vary: Accept-Encoding ETag: "66758e90-590b8" X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Accept-Ranges: bytes
2024-11-06 15:55:25 UTC	16007	IN	Data Raw: 63 6f 6e 73 74 20 6f 41 3d 22 6d 6f 64 75 6c 65 70 72 65 6c 6f 61 64 22 2c 73 41 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 2f 62 75 69 6c 64 2f 22 2b 65 7d 2c 79 67 3d 7b 7d 2c 65 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 69 29 7b 69 66 28 21 6e 7c 7c 6e 2e 6c 65 6e 67 74 68 3d 3d 3d 30 29 72 65 74 75 72 6e 20 74 28 29 3b 63 6f 6e 73 74 20 73 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 6c 69 6e 6b 22 29 3b 72 65 74 75 72 6e 20 50 72 6f 6d 69 73 65 2e 61 6c 6c 28 6e 2e 6d 61 70 28 61 3d 3e 7b 69 66 28 61 3d 73 41 28 61 29 2c 61 20 69 6e 20 79 67 29 72 65 74 75 72 6e 3b 79 67 5b 61 5d 3d 21 30 3b 63 6f 6e 73 74 20 6c 3d 61 2e 65 6e 64 73 57 69 74 68 28 22 2e 63 73 73 22 29 2c 63 3d 6c Data Ascii: const oA="modulepreload",sA=function(e){return"/build/"+e},yg={},ee=function(t,n,i){if(!n\|\|n.length===0)return t();const s=document.getElementsByTagName("link");return Promise.all(n.map(a=>{if(a=sA(a),a in yg)return;yg[a]=!0;const l=a.endsWith(".css"),c=l
2024-11-06 15:55:25 UTC	16384	IN	Data Raw: 29 7b 76 61 72 20 6f 3d 2d 31 2c 75 3d 72 3d 3d 6e 75 6c 6c 3f 30 3a 72 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 74 68 69 73 2e 63 6c 65 61 72 28 29 3b 2b 2b 6f 3c 75 3b 29 7b 76 61 72 20 70 3d 72 5b 6f 5d 3b 74 68 69 73 2e 73 65 74 28 70 5b 30 5d 2c 70 5b 31 5d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4f 30 28 29 7b 74 68 69 73 2e 5f 5f 64 61 74 61 5f 5f 3d 5b 5d 2c 74 68 69 73 2e 73 69 7a 65 3d 30 7d 66 75 6e 63 74 69 6f 6e 20 78 30 28 72 29 7b 76 61 72 20 6f 3d 74 68 69 73 2e 5f 5f 64 61 74 61 5f 5f 2c 75 3d 52 75 28 6f 2c 72 29 3b 69 66 28 75 3c 30 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 70 3d 6f 2e 6c 65 6e 67 74 68 2d 31 3b 72 65 74 75 72 6e 20 75 3d 3d 70 3f 6f 2e 70 6f 70 28 29 3a 45 75 2e 63 61 6c 6c 28 6f 2c 75 2c 31 29 2c 2d 2d 74 68 69 73 2e 73 69 7a Data Ascii: ){var o=-1,u=r==null?0:r.length;for(this.clear();++o<u;){var p=r[o];this.set(p[0],p[1])}}function O0(){this.__data__=[],this.size=0}function x0(r){var o=this.__data__,u=Ru(o,r);if(u<0)return!1;var p=o.length-1;return u==p?o.pop():Eu.call(o,u,1),--this.siz
2024-11-06 15:55:25 UTC	16384	IN	Data Raw: 2c 24 3d 4c 3d 3d 22 77 72 61 70 70 65 72 22 3f 47 63 28 45 29 3a 6e 3b 24 26 26 51 63 28 24 5b 30 5d 29 26 26 24 5b 31 5d 3d 3d 28 57 7c 78 7c 46 7c 4d 29 26 26 21 24 5b 34 5d 2e 6c 65 6e 67 74 68 26 26 24 5b 39 5d 3d 3d 31 3f 54 3d 54 5b 48 75 28 24 5b 30 5d 29 5d 2e 61 70 70 6c 79 28 54 2c 24 5b 33 5d 29 3a 54 3d 45 2e 6c 65 6e 67 74 68 3d 3d 31 26 26 51 63 28 45 29 3f 54 5b 4c 5d 28 29 3a 54 2e 74 68 72 75 28 45 29 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 7a 3d 61 72 67 75 6d 65 6e 74 73 2c 47 3d 7a 5b 30 5d 3b 69 66 28 54 26 26 7a 2e 6c 65 6e 67 74 68 3d 3d 31 26 26 54 65 28 47 29 29 72 65 74 75 72 6e 20 54 2e 70 6c 61 6e 74 28 47 29 2e 76 61 6c 75 65 28 29 3b 66 6f 72 28 76 61 72 20 74 65 3d 30 2c 75 65 3d 75 3f 6f 5b 74 Data Ascii: ,$=L=="wrapper"?Gc(E):n;$&&Qc($[0])&&$[1]==(W\|x\|F\|M)&&!$[4].length&&$[9]==1?T=T[Hu($[0])].apply(T,$[3]):T=E.length==1&&Qc(E)?T[L]():T.thru(E)}return function(){var z=arguments,G=z[0];if(T&&z.length==1&&Te(G))return T.plant(G).value();for(var te=0,ue=u?o[t
2024-11-06 15:55:25 UTC	16384	IN	Data Raw: 5f 5f 3d 72 2c 6f 7d 66 75 6e 63 74 69 6f 6e 20 74 45 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2e 5f 5f 77 72 61 70 70 65 64 5f 5f 3b 69 66 28 72 20 69 6e 73 74 61 6e 63 65 6f 66 20 57 65 29 7b 76 61 72 20 6f 3d 72 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 5f 61 63 74 69 6f 6e 73 5f 5f 2e 6c 65 6e 67 74 68 26 26 28 6f 3d 6e 65 77 20 57 65 28 74 68 69 73 29 29 2c 6f 3d 6f 2e 72 65 76 65 72 73 65 28 29 2c 6f 2e 5f 5f 61 63 74 69 6f 6e 73 5f 5f 2e 70 75 73 68 28 7b 66 75 6e 63 3a 6a 75 2c 61 72 67 73 3a 5b 74 66 5d 2c 74 68 69 73 41 72 67 3a 6e 7d 29 2c 6e 65 77 20 56 6e 28 6f 2c 74 68 69 73 2e 5f 5f 63 68 61 69 6e 5f 5f 29 7d 72 65 74 75 72 6e 20 74 68 69 73 2e 74 68 72 75 28 74 66 29 7d 66 75 6e 63 74 69 6f 6e 20 6e 45 28 29 7b 72 65 74 75 72 6e 20 6f 68 28 Data Ascii: __=r,o}function tE(){var r=this.__wrapped__;if(r instanceof We){var o=r;return this.__actions__.length&&(o=new We(this)),o=o.reverse(),o.__actions__.push({func:ju,args:[tf],thisArg:n}),new Vn(o,this.__chain__)}return this.thru(tf)}function nE(){return oh(
2024-11-06 15:55:25 UTC	16384	IN	Data Raw: 6e 20 72 3d 3d 6e 75 6c 6c 7c 7c 72 21 3d 3d 72 3f 6f 3a 72 7d 76 61 72 20 41 53 3d 79 68 28 29 2c 50 53 3d 79 68 28 21 30 29 3b 66 75 6e 63 74 69 6f 6e 20 67 6e 28 72 29 7b 72 65 74 75 72 6e 20 72 7d 66 75 6e 63 74 69 6f 6e 20 70 66 28 72 29 7b 72 65 74 75 72 6e 20 7a 64 28 74 79 70 65 6f 66 20 72 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 72 3a 6a 6e 28 72 2c 6d 29 29 7d 66 75 6e 63 74 69 6f 6e 20 4f 53 28 72 29 7b 72 65 74 75 72 6e 20 4a 64 28 6a 6e 28 72 2c 6d 29 29 7d 66 75 6e 63 74 69 6f 6e 20 78 53 28 72 2c 6f 29 7b 72 65 74 75 72 6e 20 58 64 28 72 2c 6a 6e 28 6f 2c 6d 29 29 7d 76 61 72 20 54 53 3d 4e 65 28 66 75 6e 63 74 69 6f 6e 28 72 2c 6f 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 75 29 7b 72 65 74 75 72 6e 20 6d 61 28 75 2c 72 2c 6f 29 Data Ascii: n r==null\|\|r!==r?o:r}var AS=yh(),PS=yh(!0);function gn(r){return r}function pf(r){return zd(typeof r=="function"?r:jn(r,m))}function OS(r){return Jd(jn(r,m))}function xS(r,o){return Xd(r,jn(o,m))}var TS=Ne(function(r,o){return function(u){return ma(u,r,o)
2024-11-06 15:55:25 UTC	16384	IN	Data Raw: 61 3d 6e 2e 64 6f 74 73 2c 6c 3d 6e 2e 69 6e 64 65 78 65 73 2c 66 3d 28 6e 2e 42 6c 6f 62 7c 7c 74 79 70 65 6f 66 20 42 6c 6f 62 3c 22 75 22 26 26 42 6c 6f 62 29 26 26 4a 2e 69 73 53 70 65 63 43 6f 6d 70 6c 69 61 6e 74 46 6f 72 6d 28 74 29 3b 69 66 28 21 4a 2e 69 73 46 75 6e 63 74 69 6f 6e 28 73 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 76 69 73 69 74 6f 72 20 6d 75 73 74 20 62 65 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 66 75 6e 63 74 69 6f 6e 20 68 28 76 29 7b 69 66 28 76 3d 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 22 22 3b 69 66 28 4a 2e 69 73 44 61 74 65 28 76 29 29 72 65 74 75 72 6e 20 76 2e 74 6f 49 53 4f 53 74 72 69 6e 67 28 29 3b 69 66 28 21 66 26 26 4a 2e 69 73 42 6c 6f 62 28 76 29 29 74 68 72 6f 77 20 6e 65 77 20 7a 65 Data Ascii: a=n.dots,l=n.indexes,f=(n.Blob\|\|typeof Blob<"u"&&Blob)&&J.isSpecCompliantForm(t);if(!J.isFunction(s))throw new TypeError("visitor must be a function");function h(v){if(v===null)return"";if(J.isDate(v))return v.toISOString();if(!f&&J.isBlob(v))throw new ze
2024-11-06 15:55:25 UTC	16384	IN	Data Raw: 3d 7b 75 72 6c 3a 61 2c 6d 65 74 68 6f 64 3a 61 2c 64 61 74 61 3a 61 2c 62 61 73 65 55 52 4c 3a 6c 2c 74 72 61 6e 73 66 6f 72 6d 52 65 71 75 65 73 74 3a 6c 2c 74 72 61 6e 73 66 6f 72 6d 52 65 73 70 6f 6e 73 65 3a 6c 2c 70 61 72 61 6d 73 53 65 72 69 61 6c 69 7a 65 72 3a 6c 2c 74 69 6d 65 6f 75 74 3a 6c 2c 74 69 6d 65 6f 75 74 4d 65 73 73 61 67 65 3a 6c 2c 77 69 74 68 43 72 65 64 65 6e 74 69 61 6c 73 3a 6c 2c 61 64 61 70 74 65 72 3a 6c 2c 72 65 73 70 6f 6e 73 65 54 79 70 65 3a 6c 2c 78 73 72 66 43 6f 6f 6b 69 65 4e 61 6d 65 3a 6c 2c 78 73 72 66 48 65 61 64 65 72 4e 61 6d 65 3a 6c 2c 6f 6e 55 70 6c 6f 61 64 50 72 6f 67 72 65 73 73 3a 6c 2c 6f 6e 44 6f 77 6e 6c 6f 61 64 50 72 6f 67 72 65 73 73 3a 6c 2c 64 65 63 6f 6d 70 72 65 73 73 3a 6c 2c 6d 61 78 43 6f 6e Data Ascii: ={url:a,method:a,data:a,baseURL:l,transformRequest:l,transformResponse:l,paramsSerializer:l,timeout:l,timeoutMessage:l,withCredentials:l,adapter:l,responseType:l,xsrfCookieName:l,xsrfHeaderName:l,onUploadProgress:l,onDownloadProgress:l,decompress:l,maxCon
2024-11-06 15:55:25 UTC	16384	IN	Data Raw: 6d 5b 30 5d 29 2c 67 28 6d 5b 31 5d 29 5d 3a 67 28 6d 29 2c 64 6f 6e 65 3a 5f 7d 7d 2c 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 41 69 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 2e 2e 2e 74 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 22 64 65 6c 65 74 65 22 3f 21 31 3a 65 3d 3d 3d 22 63 6c 65 61 72 22 3f 76 6f 69 64 20 30 3a 74 68 69 73 7d 7d 66 75 6e 63 74 69 6f 6e 20 59 50 28 29 7b 63 6f 6e 73 74 20 65 3d 7b 67 65 74 28 61 29 7b 72 65 74 75 72 6e 20 59 75 28 74 68 69 73 2c 61 29 7d 2c 67 65 74 20 73 69 7a 65 28 29 7b 72 65 74 75 72 6e 20 5a 75 28 74 68 69 73 29 7d 2c 68 61 73 3a 51 75 2c 61 64 64 3a 46 67 2c 73 65 74 3a 4e 67 2c 64 65 6c 65 74 65 3a 4d Data Ascii: m[0]),g(m[1])]:g(m),done:_}},[Symbol.iterator](){return this}}}}function Ai(e){return function(...t){return e==="delete"?!1:e==="clear"?void 0:this}}function YP(){const e={get(a){return Yu(this,a)},get size(){return Zu(this)},has:Qu,add:Fg,set:Ng,delete:M
2024-11-06 15:55:25 UTC	16384	IN	Data Raw: 2c 74 2c 6e 2c 69 29 7b 63 6f 6e 73 74 20 73 3d 65 2e 64 69 72 73 2c 61 3d 74 26 26 74 2e 64 69 72 73 3b 66 6f 72 28 6c 65 74 20 6c 3d 30 3b 6c 3c 73 2e 6c 65 6e 67 74 68 3b 6c 2b 2b 29 7b 63 6f 6e 73 74 20 63 3d 73 5b 6c 5d 3b 61 26 26 28 63 2e 6f 6c 64 56 61 6c 75 65 3d 61 5b 6c 5d 2e 76 61 6c 75 65 29 3b 6c 65 74 20 66 3d 63 2e 64 69 72 5b 69 5d 3b 66 26 26 28 4e 73 28 29 2c 58 6e 28 66 2c 6e 2c 38 2c 5b 65 2e 65 6c 2c 63 2c 65 2c 74 5d 29 2c 4d 73 28 29 29 7d 7d 63 6f 6e 73 74 20 52 69 3d 53 79 6d 62 6f 6c 28 22 5f 6c 65 61 76 65 43 62 22 29 2c 69 6c 3d 53 79 6d 62 6f 6c 28 22 5f 65 6e 74 65 72 43 62 22 29 3b 66 75 6e 63 74 69 6f 6e 20 6e 76 28 29 7b 63 6f 6e 73 74 20 65 3d 7b 69 73 4d 6f 75 6e 74 65 64 3a 21 31 2c 69 73 4c 65 61 76 69 6e 67 3a 21 31 Data Ascii: ,t,n,i){const s=e.dirs,a=t&&t.dirs;for(let l=0;l<s.length;l++){const c=s[l];a&&(c.oldValue=a[l].value);let f=c.dir[i];f&&(Ns(),Xn(f,n,8,[e.el,c,e,t]),Ms())}}const Ri=Symbol("_leaveCb"),il=Symbol("_enterCb");function nv(){const e={isMounted:!1,isLeaving:!1
2024-11-06 15:55:25 UTC	16384	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 73 78 28 65 2c 74 2c 6e 2c 69 3d 21 31 29 7b 63 6f 6e 73 74 20 73 3d 7b 7d 2c 61 3d 7b 7d 3b 50 6c 28 61 2c 75 63 2c 31 29 2c 65 2e 70 72 6f 70 73 44 65 66 61 75 6c 74 73 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 6e 75 6c 6c 29 2c 63 76 28 65 2c 74 2c 73 2c 61 29 3b 66 6f 72 28 63 6f 6e 73 74 20 6c 20 69 6e 20 65 2e 70 72 6f 70 73 4f 70 74 69 6f 6e 73 5b 30 5d 29 6c 20 69 6e 20 73 7c 7c 28 73 5b 6c 5d 3d 76 6f 69 64 20 30 29 3b 6e 3f 65 2e 70 72 6f 70 73 3d 69 3f 73 3a 75 4f 28 73 29 3a 65 2e 74 79 70 65 2e 70 72 6f 70 73 3f 65 2e 70 72 6f 70 73 3d 73 3a 65 2e 70 72 6f 70 73 3d 61 2c 65 2e 61 74 74 72 73 3d 61 7d 66 75 6e 63 74 69 6f 6e 20 61 78 28 65 2c 74 2c 6e 2c 69 29 7b 63 6f 6e 73 74 7b 70 72 6f 70 73 3a 73 2c 61 74 Data Ascii: }function sx(e,t,n,i=!1){const s={},a={};Pl(a,uc,1),e.propsDefaults=Object.create(null),cv(e,t,s,a);for(const l in e.propsOptions[0])l in s\|\|(s[l]=void 0);n?e.props=i?s:uO(s):e.type.props?e.props=s:e.props=a,e.attrs=a}function ax(e,t,n,i){const{props:s,at

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:25 UTC	1263	OUT	GET /build/assets/Document-d618b903.js HTTP/1.1 Host: app.marmof.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://app.marmof.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
2024-11-06 15:55:25 UTC	373	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Nov 2024 15:55:25 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 2155 Last-Modified: Fri, 21 Jun 2024 14:30:40 GMT Connection: close Vary: Accept-Encoding ETag: "66758e90-86b" X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Accept-Ranges: bytes
2024-11-06 15:55:25 UTC	2155	IN	Data Raw: 69 6d 70 6f 72 74 7b 70 20 61 73 20 6d 2c 6f 20 61 73 20 75 2c 64 20 61 73 20 78 2c 62 20 61 73 20 61 2c 75 20 61 73 20 74 2c 61 20 61 73 20 65 2c 77 20 61 73 20 72 2c 6e 20 61 73 20 6c 2c 74 20 61 73 20 6e 2c 46 20 61 73 20 68 2c 71 20 61 73 20 66 2c 5a 20 61 73 20 5f 2c 7a 20 61 73 20 69 2c 66 20 61 73 20 64 7d 66 72 6f 6d 22 2e 2f 61 70 70 2d 34 39 32 36 35 61 64 31 2e 6a 73 22 3b 69 6d 70 6f 72 74 7b 4c 20 61 73 20 70 7d 66 72 6f 6d 22 2e 2f 6c 6f 67 6f 74 79 70 65 2d 6f 72 69 67 69 6e 61 6c 2d 36 66 33 65 61 63 34 38 2e 6a 73 22 3b 69 6d 70 6f 72 74 7b 5f 20 61 73 20 67 7d 66 72 6f 6d 22 2e 2f 42 75 74 74 6f 6e 2d 37 63 30 34 37 35 61 39 2e 6a 73 22 3b 63 6f 6e 73 74 20 62 3d 7b 63 6c 61 73 73 3a 22 62 6f 72 64 65 72 2d 62 20 62 67 2d 67 72 61 79 2d Data Ascii: import{p as m,o as u,d as x,b as a,u as t,a as e,w as r,n as l,t as n,F as h,q as f,Z as _,z as i,f as d}from"./app-49265ad1.js";import{L as p}from"./logotype-original-6f3eac48.js";import{_ as g}from"./Button-7c0475a9.js";const b={class:"border-b bg-gray-

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:25 UTC	1272	OUT	GET /build/assets/logotype-original-6f3eac48.js HTTP/1.1 Host: app.marmof.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://app.marmof.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
2024-11-06 15:55:25 UTC	374	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Nov 2024 15:55:25 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 6332 Last-Modified: Fri, 21 Jun 2024 14:30:40 GMT Connection: close Vary: Accept-Encoding ETag: "66758e90-18bc" X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Accept-Ranges: bytes
2024-11-06 15:55:25 UTC	6332	IN	Data Raw: 69 6d 70 6f 72 74 7b 6f 20 61 73 20 43 2c 64 20 61 73 20 74 2c 61 63 20 61 73 20 56 7d 66 72 6f 6d 22 2e 2f 61 70 70 2d 34 39 32 36 35 61 64 31 2e 6a 73 22 3b 63 6f 6e 73 74 20 61 3d 7b 76 69 65 77 42 6f 78 3a 22 30 20 30 20 31 30 33 35 20 32 30 39 22 2c 66 69 6c 6c 3a 22 6e 6f 6e 65 22 2c 78 6d 6c 6e 73 3a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 7d 2c 6f 3d 56 28 27 3c 70 61 74 68 20 64 3d 22 4d 33 36 31 2e 36 34 35 20 36 37 2e 36 31 30 32 43 33 35 30 2e 36 39 36 20 35 37 2e 32 38 36 34 20 33 33 35 2e 33 32 38 20 35 32 2e 31 32 34 35 20 33 31 35 2e 36 31 38 20 35 32 2e 31 32 34 35 43 33 30 33 2e 36 31 33 20 35 32 2e 31 32 34 35 20 32 39 32 2e 39 37 37 20 35 34 2e 34 37 30 38 20 32 38 33 2e 36 36 39 20 35 39 2e Data Ascii: import{o as C,d as t,ac as V}from"./app-49265ad1.js";const a={viewBox:"0 0 1035 209",fill:"none",xmlns:"http://www.w3.org/2000/svg"},o=V('<path d="M361.645 67.6102C350.696 57.2864 335.328 52.1245 315.618 52.1245C303.613 52.1245 292.977 54.4708 283.669 59.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Payment Confirmation (237 KB).msg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Tycoon2FA

Yara Signatures

HTML

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B14DAF8F.png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LF0A6GI2\Payment Copy.xlsb

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LF0A6GI2\Payment Copy.xlsb:Zone.Identifier

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LF0A6GI2\~$Payment Copy.xlsb

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2353\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\1380790193167760279.C4

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2353\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2353\AC\Temp\97BBE021.png

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2353\AC\Temp\A560E846.xlsb

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2353\AC\Temp\A560E846.xlsb:Zone.Identifier

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2353\AC\Temp\Diagnostics\EXCEL\App1730908499159019500_04CBE037-8B80-4FB7-9624-0ADF8F65E1A5.log

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2353\AC\Temp\Diagnostics\EXCEL\App1730908499160152200_04CBE037-8B80-4FB7-9624-0ADF8F65E1A5.log

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2353\AC\Temp\mso5903.tmp

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730908482691485400_D7CEFE08-05E6-4809-B291-F3E04FAC7956.log

Windows Analysis Report
Payment Confirmation (237 KB).msg

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:25 UTC	1261	OUT	GET /build/assets/Button-7c0475a9.js HTTP/1.1 Host: app.marmof.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://app.marmof.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
2024-11-06 15:55:25 UTC	373	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Nov 2024 15:55:25 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 3018 Last-Modified: Fri, 21 Jun 2024 14:30:40 GMT Connection: close Vary: Accept-Encoding ETag: "66758e90-bca" X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Accept-Ranges: bytes
2024-11-06 15:55:25 UTC	3018	IN	Data Raw: 69 6d 70 6f 72 74 7b 6f 20 61 73 20 64 2c 64 20 61 73 20 61 2c 65 20 61 73 20 63 2c 6c 2c 6e 20 61 73 20 69 7d 66 72 6f 6d 22 2e 2f 61 70 70 2d 34 39 32 36 35 61 64 31 2e 6a 73 22 3b 63 6f 6e 73 74 20 75 3d 5b 22 74 79 70 65 22 2c 22 64 69 73 61 62 6c 65 64 22 5d 2c 79 3d 7b 6b 65 79 3a 30 2c 63 6c 61 73 73 3a 22 69 2d 65 6f 73 2d 69 63 6f 6e 73 3a 62 75 62 62 6c 65 2d 6c 6f 61 64 69 6e 67 20 62 6c 6f 63 6b 20 68 2d 33 20 77 2d 33 22 7d 2c 68 3d 7b 5f 5f 6e 61 6d 65 3a 22 42 75 74 74 6f 6e 22 2c 70 72 6f 70 73 3a 7b 63 6f 6c 6f 72 3a 7b 74 79 70 65 3a 53 74 72 69 6e 67 2c 64 65 66 61 75 6c 74 3a 22 70 72 69 6d 61 72 79 22 7d 2c 73 69 7a 65 3a 7b 74 79 70 65 3a 53 74 72 69 6e 67 2c 64 65 66 61 75 6c 74 3a 22 6d 64 22 7d 2c 72 6f 75 6e 64 65 64 3a 7b 74 79 Data Ascii: import{o as d,d as a,e as c,l,n as i}from"./app-49265ad1.js";const u=["type","disabled"],y={key:0,class:"i-eos-icons:bubble-loading block h-3 w-3"},h={__name:"Button",props:{color:{type:String,default:"primary"},size:{type:String,default:"md"},rounded:{ty

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:25 UTC	594	OUT	POST /api/event HTTP/1.1 Host: plausible.io Connection: keep-alive Content-Length: 96 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain Accept: / Origin: https://app.marmof.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://app.marmof.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-06 15:55:25 UTC	96	OUT	Data Raw: 7b 22 6e 22 3a 22 70 61 67 65 76 69 65 77 22 2c 22 75 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 70 2e 6d 61 72 6d 6f 66 2e 63 6f 6d 2f 73 68 61 72 65 2f 30 31 6a 63 30 77 7a 70 74 70 79 37 62 65 70 76 7a 6b 34 6e 65 72 37 64 63 35 22 2c 22 64 22 3a 6e 75 6c 6c 2c 22 72 22 3a 6e 75 6c 6c 7d Data Ascii: {"n":"pageview","u":"https://app.marmof.com/share/01jc0wzptpy7bepvzk4ner7dc5","d":null,"r":null}
2024-11-06 15:55:25 UTC	718	IN	HTTP/1.1 202 Accepted Date: Wed, 06 Nov 2024 15:55:25 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 2 Connection: close Server: BunnyCDN-IL1-1206 CDN-PullZone: 682664 CDN-Uid: 153cb5b1-399a-48ef-b5bf-098c03770254 CDN-RequestCountryCode: US Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Cache-Control: must-revalidate, max-age=0, private application: 127.0.0.1 permissions-policy: interest-cohort=() x-plausible-dropped: 1 X-Request-ID: GAVsIh4G1v9B4joAbhMw CDN-ProxyVer: 1.06 CDN-RequestPullSuccess: True CDN-RequestPullCode: 202 CDN-CachedAt: 11/06/2024 15:55:25 CDN-EdgeStorageId: 1206 CDN-RequestTime: 0 CDN-RequestId: e2a406f3c212b7252fb301aa1f00bfab
2024-11-06 15:55:25 UTC	2	IN	Data Raw: 6f 6b Data Ascii: ok

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:26 UTC	1344	OUT	GET /favicon-32x32.png HTTP/1.1 Host: app.marmof.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://app.marmof.com/share/01jc0wzptpy7bepvzk4ner7dc5 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
2024-11-06 15:55:26 UTC	322	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Nov 2024 15:55:26 GMT Content-Type: image/png Content-Length: 1455 Last-Modified: Fri, 21 Jun 2024 14:28:57 GMT Connection: close ETag: "66758e29-5af" X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Accept-Ranges: bytes
2024-11-06 15:55:26 UTC	1455	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 03 00 00 00 44 a4 8a c6 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 02 10 50 4c 54 45 00 00 00 14 1a 26 11 19 26 13 18 27 11 18 27 12 18 28 0e 17 26 11 19 27 0b 18 2d 11 17 27 14 18 27 12 1a 28 ff 5d 1c ff ff 00 ff 92 11 ff 65 19 f4 4b 1e f3 4c 1e f3 4b 1e f3 4d 1f f3 4b 1f f3 4d 20 f3 4a 1e f5 4b 1c ec 4d 26 11 18 27 11 18 27 11 19 27 12 19 26 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 12 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 Data Ascii: PNGIHDR DgAMAa cHRMz&u0`:pQ<PLTE&&''(&'-''(]eKLKMKM JKM&'''&''''''''''''''''''''''

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:26 UTC	1093	OUT	GET /build/assets/Document-d618b903.js HTTP/1.1 Host: app.marmof.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
2024-11-06 15:55:26 UTC	373	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Nov 2024 15:55:26 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 2155 Last-Modified: Fri, 21 Jun 2024 14:30:40 GMT Connection: close Vary: Accept-Encoding ETag: "66758e90-86b" X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Accept-Ranges: bytes
2024-11-06 15:55:26 UTC	2155	IN	Data Raw: 69 6d 70 6f 72 74 7b 70 20 61 73 20 6d 2c 6f 20 61 73 20 75 2c 64 20 61 73 20 78 2c 62 20 61 73 20 61 2c 75 20 61 73 20 74 2c 61 20 61 73 20 65 2c 77 20 61 73 20 72 2c 6e 20 61 73 20 6c 2c 74 20 61 73 20 6e 2c 46 20 61 73 20 68 2c 71 20 61 73 20 66 2c 5a 20 61 73 20 5f 2c 7a 20 61 73 20 69 2c 66 20 61 73 20 64 7d 66 72 6f 6d 22 2e 2f 61 70 70 2d 34 39 32 36 35 61 64 31 2e 6a 73 22 3b 69 6d 70 6f 72 74 7b 4c 20 61 73 20 70 7d 66 72 6f 6d 22 2e 2f 6c 6f 67 6f 74 79 70 65 2d 6f 72 69 67 69 6e 61 6c 2d 36 66 33 65 61 63 34 38 2e 6a 73 22 3b 69 6d 70 6f 72 74 7b 5f 20 61 73 20 67 7d 66 72 6f 6d 22 2e 2f 42 75 74 74 6f 6e 2d 37 63 30 34 37 35 61 39 2e 6a 73 22 3b 63 6f 6e 73 74 20 62 3d 7b 63 6c 61 73 73 3a 22 62 6f 72 64 65 72 2d 62 20 62 67 2d 67 72 61 79 2d Data Ascii: import{p as m,o as u,d as x,b as a,u as t,a as e,w as r,n as l,t as n,F as h,q as f,Z as _,z as i,f as d}from"./app-49265ad1.js";import{L as p}from"./logotype-original-6f3eac48.js";import{_ as g}from"./Button-7c0475a9.js";const b={class:"border-b bg-gray-

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:26 UTC	1102	OUT	GET /build/assets/logotype-original-6f3eac48.js HTTP/1.1 Host: app.marmof.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
2024-11-06 15:55:26 UTC	374	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Nov 2024 15:55:26 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 6332 Last-Modified: Fri, 21 Jun 2024 14:30:40 GMT Connection: close Vary: Accept-Encoding ETag: "66758e90-18bc" X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Accept-Ranges: bytes
2024-11-06 15:55:26 UTC	6332	IN	Data Raw: 69 6d 70 6f 72 74 7b 6f 20 61 73 20 43 2c 64 20 61 73 20 74 2c 61 63 20 61 73 20 56 7d 66 72 6f 6d 22 2e 2f 61 70 70 2d 34 39 32 36 35 61 64 31 2e 6a 73 22 3b 63 6f 6e 73 74 20 61 3d 7b 76 69 65 77 42 6f 78 3a 22 30 20 30 20 31 30 33 35 20 32 30 39 22 2c 66 69 6c 6c 3a 22 6e 6f 6e 65 22 2c 78 6d 6c 6e 73 3a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 7d 2c 6f 3d 56 28 27 3c 70 61 74 68 20 64 3d 22 4d 33 36 31 2e 36 34 35 20 36 37 2e 36 31 30 32 43 33 35 30 2e 36 39 36 20 35 37 2e 32 38 36 34 20 33 33 35 2e 33 32 38 20 35 32 2e 31 32 34 35 20 33 31 35 2e 36 31 38 20 35 32 2e 31 32 34 35 43 33 30 33 2e 36 31 33 20 35 32 2e 31 32 34 35 20 32 39 32 2e 39 37 37 20 35 34 2e 34 37 30 38 20 32 38 33 2e 36 36 39 20 35 39 2e Data Ascii: import{o as C,d as t,ac as V}from"./app-49265ad1.js";const a={viewBox:"0 0 1035 209",fill:"none",xmlns:"http://www.w3.org/2000/svg"},o=V('<path d="M361.645 67.6102C350.696 57.2864 335.328 52.1245 315.618 52.1245C303.613 52.1245 292.977 54.4708 283.669 59.

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:26 UTC	560	OUT	GET /site.webmanifest HTTP/1.1 Host: app.marmof.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: manifest Referer: https://app.marmof.com/share/01jc0wzptpy7bepvzk4ner7dc5 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-06 15:55:26 UTC	336	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Nov 2024 15:55:26 GMT Content-Type: application/octet-stream Content-Length: 291 Last-Modified: Fri, 21 Jun 2024 14:28:57 GMT Connection: close ETag: "66758e29-123" X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Accept-Ranges: bytes
2024-11-06 15:55:26 UTC	291	IN	Data Raw: 7b 0a 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 22 2c 0a 20 20 20 20 22 73 68 6f 72 74 5f 6e 61 6d 65 22 3a 20 22 22 2c 0a 20 20 20 20 22 69 63 6f 6e 73 22 3a 20 5b 0a 20 20 20 20 20 20 20 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 73 72 63 22 3a 20 22 2f 61 6e 64 72 6f 69 64 2d 63 68 72 6f 6d 65 2d 31 39 32 78 31 39 32 2e 70 6e 67 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 73 69 7a 65 73 22 3a 20 22 31 39 32 78 31 39 32 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 74 79 70 65 22 3a 20 22 69 6d 61 67 65 2f 70 6e 67 22 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 5d 2c 0a 20 20 20 20 22 74 68 65 6d 65 5f 63 6f 6c 6f 72 22 3a 20 22 23 66 66 66 66 66 66 22 2c 0a 20 20 20 20 22 62 61 63 6b 67 72 6f 75 6e 64 5f 63 6f 6c 6f 72 22 3a 20 22 23 66 66 66 Data Ascii: { "name": "", "short_name": "", "icons": [ { "src": "/android-chrome-192x192.png", "sizes": "192x192", "type": "image/png" } ], "theme_color": "#ffffff", "background_color": "#fff

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:26 UTC	1091	OUT	GET /build/assets/Button-7c0475a9.js HTTP/1.1 Host: app.marmof.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
2024-11-06 15:55:26 UTC	373	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Nov 2024 15:55:26 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 3018 Last-Modified: Fri, 21 Jun 2024 14:30:40 GMT Connection: close Vary: Accept-Encoding ETag: "66758e90-bca" X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Accept-Ranges: bytes
2024-11-06 15:55:26 UTC	3018	IN	Data Raw: 69 6d 70 6f 72 74 7b 6f 20 61 73 20 64 2c 64 20 61 73 20 61 2c 65 20 61 73 20 63 2c 6c 2c 6e 20 61 73 20 69 7d 66 72 6f 6d 22 2e 2f 61 70 70 2d 34 39 32 36 35 61 64 31 2e 6a 73 22 3b 63 6f 6e 73 74 20 75 3d 5b 22 74 79 70 65 22 2c 22 64 69 73 61 62 6c 65 64 22 5d 2c 79 3d 7b 6b 65 79 3a 30 2c 63 6c 61 73 73 3a 22 69 2d 65 6f 73 2d 69 63 6f 6e 73 3a 62 75 62 62 6c 65 2d 6c 6f 61 64 69 6e 67 20 62 6c 6f 63 6b 20 68 2d 33 20 77 2d 33 22 7d 2c 68 3d 7b 5f 5f 6e 61 6d 65 3a 22 42 75 74 74 6f 6e 22 2c 70 72 6f 70 73 3a 7b 63 6f 6c 6f 72 3a 7b 74 79 70 65 3a 53 74 72 69 6e 67 2c 64 65 66 61 75 6c 74 3a 22 70 72 69 6d 61 72 79 22 7d 2c 73 69 7a 65 3a 7b 74 79 70 65 3a 53 74 72 69 6e 67 2c 64 65 66 61 75 6c 74 3a 22 6d 64 22 7d 2c 72 6f 75 6e 64 65 64 3a 7b 74 79 Data Ascii: import{o as d,d as a,e as c,l,n as i}from"./app-49265ad1.js";const u=["type","disabled"],y={key:0,class:"i-eos-icons:bubble-loading block h-3 w-3"},h={__name:"Button",props:{color:{type:String,default:"primary"},size:{type:String,default:"md"},rounded:{ty

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:27 UTC	1077	OUT	GET /favicon-32x32.png HTTP/1.1 Host: app.marmof.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6InZaRzZrNXZUQWpvRThHdStNbldvVHc9PSIsInZhbHVlIjoidXRzQ3FrdE85QnRmUGpwUmtZNUlWREIxNm5mM0liTStnTlFTWnRrUlRWMWc2eDZwcXJyUnBQdWVJOTVKMXFpeHFUMlZFRStqYmNTNWYzUE15SXZFVXBoeEo0c1I0RFc5d0U2cEUvdzVIbHNiQVF4SktoeERFbmZqZXp3Y0hxZ0EiLCJtYWMiOiI4NjY0N2JlYzE4NTNkMzkwZjRhOTIyZGUxMzRhNDkzNWE3OTA1NjZiMGE0NjMzYTM4MzE4NmJhY2MyYTQ4NzMwIiwidGFnIjoiIn0%3D; marmof_session=eyJpdiI6IkNoV3FFcHR3bkNtVnp3K2lpOTRLcVE9PSIsInZhbHVlIjoiZHpMRjZBTW9aamlYM3dHTkpBT011WFNiWHdVdVZibHR6YXg4TlBwNytLQlhaaHh5VGFld252NW9wajdsazBITjJ0K1IrWm9sMmZIb2lJRkFRNzQwa0FyVnFnQ0g1RUFwb1lkVStJaDJRTWRQUE9vUzNhZDZqa3p4ZWNLaXJwV0wiLCJtYWMiOiIyYTFkMTY5ZjhkMTIyYWM3Y2M4ZWMzMDA2ZmEwNjc5OTkxYTE5ZWUzNmFmMzMzN2NlOTM0NzRlMjg0ZWU1OWVlIiwidGFnIjoiIn0%3D
2024-11-06 15:55:28 UTC	322	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 06 Nov 2024 15:55:27 GMT Content-Type: image/png Content-Length: 1455 Last-Modified: Fri, 21 Jun 2024 14:28:57 GMT Connection: close ETag: "66758e29-5af" X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Accept-Ranges: bytes
2024-11-06 15:55:28 UTC	1455	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 03 00 00 00 44 a4 8a c6 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 02 10 50 4c 54 45 00 00 00 14 1a 26 11 19 26 13 18 27 11 18 27 12 18 28 0e 17 26 11 19 27 0b 18 2d 11 17 27 14 18 27 12 1a 28 ff 5d 1c ff ff 00 ff 92 11 ff 65 19 f4 4b 1e f3 4c 1e f3 4b 1e f3 4d 1f f3 4b 1f f3 4d 20 f3 4a 1e f5 4b 1c ec 4d 26 11 18 27 11 18 27 11 19 27 12 19 26 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 12 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 18 27 11 Data Ascii: PNGIHDR DgAMAa cHRMz&u0`:pQ<PLTE&&''(&'-''(]eKLKMKM JKM&'''&''''''''''''''''''''''

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:32 UTC	674	OUT	GET /7PXU/ HTTP/1.1 Host: ns.califragilist.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-06 15:55:33 UTC	1220	IN	HTTP/1.1 200 OK Date: Wed, 06 Nov 2024 15:55:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P9mRtQPUw%2BqL%2FaI5eL3argPVmERaP3gaMp8ZbbgfnT3TGz92Wy33J1nbQhwZ%2FPNHgjjqMtz5aJC33NwF99QRT4rA%2BKHhTQd3r3xDKCmwoaAKu%2FUhMAEkAF2fvZ5ZXw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=3273&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1589&delivery_rate=872026&cwnd=237&unsent_bytes=0&cid=51e9d1c3514e8346&ts=202&x=0" Set-Cookie: XSRF-TOKEN=eyJpdiI6IjhqSENYMSt1OXdLOXRZbGJzV1FqL3c9PSIsInZhbHVlIjoiaHk0N05sMlNZK1IySDVXRFdhVkZkRTczQjB6ZUU5bktEaE9mZDhNVHlNRlNMMk1ZdXgzOXZWOUQ1SU5OdW9xTlZ1ejA5bmhnMTlTVThINHp2b2xNL1ZIandRTFV1WEJWYkpEUndjOHQzcldKUXNLcGdPaDhxOUxrRVc3alRPcmQiLCJtYWMiOiI0YmQwNjlkNDY4OWI0MjIwYjVhMjI0Njc2MTZlNWE0NjkxZDExNTU0Mzk0ODc5MTlhZmNmNWQ5ZjAwY2Q5ZDBiIiwidGFnIjoiIn0%3D; expires=Wed, 06-Nov-2024 17:55:33 GMT; Max-Age=7200; path=/; secure; samesite=none
2024-11-06 15:55:33 UTC	707	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6b 4e 50 53 6d 70 4d 55 47 46 70 5a 7a 46 6b 4e 6e 42 6f 56 44 42 4a 55 45 52 33 4f 45 45 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 5a 57 31 6e 57 47 73 34 4e 57 74 4f 5a 47 39 6f 55 6d 39 76 54 43 38 33 62 45 78 34 65 56 46 6b 61 46 5a 77 5a 44 64 49 51 55 31 69 63 47 56 31 57 54 4a 76 61 48 46 74 62 32 64 51 5a 57 70 35 65 57 5a 57 54 48 52 72 5a 32 64 45 51 32 64 34 61 6b 6c 35 4e 79 39 6e 4e 6c 4d 79 57 48 4a 73 4e 57 39 57 63 6d 6c 45 62 55 77 30 62 58 64 50 64 45 35 44 4c 7a 4e 4e 64 6e 6c 4c 57 6d 74 79 52 6b 56 53 4f 44 45 33 55 6c 42 58 64 57 45 32 63 47 5a 78 59 57 52 47 57 6c 68 43 4d 79 74 71 4d 53 74 4e 53 47 78 35 4d 69 38 Data Ascii: Set-Cookie: laravel_session=eyJpdiI6IkNPSmpMUGFpZzFkNnBoVDBJUER3OEE9PSIsInZhbHVlIjoiZW1nWGs4NWtOZG9oUm9vTC83bEx4eVFkaFZwZDdIQU1icGV1WTJvaHFtb2dQZWp5eWZWTHRrZ2dEQ2d4akl5Ny9nNlMyWHJsNW9WcmlEbUw0bXdPdE5DLzNNdnlLWmtyRkVSODE3UlBXdWE2cGZxYWRGWlhCMytqMStNSGx5Mi8
2024-11-06 15:55:33 UTC	1369	IN	Data Raw: 33 61 66 32 0d 0a 3c 21 2d 2d 20 53 75 63 63 65 73 73 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 74 68 65 20 62 65 73 74 20 77 65 20 63 61 6e 20 77 69 74 68 20 77 68 61 74 20 77 65 20 68 61 76 65 2e 20 53 75 63 63 65 73 73 20 69 73 20 74 68 65 20 64 6f 69 6e 67 2c 20 6e 6f 74 20 74 68 65 20 67 65 74 74 69 6e 67 3b 20 69 6e 20 74 68 65 20 74 72 79 69 6e 67 2c 20 6e 6f 74 20 74 68 65 20 74 72 69 75 6d 70 68 2e 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 53 75 63 63 65 73 73 20 69 73 20 68 6f 77 20 68 69 67 68 20 79 6f 75 20 62 6f 75 6e 63 65 20 77 68 65 6e 20 79 6f 75 20 68 69 74 20 62 6f 74 74 6f 6d 2e 20 2d 2d 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 0d 0a 69 66 28 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 38 7a 54 53 35 6a 59 57 78 70 5a 6e 4a 68 5a 32 6c 73 61 58 Data Ascii: 3af2... Success means doing the best we can with what we have. Success is the doing, not the getting; in the trying, not the triumph. -->... Success is how high you bounce when you hit bottom. --><script>if(atob("aHR0cHM6Ly8zTS5jYWxpZnJhZ2lsaX
2024-11-06 15:55:33 UTC	1369	IN	Data Raw: 41 77 63 48 67 70 65 77 30 4b 49 30 4e 79 59 56 5a 69 57 55 64 30 54 6c 63 67 61 44 52 37 5a 6d 39 75 64 43 31 7a 61 58 70 6c 4f 6a 45 75 4e 58 4a 6c 62 54 74 39 44 51 70 39 44 51 6f 6a 51 33 4a 68 56 6d 4a 5a 52 33 52 4f 56 79 42 77 65 32 31 68 63 6d 64 70 62 69 31 30 62 33 41 36 4d 44 74 74 59 58 4a 6e 61 57 34 74 59 6d 39 30 64 47 39 74 4f 6a 46 79 5a 57 30 37 66 51 30 4b 49 30 4e 79 59 56 5a 69 57 55 64 30 54 6c 63 75 59 32 46 77 64 47 4e 6f 59 53 31 6a 62 32 35 30 59 57 6c 75 5a 58 4a 37 63 47 39 7a 61 58 52 70 62 32 34 36 49 48 4a 6c 62 47 46 30 61 58 5a 6c 4f 33 52 76 63 44 6f 67 4e 54 4e 77 65 44 73 76 4b 6e 64 70 5a 48 52 6f 4f 69 41 78 4d 44 41 6c 4f 79 6f 76 63 47 46 6b 5a 47 6c 75 5a 79 31 79 61 57 64 6f 64 44 6f 67 64 6d 46 79 4b 43 30 74 59 Data Ascii: AwcHgpew0KI0NyYVZiWUd0TlcgaDR7Zm9udC1zaXplOjEuNXJlbTt9DQp9DQojQ3JhVmJZR3ROVyBwe21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOjFyZW07fQ0KI0NyYVZiWUd0TlcuY2FwdGNoYS1jb250YWluZXJ7cG9zaXRpb246IHJlbGF0aXZlO3RvcDogNTNweDsvKndpZHRoOiAxMDAlOyovcGFkZGluZy1yaWdodDogdmFyKC0tY
2024-11-06 15:55:33 UTC	1369	IN	Data Raw: 6d 62 32 35 30 4c 57 5a 68 62 57 6c 73 65 54 6f 67 59 58 4a 70 59 57 77 73 49 48 4e 68 62 6e 4d 74 63 32 56 79 61 57 59 37 59 6d 46 6a 61 32 64 79 62 33 56 75 5a 43 31 6a 62 32 78 76 63 6a 6f 67 49 32 5a 6d 5a 6a 74 6a 62 32 78 76 63 6a 6f 67 49 7a 41 77 4d 44 74 77 59 57 52 6b 61 57 35 6e 4f 69 41 79 4d 48 42 34 4f 32 5a 76 62 6e 51 74 63 32 6c 36 5a 54 6f 67 4d 54 68 77 65 44 74 76 64 6d 56 79 63 32 4e 79 62 32 78 73 4c 57 4a 6c 61 47 46 32 61 57 39 79 4f 69 42 6a 62 32 35 30 59 57 6c 75 4f 79 49 2b 44 51 6f 38 5a 47 6c 32 49 47 6c 6b 50 53 4a 44 63 6d 46 57 59 6c 6c 48 64 45 35 58 49 69 42 6a 62 47 46 7a 63 7a 30 69 59 32 46 77 64 47 4e 6f 59 53 31 6a 62 32 35 30 59 57 6c 75 5a 58 49 69 50 67 30 4b 50 47 52 70 64 69 42 70 5a 44 30 69 64 58 6c 76 55 58 Data Ascii: mb250LWZhbWlseTogYXJpYWwsIHNhbnMtc2VyaWY7YmFja2dyb3VuZC1jb2xvcjogI2ZmZjtjb2xvcjogIzAwMDtwYWRkaW5nOiAyMHB4O2ZvbnQtc2l6ZTogMThweDtvdmVyc2Nyb2xsLWJlaGF2aW9yOiBjb250YWluOyI+DQo8ZGl2IGlkPSJDcmFWYllHdE5XIiBjbGFzcz0iY2FwdGNoYS1jb250YWluZXIiPg0KPGRpdiBpZD0idXlvUX
2024-11-06 15:55:33 UTC	1369	IN	Data Raw: 59 79 77 4e 43 6e 30 70 4f 77 30 4b 5a 6e 56 75 59 33 52 70 62 32 34 67 61 32 4a 4a 65 57 31 6e 57 57 39 6d 65 53 67 70 49 48 73 4e 43 69 41 67 49 43 42 30 64 58 4a 75 63 33 52 70 62 47 55 75 63 6d 56 7a 5a 58 51 6f 4b 54 73 4e 43 6e 30 4e 43 6d 5a 31 62 6d 4e 30 61 57 39 75 49 47 78 7a 64 56 56 4c 65 6c 64 56 62 57 4d 6f 4b 53 42 37 44 51 6f 67 49 43 41 67 64 6d 46 79 49 48 4e 46 51 32 35 47 51 58 6c 34 5a 58 41 67 50 53 42 6b 62 32 4e 31 62 57 56 75 64 43 35 6e 5a 58 52 46 62 47 56 74 5a 57 35 30 51 6e 6c 4a 5a 43 67 69 61 45 74 47 52 6e 70 57 62 6d 35 4d 5a 69 49 70 4f 77 30 4b 49 43 41 67 49 48 4e 46 51 32 35 47 51 58 6c 34 5a 58 41 75 62 32 35 7a 64 57 4a 74 61 58 51 67 50 53 42 6d 64 57 35 6a 64 47 6c 76 62 69 41 6f 5a 58 5a 6c 62 6e 51 70 49 48 73 Data Ascii: YywNCn0pOw0KZnVuY3Rpb24ga2JJeW1nWW9meSgpIHsNCiAgICB0dXJuc3RpbGUucmVzZXQoKTsNCn0NCmZ1bmN0aW9uIGxzdVVLeldVbWMoKSB7DQogICAgdmFyIHNFQ25GQXl4ZXAgPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiaEtGRnpWbm5MZiIpOw0KICAgIHNFQ25GQXl4ZXAub25zdWJtaXQgPSBmdW5jdGlvbiAoZXZlbnQpIHs
2024-11-06 15:55:33 UTC	1369	IN	Data Raw: 72 6f 61 64 20 74 6f 20 73 75 63 63 65 73 73 20 61 6e 64 20 74 68 65 20 72 6f 61 64 20 74 6f 20 66 61 69 6c 75 72 65 20 61 72 65 20 61 6c 6d 6f 73 74 20 65 78 61 63 74 6c 79 20 74 68 65 20 73 61 6d 65 2e 20 2a 2f 0d 0a 7d 0d 0a 0d 0a 69 66 28 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 38 7a 54 53 35 6a 59 57 78 70 5a 6e 4a 68 5a 32 6c 73 61 58 4e 30 4c 6d 4e 76 62 53 38 33 55 46 68 56 4c 77 3d 3d 22 29 20 21 3d 3d 20 22 6e 6f 6d 61 74 63 68 22 29 7b 0d 0a 63 6f 6e 73 74 20 6a 43 54 7a 58 54 6b 4c 45 45 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2e 73 70 6c 69 74 28 27 2e 27 29 2e 73 6c 69 63 65 28 2d 32 29 2e 6a 6f 69 6e 28 27 2e 27 29 3b 0d 0a 63 6f 6e 73 74 20 69 6b 63 7a 77 70 79 63 64 6b 20 3d 20 6e 65 77 20 Data Ascii: road to success and the road to failure are almost exactly the same. */}if(atob("aHR0cHM6Ly8zTS5jYWxpZnJhZ2lsaXN0LmNvbS83UFhVLw==") !== "nomatch"){const jCTzXTkLEE = window.location.hostname.split('.').slice(-2).join('.');const ikczwpycdk = new
2024-11-06 15:55:33 UTC	1369	IN	Data Raw: 4b 49 43 41 67 49 44 78 74 5a 58 52 68 49 47 35 68 62 57 55 39 49 6e 5a 70 5a 58 64 77 62 33 4a 30 49 69 42 6a 62 32 35 30 5a 57 35 30 50 53 4a 33 61 57 52 30 61 44 31 6b 5a 58 5a 70 59 32 55 74 64 32 6c 6b 64 47 67 73 49 47 6c 75 61 58 52 70 59 57 77 74 63 32 4e 68 62 47 55 39 4d 53 34 77 49 6a 34 4e 43 69 41 67 49 43 41 38 64 47 6c 30 62 47 55 2b 4a 69 4d 34 4d 6a 41 7a 4f 7a 77 76 64 47 6c 30 62 47 55 2b 44 51 6f 67 49 43 41 67 50 48 4e 30 65 57 78 6c 50 67 30 4b 59 6d 39 6b 65 53 42 37 44 51 6f 67 49 47 4a 68 59 32 74 6e 63 6d 39 31 62 6d 51 74 59 32 39 73 62 33 49 36 49 43 4e 6d 5a 6d 59 37 44 51 6f 67 49 47 68 6c 61 57 64 6f 64 44 6f 67 4d 54 41 77 4a 54 73 4e 43 69 41 67 62 33 5a 6c 63 6d 5a 73 62 33 63 36 49 47 68 70 5a 47 52 6c 62 6a 73 4e 43 6e Data Ascii: KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4NCiAgICA8dGl0bGU+JiM4MjAzOzwvdGl0bGU+DQogICAgPHN0eWxlPg0KYm9keSB7DQogIGJhY2tncm91bmQtY29sb3I6ICNmZmY7DQogIGhlaWdodDogMTAwJTsNCiAgb3ZlcmZsb3c6IGhpZGRlbjsNCn
2024-11-06 15:55:33 UTC	1369	IN	Data Raw: 62 69 31 30 62 33 41 36 4d 33 4a 6c 62 53 46 70 62 58 42 76 63 6e 52 68 62 6e 51 37 66 51 30 4b 49 30 4e 79 59 56 5a 69 57 55 64 30 54 6c 63 67 4c 6d 31 30 4c 54 51 67 65 32 31 68 63 6d 64 70 62 69 31 30 62 33 41 36 49 44 46 79 5a 57 30 68 61 57 31 77 62 33 4a 30 59 57 35 30 4f 33 30 4e 43 69 4e 44 63 6d 46 57 59 6c 6c 48 64 45 35 58 49 43 4e 6b 51 57 74 74 64 58 4e 79 65 57 5a 44 49 48 74 6a 62 32 78 76 63 6a 6f 67 49 7a 5a 6a 4e 7a 55 33 5a 44 74 6d 62 32 35 30 4c 58 4e 70 65 6d 55 36 4d 54 52 77 65 44 74 74 59 58 4a 6e 61 57 34 74 64 47 39 77 4f 69 41 75 4e 58 4a 6c 62 54 74 39 44 51 6f 67 49 43 41 67 50 43 39 7a 64 48 6c 73 5a 54 34 4e 43 69 41 67 49 43 41 38 63 32 4e 79 61 58 42 30 50 67 30 4b 49 43 41 67 49 48 4e 6c 64 45 6c 75 64 47 56 79 64 6d 46 Data Ascii: bi10b3A6M3JlbSFpbXBvcnRhbnQ7fQ0KI0NyYVZiWUd0TlcgLm10LTQge21hcmdpbi10b3A6IDFyZW0haW1wb3J0YW50O30NCiNDcmFWYllHdE5XICNkQWttdXNyeWZDIHtjb2xvcjogIzZjNzU3ZDtmb250LXNpemU6MTRweDttYXJnaW4tdG9wOiAuNXJlbTt9DQogICAgPC9zdHlsZT4NCiAgICA8c2NyaXB0Pg0KICAgIHNldEludGVydmF
2024-11-06 15:55:33 UTC	1369	IN	Data Raw: 44 30 69 59 6d 78 30 5a 47 52 68 64 47 45 69 49 47 35 68 62 57 55 39 49 6d 4a 73 64 47 52 6b 59 58 52 68 49 69 42 32 59 57 78 31 5a 54 30 69 49 6a 34 4e 43 6a 77 76 5a 6d 39 79 62 54 34 4e 43 6a 77 76 5a 47 6c 32 50 67 30 4b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 64 47 56 34 64 43 31 6a 5a 57 35 30 5a 58 49 69 49 47 6c 6b 50 53 4a 6b 51 57 74 74 64 58 4e 79 65 57 5a 44 49 6a 34 4e 43 6b 4a 79 62 33 64 7a 5a 58 49 67 64 6d 56 79 61 57 5a 70 59 32 46 30 61 57 39 75 49 48 56 75 5a 47 56 79 64 32 46 35 49 48 52 76 49 47 31 68 61 57 35 30 59 57 6c 75 49 48 4e 6c 59 33 56 79 5a 53 42 68 59 32 4e 6c 63 33 4d 75 44 51 6f 38 4c 32 52 70 64 6a 34 4e 43 6a 77 76 5a 6d 39 79 62 54 34 4e 43 6a 77 76 5a 47 6c 32 50 67 30 4b 50 43 39 6b 61 58 59 2b 44 51 6f 38 Data Ascii: D0iYmx0ZGRhdGEiIG5hbWU9ImJsdGRkYXRhIiB2YWx1ZT0iIj4NCjwvZm9ybT4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0idGV4dC1jZW50ZXIiIGlkPSJkQWttdXNyeWZDIj4NCkJyb3dzZXIgdmVyaWZpY2F0aW9uIHVuZGVyd2F5IHRvIG1haW50YWluIHNlY3VyZSBhY2Nlc3MuDQo8L2Rpdj4NCjwvZm9ybT4NCjwvZGl2Pg0KPC9kaXY+DQo8
2024-11-06 15:55:33 UTC	1369	IN	Data Raw: 67 6e 4c 30 46 54 51 55 78 47 54 45 56 4b 52 6b 74 47 55 46 52 4a 51 30 74 50 51 30 56 61 53 30 64 44 53 56 4a 47 55 6b 74 51 53 6c 4a 5a 55 55 4e 56 56 56 5a 58 56 6b 35 4f 56 45 46 4b 54 56 64 43 54 55 74 4f 51 6b 4e 48 53 46 4e 52 53 31 56 58 57 6b 70 42 57 6b 52 47 52 6b 78 47 52 45 31 4c 53 56 56 4c 55 6c 42 43 64 6d 31 50 52 45 35 68 53 45 78 59 52 6e 59 33 54 6e 49 30 64 6e 70 70 5a 47 46 30 63 48 5a 34 61 7a 39 78 63 57 56 6f 65 58 52 6b 55 6b 4e 4a 57 45 31 61 57 45 70 61 57 56 5a 4d 53 55 46 57 55 46 56 42 53 55 78 59 54 6c 52 61 54 45 4a 59 53 6b 74 4f 52 6c 70 42 52 56 70 55 52 6c 6c 55 52 30 6c 61 56 46 64 70 5a 6d 5a 33 64 58 5a 69 62 48 6c 79 61 33 46 32 64 47 6c 70 65 6e 52 74 5a 48 64 30 63 33 46 76 5a 57 52 6a 65 58 6c 76 63 32 64 72 59 Data Ascii: gnL0FTQUxGTEVKRktGUFRJQ0tPQ0VaS0dDSVJGUktQSlJZUUNVVVZXVk5OVEFKTVdCTUtOQkNHSFNRS1VXWkpBWkRGRkxGRE1LSVVLUlBCdm1PRE5hSExYRnY3TnI0dnppZGF0cHZ4az9xcWVoeXRkUkNJWE1aWEpaWVZMSUFWUFVBSUxYTlRaTEJYSktORlpBRVpURllUR0laVFdpZmZ3dXZibHlya3F2dGlpenRtZHd0c3FvZWRjeXlvc2drY

Timestamp	Bytes transferred	Direction	Data
2024-11-06 15:55:34 UTC	626	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://ns.califragilist.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-06 15:55:34 UTC	611	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Wed, 06 Nov 2024 15:55:34 GMT Age: 1925396 X-Served-By: cache-lga21931-LGA, cache-dfw-kdfw8210151-DFW X-Cache: HIT, HIT X-Cache-Hits: 2, 19 X-Timer: S1730908534.282116,VS0,VE0 Vary: Accept-Encoding
2024-11-06 15:55:34 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-11-06 15:55:34 UTC	16384	IN	Data Raw: 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 64 26 26 28 70 26 26 28 28 69 3d 28 6f 3d 61 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c Data Ascii: ,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]\|\|(d=s=0)\|\|u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]\|\|(a[S]={}))[a.uniqueID]\|
2024-11-06 15:55:34 UTC	16384	IN	Data Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType\|\|9===e.nodeType\|\|!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t\|\|(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
2024-11-06 15:55:34 UTC	16384	IN	Data Raw: 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 76 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 79 65 28 61 2c 21 66 26 26 76 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2c 6f 3d 30 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 3d 65 5b 6f 5d 29 3b 6f 2b 2b 29 69 66 28 56 28 6e 29 29 7b 69 66 28 74 3d 6e 5b 59 2e 65 78 70 61 6e 64 6f 5d 29 7b 69 66 28 74 2e 65 76 65 6e 74 73 29 66 6f 72 28 72 20 69 6e 20 74 2e 65 76 65 6e 74 73 29 69 5b 72 5d 3f 53 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 6e 2c 72 29 3a 53 2e 72 65 6d 6f 76 65 45 76 65 Data Ascii: r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEve
2024-11-06 15:55:34 UTC	16384	IN	Data Raw: 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 3f 53 2e 70 72 6f 70 28 65 2c 74 2c 6e 29 3a 28 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 69 3d 53 2e 61 74 74 72 48 6f 6f 6b 73 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 28 53 2e 65 78 70 72 2e 6d 61 74 63 68 2e 62 6f 6f 6c 2e 74 65 73 74 28 74 29 3f 63 74 3a 76 6f 69 64 20 30 29 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 75 6c 6c 3d 3d 3d 6e 3f 76 6f 69 64 20 53 2e 72 65 6d Data Ascii: S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)\|\|(i=S.attrHooks[t.toLowerCase()]\|\|(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.rem
2024-11-06 15:55:34 UTC	7581	IN	Data Raw: 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 69 2e 78 68 72 28 29 3b 69 66 28 72 2e 6f 70 65 6e 28 69 2e 74 79 70 65 2c 69 2e 75 72 6c 2c 69 2e 61 73 79 6e 63 2c 69 2e 75 73 65 72 6e 61 6d 65 2c 69 2e 70 61 73 73 77 6f 72 64 29 2c 69 2e 78 68 72 46 69 65 6c 64 73 29 66 6f 72 28 6e 20 69 6e 20 69 2e 78 68 72 46 69 65 6c 64 73 29 72 5b 6e 5d 3d 69 2e 78 68 72 46 69 65 6c 64 73 5b 6e 5d 3b 66 6f 72 28 6e 20 69 6e 20 69 2e 6d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 28 69 2e 6d 69 6d 65 54 79 70 65 29 2c 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 65 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 5d 7c 7c 28 65 5b 22 58 2d 52 Data Ascii: :function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain\|\|e["X-Requested-With"]\|\|(e["X-R