Windows Analysis Report
https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d

Overview

General Information

Sample URL:	https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d
Analysis ID:	1431660
Infos:

Detection

HtmlDropper, HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Html Dropper

Yara detected HtmlPhish10

Yara detected Phisher

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Phishing site or detected (based on various text indicators)

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 6.13.pages.csv, type: HTML
Source: Yara match	File source: 6.11.pages.csv, type: HTML
Source: Yara match	File source: 6.12.pages.csv, type: HTML

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_144, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	Matcher: Template: microsoft matched
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	Matcher: Template: microsoft matched
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	Matcher: Template: microsoft matched

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 5.8

OCR Text: : Verifying... CLOUDFLARE Microsoft

HTML body contains low number of good links

Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normal

HTML title does not match URL

Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6

HTTP Parser: Title: 48ade125426303928d5f677b5fcc7664662a5b2072bb0 does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6

HTTP Parser: Invalid link: get a new Microsoft account

Source: https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d	HTTP Parser: No favicon
Source: https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d	HTTP Parser: No favicon
Source: https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw&co=aHR0cHM6Ly9hcHAucm9ibHkuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=p8li93kl222n	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normal	HTTP Parser: No favicon
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No favicon
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No favicon
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No favicon

Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No <meta name="author".. found
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No <meta name="author".. found
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No <meta name="author".. found

Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No <meta name="copyright".. found
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No <meta name="copyright".. found
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49780 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	HTTP traffic detected: GET /sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d HTTP/1.1Host: app.robly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/v2/public/landing_page/index-6496ce865c034b4fe3e0da5aa72ed444ff1bfdc0521fb3e17e24a979bbb8c14c.js HTTP/1.1Host: img.robly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _session_id=d3eacfdaa63ae6ce5266c4381ba98399
Source: global traffic	HTTP traffic detected: GET /rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBNjE4TlE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--ce055e808889d413a54d00ae1288f9226dde9842/fhf.png HTTP/1.1Host: api.contentsnare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBNXQ4TlE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--a14dfb6e4a77147fc68f3ab0dc4f0cd5ffd6d000/Pages%20from%202024-2025%20April%20Caleb%20Lease.docx.jpg HTTP/1.1Host: api.contentsnare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBMnQ4TlE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--720f0239b2f78880da8dd87337065e3ede51a191/Pages%20from%207953%20Cedar%20Drive%20Offer%5B83%5D.jpg HTTP/1.1Host: api.contentsnare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /n2v4rl2b327s1vid8g7nsn5ebkvj?response-content-disposition=inline%3B%20filename%3D%22fhf.png%22%3B%20filename%2A%3DUTF-8%27%27fhf.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEO7TYJAYQI5QCQQ%2F20240425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240425T133008Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=6526713a88cfa7d999f0cd7c9de37041e3485792cb3b05ba63508120daa8e335 HTTP/1.1Host: contentsnare-production.s3-accelerate.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /z0t4w7u8omptii0ahi8fvkg3o4b5?response-content-disposition=inline%3B%20filename%3D%22Pages%20from%202024-2025%20April%20Caleb%20Lease.docx.jpg%22%3B%20filename%2A%3DUTF-8%27%27Pages%2520from%25202024-2025%2520April%2520Caleb%2520Lease.docx.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEO7TYJAYQI5QCQQ%2F20240425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240425T133008Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=e247b392a5d99122054d893c7b254dc88b03abcb849b6228ee64c969cca4ae63 HTTP/1.1Host: contentsnare-production.s3-accelerate.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /id4bw8i9c1l9f4v2rng272la9b53?response-content-disposition=inline%3B%20filename%3D%22Pages%20from%207953%20Cedar%20Drive%20Offer%255B83%255D.jpg%22%3B%20filename%2A%3DUTF-8%27%27Pages%2520from%25207953%2520Cedar%2520Drive%2520Offer%255B83%255D.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEO7TYJAYQI5QCQQ%2F20240425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240425T133008Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=b19cd8bfd37111eacd64b16cd2d43f38824f756d2b9a6e9642686b8393c5c0c2 HTTP/1.1Host: contentsnare-production.s3-accelerate.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /n2v4rl2b327s1vid8g7nsn5ebkvj?response-content-disposition=inline%3B%20filename%3D%22fhf.png%22%3B%20filename%2A%3DUTF-8%27%27fhf.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEO7TYJAYQI5QCQQ%2F20240425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240425T133008Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=6526713a88cfa7d999f0cd7c9de37041e3485792cb3b05ba63508120daa8e335 HTTP/1.1Host: contentsnare-production.s3-accelerate.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /z0t4w7u8omptii0ahi8fvkg3o4b5?response-content-disposition=inline%3B%20filename%3D%22Pages%20from%202024-2025%20April%20Caleb%20Lease.docx.jpg%22%3B%20filename%2A%3DUTF-8%27%27Pages%2520from%25202024-2025%2520April%2520Caleb%2520Lease.docx.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEO7TYJAYQI5QCQQ%2F20240425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240425T133008Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=e247b392a5d99122054d893c7b254dc88b03abcb849b6228ee64c969cca4ae63 HTTP/1.1Host: contentsnare-production.s3-accelerate.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /id4bw8i9c1l9f4v2rng272la9b53?response-content-disposition=inline%3B%20filename%3D%22Pages%20from%207953%20Cedar%20Drive%20Offer%255B83%255D.jpg%22%3B%20filename%2A%3DUTF-8%27%27Pages%2520from%25207953%2520Cedar%2520Drive%2520Offer%255B83%255D.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEO7TYJAYQI5QCQQ%2F20240425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240425T133008Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=b19cd8bfd37111eacd64b16cd2d43f38824f756d2b9a6e9642686b8393c5c0c2 HTTP/1.1Host: contentsnare-production.s3-accelerate.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw&co=aHR0cHM6Ly9hcHAucm9ibHkuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=p8li93kl222n HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw&co=aHR0cHM6Ly9hcHAucm9ibHkuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=p8li93kl222nAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/bg/lkTXq49YG5_ej1w7m4T9Nw_1Lx1Ocd1gteWQpsfV_Tk.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw&co=aHR0cHM6Ly9hcHAucm9ibHkuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=p8li93kl222nAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /nr-rum-1.257.0.min.js HTTP/1.1Host: js-agent.newrelic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://app.robly.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: app.robly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _session_id=d3eacfdaa63ae6ce5266c4381ba98399; _ga_GWR6DEECHX=GS1.1.1714051808.1.0.1714051808.0.0.0; _ga=GA1.1.660345662.1714051809
Source: global traffic	HTTP traffic detected: GET /js/bg/fyCF3lmo_OYnC_9rGWUF-CeQvtOEKKrTUK_XXS1Fd1s.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVwAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA4FZyNsaNE7-9uQkNBql1kxIYkOSyDw6ux814X4q-qVDRD-GTznrIshOU9-qF9Banu-WAyZ3DJM9mqROfBcPxrWwIosE3BC2sGY434woUXFGDcCL9Cmu0nvsy6OO0HrsSrzS5PCKeh6sI5Fc7mgdOw0F5UDaA1x2yjVGl7EVLbUUG9AK6egYXmp1k5sLEwJmISM6yGH&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVwAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AKPP-6d-m3A0uq6XaK5Wrd6tGGlp9Fkh5p9nGyCpd7x0tEHkAqtjhRdmG_c1Q5I-I0-K-xolAk4KQ5t-owfrcq4
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/reload?k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AKPP-6d-m3A0uq6XaK5Wrd6tGGlp9Fkh5p9nGyCpd7x0tEHkAqtjhRdmG_c1Q5I-I0-K-xolAk4KQ5t-owfrcq4
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: app.robly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _session_id=d3eacfdaa63ae6ce5266c4381ba98399; _ga_GWR6DEECHX=GS1.1.1714051808.1.0.1714051808.0.0.0; _ga=GA1.1.660345662.1714051809
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA4FZyNsaNE7-9uQkNBql1kxIYkOSyDw6ux814X4q-qVDRD-GTznrIshOU9-qF9Banu-WAyZ3DJM9mqROfBcPxrWwIosE3BC2sGY434woUXFGDcCL9Cmu0nvsy6OO0HrsSrzS5PCKeh6sI5Fc7mgdOw0F5UDaA1x2yjVGl7EVLbUUG9AK6egYXmp1k5sLEwJmISM6yGH&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AKPP-6d-m3A0uq6XaK5Wrd6tGGlp9Fkh5p9nGyCpd7x0tEHkAqtjhRdmG_c1Q5I-I0-K-xolAk4KQ5t-owfrcq4
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HhnApw5rZFbWt2c&MD=TryG3spo HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET //securedoc/ HTTP/1.1Host: rickhome.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://rickhome.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /captcha/style.css HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa
Source: global traffic	HTTP traffic detected: GET /captcha/logo.svg HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /captcha/logo.svg HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879eb051688c6769 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/210437745:1714048022:Dj_BjBVN3qSjjU0vh97END1ep2-gHjFWxN7G3ScUWQE/879eb051688c6769/8c6b23695c6ef4f HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/879eb051688c6769/1714051839197/XZM7Ab2ULlZmj4F HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/879eb051688c6769/1714051839197/XZM7Ab2ULlZmj4F HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/879eb051688c6769/1714051839199/057fb2c5758a1dcb71c7532e6ca2bfdf706648b589010795445a7cd5589ae80a/ZT-PUPXmihIYWwI HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/210437745:1714048022:Dj_BjBVN3qSjjU0vh97END1ep2-gHjFWxN7G3ScUWQE/879eb051688c6769/8c6b23695c6ef4f HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HhnApw5rZFbWt2c&MD=TryG3spo HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/210437745:1714048022:Dj_BjBVN3qSjjU0vh97END1ep2-gHjFWxN7G3ScUWQE/879eb051688c6769/8c6b23695c6ef4f HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/rc/879eb051688c6769 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /CAPdzM3YXV0SGkyQmRJUVJ5 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /jq/3ab171f76fa12ca7e775f401a8a53f3e662a5b20c6330 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /boot/3ab171f76fa12ca7e775f401a8a53f3e662a5b20c6335 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /js/3ab171f76fa12ca7e775f401a8a53f3e662a5b20c6337 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /APP-3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff53/3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff54 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /o/3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff82 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /x/3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff59 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /o/3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff82 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /x/3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff59 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /API.php?data=mail&email=GoFuckYourself@Fuckyou.com&_=1714051872957 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /API.php?data=mail&email=GoFuckYourself@Fuckyou.com&_=1714051872957 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw

Source: chromecache_125.1.dr

String found in binary or memory: return b}yC.J="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: app.robly.com
Source: global traffic	DNS traffic detected: DNS query: img.robly.com
Source: global traffic	DNS traffic detected: DNS query: api.contentsnare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: contentsnare-production.s3-accelerate.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: js-agent.newrelic.com
Source: global traffic	DNS traffic detected: DNS query: bam.nr-data.net
Source: global traffic	DNS traffic detected: DNS query: rickhome.com
Source: global traffic	DNS traffic detected: DNS query: doculink.authtlcate-now.pro
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

HTTP traffic detected: POST /recaptcha/api2/reload?k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 10271sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-protobufferAccept: */*Origin: https://www.google.comX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVwAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Apr 2024 13:31:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LyAgJlecNe34f1dImW9d8jZ0Tm0tOP9Ew4U2QZybbU04JkOfv9p3k4j1iUji0QkQ%2BK41Q5azx9YqA4EXdHfUxGgSBcUa92DZlFVqInFPbqN7J5eS%2BLH3VjUB80oxtHmfoQAukspqVwQwufmLOHU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 879eb1360b924529-ATLalt-svc: h3=":443"; ma=86400

Source: chromecache_125.1.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_125.1.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_93.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Source: chromecache_93.1.dr	String found in binary or memory: https://api.contentsnare.com/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHB
Source: chromecache_125.1.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_144.1.dr	String found in binary or memory: https://doculink.authtlcate-now.pro/
Source: chromecache_93.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Bitter
Source: chromecache_112.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/bitter/v33/raxhHiqOu8IVPmnRc6SY1KXhnF_Y8fbfOLXOXWh2.woff2)
Source: chromecache_112.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/bitter/v33/raxhHiqOu8IVPmnRc6SY1KXhnF_Y8fbfOLbOXWh2.woff2)
Source: chromecache_112.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/bitter/v33/raxhHiqOu8IVPmnRc6SY1KXhnF_Y8fbfOLfOXWh2.woff2)
Source: chromecache_112.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/bitter/v33/raxhHiqOu8IVPmnRc6SY1KXhnF_Y8fbfOLjOXQ.woff2)
Source: chromecache_112.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/bitter/v33/raxhHiqOu8IVPmnRc6SY1KXhnF_Y8fbfOLzOXWh2.woff2)
Source: chromecache_117.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_117.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_117.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_125.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_125.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_132.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_132.1.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_93.1.dr	String found in binary or memory: https://rickhome.com//securedoc/
Source: chromecache_125.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_125.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_132.1.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_125.1.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.apache.org/licenses/
Source: chromecache_93.1.dr	String found in binary or memory: https://www.docusign.com/features-and-benefits/mobile?utm_campaign=GBL_XX_DBU_UPS_2211_SignNotificat
Source: chromecache_125.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_93.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: chromecache_121.1.dr, chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_125.1.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_125.1.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_93.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-GWR6DEECHX
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__.
Source: chromecache_121.1.dr, chromecache_140.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
Source: chromecache_125.1.dr	String found in binary or memory: https://www.merchant-center-analytics.goog

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49780 version: TLS 1.2

Source: classification engine

Classification label: mal76.phis.troj.win@19/112@46/21

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1956,i,12321576010099348366,12060906561860274637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1956,i,12321576010099348366,12060906561860274637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

Yara detected Html Dropper

Source: Yara match	File source: 6.13.pages.csv, type: HTML
Source: Yara match	File source: 6.11.pages.csv, type: HTML
Source: Yara match	File source: 6.12.pages.csv, type: HTML

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
44.240.79.212	unknown	United States	16509	AMAZON-02US	false
172.67.159.67	doculink.authtlcate-now.pro	United States	13335	CLOUDFLARENETUS	false
172.253.124.147	unknown	United States	15169	GOOGLEUS	false
104.17.3.184	unknown	United States	13335	CLOUDFLARENETUS	false
34.231.99.77	api.contentsnare.com	United States	14618	AMAZON-AESUS	false
142.251.15.99	www.google.com	United States	15169	GOOGLEUS	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
54.201.220.248	robly-6-production-webs-629982955.us-west-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
162.247.243.39	js-agent.newrelic.com	United States	13335	CLOUDFLARENETUS	false
104.21.34.108	unknown	United States	13335	CLOUDFLARENETUS	false
108.139.15.45	img.robly.com	United States	16509	AMAZON-02US	false
5.172.176.24	rickhome.com	Russian Federation	20712	AS20712AndrewsArnoldLtdGB	false
172.253.124.99	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
162.247.243.29	fastly-tls12-bam.nr-data.net	United States	13335	CLOUDFLARENETUS	false
104.17.2.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
18.244.197.147	contentsnare-production.s3-accelerate.amazonaws.com	United States	16509	AMAZON-02US	false
108.177.122.99	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.4

Contacted Domains

Name	IP	Active
fastly-tls12-bam.nr-data.net	162.247.243.29	true
a.nel.cloudflare.com	35.190.80.1	true
contentsnare-production.s3-accelerate.amazonaws.com	18.244.197.147	true
code.jquery.com	151.101.66.137	true
doculink.authtlcate-now.pro	172.67.159.67	true
js-agent.newrelic.com	162.247.243.39	true
challenges.cloudflare.com	104.17.2.184	true
www.google.com	142.251.15.99	true
img.robly.com	108.139.15.45	true
api.contentsnare.com	34.231.99.77	true
robly-6-production-webs-629982955.us-west-2.elb.amazonaws.com	54.201.220.248	true
rickhome.com	5.172.176.24	true
bam.nr-data.net	unknown	unknown
app.robly.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://doculink.authtlcate-now.pro/o/3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff82	false	Avira URL Cloud: safe	unknown
https://rickhome.com//securedoc/	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.contentsnare.com/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBNjE4TlE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--ce055e808889d413a54d00ae1288f9226dde9842/fhf.png	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d	false		high
https://doculink.authtlcate-now.pro/API.php?data=mail&email=GoFuckYourself@Fuckyou.com&_=1714051872957	false	Avira URL Cloud: safe	unknown
https://doculink.authtlcate-now.pro/APP-3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff53/3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff54	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw	false		high
https://js-agent.newrelic.com/nr-rum-1.257.0.min.js	false		high
about:blank	false	Avira URL Cloud: safe	low
https://bam.nr-data.net/1/041b6d5c93?a=582529278&v=1.257.0&to=cF5fRRZcDQ5TExkRRFFdWFJLXwAMUghYBm5DUFZUS1oPBlMZ&rst=7878&ck=0&s=d5e2078099f3d04d&ref=https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d&ap=158&be=1304&fe=5887&dc=1732&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1714051805377,%22n%22:0,%22f%22:18,%22dn%22:108,%22dne%22:224,%22c%22:224,%22s%22:224,%22ce%22:780,%22rq%22:780,%22rp%22:1305,%22rpe%22:1489,%22di%22:3035,%22ds%22:3035,%22de%22:3036,%22dc%22:7189,%22l%22:7189,%22le%22:7191%7D,%22navigation%22:%7B%7D%7D&fp=2104&fcp=2104	false	Avira URL Cloud: safe	unknown
https://doculink.authtlcate-now.pro/cdn-cgi/challenge-platform/h/b/rc/879eb051688c6769	false	Avira URL Cloud: safe	unknown
https://doculink.authtlcate-now.pro/1	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/reload?k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw	false		high
https://www.google.com/recaptcha/api.js	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/210437745:1714048022:Dj_BjBVN3qSjjU0vh97END1ep2-gHjFWxN7G3ScUWQE/879eb051688c6769/8c6b23695c6ef4f	false		high
https://www.google.com/recaptcha/api2/payload?p=06AFcWeA4FZyNsaNE7-9uQkNBql1kxIYkOSyDw6ux814X4q-qVDRD-GTznrIshOU9-qF9Banu-WAyZ3DJM9mqROfBcPxrWwIosE3BC2sGY434woUXFGDcCL9Cmu0nvsy6OO0HrsSrzS5PCKeh6sI5Fc7mgdOw0F5UDaA1x2yjVGl7EVLbUUG9AK6egYXmp1k5sLEwJmISM6yGH&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw	false		high
https://doculink.authtlcate-now.pro/ASSETS/img/m_.svg	false	Avira URL Cloud: safe	unknown
https://doculink.authtlcate-now.pro/CAPdzM3YXV0SGkyQmRJUVJ5	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw&co=aHR0cHM6Ly9hcHAucm9ibHkuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=p8li93kl222n	false		high
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m	false		high
https://doculink.authtlcate-now.pro/favicon.ico	false	Avira URL Cloud: safe	unknown
https://doculink.authtlcate-now.pro/	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normal	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879eb051688c6769/1714051839197/XZM7Ab2ULlZmj4F	false		high
https://doculink.authtlcate-now.pro/jq/3ab171f76fa12ca7e775f401a8a53f3e662a5b20c6330	false	Avira URL Cloud: safe	unknown
https://api.contentsnare.com/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBMnQ4TlE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--720f0239b2f78880da8dd87337065e3ede51a191/Pages%20from%207953%20Cedar%20Drive%20Offer%5B83%5D.jpg	false	Avira URL Cloud: safe	unknown
https://www.google.com/js/bg/fyCF3lmo_OYnC_9rGWUF-CeQvtOEKKrTUK_XXS1Fd1s.js	false		high
https://a.nel.cloudflare.com/report/v4?s=DNrrTP%2BthHQnzXetOuBE46jcix3fiDrvZ2m76gAymS3YGYNW6BzDriTNZzmoW26yOfchKfTFXXAMvYWtqcVwW1suRpxe36d6ThcBGATTwARA6FXAPCW4VbnVxbVKO8M8jks6cVTZqHG7BJRvHRk%3D	false		high
https://doculink.authtlcate-now.pro/ASSETS/img/sig-op.svg	false	Avira URL Cloud: safe	unknown
https://doculink.authtlcate-now.pro/boot/3ab171f76fa12ca7e775f401a8a53f3e662a5b20c6335	false	Avira URL Cloud: safe	unknown
https://bam.nr-data.net/events/1/041b6d5c93?a=582529278&v=1.257.0&to=cF5fRRZcDQ5TExkRRFFdWFJLXwAMUghYBm5DUFZUS1oPBlMZ&rst=18493&ck=0&s=d5e2078099f3d04d&ref=https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d	false	Avira URL Cloud: safe	unknown
https://doculink.authtlcate-now.pro/captcha/style.css	false	Avira URL Cloud: safe	unknown
https://api.contentsnare.com/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBNXQ4TlE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--a14dfb6e4a77147fc68f3ab0dc4f0cd5ffd6d000/Pages%20from%202024-2025%20April%20Caleb%20Lease.docx.jpg	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879eb051688c6769	false		high
https://img.robly.com/assets/v2/public/landing_page/index-6496ce865c034b4fe3e0da5aa72ed444ff1bfdc0521fb3e17e24a979bbb8c14c.js	false		high
https://bam.nr-data.net/events/1/041b6d5c93?a=582529278&v=1.257.0&to=cF5fRRZcDQ5TExkRRFFdWFJLXwAMUghYBm5DUFZUS1oPBlMZ&rst=27886&ck=0&s=d5e2078099f3d04d&ref=https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/879eb051688c6769/1714051839199/057fb2c5758a1dcb71c7532e6ca2bfdf706648b589010795445a7cd5589ae80a/ZT-PUPXmihIYWwI	false		high
https://doculink.authtlcate-now.pro/x/3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff59	false	Avira URL Cloud: safe	unknown
https://doculink.authtlcate-now.pro/captcha/logo.svg	false	Avira URL Cloud: safe	unknown
https://doculink.authtlcate-now.pro/js/3ab171f76fa12ca7e775f401a8a53f3e662a5b20c6337	false	Avira URL Cloud: safe	unknown
https://app.robly.com/favicon.ico	false		high
https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	true		unknown
https://www.google.com/js/bg/lkTXq49YG5_ej1w7m4T9Nw_1Lx1Ocd1gteWQpsfV_Tk.js	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 12:30:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	70E1074BD34F39D8564BAFC5413A38F4	F9B53B50BA3965FD54E05639271B28E687999870	F51F756CAEFEAA6CC2F6CDB1AE4A8EB1C89E484EDD2F623CCADCE1B1EC3A99AC
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 12:30:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	50ADC378FE3908CA13ED08BD9F99A15F	793858781D93EEB0409F24DEF5FEAFDF536BF9CD	C01979D0C9064F1DF1ED05D2710A85232E1C45815785910989B207D3AC29E19C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	02723985016F4ECC3107FF2B028AEA08	9C23C93BEFDBEDD0124545A1F5E7D9F3C5DE6B95	DC6B90162D985F715FC50E2882644CB6778EF448E9A31A585AA5CD9F98F8C7ED
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 12:30:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0520595CCC67DC8F6D30764B4D9617BF	5661924E3305FDF2CC793543DC5D3A584A076FA1	5D803D694E46E44C143307D71482D73E45E8744AE5D8363CFE53D27BB81891D4
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 12:30:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	90426AF4B15DDA3189FB4552DA336CF2	FBB5348B84161D46C5CE58EECDC291BC12827524	E275685583C0204BFD290BC44F011AC468F504EC03A3BBE3599AC7F43F605928
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 12:30:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	571DB085EFCC17FD25AB24E0D106676C	43338D446D5AFB9EE998CDA6D79A4CA3364A87FF	2B8468869A356FD7884D8F83E5F434F5D91E03B91B102BEDC5980B8A04AB395A
Chrome Cache Entry: 100	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3	AB469A96BF9E08BE9BFBE3DB6B168AF9	4EB775C2D7DFDD660B8D0E41AF1D33018FFD7C8C	DB94C517D0E7ACF08D3BFA410C42F7E792C56AF74F872F00F7554B9DCA7DAA76
Chrome Cache Entry: 101	ASCII text, with very long lines (65536), with no line terminators	8E6B0F88563F9C33F78BCE65CF287DF7	EF7765CD2A7D64ED27DD7344702597AFF6F8C397	A7057BEBFFF43E7281CA31DA00D40BD88C8D02D1576B9C45891DD56A3853269A
Chrome Cache Entry: 102	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 103	HTML document, ASCII text, with very long lines (4020)	7C45FEF79A85EFD709C477E669EBEA31	B97BC248957D9D6E004564978664251902EDD3EA	3A57E23BCBFFBDCEC7AB4D20396DC0FF99A9EEF0BAA9EB74AA42F3CE6D903043
Chrome Cache Entry: 104	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	0F2A4639B8A4CB30C76E8333C00D30A6	57E273A270BB864970D747C74B3F0A7C8E515B13	44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
Chrome Cache Entry: 105	ASCII text, with no line terminators	AFB69DF47958EB78B4E941270772BD6A	D9FE9A625E906FF25C1F165E7872B1D9C731E78E	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
Chrome Cache Entry: 106	ASCII text, with very long lines (56412), with no line terminators	2C00B9F417B688224937053CD0C284A5	17B4C18EBC129055DD25F214C3F11E03E9DF2D82	1E754B107428162C65A26D399B66DB3DAAEA09616BF8620D9DE4BC689CE48EED
Chrome Cache Entry: 107	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 108	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	0F2A4639B8A4CB30C76E8333C00D30A6	57E273A270BB864970D747C74B3F0A7C8E515B13	44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
Chrome Cache Entry: 109	ASCII text, with very long lines (32058)	C9F5AEECA3AD37BF2AA006139B935F0A	1055018C28AB41087EF9CCEFE411606893DABEA2	87083882CC6015984EB0411A99D3981817F5DC5C90BA24F0940420C5548D82DE
Chrome Cache Entry: 110	JPEG image data, JFIF standard 1.02, resolution (DPI), density 266x266, segment length 16, baseline, precision 8, 2261x2926, components 3	A7D33B69B8C3A5B8B28A4F844670A02B	D203E29801C7B6D7F20E46E8912770D1D7649C26	CE3FAFD06844C80D54FE141FAF794E6EAC3857DBDEFB16019D81A648AA5BD2AC
Chrome Cache Entry: 111	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	07BF314AAB04047B9E9A959EE6F63DA3	17BEF6602672E2FD9956381E01356245144003E5	55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
Chrome Cache Entry: 112	ASCII text	A7F15097B6696241EFA1A1A171CDB87B	45F7D701C6E73F506388A8979BB47FE52412C23A	CA26128F1AA8FCE9D93A0B53C696B70CE7A50D3CE3F90FA3A8C413D439AB134D
Chrome Cache Entry: 113	ASCII text, with very long lines (42414)	F94A2211CE789A95A7C67E8C660D63E8	F1FC19B6BCB96D0A905BF3192AAFF0885FF9F36F	926DC3302F99EC05E4206E965DDEB7250F5910A8C38E82C7BEAFB724BBAAF37B
Chrome Cache Entry: 114	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, orientation=upper-left, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 1700x2200, components 3	6FF98434EF5C6E8D4E89BDC21D798DFD	B5162A8E981616E912CD75479C443957F73DD69D	8317A5E62F1F587A3A0711BD46FC578F0777856E7EB3538E8C1FEA4FDF36AF67
Chrome Cache Entry: 115	SVG Scalable Vector Graphics image	7D2B8F25545A2894E2721E9FE528E34C	D0DAE76F4BF5C04ACD5FCDF1BCB12908099E328C	797BDA35D13E5130FE5A14E0069C31B46EC1AF6EA47F2D300309803BB4D2608C
Chrome Cache Entry: 116	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 117	ASCII text, with very long lines (50758)	67176C242E1BDC20603C878DEE836DF3	27A71B00383D61EF3C489326B3564D698FC1227C	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
Chrome Cache Entry: 118	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 119	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	88E0F42C9FA4F94AA8BCD54D1685C180	5AD9D47A49B82718BAA3BE88550A0B3350270C42	89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
Chrome Cache Entry: 120	JPEG image data, JFIF standard 1.02, resolution (DPI), density 266x266, segment length 16, baseline, precision 8, 2261x2926, components 3	A7D33B69B8C3A5B8B28A4F844670A02B	D203E29801C7B6D7F20E46E8912770D1D7649C26	CE3FAFD06844C80D54FE141FAF794E6EAC3857DBDEFB16019D81A648AA5BD2AC
Chrome Cache Entry: 121	ASCII text, with very long lines (1222), with no line terminators	463D838587C8B5873CB6E4E942B770C9	E69DCF383A6F3F51F123CA2D86F19FC4BE09E612	1448EC1B3F30A554233BD280AA99A7EAF690D1098647E7DDDEA286C757884F9C
Chrome Cache Entry: 122	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 123	ASCII text, with no line terminators	011B17B116126E6E0C4A9B0DE9145805	DF63A6EB731FFCE96F79802EFF6D53D00CDA42BC	3418E6E704387A99F1611EB7BB883328A438BA600971E6D692E8BEA60F10B179
Chrome Cache Entry: 124	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
Chrome Cache Entry: 125	ASCII text, with very long lines (5945)	A0EEB8816CB05CEAE2FD54520B6DD539	8269EAEF95FA5FA24E6D040AF0D15C9F516AACF7	846CFE670B4A75AF7B4E63BC00BFD4C216E708A4CEBFABFF189DBC988BAF241F
Chrome Cache Entry: 126	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 127	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 128	JSON data	8E3DB10AF5A3E1CABE7AA67674E21188	E2314B0038DF2D49DDBE461F33A6797D4586CDE0	87ECD5BABD6FD9F4F6F796D745AA38751FAF3985E3B55F87A2F53E506FE07362
Chrome Cache Entry: 129	PNG image data, 2912 x 106, 8-bit/color RGBA, non-interlaced	8FC1822DE1AFA7ED3C9DA45CAFB471FC	A08E2E26E1D79A57D5FD2AB036A4C2164609C0A8	81028B648FBA3552A10E6D74A97B300DE43315352B1D4714FDF57A7544DF6712
Chrome Cache Entry: 130	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 131	ASCII text, with very long lines (17673)	9FBB8606566EBF96C502666BFFFD254A	FEB80CB296B30432EC659D7EEDFE3C6022A450E2	9644D7AB8F581B9FDE8F5C3B9B84FD370FF52F1D4E71DD60B5E590A6C7D5FD39
Chrome Cache Entry: 132	ASCII text, with very long lines (631)	E2E79D6B927169D9E0E57E3BAECC0993	1299473950B2999BA0B7F39BD5E4A60EAFD1819D	231336ED913A5EBD4445B85486E053CAF2B81CAB91318241375F3F7A245B6C6B
Chrome Cache Entry: 133	PNG image data, 24 x 55, 8-bit/color RGB, non-interlaced	3ACB0639E2BFD4EDC813579BD5DAC4C1	433C1F5B93D12B2A28384F09CB50701633F8B8AB	7DF91115069D79E0B2026DB934C3772C7ED11BCBA33FD0DD7BAE74D17F72F2AC
Chrome Cache Entry: 134	gzip compressed data, last modified: Mon Dec 26 13:58:43 2022, max compression, from Unix, original size modulo 2^32 510	F391F0ECE4E604DA4A9138CB1DAA1E6D	44807F5D10E263FEE010F0579AAAD24F90EB3E39	55E5A31D99A23B6896898247619FA88F0829F3E8BCF8980B7B9C0F29CCFCAFD7
Chrome Cache Entry: 135	PNG image data, 192 x 192, 8-bit colormap, non-interlaced	EC3540F025D9B0348C7478D32E90B176	4B70A65BB5CDC669D5DCD3EA9D422FEC0A300829	3ECD1981672AC39DE3B2FCC74A081F5000498685FCAF769121840C48BE2B6F06
Chrome Cache Entry: 136	ASCII text, with very long lines (17691)	040162F6DA25C64FEAAED69ABC0AC96B	818D0D73C7EFDEAFE6898255D407C519173A5131	7F2085DE59A8FCE6270BFF6B196505F82790BED38428AAD350AFD75D2D45775B
Chrome Cache Entry: 137	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 138	ASCII text, with very long lines (50858)	04045B88714F08119A0E2FCB74624F22	5833C908F1F7DF324CA7AA08BD237C73CB214B29	AC2185EAF27DB9D83C2688A55C428A5F18BBE41D8F769C58F41F081B8B17834B
Chrome Cache Entry: 139	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 450x450, components 3	AB469A96BF9E08BE9BFBE3DB6B168AF9	4EB775C2D7DFDD660B8D0E41AF1D33018FFD7C8C	DB94C517D0E7ACF08D3BFA410C42F7E792C56AF74F872F00F7554B9DCA7DAA76
Chrome Cache Entry: 140	ASCII text, with no line terminators	284B36421A1CF446F32CB8F7987B1091	EB14D6298C9DA3FB26D75B54C087EA2DF9F3F05F	94AB2BE973685680D0BE9C08D4E1A7465F3C09053CF631126BD33F49CC2F939B
Chrome Cache Entry: 141	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 142	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 143	HTML document, ASCII text	B54D0452E2FDB8C0D91C455D1C5495F9	DDD85730B9CB4CB9905B1D7E7643F595D2F33CB8	F4138D99EC6E17514BB87CEEAD1C1D2A204219C970864FC85BFF00949EE18082
Chrome Cache Entry: 144	HTML document, ASCII text	AD0AB0317A3C8513384F628078FFB511	E6BA0523127D9257C5C052A9EB38093CAC110609	832C8384131A38F6FB2C5EAF4DE0BD37C564B2D4BA88B22F31F0B2E57A3C7EE4
Chrome Cache Entry: 145	SVG Scalable Vector Graphics image	7D2B8F25545A2894E2721E9FE528E34C	D0DAE76F4BF5C04ACD5FCDF1BCB12908099E328C	797BDA35D13E5130FE5A14E0069C31B46EC1AF6EA47F2D300309803BB4D2608C
Chrome Cache Entry: 146	ASCII text, with very long lines (3379)	59087D72EEDCB7650C9D5D6088440DD3	97B607FCE11F640E5764699038E50A76EB98944B	E0E3FB0FE5CA541950CF8DD213FBE9E8957A3DB0010B515AD01ADFF6CA908A3E
Chrome Cache Entry: 147	ASCII text, with very long lines (7043), with no line terminators	B6C202188699B897BB727A68EDD24665	FF3B891E06C983DCA277C1D7D874C8EB8084EB96	184A034CB9202937BF012AFF8C81E0747B7CA8F8F9E6115556FDB09D5BAEC419
Chrome Cache Entry: 148	ASCII text, with very long lines (631)	E2E79D6B927169D9E0E57E3BAECC0993	1299473950B2999BA0B7F39BD5E4A60EAFD1819D	231336ED913A5EBD4445B85486E053CAF2B81CAB91318241375F3F7A245B6C6B
Chrome Cache Entry: 149	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	88E0F42C9FA4F94AA8BCD54D1685C180	5AD9D47A49B82718BAA3BE88550A0B3350270C42	89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
Chrome Cache Entry: 150	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0	285467176F7FE6BB6A9C6873B3DAD2CC	EA04E4FF5142DDD69307C183DEF721A160E0A64E	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
Chrome Cache Entry: 89	Web Open Font Format (Version 2), TrueType, length 17976, version 1.0	7C6A06AA773F7E630E0DB1ABFF8DD340	B14FCBBA9C3507F6F3C3FB1EADC460AB13F5BBD8	0F14955A9B2834B1905C479229152732C4BEF761B2304102D50B8F8B9EAE1CCC
Chrome Cache Entry: 90	PNG image data, 24 x 55, 8-bit/color RGB, non-interlaced	3ACB0639E2BFD4EDC813579BD5DAC4C1	433C1F5B93D12B2A28384F09CB50701633F8B8AB	7DF91115069D79E0B2026DB934C3772C7ED11BCBA33FD0DD7BAE74D17F72F2AC
Chrome Cache Entry: 91	Web Open Font Format (Version 2), TrueType, length 15340, version 1.0	19B7A0ADFDD4F808B53AF7E2CE2AD4E5	81D5D4C7B5035AD10CCE63CF7100295E0C51FDDA	C912A9CE0C3122D4B2B29AD26BFE06B0390D1A5BDAA5D6128692C0BEFD1DFBBD
Chrome Cache Entry: 92	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 93	HTML document, ASCII text, with very long lines (31680)	FB4D3E1FA52323EDF4E433F105FE83D4	D5A36EA355473323A0FC173AFB2318D25A43CE4B	2F7328DAD7FFA183D89CB8B978938B5401ACA56015AF78E26D5466C4D6EB99BA
Chrome Cache Entry: 94	PNG image data, 2912 x 106, 8-bit/color RGBA, non-interlaced	8FC1822DE1AFA7ED3C9DA45CAFB471FC	A08E2E26E1D79A57D5FD2AB036A4C2164609C0A8	81028B648FBA3552A10E6D74A97B300DE43315352B1D4714FDF57A7544DF6712
Chrome Cache Entry: 95	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, orientation=upper-left, xresolution=62, yresolution=70, resolutionunit=2], baseline, precision 8, 1700x2200, components 3	6FF98434EF5C6E8D4E89BDC21D798DFD	B5162A8E981616E912CD75479C443957F73DD69D	8317A5E62F1F587A3A0711BD46FC578F0777856E7EB3538E8C1FEA4FDF36AF67
Chrome Cache Entry: 96	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 97	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	07BF314AAB04047B9E9A959EE6F63DA3	17BEF6602672E2FD9956381E01356245144003E5	55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
Chrome Cache Entry: 98	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 99	PNG image data, 192 x 192, 8-bit colormap, non-interlaced	EC3540F025D9B0348C7478D32E90B176	4B70A65BB5CDC669D5DCD3EA9D422FEC0A300829	3ECD1981672AC39DE3B2FCC74A081F5000498685FCAF769121840C48BE2B6F06

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 6.13.pages.csv, type: HTML
Source: Yara match	File source: 6.11.pages.csv, type: HTML
Source: Yara match	File source: 6.12.pages.csv, type: HTML

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_144, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	Matcher: Template: microsoft matched
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	Matcher: Template: microsoft matched
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	Matcher: Template: microsoft matched

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 5.8

OCR Text: : Verifying... CLOUDFLARE Microsoft

HTML body contains low number of good links

Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normal

HTML title does not match URL

Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6

HTTP Parser: Title: 48ade125426303928d5f677b5fcc7664662a5b2072bb0 does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6

HTTP Parser: Invalid link: get a new Microsoft account

Source: https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d	HTTP Parser: No favicon
Source: https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d	HTTP Parser: No favicon
Source: https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw&co=aHR0cHM6Ly9hcHAucm9ibHkuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=p8li93kl222n	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normal	HTTP Parser: No favicon
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No favicon
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No favicon
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No favicon

Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No <meta name="author".. found
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No <meta name="author".. found
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No <meta name="author".. found

Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No <meta name="copyright".. found
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No <meta name="copyright".. found
Source: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49780 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 23.201.212.130
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	HTTP traffic detected: GET /sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d HTTP/1.1Host: app.robly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/v2/public/landing_page/index-6496ce865c034b4fe3e0da5aa72ed444ff1bfdc0521fb3e17e24a979bbb8c14c.js HTTP/1.1Host: img.robly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _session_id=d3eacfdaa63ae6ce5266c4381ba98399
Source: global traffic	HTTP traffic detected: GET /rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBNjE4TlE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--ce055e808889d413a54d00ae1288f9226dde9842/fhf.png HTTP/1.1Host: api.contentsnare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBNXQ4TlE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--a14dfb6e4a77147fc68f3ab0dc4f0cd5ffd6d000/Pages%20from%202024-2025%20April%20Caleb%20Lease.docx.jpg HTTP/1.1Host: api.contentsnare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBMnQ4TlE9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--720f0239b2f78880da8dd87337065e3ede51a191/Pages%20from%207953%20Cedar%20Drive%20Offer%5B83%5D.jpg HTTP/1.1Host: api.contentsnare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /n2v4rl2b327s1vid8g7nsn5ebkvj?response-content-disposition=inline%3B%20filename%3D%22fhf.png%22%3B%20filename%2A%3DUTF-8%27%27fhf.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEO7TYJAYQI5QCQQ%2F20240425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240425T133008Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=6526713a88cfa7d999f0cd7c9de37041e3485792cb3b05ba63508120daa8e335 HTTP/1.1Host: contentsnare-production.s3-accelerate.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /z0t4w7u8omptii0ahi8fvkg3o4b5?response-content-disposition=inline%3B%20filename%3D%22Pages%20from%202024-2025%20April%20Caleb%20Lease.docx.jpg%22%3B%20filename%2A%3DUTF-8%27%27Pages%2520from%25202024-2025%2520April%2520Caleb%2520Lease.docx.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEO7TYJAYQI5QCQQ%2F20240425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240425T133008Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=e247b392a5d99122054d893c7b254dc88b03abcb849b6228ee64c969cca4ae63 HTTP/1.1Host: contentsnare-production.s3-accelerate.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /id4bw8i9c1l9f4v2rng272la9b53?response-content-disposition=inline%3B%20filename%3D%22Pages%20from%207953%20Cedar%20Drive%20Offer%255B83%255D.jpg%22%3B%20filename%2A%3DUTF-8%27%27Pages%2520from%25207953%2520Cedar%2520Drive%2520Offer%255B83%255D.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEO7TYJAYQI5QCQQ%2F20240425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240425T133008Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=b19cd8bfd37111eacd64b16cd2d43f38824f756d2b9a6e9642686b8393c5c0c2 HTTP/1.1Host: contentsnare-production.s3-accelerate.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /n2v4rl2b327s1vid8g7nsn5ebkvj?response-content-disposition=inline%3B%20filename%3D%22fhf.png%22%3B%20filename%2A%3DUTF-8%27%27fhf.png&response-content-type=image%2Fpng&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEO7TYJAYQI5QCQQ%2F20240425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240425T133008Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=6526713a88cfa7d999f0cd7c9de37041e3485792cb3b05ba63508120daa8e335 HTTP/1.1Host: contentsnare-production.s3-accelerate.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /z0t4w7u8omptii0ahi8fvkg3o4b5?response-content-disposition=inline%3B%20filename%3D%22Pages%20from%202024-2025%20April%20Caleb%20Lease.docx.jpg%22%3B%20filename%2A%3DUTF-8%27%27Pages%2520from%25202024-2025%2520April%2520Caleb%2520Lease.docx.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEO7TYJAYQI5QCQQ%2F20240425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240425T133008Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=e247b392a5d99122054d893c7b254dc88b03abcb849b6228ee64c969cca4ae63 HTTP/1.1Host: contentsnare-production.s3-accelerate.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /id4bw8i9c1l9f4v2rng272la9b53?response-content-disposition=inline%3B%20filename%3D%22Pages%20from%207953%20Cedar%20Drive%20Offer%255B83%255D.jpg%22%3B%20filename%2A%3DUTF-8%27%27Pages%2520from%25207953%2520Cedar%2520Drive%2520Offer%255B83%255D.jpg&response-content-type=image%2Fjpeg&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJEO7TYJAYQI5QCQQ%2F20240425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240425T133008Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=b19cd8bfd37111eacd64b16cd2d43f38824f756d2b9a6e9642686b8393c5c0c2 HTTP/1.1Host: contentsnare-production.s3-accelerate.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw&co=aHR0cHM6Ly9hcHAucm9ibHkuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=p8li93kl222n HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw&co=aHR0cHM6Ly9hcHAucm9ibHkuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=p8li93kl222nAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/bg/lkTXq49YG5_ej1w7m4T9Nw_1Lx1Ocd1gteWQpsfV_Tk.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw&co=aHR0cHM6Ly9hcHAucm9ibHkuY29tOjQ0Mw..&hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=p8li93kl222nAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /nr-rum-1.257.0.min.js HTTP/1.1Host: js-agent.newrelic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://app.robly.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: app.robly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852dAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _session_id=d3eacfdaa63ae6ce5266c4381ba98399; _ga_GWR6DEECHX=GS1.1.1714051808.1.0.1714051808.0.0.0; _ga=GA1.1.660345662.1714051809
Source: global traffic	HTTP traffic detected: GET /js/bg/fyCF3lmo_OYnC_9rGWUF-CeQvtOEKKrTUK_XXS1Fd1s.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVwAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA4FZyNsaNE7-9uQkNBql1kxIYkOSyDw6ux814X4q-qVDRD-GTznrIshOU9-qF9Banu-WAyZ3DJM9mqROfBcPxrWwIosE3BC2sGY434woUXFGDcCL9Cmu0nvsy6OO0HrsSrzS5PCKeh6sI5Fc7mgdOw0F5UDaA1x2yjVGl7EVLbUUG9AK6egYXmp1k5sLEwJmISM6yGH&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=V6_85qpc2Xf2sbe3xTnRte7m&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVwAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AKPP-6d-m3A0uq6XaK5Wrd6tGGlp9Fkh5p9nGyCpd7x0tEHkAqtjhRdmG_c1Q5I-I0-K-xolAk4KQ5t-owfrcq4
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/reload?k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AKPP-6d-m3A0uq6XaK5Wrd6tGGlp9Fkh5p9nGyCpd7x0tEHkAqtjhRdmG_c1Q5I-I0-K-xolAk4KQ5t-owfrcq4
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: app.robly.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _session_id=d3eacfdaa63ae6ce5266c4381ba98399; _ga_GWR6DEECHX=GS1.1.1714051808.1.0.1714051808.0.0.0; _ga=GA1.1.660345662.1714051809
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/payload?p=06AFcWeA4FZyNsaNE7-9uQkNBql1kxIYkOSyDw6ux814X4q-qVDRD-GTznrIshOU9-qF9Banu-WAyZ3DJM9mqROfBcPxrWwIosE3BC2sGY434woUXFGDcCL9Cmu0nvsy6OO0HrsSrzS5PCKeh6sI5Fc7mgdOw0F5UDaA1x2yjVGl7EVLbUUG9AK6egYXmp1k5sLEwJmISM6yGH&k=6Ld9XlUUAAAAABcR5houwBXwlA_3STKsG2SzYCVw HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AKPP-6d-m3A0uq6XaK5Wrd6tGGlp9Fkh5p9nGyCpd7x0tEHkAqtjhRdmG_c1Q5I-I0-K-xolAk4KQ5t-owfrcq4
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HhnApw5rZFbWt2c&MD=TryG3spo HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET //securedoc/ HTTP/1.1Host: rickhome.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://app.robly.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://rickhome.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /captcha/style.css HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa
Source: global traffic	HTTP traffic detected: GET /captcha/logo.svg HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /captcha/logo.svg HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879eb051688c6769 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/210437745:1714048022:Dj_BjBVN3qSjjU0vh97END1ep2-gHjFWxN7G3ScUWQE/879eb051688c6769/8c6b23695c6ef4f HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/879eb051688c6769/1714051839197/XZM7Ab2ULlZmj4F HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/879eb051688c6769/1714051839197/XZM7Ab2ULlZmj4F HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/879eb051688c6769/1714051839199/057fb2c5758a1dcb71c7532e6ca2bfdf706648b589010795445a7cd5589ae80a/ZT-PUPXmihIYWwI HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/53ex4/0x4AAAAAAAYJMTeME2wR372g/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/210437745:1714048022:Dj_BjBVN3qSjjU0vh97END1ep2-gHjFWxN7G3ScUWQE/879eb051688c6769/8c6b23695c6ef4f HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HhnApw5rZFbWt2c&MD=TryG3spo HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/210437745:1714048022:Dj_BjBVN3qSjjU0vh97END1ep2-gHjFWxN7G3ScUWQE/879eb051688c6769/8c6b23695c6ef4f HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/rc/879eb051688c6769 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /CAPdzM3YXV0SGkyQmRJUVJ5 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://doculink.authtlcate-now.pro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /jq/3ab171f76fa12ca7e775f401a8a53f3e662a5b20c6330 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /boot/3ab171f76fa12ca7e775f401a8a53f3e662a5b20c6335 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /js/3ab171f76fa12ca7e775f401a8a53f3e662a5b20c6337 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /APP-3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff53/3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff54 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /o/3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff82 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /x/3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff59 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /o/3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff82 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /x/3ab171f76fa12ca7e775f401a8a53f3e662a5b225ff59 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /API.php?data=mail&email=GoFuckYourself@Fuckyou.com&_=1714051872957 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://doculink.authtlcate-now.pro/7d719490e0f1a74c929a6fbc76695143662a5b2072bc5LOG7d719490e0f1a74c929a6fbc76695143662a5b2072bc6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw
Source: global traffic	HTTP traffic detected: GET /API.php?data=mail&email=GoFuckYourself@Fuckyou.com&_=1714051872957 HTTP/1.1Host: doculink.authtlcate-now.proConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8275f42bd649b644ddff934014bcfaa; cf_clearance=gfaoJsd9VUHMKC1QTEHamIOtS9oh028YKS_ofCy7s0Y-1714051870-1.0.1.1-6izTGZQS_dl2nD8oq3uITK1YXnPJ_GQL952e7rEGugxXSMjge5jpEBN1Gzds1XHbUQybI7rjxYKzie8bcSC3cw

Source: chromecache_125.1.dr

Source: global traffic	DNS traffic detected: DNS query: app.robly.com
Source: global traffic	DNS traffic detected: DNS query: img.robly.com
Source: global traffic	DNS traffic detected: DNS query: api.contentsnare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: contentsnare-production.s3-accelerate.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: js-agent.newrelic.com
Source: global traffic	DNS traffic detected: DNS query: bam.nr-data.net
Source: global traffic	DNS traffic detected: DNS query: rickhome.com
Source: global traffic	DNS traffic detected: DNS query: doculink.authtlcate-now.pro
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

Source: global traffic

Source: chromecache_125.1.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_125.1.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_93.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Source: chromecache_93.1.dr	String found in binary or memory: https://api.contentsnare.com/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHB
Source: chromecache_125.1.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_144.1.dr	String found in binary or memory: https://doculink.authtlcate-now.pro/
Source: chromecache_93.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Bitter
Source: chromecache_112.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/bitter/v33/raxhHiqOu8IVPmnRc6SY1KXhnF_Y8fbfOLXOXWh2.woff2)
Source: chromecache_112.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/bitter/v33/raxhHiqOu8IVPmnRc6SY1KXhnF_Y8fbfOLbOXWh2.woff2)
Source: chromecache_112.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/bitter/v33/raxhHiqOu8IVPmnRc6SY1KXhnF_Y8fbfOLfOXWh2.woff2)
Source: chromecache_112.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/bitter/v33/raxhHiqOu8IVPmnRc6SY1KXhnF_Y8fbfOLjOXQ.woff2)
Source: chromecache_112.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/bitter/v33/raxhHiqOu8IVPmnRc6SY1KXhnF_Y8fbfOLzOXWh2.woff2)
Source: chromecache_117.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_117.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_117.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_125.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_125.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_132.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_132.1.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_93.1.dr	String found in binary or memory: https://rickhome.com//securedoc/
Source: chromecache_125.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_125.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_132.1.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_125.1.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.apache.org/licenses/
Source: chromecache_93.1.dr	String found in binary or memory: https://www.docusign.com/features-and-benefits/mobile?utm_campaign=GBL_XX_DBU_UPS_2211_SignNotificat
Source: chromecache_125.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_93.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: chromecache_121.1.dr, chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_125.1.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_125.1.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_93.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-GWR6DEECHX
Source: chromecache_148.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__.
Source: chromecache_121.1.dr, chromecache_140.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
Source: chromecache_125.1.dr	String found in binary or memory: https://www.merchant-center-analytics.goog

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.201.212.130:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49780 version: TLS 1.2

Source: classification engine

Classification label: mal76.phis.troj.win@19/112@46/21

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1956,i,12321576010099348366,12060906561860274637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1956,i,12321576010099348366,12060906561860274637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

Yara detected Html Dropper

Source: Yara match	File source: 6.13.pages.csv, type: HTML
Source: Yara match	File source: 6.11.pages.csv, type: HTML
Source: Yara match	File source: 6.12.pages.csv, type: HTML

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1431660
Product:	CloudBasic
Start time:	15:29:38
Start date:	25.04.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852d