| Source: https://gounrical.com/landers/teleparty/streaming_netflix/jquery-3.6.4.min.js | Avira URL Cloud: Label: malware |
| Source: https://gounrical.com/click.php?lp=1&uclick=us3zhq6o0&zoneid=&guid=48FAF65B00874A0E86DDCD458A75CA04 | Avira URL Cloud: Label: malware |
| Source: https://gounrical.com/landers/teleparty/streaming_netflix/favicon.png | Avira URL Cloud: Label: malware |
| Source: https://gounrical.com/click.php?lp=1&uclick=us3zhq6o | Avira URL Cloud: Label: malware |
| Source: https://ecomicrolab.com/?cu3n6ud3kl6c73a4k55g | Avira URL Cloud: Label: malware |
| Source: https://gounrical.com/landers/teleparty/streaming_netflix/all.min.css | Avira URL Cloud: Label: malware |
| Source: 0.3.id.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: https://gads.gudentss.shop/?utm_term=7460058292782... The script uses a setTimeout function to redirect the user to an unknown domain after a 4-second delay, which is a high-risk indicator of potential malicious behavior. The obfuscated URL also suggests an attempt to conceal the true destination, further increasing the risk score. |
| Source: 0.1.id.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: https://gads.gudentss.shop/?utm_term=7460058292782... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated URLs and the aggressive manipulation of the browser history further increase the risk. While the script may have some legitimate functionality, the overall behavior is highly suspicious and indicative of malicious intent. |
| Source: 0.0.id.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: https://gads.gudentss.shop/?utm_medium=9eb2bcdc899... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to a suspicious domain. The use of obfuscated code and the redirection to a domain that appears to be associated with malicious activity (e.g., 'gads.gudentsss.shop') further increases the risk. Overall, this script exhibits a clear intent to engage in malicious activities and should be considered a high-risk threat. |
| Source: 0.2.id.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: https://gads.gudentss.shop/?utm_term=7460058292782... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The script uses the `location.replace()` function to redirect the user to a potentially malicious domain, and it also sends user data to an external server. Additionally, the script uses obfuscated code, making it difficult to analyze. Overall, the combination of these behaviors indicates a high-risk script that should be further investigated. |
| Source: 0.5.id.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: https://gounrical.com/click.php?key=ls9yc3ivpkcbp3... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of obfuscated URLs and the presence of suspicious domains like 'click.php' and 'owebsearch.comp' further increase the risk. While the script claims to open the Chrome Web Store, the actual behavior is inconsistent with this purpose, suggesting a potential attempt to mislead the user. Overall, this script demonstrates a high level of suspicion and should be thoroughly investigated before allowing it to execute. |
| Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2F%3Fptid%3D19027681%26ptt%3D8%26fpts%3D0&ec=futura_hpp_co_si_001_p&ifkv=AVdkyDkniH3KlKqvfCmyn8SAyDLKKZoL9MNNaf1n_YzOSuJBc0E1mSbKS5CGLijN1Y1zb0PGNrF50w&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1445867069%3A1736930215801836&ddm=1 | HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=219989105×tamp=1736930221087 |
| Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2F%3Fptid%3D19027681%26ptt%3D8%26fpts%3D0&ec=futura_hpp_co_si_001_p&ifkv=AVdkyDkniH3KlKqvfCmyn8SAyDLKKZoL9MNNaf1n_YzOSuJBc0E1mSbKS5CGLijN1Y1zb0PGNrF50w&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1445867069%3A1736930215801836&ddm=1 | HTTP Parser: Iframe src: /_/bscframe |
| Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2F%3Fptid%3D19027681%26ptt%3D8%26fpts%3D0&ec=futura_hpp_co_si_001_p&ifkv=AVdkyDkniH3KlKqvfCmyn8SAyDLKKZoL9MNNaf1n_YzOSuJBc0E1mSbKS5CGLijN1Y1zb0PGNrF50w&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1445867069%3A1736930215801836&ddm=1 | HTTP Parser: Iframe src: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=219989105×tamp=1736930221087 |
| Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2F%3Fptid%3D19027681%26ptt%3D8%26fpts%3D0&ec=futura_hpp_co_si_001_p&ifkv=AVdkyDkniH3KlKqvfCmyn8SAyDLKKZoL9MNNaf1n_YzOSuJBc0E1mSbKS5CGLijN1Y1zb0PGNrF50w&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1445867069%3A1736930215801836&ddm=1 | HTTP Parser: Iframe src: /_/bscframe |
| Source: https://www.google.com/ | HTTP Parser: No favicon |
| Source: https://www.google.com/ | HTTP Parser: No favicon |
| Source: https://www.google.com/ | HTTP Parser: No favicon |
| Source: https://www.google.com/ | HTTP Parser: No favicon |
| Source: https://www.google.com/ | HTTP Parser: No favicon |
| Source: https://www.google.com/ | HTTP Parser: No favicon |
| Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2F%3Fptid%3D19027681%26ptt%3D8%26fpts%3D0&ec=futura_hpp_co_si_001_p&ifkv=AVdkyDkniH3KlKqvfCmyn8SAyDLKKZoL9MNNaf1n_YzOSuJBc0E1mSbKS5CGLijN1Y1zb0PGNrF50w&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1445867069%3A1736930215801836&ddm=1 | HTTP Parser: No favicon |
| Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2F%3Fptid%3D19027681%26ptt%3D8%26fpts%3D0&ec=futura_hpp_co_si_001_p&ifkv=AVdkyDkniH3KlKqvfCmyn8SAyDLKKZoL9MNNaf1n_YzOSuJBc0E1mSbKS5CGLijN1Y1zb0PGNrF50w&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1445867069%3A1736930215801836&ddm=1 | HTTP Parser: No favicon |
| Source: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2F%3Fptid%3D19027681%26ptt%3D8%26fpts%3D0&ec=futura_hpp_co_si_001_p&ifkv=AVdkyDkniH3KlKqvfCmyn8SAyDLKKZoL9MNNaf1n_YzOSuJBc0E1mSbKS5CGLijN1Y1zb0PGNrF50w&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1445867069%3A1736930215801836&ddm=1 | HTTP Parser: No favicon |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.32 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.32 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.22.50.131 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.22.50.131 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.22.50.144 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.22.50.144 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: global traffic | HTTP traffic detected: GET /2015/02/talk-to-your-profbut-how/ HTTP/1.1Host: arthistoryteachingresources.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /?cu3n6ud3kl6c73a4k55g HTTP/1.1Host: ecomicrolab.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /help/?32161731835980&extra_param_1=cu3n6ud3kl6c73a4k55g HTTP/1.1Host: extraordinariness.existern.shopConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /?utm_medium=9eb2bcdc89976429bc64127056a4a9d5d3a2b57a&utm_campaign=cid:11005&cid=11005-14814-20250115113609433a HTTP/1.1Host: gads.gudentss.shopConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /?utm_term=7460058292782366737&tid=57696e3332 HTTP/1.1Host: gads.gudentss.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://gads.gudentss.shop/?utm_medium=9eb2bcdc89976429bc64127056a4a9d5d3a2b57a&utm_campaign=cid:11005&cid=11005-14814-20250115113609433aAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gads.gudentss.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0sec-ch-ua-model: ""User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-full-version: "117.0.5938.132"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gads.gudentss.shop/?utm_term=7460058292782366737&tid=57696e3332Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /sw.js?v=1736930173995 HTTP/1.1Host: gads.gudentss.shopConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://gads.gudentss.shop/?utm_term=7460058292782366737&tid=57696e3332User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gads.gudentss.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /click.php?key=ls9yc3ivpkcbp3geh7vr&cid=M7460058292782366737&pad=27376&campaign=054d44&pid=27376-efc9a7cz HTTP/1.1Host: gounrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://gads.gudentss.shop/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /landers/teleparty/streaming_netflix/all.min.css HTTP/1.1Host: gounrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://gounrical.com/click.php?key=ls9yc3ivpkcbp3geh7vr&cid=M7460058292782366737&pad=27376&campaign=054d44&pid=27376-efc9a7czAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uclick=us3zhq6o; uclickhash=us3zhq6o-us3zhq6o-2t-hq-3v-us3y-us6o-6104da |
| Source: global traffic | HTTP traffic detected: GET /landers/teleparty/streaming_netflix/jquery-3.6.4.min.js HTTP/1.1Host: gounrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://gounrical.com/click.php?key=ls9yc3ivpkcbp3geh7vr&cid=M7460058292782366737&pad=27376&campaign=054d44&pid=27376-efc9a7czAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uclick=us3zhq6o; uclickhash=us3zhq6o-us3zhq6o-2t-hq-3v-us3y-us6o-6104da |
| Source: global traffic | HTTP traffic detected: GET /landers/teleparty/streaming_netflix/jquery-3.6.4.min.js HTTP/1.1Host: gounrical.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uclick=us3zhq6o; uclickhash=us3zhq6o-us3zhq6o-2t-hq-3v-us3y-us6o-6104da |
| Source: global traffic | HTTP traffic detected: GET /landers/teleparty/streaming_netflix/favicon.png HTTP/1.1Host: gounrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gounrical.com/click.php?key=ls9yc3ivpkcbp3geh7vr&cid=M7460058292782366737&pad=27376&campaign=054d44&pid=27376-efc9a7czAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uclick=us3zhq6o; uclickhash=us3zhq6o-us3zhq6o-2t-hq-3v-us3y-us6o-6104da |
| Source: global traffic | HTTP traffic detected: GET /landers/teleparty/streaming_netflix/favicon.png HTTP/1.1Host: gounrical.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uclick=us3zhq6o; uclickhash=us3zhq6o-us3zhq6o-2t-hq-3v-us3y-us6o-6104da |
| Source: global traffic | HTTP traffic detected: GET /click.php?lp=1&uclick=us3zhq6o HTTP/1.1Host: gounrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://gounrical.com/click.php?key=ls9yc3ivpkcbp3geh7vr&cid=M7460058292782366737&pad=27376&campaign=054d44&pid=27376-efc9a7czAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uclick=us3zhq6o; uclickhash=us3zhq6o-us3zhq6o-2t-hq-3v-us3y-us6o-6104da |
| Source: global traffic | HTTP traffic detected: GET /click.php?lp=1&uclick=us3zhq6o0&zoneid=&guid=48FAF65B00874A0E86DDCD458A75CA04 HTTP/1.1Host: gounrical.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://gounrical.com/click.php?key=ls9yc3ivpkcbp3geh7vr&cid=M7460058292782366737&pad=27376&campaign=054d44&pid=27376-efc9a7czAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uclick=us3zhq6o; uclickhash=us3zhq6o-us3zhq6o-2t-hq-3v-us3y-us6o-6104da |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Host: google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd._Xk0K7yy9D0.L.B1.O/am=CEgVAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAEGAnAAAYAMAOAAIAAAIAAAAAAAiAAAAAgAAIgEIAAAAgACAAABwACAAAAAAAAisAABCQAwBKABJAfgAACggAgAAABAABBhoCUQGEAgABAAAAAAAAAgAAAEMAhAAAHQABYACIAgAg9EAAAAAAAEEAAEwEAMvAAwQAAAAAAABIAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAUAAAAAAAAAAAAAAAAAAAAAAQ/d=1/ed=1/br=1/rs=ACT90oFfV9x2i3TKID9hDZuGgncoa7EtcA/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Xt_7V3lIs10JGPLHD_wStRPKaoC4_2JYQJogRjxojWe7MmbPpHPiU; NID=520=R1KRmUbbxb5-R5tXIe_BghMVBgBmHPokV-jWkZyImbGJkxamtvUh94inOncGpYVhTMgwrvw4F6kSmLLdDvIRvJp5Vi-RK3My3VhwxKXhsOaeVqISajmpmm7XMjeSthmUlZDCvD_Pez-IDGdzF2Lriv-SZQLdw-m5pXfDGQ1TgBTvhOsWjR1Cm1ehxbNcmjqqPXTYkrUnkffdS3RPkZs |
| Source: global traffic | HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-Xt_7V3lIs10JGPLHD_wStRPKaoC4_2JYQJogRjxojWe7MmbPpHPiU; NID=520=R1KRmUbbxb5-R5tXIe_BghMVBgBmHPokV-jWkZyImbGJkxamtvUh94inOncGpYVhTMgwrvw4F6kSmLLdDvIRvJp5Vi-RK3My3VhwxKXhsOaeVqISajmpmm7XMjeSthmUlZDCvD_Pez-IDGdzF2Lriv-SZQLdw-m5pXfDGQ1TgBTvhOsWjR1Cm1ehxbNcmjqqPXTYkrUnkffdS3RPkZs |
| Source: global traffic | HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.XMPBuSWRFak.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAABQAAACAAAAAAAIAAAIAAAAIAQiCAAAQAAAAwAIAACA4AAAAABAAAAABgEeZAiBABAAAAABAAAABpAAAAAABAAAABAAAAAAAQAEAAAAAgAAAAAAAIAAAAAECAAAAAAAAAACAAAAA9AAAAAAAAAAAAQAAAMvAAwQAAAAAAAB6AAgegCGFBQAAAAAAAAAAAAAAAAESBHMhAQUBCAAAAAAAAAAAAAAAAAAAkSYubA/d=1/ed=1/dg=3/br=1/rs=ACT90oEVOPvSCPda6tIvJrjCPaHM3agDAw/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DMzTfb:fNTHad;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;Qw8Feb:jpavUe;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RCF5Sd:X1kBmd;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;Uvc8o:VDovNc;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VhA7bd:vAmQFf;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hlqGX:FWz1ic;hsLsYc:Vl118;hwoVHd:zw4U8c;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lbfkyf:MqGdUd;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;oVHXxc:HODIOb;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb,yDVVkb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;ropkZ:UT1DG;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;u |
Edit tour
chrome.exe (PID: 648 cmdline: 
