prclk.gpbtrx.com/15GXfP
20.113.188.243 200 B IP 20.113.188.243:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document, ASCII text, with no line terminators
Hash d28642aca928d74d371f862aa3d83daa
db98a7d6db04087eef00bc5c3d38be661233cd3b
fa6eecb37461df90638a762d48c4e577eba1784e6224f27bf5cdc6db4973a533
Analyzer Verdict Alert fortinet Phishing
GET /15GXfP HTTP/1.1
Host: prclk.gpbtrx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Fri, 26 May 2023 20:03:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 200
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15GXfPl=20230526131685131715677; domain=.prclk.gpbtrx.com; path=/;expires=Sat, 27 May 2023 20:03:01 GMT; httpOnly=true;SameSite=None; Secure;
_pc_lc_id=15GXfP; domain=.prclk.gpbtrx.com; path=/;expires=Sat, 27 May 2023 20:03:01 GMT; httpOnly=true;SameSite=None; Secure;
__oldc3o=eyIxIjoiMTVHWGZQIiwiMiI6MTQ1NjM5NCwiMyI6IldpdGhvdXQgcmVmZXJlciIsIjQiOnsiaSI6W10sInYiOltdfSwiNSI6IjM0NDk1NCIsIjYiOjEsIjkiOjE2ODUxMzEzODE4MTEsIjEwIjoxNTYzMiwiMTEiOiIzNjQ2ODMiLCIxMiI6MTI0LCIxMyI6bnVsbCwiMTQiOjEsIjE1IjowfQ==; domain=.prclk.gpbtrx.com; path=/;expires=Sat, 27 May 2023 20:03:01 GMT; httpOnly=true;SameSite=None; Secure;
peerclickcid=0ab6b38f793c4820b8f6572953c7308f-32021-0526; domain=.prclk.gpbtrx.com; path=/;expires=Sat, 27 May 2023 20:03:01 GMT; httpOnly=true;SameSite=None; Secure;
_norg=1; domain=.prclk.gpbtrx.com; path=/;expires=Sat, 27 May 2023 20:03:01 GMT; httpOnly=true;SameSite=None; Secure;
Location: https://offernexus.com/test/testage1apt/index.html?campaign=858&lander=124
Vary: Accept
offernexus.com/test/testage1apt/special-offer-pt.png
104.21.56.19 8.7 kB URL offernexus.com/test/testage1apt/special-offer-pt.png
IP 104.21.56.19:0
File type PNG image data, 425 x 123, 8-bit colormap, non-interlaced\012- data
Hash 681fe140f15e1046dad29da4f443389b
1511e971c7a359293d23485d114bbdf7fb0fab6b
6c4902f9efcbff97c6d133c6d1273ad38b3b536e3e459ee87689f0ea7d2c2daf
GET /test/testage1apt/special-offer-pt.png HTTP/1.1
Host: offernexus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://offernexus.com/test/testage1apt/index.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 May 2023 20:03:03 GMT
content-type: image/png
content-length: 8714
cache-control: public, max-age=604800, s-maxage=604800, immutable
etag: "a01793d014ab33acd470b110e6c5247e-ssl"
x-nf-request-id: 01GS7NJNVD25CSGT71CJ0J2DPQ
x-robots-tag: noindex, nofollow, nosnippet, noarchive
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O9KKlsBxmHJNdIlIxm1%2F%2FTq8w67HPt8GpMnzGxyV0cmzbHyY0TYxNnvpp68uwsmOQ53zM0RId%2BnyGfAZJyekZB%2FMEnt7HtR2JJ4NMUG%2FU%2BS9oT82wcS09G7fM%2FW6e1bafg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd89e85f8e1b515-OSL
alt-svc: h3=":443"; ma=86400
deefauph.com/zone?&pub=0&zone_id=4680232&is_mobile=false&domain=offernexus.com&var=858&ymid=&var_3=&var_4=&dsig=&action=prerequest
139.45.197.251 0 B URL deefauph.com/zone?&pub=0&zone_id=4680232&is_mobile=false&domain=offernexus.com&var=858&ymid=&var_3=&var_4=&dsig=&action=prerequest
IP 139.45.197.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=4680232&is_mobile=false&domain=offernexus.com&var=858&ymid=&var_3=&var_4=&dsig=&action=prerequest HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://offernexus.com
DNT: 1
Connection: keep-alive
Referer: https://offernexus.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 May 2023 20:03:03 GMT
content-length: 0
x-trace-id: b1f7fecb6912713473cbc8d6b99d9ae7
access-control-allow-origin: https://offernexus.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
offernexus.com/test/testage1apt/index.html?campaign=858&lander=124
104.21.56.19302 Found 1.1 kB URL User Request GET HTTP/2 offernexus.com/test/testage1apt/index.html?campaign=858&lander=124
IP 104.21.56.19:443
Certificate IssuerLet's Encrypt
Subjectoffernexus.com
Fingerprint1E:1C:0E:F3:50:87:31:F4:AE:E3:2E:23:30:D9:F7:CD:75:87:1A:42
ValidityMon, 15 May 2023 00:51:41 GMT - Sun, 13 Aug 2023 00:51:40 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /test/testage1apt/index.html?campaign=858&lander=124 HTTP/1.1
Host: offernexus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 26 May 2023 20:03:01 GMT
location: https://offernexus.com/test/testage1apt/index.html#campaign=858&lander=124
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NmjXWbjdc11yuELzjOXH5m7ZNdSnbqSI4OWg8cJ1KmRhsKm6xkd0wFeDbPEFVExEEeTUevd1QX5hsg0jMZ6vDGt0KcV38yY%2BwUGyXH%2FOQ9Glijd%2Fk%2FnORrQCBk8ozj%2BU9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd89e812b50fab8-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
offernexus.com/test/testage1apt/index.html
104.21.56.19200 OK 1.1 kB URL User Request GET HTTP/2 offernexus.com/test/testage1apt/index.html
IP 104.21.56.19:443
Certificate IssuerLet's Encrypt
Subjectoffernexus.com
Fingerprint1E:1C:0E:F3:50:87:31:F4:AE:E3:2E:23:30:D9:F7:CD:75:87:1A:42
ValidityMon, 15 May 2023 00:51:41 GMT - Sun, 13 Aug 2023 00:51:40 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1168), with no line terminators
Hash d51fdaca132b99cd23222e7b1709d92c
9313d7f345ad4492cc49ce1062833d344103bd9c
ddccc27a3d3f33ab2aca0c75de944beb03e65d4fbdaf12a0d03b3f9cb04a0f95
GET /test/testage1apt/index.html HTTP/1.1
Host: offernexus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 May 2023 20:03:02 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=604800, s-maxage=604800, immutable
vary: Accept-Encoding
x-nf-request-id: 01GZVNNZP1K6M05BVHF31ARMV3
x-robots-tag: noindex, nofollow, nosnippet, noarchive
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o4Wl5VSg5NZXMP%2BDZknlR%2FTHhQF%2FgQJib6TrgGWJ7M6btKF20mZ4q7QJdazZQWkalvUXZSk0tMrZ7M1NpN8afgPDSu973G%2FqzhJ0sn5a7j3tqNjEKT0K0Evvd6B4qVusFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cd89e815ba5fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2