ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash d11f1919fef5d8fccf8a87cf62ec7d61
b862276403c5375ce0cf2707ff0141d0f765fafa
7002839ec0a73f7a79f9f8720287932bd850a6a1b741ad91808e402ecb1c0d48
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Jun 2023 11:16:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Montserrat:700,900
142.250.74.106200 OK 1.0 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Montserrat:700,900
IP 142.250.74.106:443
Requested by https://3r2-mi.cloud/expire/index2.html
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type gzip compressed data, max compression\012- data
Hash 7ac978ed62d00ca3095bee53819cb82b
4f63c927c2c16cd0fbbc4d6521632ae6b8f49836
7aff6f7debdffb2278ff8849aed362a980ceafa16f1b0060612e3af97608c6b8
GET /css?family=Montserrat:700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3r2-mi.cloud/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Jun 2023 11:16:38 GMT
date: Sun, 04 Jun 2023 11:16:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash c8c4fd34484b10881179e1a092434fd9
b37e3b04da5ba68bf533fcff188ac29b8eb27b3e
e5ccf7ef803972b97b8bff04fcab8af38c84d5a832ab096c7fd5ace5e56bf92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Jun 2023 11:16:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash c8c4fd34484b10881179e1a092434fd9
b37e3b04da5ba68bf533fcff188ac29b8eb27b3e
e5ccf7ef803972b97b8bff04fcab8af38c84d5a832ab096c7fd5ace5e56bf92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Jun 2023 11:16:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.227200 OK 31 kB URL GET HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.227:443
Requested by https://3r2-mi.cloud/expire/index2.html
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3r2-mi.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 00:25:28 GMT
expires: Thu, 30 May 2024 00:25:28 GMT
cache-control: public, max-age=31536000
age: 384671
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.227200 OK 31 kB URL GET HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.227:443
Requested by https://3r2-mi.cloud/expire/index2.html
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3r2-mi.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 00:25:28 GMT
expires: Thu, 30 May 2024 00:25:28 GMT
cache-control: public, max-age=31536000
age: 384671
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash c8c4fd34484b10881179e1a092434fd9
b37e3b04da5ba68bf533fcff188ac29b8eb27b3e
e5ccf7ef803972b97b8bff04fcab8af38c84d5a832ab096c7fd5ace5e56bf92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Jun 2023 11:16:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
3r2-mi.cloud/expire/img/favicon.png
104.21.64.89200 OK 22 kB URL GET HTTP/3 3r2-mi.cloud/expire/img/favicon.png
IP 104.21.64.89:443
Requested by https://3r2-mi.cloud/expire/index2.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint2C:95:E8:AE:D9:F1:8E:07:61:C2:56:D8:28:6E:C7:EE:65:8A:FC:6B
ValiditySun, 29 Jan 2023 00:00:00 GMT - Sun, 28 Jan 2024 23:59:59 GMT
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 310fd67d702063937e39c17b2060067f
503b0c1cd35674b8e58b6b35431f381f1417a1a5
2ee7ca9b189df54d7ccdd064d75d0143a8229bae9bdb69f37105e59f433c0a8b
Analyzer Verdict Alert openphish Apple Inc.
GET /expire/img/favicon.png HTTP/1.1
Host: 3r2-mi.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3r2-mi.cloud/expire/index2.html
Cookie: PHPSESSID=e83c2b55a3668a840cf6368ac4ad06ed
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 04 Jun 2023 11:16:40 GMT
content-type: image/png
content-length: 22382
content-security-policy: upgrade-insecure-requests;
last-modified: Fri, 08 Apr 2022 21:02:04 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mV9Gs%2FsAjd9ZvvPJdkF2BnChqUInpaDAYXbUSVYnPTr6XP0sFCix1EdE6EMf23Dn52jPNcKUQ%2BK3jHAPRO39YGU0HUhgmXmYmRpWtRVS1vQrBGnxmk6JitjeBN561ic%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1fc3d21e04b518-OSL
alt-svc: h3=":443"; ma=86400
3r2-mi.cloud/cdn-cgi/challenge-platform/scripts/invisible.js
104.21.64.89302 Found 26 kB URL GET HTTP/3 3r2-mi.cloud/cdn-cgi/challenge-platform/scripts/invisible.js
IP 104.21.64.89:443
Requested by https://3r2-mi.cloud/expire/index2.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint2C:95:E8:AE:D9:F1:8E:07:61:C2:56:D8:28:6E:C7:EE:65:8A:FC:6B
ValiditySun, 29 Jan 2023 00:00:00 GMT - Sun, 28 Jan 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Apple Inc.
GET /cdn-cgi/challenge-platform/scripts/invisible.js HTTP/1.1
Host: 3r2-mi.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=e83c2b55a3668a840cf6368ac4ad06ed
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Sun, 04 Jun 2023 11:16:39 GMT
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js
vary: accept-encoding
cache-control: max-age=300, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nz2TkVIHiJrFmXvk0bDdBoZ6dpgNM4mdh4ys2ZXsDR%2BiBeFl3B6grgosiyn9weYjBfbW3h1sokBA4jDTKQffUkPHv99pLEoZYhb0637IMO7OLSz2FtursHCPYaBOuHo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc3d18d33b518-OSL
alt-svc: h3=":443"; ma=86400
104.21.64.89302 Found 2.6 kB URL User Request GET HTTP/2 IP 104.21.64.89:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint2C:95:E8:AE:D9:F1:8E:07:61:C2:56:D8:28:6E:C7:EE:65:8A:FC:6B
ValiditySun, 29 Jan 2023 00:00:00 GMT - Sun, 28 Jan 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Apple Inc.
GET / HTTP/1.1
Host: 3r2-mi.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sun, 04 Jun 2023 11:16:37 GMT
content-type: text/html; charset=UTF-8
location: ./expire/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=e83c2b55a3668a840cf6368ac4ad06ed; path=/
content-security-policy: upgrade-insecure-requests;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4AL1Pl5Tc84gY1SWQ0vcMSWEExloPCSU2ZDX8wBP1uFPg%2BkPt1u5pTME6Vv5tQiMWE01uEKpx3eniIduF28PT5bFO9EOJLWu%2B%2BxR%2FP2%2F%2BFXcgdXIHKtYf5bvKeIhFl8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc3c47ee7b512-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
3r2-mi.cloud/expire/index2.html
104.21.64.89200 OK 2.6 kB URL User Request GET HTTP/3 3r2-mi.cloud/expire/index2.html
IP 104.21.64.89:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint2C:95:E8:AE:D9:F1:8E:07:61:C2:56:D8:28:6E:C7:EE:65:8A:FC:6B
ValiditySun, 29 Jan 2023 00:00:00 GMT - Sun, 28 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2755), with no line terminators
Hash ef7b128e170b5ddfee222efaf24b8165
685de37c96112b23294d064f4ff0aa82a5d2d04d
e7623779524e91e8c4382591e3b7c30212d82ec3d301a26db45a27c14374a9b7
Analyzer Verdict Alert openphish Apple Inc.
GET /expire/index2.html HTTP/1.1
Host: 3r2-mi.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=e83c2b55a3668a840cf6368ac4ad06ed
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 04 Jun 2023 11:16:38 GMT
content-type: text/html
content-security-policy: upgrade-insecure-requests;
last-modified: Fri, 08 Apr 2022 21:02:04 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9W3AqRfZonWNadBpnDoER46goa8Kz0wXNYLf8ggUkTYIKir2xCJ%2BkM1MnhVgOYwNCyDHMGkzGTHb3jymLOcoXolpyOB8GcnqNiSwdFc500Z82ssBkMJ2XH%2BANT5I4yY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc3cb4d49b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
3r2-mi.cloud/expire/css/style.css
104.21.64.89200 OK 2.1 kB URL GET HTTP/3 3r2-mi.cloud/expire/css/style.css
IP 104.21.64.89:443
Requested by https://3r2-mi.cloud/expire/index2.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint2C:95:E8:AE:D9:F1:8E:07:61:C2:56:D8:28:6E:C7:EE:65:8A:FC:6B
ValiditySun, 29 Jan 2023 00:00:00 GMT - Sun, 28 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (2258), with no line terminators
Hash 3c9986578ffbc2bc0b74f46d0cdf1dbb
71ce714310574ad3d79e217a1cfe6e7288126c55
102e2fc968ae428c508a66cfdbb5bf4bc28e1f080392ce1e6c9c91807a8f43ac
Analyzer Verdict Alert openphish Apple Inc.
GET /expire/css/style.css HTTP/1.1
Host: 3r2-mi.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3r2-mi.cloud/expire/index2.html
Cookie: PHPSESSID=e83c2b55a3668a840cf6368ac4ad06ed
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 04 Jun 2023 11:16:39 GMT
content-type: text/css
content-security-policy: upgrade-insecure-requests;
last-modified: Fri, 08 Apr 2022 21:02:04 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=snkXeZsjZg5n6W7qHklIWoCD%2Bc9VM3fXYwgRZZGcMSrtKRlc%2F8%2BF6OPjH1hnXyaHkK%2BFGy2WznXB61pLI3vhr6C9f9v7gYiVUBwwCiNAPVr4h9UkXzUEv%2FbOa%2FPCR3s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc3ce0918b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
3r2-mi.cloud/cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js
104.21.64.89200 OK 26 kB URL GET HTTP/3 3r2-mi.cloud/cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js
IP 104.21.64.89:443
Requested by https://3r2-mi.cloud/expire/index2.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint2C:95:E8:AE:D9:F1:8E:07:61:C2:56:D8:28:6E:C7:EE:65:8A:FC:6B
ValiditySun, 29 Jan 2023 00:00:00 GMT - Sun, 28 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (25760), with no line terminators
Hash 0187aaf933bb7216d247ff12a214ba65
bbee93ff8b5ce43dccb275cbe3a3f8fd1413894a
2d7f18030483b00fe5878238a5457c3148d1e7fe486b90760bfe130f2ee11955
Analyzer Verdict Alert openphish Apple Inc.
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js HTTP/1.1
Host: 3r2-mi.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=e83c2b55a3668a840cf6368ac4ad06ed
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 04 Jun 2023 11:16:39 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
cache-control: max-age=14400, public
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i2paC1HAN3rkR2Nc6877WSAieNBDF4h2EMD%2BOaLKtGkssZEGYu8jNAFJCSQTgdDzRZzaegZzfPi7ykg6R%2F0Mj%2FlCQ9UBKrzauOhJw3%2FTjRNEJf2%2Bs8fcc%2BSghqLJVQA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc3d19d5db518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
3r2-mi.cloud/cdn-cgi/challenge-platform/h/g/scripts/pica.js
104.21.64.89200 OK 5.7 kB URL GET HTTP/3 3r2-mi.cloud/cdn-cgi/challenge-platform/h/g/scripts/pica.js
IP 104.21.64.89:443
Requested by https://3r2-mi.cloud/expire/index2.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint2C:95:E8:AE:D9:F1:8E:07:61:C2:56:D8:28:6E:C7:EE:65:8A:FC:6B
ValiditySun, 29 Jan 2023 00:00:00 GMT - Sun, 28 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (5737), with no line terminators
Hash 0086349d48e48bc629fae26b4d9a1d62
900b7eae4a95ee0cba5a3d06a7bd0cdb7fbadce5
02b970ef47832c12b0744ee9fca53a8798a7163bab765b508b6263a5af516ae2
Analyzer Verdict Alert openphish Apple Inc.
GET /cdn-cgi/challenge-platform/h/g/scripts/pica.js HTTP/1.1
Host: 3r2-mi.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3r2-mi.cloud/expire/index2.html
Cookie: PHPSESSID=e83c2b55a3668a840cf6368ac4ad06ed
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 04 Jun 2023 11:16:39 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
cache-control: max-age=14400, public
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ApJtgA3DMpynG6kKSuK%2B0rhILnvobM8gF3yfcJNGsMmtamTA%2BFZUA%2FlZQX0Zy6hm9Q7QX2mdJq66YAvM2ZEyatIHEajHeWoD%2BOV3bFzZ42nO8Es4J39uoIC60naywwU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc3d20de8b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
3r2-mi.cloud/cdn-cgi/challenge-platform/h/g/cv/result/7d1fc3cb4d49b518
104.21.64.89200 OK 2 B URL POST HTTP/3 3r2-mi.cloud/cdn-cgi/challenge-platform/h/g/cv/result/7d1fc3cb4d49b518
IP 104.21.64.89:443
Requested by https://3r2-mi.cloud/expire/index2.html
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint2C:95:E8:AE:D9:F1:8E:07:61:C2:56:D8:28:6E:C7:EE:65:8A:FC:6B
ValiditySun, 29 Jan 2023 00:00:00 GMT - Sun, 28 Jan 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert openphish Apple Inc.
POST /cdn-cgi/challenge-platform/h/g/cv/result/7d1fc3cb4d49b518 HTTP/1.1
Host: 3r2-mi.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12385
Origin: https://3r2-mi.cloud
DNT: 1
Connection: keep-alive
Referer: https://3r2-mi.cloud/expire/index2.html
Cookie: PHPSESSID=e83c2b55a3668a840cf6368ac4ad06ed
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 04 Jun 2023 11:16:39 GMT
content-type: text/plain; charset=UTF-8
set-cookie: __cf_bm=vn4iL3FB_B5uzYXoaRbsBfeHxHwzbmkz_a5xWKpHx1I-1685877399-0-AUB0ElVjaU6JkjIvaiClQ1+h9mcf2yFtp2ePerlQgUxiIhTta8xXDgwilBlMp7XJR4nHYKP4KCeXiKpfsvnz6oE4jsJdpxRUIZA1XWi21BDW; path=/; expires=Sun, 04-Jun-23 11:46:39 GMT; domain=.3r2-mi.cloud; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r6vX4thlpJeEcON%2Bs1T1OL7ULO%2B9Rr7J5qe0eUYwCF0RC9X%2BVmesj5NCkJyfUP%2B6cmOJyvyKPhURxvDz%2Bk%2FucNjdNl7Y0Cv3I6yypvLicjhRMLUWXXiirrTOXTdL9bg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc3d3f8afb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
104.21.64.89302 Found 2.6 kB URL User Request GET HTTP/3 IP 104.21.64.89:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint2C:95:E8:AE:D9:F1:8E:07:61:C2:56:D8:28:6E:C7:EE:65:8A:FC:6B
ValiditySun, 29 Jan 2023 00:00:00 GMT - Sun, 28 Jan 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Apple Inc.
GET /expire/ HTTP/1.1
Host: 3r2-mi.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=e83c2b55a3668a840cf6368ac4ad06ed
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Sun, 04 Jun 2023 11:16:38 GMT
content-type: text/html; charset=UTF-8
location: index2.html
content-security-policy: upgrade-insecure-requests;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QpT%2BBUAdaRRi5v0KKMCw7R%2FICHout9RFM6VjDhhMHnWcLgEKyzrKXDnCBLIU%2BgLKOuxiSWQU1DpGxXGYYwaoaeoH9MV%2FxqDYmbWkfBHwK3HI0Lk%2FZYWSNmFiyiCzSK0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc3c7f8ffb518-OSL
alt-svc: h3=":443"; ma=86400