ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash d11f1919fef5d8fccf8a87cf62ec7d61
b862276403c5375ce0cf2707ff0141d0f765fafa
7002839ec0a73f7a79f9f8720287932bd850a6a1b741ad91808e402ecb1c0d48
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Jun 2023 11:16:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
3r2-i.cloud/expire/index2.html
172.67.171.31200 OK 2.2 kB URL User Request GET HTTP/3 3r2-i.cloud/expire/index2.html
IP 172.67.171.31:443
Certificate IssuerGoogle Trust Services LLC
Subject3r2-i.cloud
FingerprintAC:AF:D1:B4:BA:EC:4B:3C:2C:52:77:31:E8:B8:B1:5C:4F:10:FE:9D
ValiditySat, 27 May 2023 13:08:45 GMT - Fri, 25 Aug 2023 13:08:44 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1228)
Hash 12fb97f2272dca352f831efb801bc6e2
d35b3c5b7e7fff0504a38f5776edc9d9c8643cc2
20bae03410cf2ee79804dc6b77163d31365553804dd8e4f95f0af011f037f137
Analyzer Verdict Alert openphish Apple Inc.
GET /expire/index2.html HTTP/1.1
Host: 3r2-i.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=93ef20acdade006a48b4304e8f6b86e3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 04 Jun 2023 11:16:52 GMT
content-type: text/html
content-security-policy: upgrade-insecure-requests;
last-modified: Fri, 08 Apr 2022 21:02:04 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YUpH65BuBZP7i3a0mYLf1c9sQXZKv6F4VJpThHOcb6WQ3g0ylCbD%2B1NesfDixJCKtAZ2Gfnu5ghSlVOmO39MwNZlL8EPKI%2FPWVM%2BVy3kpFeQ2bdlkj%2BV0FUqPJ6tRA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc4236d2cb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash c8c4fd34484b10881179e1a092434fd9
b37e3b04da5ba68bf533fcff188ac29b8eb27b3e
e5ccf7ef803972b97b8bff04fcab8af38c84d5a832ab096c7fd5ace5e56bf92c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Jun 2023 11:16:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
172.67.171.31302 Found 471 B URL User Request GET HTTP/2 IP 172.67.171.31:443
Certificate IssuerGoogle Trust Services LLC
Subject3r2-i.cloud
FingerprintAC:AF:D1:B4:BA:EC:4B:3C:2C:52:77:31:E8:B8:B1:5C:4F:10:FE:9D
ValiditySat, 27 May 2023 13:08:45 GMT - Fri, 25 Aug 2023 13:08:44 GMT
Hash c8c4fd34484b10881179e1a092434fd9
b37e3b04da5ba68bf533fcff188ac29b8eb27b3e
e5ccf7ef803972b97b8bff04fcab8af38c84d5a832ab096c7fd5ace5e56bf92c
Analyzer Verdict Alert openphish Apple Inc.
GET / HTTP/1.1
Host: 3r2-i.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sun, 04 Jun 2023 11:16:52 GMT
content-type: text/html; charset=UTF-8
location: ./expire/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=93ef20acdade006a48b4304e8f6b86e3; path=/
content-security-policy: upgrade-insecure-requests;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ckKCeX5tRQd6flzvfT4qzgFl13JYdqoXn164sBF%2BQpnASAAiKbVEBpZFnMN37xsObo0EEXKf1I8vIf6h7ceIQbLryXXxRrI4uexRVAu5%2Fppi2GuBab40ZgTXhQgOEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc41ecbdfb4f1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.227200 OK 31 kB URL GET HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.227:443
Requested by https://3r2-i.cloud/expire/index2.html
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3r2-i.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 00:25:28 GMT
expires: Thu, 30 May 2024 00:25:28 GMT
cache-control: public, max-age=31536000
age: 384685
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.227200 OK 31 kB URL GET HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.227:443
Requested by https://3r2-i.cloud/expire/index2.html
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3r2-i.cloud
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 00:25:28 GMT
expires: Thu, 30 May 2024 00:25:28 GMT
cache-control: public, max-age=31536000
age: 384685
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
172.67.171.31302 Found 1.1 kB URL User Request GET HTTP/2 IP 172.67.171.31:443
Certificate IssuerGoogle Trust Services LLC
Subject3r2-i.cloud
FingerprintAC:AF:D1:B4:BA:EC:4B:3C:2C:52:77:31:E8:B8:B1:5C:4F:10:FE:9D
ValiditySat, 27 May 2023 13:08:45 GMT - Fri, 25 Aug 2023 13:08:44 GMT
Hash 27120b700d8908fff0545bcd9f3c72e1
454d937c5eb66b802068c378781cd55cc2878fc5
921aa4d49db09f63953ca15d3b7110d7b481da6ca91ff620b875cfd99bd8634d
Analyzer Verdict Alert openphish Apple Inc.
GET /expire/ HTTP/1.1
Host: 3r2-i.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=93ef20acdade006a48b4304e8f6b86e3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Sun, 04 Jun 2023 11:16:52 GMT
content-type: text/html; charset=UTF-8
location: index2.html
content-security-policy: upgrade-insecure-requests;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XCdbFe4%2FomjrldLXsov9e65wq731gmWCsYajZHOBUS%2Fff0u3PDECGBqc5CmrWbdcAt02mZq4Mc9N4xGbZ1pnPN%2B10EWPE46qH4C1pEwG9wJtapWzxPeU2JgXhVUQBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc42228f9b4f1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
3r2-i.cloud/expire/img/favicon.png
172.67.171.31200 OK 22 kB URL GET HTTP/3 3r2-i.cloud/expire/img/favicon.png
IP 172.67.171.31:443
Requested by https://3r2-i.cloud/expire/index2.html
Certificate IssuerGoogle Trust Services LLC
Subject3r2-i.cloud
FingerprintAC:AF:D1:B4:BA:EC:4B:3C:2C:52:77:31:E8:B8:B1:5C:4F:10:FE:9D
ValiditySat, 27 May 2023 13:08:45 GMT - Fri, 25 Aug 2023 13:08:44 GMT
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 310fd67d702063937e39c17b2060067f
503b0c1cd35674b8e58b6b35431f381f1417a1a5
2ee7ca9b189df54d7ccdd064d75d0143a8229bae9bdb69f37105e59f433c0a8b
Analyzer Verdict Alert openphish Apple Inc.
GET /expire/img/favicon.png HTTP/1.1
Host: 3r2-i.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3r2-i.cloud/expire/index2.html
Cookie: PHPSESSID=93ef20acdade006a48b4304e8f6b86e3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 04 Jun 2023 11:16:54 GMT
content-type: image/png
content-length: 22382
content-security-policy: upgrade-insecure-requests;
last-modified: Fri, 08 Apr 2022 21:02:04 GMT
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bQEvGphrqzpwNhIkill3clO2mVrogNAKyyu0rBK7denC5os9ue7pR9h9FqL87i2KUyTHRpeSokgnEUk59tt2mHFTVsWHDgM9ot4aPyxNaexdGphIoCc%2B22CSdyirbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d1fc42dbc1db509-OSL
alt-svc: h3=":443"; ma=86400
fonts.googleapis.com/css?family=Montserrat:700,900
142.250.74.106200 OK 3.4 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Montserrat:700,900
IP 142.250.74.106:443
Requested by https://3r2-i.cloud/expire/index2.html
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type ASCII text, with very long lines (3520), with no line terminators
Hash 1696fdfef8ba979afc8d85e14ebb9c37
6defed1f9ef4ca75dfaadf3d8007d9de6f696ab8
10076b212783f301e426169ee7e7678be4bdbbd96e07a752f85ffda9752655a0
GET /css?family=Montserrat:700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3r2-i.cloud/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Jun 2023 11:16:53 GMT
date: Sun, 04 Jun 2023 11:16:53 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
3r2-i.cloud/cdn-cgi/challenge-platform/scripts/invisible.js
172.67.171.31302 Found 24 kB URL GET HTTP/3 3r2-i.cloud/cdn-cgi/challenge-platform/scripts/invisible.js
IP 172.67.171.31:443
Requested by https://3r2-i.cloud/expire/index2.html
Certificate IssuerGoogle Trust Services LLC
Subject3r2-i.cloud
FingerprintAC:AF:D1:B4:BA:EC:4B:3C:2C:52:77:31:E8:B8:B1:5C:4F:10:FE:9D
ValiditySat, 27 May 2023 13:08:45 GMT - Fri, 25 Aug 2023 13:08:44 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Apple Inc.
GET /cdn-cgi/challenge-platform/scripts/invisible.js HTTP/1.1
Host: 3r2-i.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=93ef20acdade006a48b4304e8f6b86e3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Sun, 04 Jun 2023 11:16:53 GMT
vary: accept-encoding
cache-control: max-age=300, public
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NDUj2ow2IniTFjz651u4jfxXtNlQwXfl3mFcHBDoj87QRFobgpSXHoqwmGsLpYdTVsntnLyp394pPGgLBuxsoqN13QDn1DNd1OkepZr%2BQ9xc9vVCk2VdMltokXBpGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc42c29b9b509-OSL
alt-svc: h3=":443"; ma=86400
3r2-i.cloud/expire/css/style.css
172.67.171.31200 OK 2.1 kB URL GET HTTP/3 3r2-i.cloud/expire/css/style.css
IP 172.67.171.31:443
Requested by https://3r2-i.cloud/expire/index2.html
Certificate IssuerGoogle Trust Services LLC
Subject3r2-i.cloud
FingerprintAC:AF:D1:B4:BA:EC:4B:3C:2C:52:77:31:E8:B8:B1:5C:4F:10:FE:9D
ValiditySat, 27 May 2023 13:08:45 GMT - Fri, 25 Aug 2023 13:08:44 GMT
File type ASCII text, with very long lines (2258), with no line terminators
Hash 3c9986578ffbc2bc0b74f46d0cdf1dbb
71ce714310574ad3d79e217a1cfe6e7288126c55
102e2fc968ae428c508a66cfdbb5bf4bc28e1f080392ce1e6c9c91807a8f43ac
Analyzer Verdict Alert openphish Apple Inc.
GET /expire/css/style.css HTTP/1.1
Host: 3r2-i.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3r2-i.cloud/expire/index2.html
Cookie: PHPSESSID=93ef20acdade006a48b4304e8f6b86e3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 04 Jun 2023 11:16:53 GMT
content-type: text/css
content-security-policy: upgrade-insecure-requests;
last-modified: Fri, 08 Apr 2022 21:02:04 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IebxHSJtbjK5XrYXcsRI6WRo%2Ff2IrgZZQHICuOB02hThjieBs1RoUXP9tKGy7DvAgkmYlQEuaS%2F%2B5d%2BDnm5ZztWt0pv9n3q8m%2BkFPpGVr%2Bd%2B3RmJflSNiRRI4jv8wA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc4289d0ab509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
3r2-i.cloud/cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js
172.67.171.31200 OK 24 kB URL GET HTTP/3 3r2-i.cloud/cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js
IP 172.67.171.31:443
Requested by https://3r2-i.cloud/expire/index2.html
Certificate IssuerGoogle Trust Services LLC
Subject3r2-i.cloud
FingerprintAC:AF:D1:B4:BA:EC:4B:3C:2C:52:77:31:E8:B8:B1:5C:4F:10:FE:9D
ValiditySat, 27 May 2023 13:08:45 GMT - Fri, 25 Aug 2023 13:08:44 GMT
File type ASCII text, with very long lines (24168), with no line terminators
Hash 89376b7e63047690271abab69fd33c53
05c71cc12d986c6767643eb214e6925614babb94
f78a18c6bc84a9c5763afcb94ccf27486fd6be7ab9a58ebe971e0629bcf6e57c
Analyzer Verdict Alert openphish Apple Inc.
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/68662470/invisible.js HTTP/1.1
Host: 3r2-i.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=93ef20acdade006a48b4304e8f6b86e3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 04 Jun 2023 11:16:53 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
vary: accept-encoding
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cGQ1gNfvyCdPLgVIM%2B98qYaWtCGSreB1OVDgha2e0Rjm%2FF3K0s8%2BvKzB9QoSejwR6Dl%2BWmGtemf%2BR2Yjb62Ug7VGWYLYFqLX3K3Ito5WwgONhRlw3QpCuS2k%2BHHdxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc42cdacab509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
3r2-i.cloud/cdn-cgi/challenge-platform/h/g/scripts/pica.js
172.67.171.31200 OK 5.7 kB URL GET HTTP/3 3r2-i.cloud/cdn-cgi/challenge-platform/h/g/scripts/pica.js
IP 172.67.171.31:443
Requested by https://3r2-i.cloud/expire/index2.html
Certificate IssuerGoogle Trust Services LLC
Subject3r2-i.cloud
FingerprintAC:AF:D1:B4:BA:EC:4B:3C:2C:52:77:31:E8:B8:B1:5C:4F:10:FE:9D
ValiditySat, 27 May 2023 13:08:45 GMT - Fri, 25 Aug 2023 13:08:44 GMT
File type ASCII text, with very long lines (5696), with no line terminators
Hash 267f91cdd719f22d921614498aaae78b
8c8c70a82bd7a3c050e39fe2b3fb88b263f2cf9b
c5cb216b3604d0a388320d1b9636ae41e0817409e80609c294fae8a0991cc386
Analyzer Verdict Alert openphish Apple Inc.
GET /cdn-cgi/challenge-platform/h/g/scripts/pica.js HTTP/1.1
Host: 3r2-i.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3r2-i.cloud/expire/index2.html
Cookie: PHPSESSID=93ef20acdade006a48b4304e8f6b86e3
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 04 Jun 2023 11:16:53 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-content-type-options: nosniff
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nSuYxFR2jeaz64gsnqGWhxq1n0K9FPbgxffJRYkIU5MW%2B3oTMF7zX1vU2SORdtrLPRri9G%2BDT9WmtWNxFVAx66LA1K8W8I1VeeE82Suf6g4qoJOYlOjFMHZGBbw6sA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc42d1b3cb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
3r2-i.cloud/cdn-cgi/challenge-platform/h/g/cv/result/7d1fc4236d2cb509
172.67.171.31200 OK 2 B URL POST HTTP/3 3r2-i.cloud/cdn-cgi/challenge-platform/h/g/cv/result/7d1fc4236d2cb509
IP 172.67.171.31:443
Requested by https://3r2-i.cloud/expire/index2.html
Certificate IssuerGoogle Trust Services LLC
Subject3r2-i.cloud
FingerprintAC:AF:D1:B4:BA:EC:4B:3C:2C:52:77:31:E8:B8:B1:5C:4F:10:FE:9D
ValiditySat, 27 May 2023 13:08:45 GMT - Fri, 25 Aug 2023 13:08:44 GMT
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert openphish Apple Inc.
POST /cdn-cgi/challenge-platform/h/g/cv/result/7d1fc4236d2cb509 HTTP/1.1
Host: 3r2-i.cloud
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12383
Origin: https://3r2-i.cloud
DNT: 1
Connection: keep-alive
Referer: https://3r2-i.cloud/expire/index2.html
Cookie: PHPSESSID=93ef20acdade006a48b4304e8f6b86e3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 04 Jun 2023 11:16:54 GMT
content-type: text/plain; charset=UTF-8
set-cookie: __cf_bm=UQZr8B18Ju6PIRFTXC8wae.pgfGxb_vhjv2JIOJD04A-1685877414-0-AXMqTRi7ZTJWMEIT4fIFFSOtSewPFpcHc9Bb18/ybxDuCATJm9Qb9buwpZEIrlgCPsCCwIxNhXowUEZ2prbHhBK8oQqUKPDqKSziNAYTTALt; path=/; expires=Sun, 04-Jun-23 11:46:54 GMT; domain=.3r2-i.cloud; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mcYWJuy%2FJQDZ3kyFqLCopxvPe1Wacv4aQa1SnQPHn4kQ7dKPy%2Bs%2B3KoaDRjLSMrz4SsY7JLFI3Fjw8gozetS7nmPyg8iuTeAtyZC1IVYfTQ1%2BPM3sWLflahl5u6esQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d1fc42f4e6fb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400