{"report_id":"915da066-65ea-4b26-a41f-9d709f813222","version":0,"status":"done","tags":["phishing","darcula"],"date":"2026-06-11T00:44:01Z","url":{"schema":"http","addr":"ghpostcas.eu.cc/gh","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"104.21.7.75","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"ghpostcas.eu.cc/gh","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"title":"Georgian Post","dom":{"size":27058,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (26263)","md5":"708dad4d029b15d2a074286b5b7fe2e1","sha1":"dddda37578c74a5fdfbcc5ffb2b1d7c6f47c3619","sha256":"d2531a390e87ae639ae68c4e8f2666004865af046f3587cef264ba94dbba4381","sha512":"69a4df7d241811faf6afb1eb8b7e87d251320ab82cf32d90c7f2fbc3e7ed401fc48a4d78ef2039e361f2b13518e113b9761125c2a72c4cc69bd4f3b794716876","ssdeep":"384:L6Iv0vGvgBRP2fwYm63AxkLClIuOMXJV01IR/bPOy4YgW+78Qn7feYREzAEI2x6N:BurxgxV2zYlNl","tlshash":"4cc220f3d81922bb0a5739c22d0bba6fe7e1607dcf24284173fd6139da25f5a64b0116","dom_hash":"domhashfab2ca8c8244f4fc8faf729656912e4d","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ghpostcas.eu.cc/gh","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"104.21.7.75","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-16T00:44:01Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]},"summary":[{"fqdn":"ghpostcas.eu.cc","ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"1997-10-13","domain_rank":0,"first_seen":"2026-06-11T00:38:12.234369Z","last_seen":"2026-06-11T00:38:12.234369Z","alert_count":14,"request_count":14,"received_data":488023,"sent_data":7441,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"ghpostcas.eu.cc/assets/HomeView-a51c1a35.js","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8166889015936294ce264de8c7cfb28e","sha1":"b21a59d39e140dac0693f9cb7fde9fc21edd9766","sha256":"cdb4edb0e608df21d2766eb2f749ffedf868825ddc2dddb1d37cffa273acf3c0","sha512":"16d11cc9631e3e4d0e86620bdd2d85a7ec67956d7a5d45bfaf0c20961eca4d2ffebac61c3dbc08b74b0c737b6f0d039440c4ef689d992ec887981ab4d5e04641","ssdeep":"768:2NkuLC/tUvbT9Dq9WeoVEXe+Opu3ohIaznlXGwrM+lefKDCCDzVOUzkYpzIH2Q6B:2MaT9NILOAo55xeuCCDzYaP1IHdmj5","tlshash":"dd53c5ce3146b212977602b408af4907f33d6ca1684e8d1cf51cd9d97939d6a42bbfb8","size":62772,"data":"","first_seen":"2026-04-01T02:26:42.569373Z","last_seen":"2026-06-13T02:07:35.745904Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/assets/index-3fee2f2a.js","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"28a01e1a79c1a681a93ab7fdfbadfbd1","sha1":"5c125d6881b99fd44c35f1e868bd184ab9fd3d23","sha256":"d721f27c6f8f1037a89792f5170414f798041a271c900a0c9727046b3016e3d0","sha512":"c7bcaaa5980d0bb9a3ef3f58bdd37f273d838934eca8270802dc245a74e78d9c85bec1812005dfc408129dc623124ee4046e75164b17629500012f2214e4f61f","ssdeep":"6144:Tt+Hau1fYV8sA8Qb7fyr4bXpv2p1j0yok4dcPkCEhRmAg:Tt+6u1fEtA8K+4bXp+pZZ4mPkCEhRi","tlshash":"9f6407d87193b02183a615f540bb000bf33d6d54384d8498f16ce9da3e7a95aa2bbf7d","size":320723,"data":"","first_seen":"2026-06-06T01:53:02.415051Z","last_seen":"2026-06-11T01:16:32.620487Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/assets/IndexView-1dfea49e.js","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"af476161594ccb0f723ef91d64e58472","sha1":"7b71a1840a3fadf56d4b100a899f0a17728f12e1","sha256":"4b70f80423758c521c315f42068264acc0aa5f1d49638541b0c8f6b0186c1f55","sha512":"23a8051934e5507d7e769c70659cc39e3772d92de4c23909d41fdbbb5806f5d8b56028458cba236e491c2a8732b29f132ae3dc1a139435cfdcd07fd7d7bd4fb6","ssdeep":"","tlshash":"36f05c1a8d41ebf9d293a494206504882b046fd6b7b8c0caf7bd191907a163dab6e350","size":456,"data":"","first_seen":"2026-04-01T02:26:42.573606Z","last_seen":"2026-06-14T17:29:39.152717Z","times_seen":41,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/assets/CommonLayout-67c9b953.js","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f5d8144ab9ec33fd26db177201a1c002","sha1":"218d1500c30fdc99b000818826bbf51994e58917","sha256":"378adfb45ba4cc4de5ddb8ee67980e0391dcd880978d4cea70ff68cf78ad2563","sha512":"1f36aa5fd42c26856810c7bd2b5fc617b1183a43da8e5bd7d848a96efb67417e000d6b9eb58e592666455cd9f434dc3b67cb2ae93762e5b4832bad1ae14b6453","ssdeep":"384:ebhEG4eXlmPPPxs1r7siZrw/mDGn6YHfgHsD3ixaj9ED5cikP0DkuHqWeDNiWLKO:ebhRC3+/1loIJa+nE3L","tlshash":"04c241e75e8522bc152776421047bc09fbd229b9cf612c13abfd7729d122bbe756030a","size":26106,"data":"","first_seen":"2026-04-01T02:26:42.562369Z","last_seen":"2026-06-13T02:07:35.74734Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"log","text":"login","filename":"https://ghpostcas.eu.cc/assets/index-3fee2f2a.js","line_number":0,"column_number":0}]},"http":[{"url":{"schema":"https","addr":"ghpostcas.eu.cc/assets/index-3fee2f2a.js","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ghpostcas.eu.cc/gh","date":"2026-06-11T00:43:41.672Z","timestamp":1781138621672,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghpostcas.eu.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Jun 2026 09:47:27 GMT","end":"Fri, 04 Sep 2026 10:46:15 GMT"},"fingerprint":{"sha1":"CC:F0:6A:3C:A0:73:FB:38:61:4B:A3:90:27:C7:79:5A:AE:04:C8:8C","sha256":"EC:9E:A5:DE:AB:EB:B9:76:E6:8D:06:24:DA:89:38:32:72:32:AE:85:4D:54:BD:CF:70:B2:2E:8F:DA:E4:F4:A5"}}},"request":{"raw":"GET /assets/index-3fee2f2a.js HTTP/1.1\r\nHost: ghpostcas.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ghpostcas.eu.cc/gh\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\npriority: u=3,i=?0\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Thu, 11 Jun 2026 00:43:42 GMT\r\nserver: cloudflare\r\nlast-modified: Fri, 05 Jun 2026 16:21:30 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncf-cache-status: MISS\r\netag: W/\"cd29db620dfe54510f49bbdae2da58ee\"\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JZGhBsdxfPbSZE3orBVPZeLBa8sTMMXwOgDxnnC2sEQuHYObloruXH39WgrEXS7AaiU5AtPeunqZbK7SDxbJsoir9kWal74e%2BQvbMys%2FF9lXf11W4%2BHuQ2YNTNXoK1iD%2Fzk%3D\"}]}\r\ncf-ray: a09c9541781156b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":320723,"size_decoded":122204,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (36114)","md5":"28a01e1a79c1a681a93ab7fdfbadfbd1","sha1":"5c125d6881b99fd44c35f1e868bd184ab9fd3d23","sha256":"d721f27c6f8f1037a89792f5170414f798041a271c900a0c9727046b3016e3d0","sha512":"c7bcaaa5980d0bb9a3ef3f58bdd37f273d838934eca8270802dc245a74e78d9c85bec1812005dfc408129dc623124ee4046e75164b17629500012f2214e4f61f","ssdeep":"6144:Tt+Hau1fYV8sA8Qb7fyr4bXpv2p1j0yok4dcPkCEhRmAg:Tt+6u1fEtA8K+4bXp+pZZ4mPkCEhRi","tlshash":"9f6407d87193b02183a615f540bb000bf33d6d54384d8498f16ce9da3e7a95aa2bbf7d","first_seen":"2026-06-06T01:53:02.415051Z","last_seen":"2026-06-11T01:16:32.620487Z","times_seen":7,"resource_available":true,"data":null}},"time_used":1010,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":353,"receive":657,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/assets/IndexView-1dfea49e.js","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ghpostcas.eu.cc/gh","date":"2026-06-11T00:43:42.782Z","timestamp":1781138622782,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghpostcas.eu.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Jun 2026 09:47:27 GMT","end":"Fri, 04 Sep 2026 10:46:15 GMT"},"fingerprint":{"sha1":"CC:F0:6A:3C:A0:73:FB:38:61:4B:A3:90:27:C7:79:5A:AE:04:C8:8C","sha256":"EC:9E:A5:DE:AB:EB:B9:76:E6:8D:06:24:DA:89:38:32:72:32:AE:85:4D:54:BD:CF:70:B2:2E:8F:DA:E4:F4:A5"}}},"request":{"raw":"GET /assets/IndexView-1dfea49e.js HTTP/1.1\r\nHost: ghpostcas.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ghpostcas.eu.cc/gh\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=K%2FYR%2BTkAtuwAxDadSKHJ4IxzQoZrjLSCQZMS2IP6fIbNpygdPJ1UwMOE6DT%2FiGqsiOkj3xz5u6wbIklObEgJIbNnRKAXLSnscEjSICfEfADRQKtyEr82zwYYkFqAbvyxlDg%3D\"}]}\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\nserver: cloudflare\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Thu, 11 Jun 2026 00:43:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 05 Jun 2026 16:21:30 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncf-cache-status: MISS\r\netag: W/\"6f59e51cbd958d012b9ba173f9980f52\"\r\ncontent-encoding: zstd\r\npriority: u=1,i=?0\r\ncf-ray: a09c9548682356b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":456,"size_decoded":1211,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (455)","md5":"af476161594ccb0f723ef91d64e58472","sha1":"7b71a1840a3fadf56d4b100a899f0a17728f12e1","sha256":"4b70f80423758c521c315f42068264acc0aa5f1d49638541b0c8f6b0186c1f55","sha512":"23a8051934e5507d7e769c70659cc39e3772d92de4c23909d41fdbbb5806f5d8b56028458cba236e491c2a8732b29f132ae3dc1a139435cfdcd07fd7d7bd4fb6","ssdeep":"","tlshash":"36f05c1a8d41ebf9d293a494206504882b046fd6b7b8c0caf7bd191907a163dab6e350","first_seen":"2026-04-01T02:26:42.573606Z","last_seen":"2026-06-14T17:29:39.152717Z","times_seen":41,"resource_available":true,"data":null}},"time_used":12225,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/assets/IndexView-4f4c357d.css","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ghpostcas.eu.cc/gh","date":"2026-06-11T00:43:42.785Z","timestamp":1781138622785,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghpostcas.eu.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Jun 2026 09:47:27 GMT","end":"Fri, 04 Sep 2026 10:46:15 GMT"},"fingerprint":{"sha1":"CC:F0:6A:3C:A0:73:FB:38:61:4B:A3:90:27:C7:79:5A:AE:04:C8:8C","sha256":"EC:9E:A5:DE:AB:EB:B9:76:E6:8D:06:24:DA:89:38:32:72:32:AE:85:4D:54:BD:CF:70:B2:2E:8F:DA:E4:F4:A5"}}},"request":{"raw":"GET /assets/IndexView-4f4c357d.css HTTP/1.1\r\nHost: ghpostcas.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ghpostcas.eu.cc/gh\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j6PbGX4cPcZfDd7TL%2BfcdLsfjy1puwRsPWaiMsLwMLi50tlKN7u99Q9LAGR%2F6eHyweGU80UYLNvTLqm4UcP%2Fw1RgjnSGSYLIcgBuN7vDZC7yvX0yO23sQYcWo2hxCNF2e08%3D\"}]}\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\nserver: cloudflare\r\ncontent-type: text/css; charset=utf-8\r\ndate: Thu, 11 Jun 2026 00:43:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 05 Jun 2026 16:21:30 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncf-cache-status: MISS\r\netag: W/\"d78020b14c146082e6eef4589c676a91\"\r\ncontent-encoding: zstd\r\npriority: u=2,i=?0\r\ncf-ray: a09c9548682456b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":508,"size_decoded":1155,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (507)","md5":"9ad5a8a34fbd24169993bd7802b60b11","sha1":"3461bdc985f343dee74c1380227e84eef7caaa3c","sha256":"4f4c357dc183add047281009131b05e717f601fbb1f57aa5526691488ee591ec","sha512":"6106aa482669cffa1e6b8b9d4a9dbc37761912aea2642ba7b5bdd529282276e26a8fb34b4c2bc619ab3bc62fc197aefd5a24c3bfcd73049820111108e1900477","ssdeep":"","tlshash":"8ef0507d5509183fa877dd16b4e155c9d5cad337f3078207a5d9191f4c86a451c7068c","first_seen":"2025-06-14T13:00:55.182719Z","last_seen":"2026-06-18T11:32:16.813671Z","times_seen":262,"resource_available":false,"data":null}},"time_used":12223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/PMSipVQuBS/api?token=40aaed30-5bec-4e13-b6ec-3a5570e3397d","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ghpostcas.eu.cc/gh","date":"2026-06-11T00:43:43.123Z","timestamp":1781138623123,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghpostcas.eu.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Jun 2026 09:47:27 GMT","end":"Fri, 04 Sep 2026 10:46:15 GMT"},"fingerprint":{"sha1":"CC:F0:6A:3C:A0:73:FB:38:61:4B:A3:90:27:C7:79:5A:AE:04:C8:8C","sha256":"EC:9E:A5:DE:AB:EB:B9:76:E6:8D:06:24:DA:89:38:32:72:32:AE:85:4D:54:BD:CF:70:B2:2E:8F:DA:E4:F4:A5"}}},"request":{"raw":"POST /PMSipVQuBS/api?token=40aaed30-5bec-4e13-b6ec-3a5570e3397d HTTP/1.1\r\nHost: ghpostcas.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nToken: 40aaed30-5bec-4e13-b6ec-3a5570e3397d\r\nX-Token: 40aaed30-5bec-4e13-b6ec-3a5570e3397d\r\nContent-Length: 2\r\nOrigin: https://ghpostcas.eu.cc\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ghpostcas.eu.cc/gh\r\nCookie: token=40aaed30-5bec-4e13-b6ec-3a5570e3397d\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\ncontent-type: application/json\r\ndate: Thu, 11 Jun 2026 00:43:43 GMT\r\nserver: cloudflare\r\ntrace-id: 3a48241424e0b7182e333d7ffccb1abd\r\nvia: 1.1 Caddy\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7pCi7BjAW7bmjWzL2b72pE3bpdVtIUpmz4DqXbIo4syaHMtJ9qyJiPF3GYaMLzVrEDkwo4TxwQICbqsIxe1cjDc2%2BzpLmXs9a7pjV333AFI9OFDk4d2wyV5e%2BE%2Fh2UMEsZ0%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: zstd\r\npriority: u=3,i=?0\r\ncf-ray: a09c954a883156b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":319,"size_decoded":956,"mime_type":"application/json","magic":"JSON text data","md5":"25548754d74e4fe6ed222bb52f4cbf6a","sha1":"501f5c53f2a6ec3bdc700ca339bccb8464552494","sha256":"cc1921c80fe21b003cf90e3edb6e52c2dc08919faebd1233d62005e2e9b8debf","sha512":"03ea8ad8f264982bca1b56fc5ef85b2c1170318c265823c38283920b9e3d66989308a820ea0a9e5d15df405eb07a80b3873e6bfd6499a659a72708028fb127d6","ssdeep":"","tlshash":"d0e07d941020c4d4c4031c0210fdbd0442ef4db0fb5303358848e06ce94c87aff12c95","first_seen":"2026-06-11T00:44:03.068102Z","last_seen":"2026-06-11T00:44:03.068102Z","times_seen":1,"resource_available":false,"data":null}},"time_used":11886,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11886,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"wss","addr":"wss://ghpostcas.eu.cc/ws?token=40aaed30-5bec-4e13-b6ec-3a5570e3397d","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://ghpostcas.eu.cc/gh","date":"2026-06-11T00:43:55.049Z","timestamp":1781138635049,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghpostcas.eu.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Jun 2026 09:47:27 GMT","end":"Fri, 04 Sep 2026 10:46:15 GMT"},"fingerprint":{"sha1":"CC:F0:6A:3C:A0:73:FB:38:61:4B:A3:90:27:C7:79:5A:AE:04:C8:8C","sha256":"EC:9E:A5:DE:AB:EB:B9:76:E6:8D:06:24:DA:89:38:32:72:32:AE:85:4D:54:BD:CF:70:B2:2E:8F:DA:E4:F4:A5"}}},"request":{"raw":"GET /ws?token=40aaed30-5bec-4e13-b6ec-3a5570e3397d HTTP/1.1\r\nHost: ghpostcas.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-WebSocket-Version: 13\r\nOrigin: https://ghpostcas.eu.cc\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: Bt/O8JGTGfGpzmfOk1C9BQ==\r\nSec-GPC: 1\r\nConnection: Upgrade\r\nCookie: token=40aaed30-5bec-4e13-b6ec-3a5570e3397d\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nDate: Thu, 11 Jun 2026 00:43:55 GMT\r\nConnection: upgrade\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Origin: *\r\nSec-WebSocket-Accept: Hz8l0thema3YIOF/gOgma4+F+JU=\r\nSec-WebSocket-Extensions: permessage-deflate; server_no_context_takeover; client_no_context_takeover\r\nUpgrade: websocket\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=eR%2BBQNTXzLS7ElpH0%2FEwdpRhDkFOqgvohFgFqtzOt3qbS2H%2FyB1FS7cNcWanGmsdTLVDOZa3DTOdsVS%2BSwCAWG5YgreFT%2FfjvUFKLQ6LS5tOny%2BqBl%2FERBlKJzzZogNHxIs%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: a09c95953e61b51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1038\u0026min_rtt=973\u0026rtt_var=387\u0026sent=5\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=3198\u0026recv_bytes=1386\u0026delivery_rate=2983266\u0026cwnd=53\u0026unsent_bytes=0\u0026cid=c620eb39a23c7a31\u0026ts=358\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":1017,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-20T16:29:48.02362Z","times_seen":16584092,"resource_available":true,"data":null}},"time_used":390,"timings":{"blocked":-1,"dns":14,"connect":15,"send":0,"wait":351,"receive":0,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/assets/HomeView-7af8113a.css","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ghpostcas.eu.cc/gh","date":"2026-06-11T00:43:55.441Z","timestamp":1781138635441,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghpostcas.eu.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Jun 2026 09:47:27 GMT","end":"Fri, 04 Sep 2026 10:46:15 GMT"},"fingerprint":{"sha1":"CC:F0:6A:3C:A0:73:FB:38:61:4B:A3:90:27:C7:79:5A:AE:04:C8:8C","sha256":"EC:9E:A5:DE:AB:EB:B9:76:E6:8D:06:24:DA:89:38:32:72:32:AE:85:4D:54:BD:CF:70:B2:2E:8F:DA:E4:F4:A5"}}},"request":{"raw":"GET /assets/HomeView-7af8113a.css HTTP/1.1\r\nHost: ghpostcas.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ghpostcas.eu.cc/gh\r\nCookie: token=40aaed30-5bec-4e13-b6ec-3a5570e3397d\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=of87emmdxhAcwyxhLordN0oWcCWJhdyr2p1wK742%2BtuxfS%2BY7%2BbWIQCjtdSiblwJFZ8rGoV6Rdp0z24X%2F%2FijeFf60xzDSEKG1gYYddGl8huC0n8nrW97%2F581j%2BtMxCGT6N8%3D\"}]}\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\nserver: cloudflare\r\ncontent-type: text/css; charset=utf-8\r\ndate: Thu, 11 Jun 2026 00:43:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 05 Jun 2026 16:21:30 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncf-cache-status: MISS\r\netag: W/\"c279a11ee3e0f5fb95636155a2e1b752\"\r\ncontent-encoding: zstd\r\npriority: u=2,i=?0\r\ncf-ray: a09c95978ac756b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":323,"size_decoded":1084,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (322)","md5":"0064a2cfae8effd8c8da754ef53ba757","sha1":"b35924c58f702d61de85d48114e4524ac26218b6","sha256":"7af8113af882a0cfb47ae30568eaffaf2234c73fddece030302006b5cea1524a","sha512":"202865f0e752ced3866c5013a2de27549c8a0e051f711fd7e6a3ba304cb5d98b494af5c2a497aa82e7057284768c27c4db634f08680e7003234a129916ba5612","ssdeep":"","tlshash":"67e0cd617cca60752137c46bd0d1a5fcd5c66207499df532552b1635df5e6d23370304","first_seen":"2024-12-19T12:34:40.646713Z","last_seen":"2026-06-18T11:32:16.819505Z","times_seen":403,"resource_available":false,"data":null}},"time_used":344,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":344,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/gha_post/layout/images/6.jpg","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ghpostcas.eu.cc/gh","date":"2026-06-11T00:43:56.118Z","timestamp":1781138636118,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghpostcas.eu.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Jun 2026 09:47:27 GMT","end":"Fri, 04 Sep 2026 10:46:15 GMT"},"fingerprint":{"sha1":"CC:F0:6A:3C:A0:73:FB:38:61:4B:A3:90:27:C7:79:5A:AE:04:C8:8C","sha256":"EC:9E:A5:DE:AB:EB:B9:76:E6:8D:06:24:DA:89:38:32:72:32:AE:85:4D:54:BD:CF:70:B2:2E:8F:DA:E4:F4:A5"}}},"request":{"raw":"GET /gha_post/layout/images/6.jpg HTTP/1.1\r\nHost: ghpostcas.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ghpostcas.eu.cc/gh\r\nCookie: token=40aaed30-5bec-4e13-b6ec-3a5570e3397d\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W02U04TehXs0HEtEeu5QX9xBGTCem6HXBO0bEFFY0OC8YI%2BNK7r5Kik4CzveLoZliG2j59keIW9Px0tgg1myP65gPGD330Ri%2B3a2OtOsjOvY2K6hLTCpgeFkgb73eTSXlU8%3D\"}]}\r\ncontent-type: image/jpeg\r\ndate: Thu, 11 Jun 2026 00:43:56 GMT\r\netag: \"6a20c0b200cbe5828f234b2a4b3f4d64\"\r\nlast-modified: Fri, 05 Jun 2026 16:21:30 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncontent-length: 19205\r\ncf-ray: a09c959bcadb56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19205,"size_decoded":20081,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 265x80, components 3","md5":"089a337b346cb25ab116fbd2076a50f1","sha1":"5b6db77ed9fcbe917e8183cbefec89e3f8acbbd8","sha256":"bf1b91b8e291553b11a648537e0d52bac8d28d5502a7ff839153c01d2410db2c","sha512":"2a64c9ccd338b966d254fc23a045cd8f32541474b15143fa0fff73aca2feb8476fa53bad2ad7f85189c00a7d8c237d0462c274f9b45184170ee2e06bccecc828","ssdeep":"192:fHxkDL3pkfStIElCXQLt3kbKPu4ylPKOQq9Q48mRVExiv3NqL:fHKDL3pkfaI4CgLt3kbYc9tuMuxW3QL","tlshash":"4f825d141898f54dee2f723869e9a178c32488333081fd5d796d4cf22f163d52d19b42","first_seen":"2025-11-08T14:17:46.348431Z","last_seen":"2026-06-11T01:21:03.967778Z","times_seen":68,"resource_available":false,"data":null}},"time_used":509,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":345,"receive":164,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/gha_post/layout/images/8.png","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ghpostcas.eu.cc/gh","date":"2026-06-11T00:43:56.120Z","timestamp":1781138636120,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghpostcas.eu.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Jun 2026 09:47:27 GMT","end":"Fri, 04 Sep 2026 10:46:15 GMT"},"fingerprint":{"sha1":"CC:F0:6A:3C:A0:73:FB:38:61:4B:A3:90:27:C7:79:5A:AE:04:C8:8C","sha256":"EC:9E:A5:DE:AB:EB:B9:76:E6:8D:06:24:DA:89:38:32:72:32:AE:85:4D:54:BD:CF:70:B2:2E:8F:DA:E4:F4:A5"}}},"request":{"raw":"GET /gha_post/layout/images/8.png HTTP/1.1\r\nHost: ghpostcas.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ghpostcas.eu.cc/gh\r\nCookie: token=40aaed30-5bec-4e13-b6ec-3a5570e3397d\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CWq5Ze7MIOXVb5IzsRlWcVuvtjGI829vR9wkyLAz4aXQ13ZSKaiwUWLpknuT%2F09FKs8hF6c4OJy6sG7Xg7ak%2FQoCgOwImU04qPY4%2BvU066vc4XfWxfV5UIgTtGEWtPQhf7w%3D\"}]}\r\ncontent-type: image/png\r\ndate: Thu, 11 Jun 2026 00:43:56 GMT\r\netag: \"5f4f2b1e1f79af9fdbf75450899c2564\"\r\nlast-modified: Fri, 05 Jun 2026 16:21:30 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncontent-length: 7332\r\ncf-ray: a09c959bcadc56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7332,"size_decoded":8208,"mime_type":"image/png","magic":"PNG image data, 256 x 192, 8-bit/color RGBA, non-interlaced","md5":"d09ba0511c94d74b5306c9b8f17c5eec","sha1":"a168b9b4e4404c7f8a76b1716c12f930c2f0ed0e","sha256":"fa96f16ab2beea0bec4a7cdf11f69ddf7b14c45b726a3e82674f4395499ad65c","sha512":"f043b5a1cf0dab2cf89b0647af043500956a0db9634af983ef29e6c1c0d954e8485fd874ddab56785d563fe089af6ac6495bea53547afb7e66fbca0e1f0eacd6","ssdeep":"192:NmovYm7Sul8ZNfQWF30V+cDBqOpqf1wExaV1vtr0umheVLNgag2:govFR8ZNYWJC+EfV1vtr0u9JNRR","tlshash":"d3e1bf469c344cb6c8e8b3301da174126de385bf5917dadadd7042780caa82b6e5f2f8","first_seen":"2025-11-08T14:17:46.345486Z","last_seen":"2026-06-11T01:21:03.968443Z","times_seen":68,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":331,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/gh","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-11T00:43:34.432Z","timestamp":1781138614432,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghpostcas.eu.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Jun 2026 09:47:27 GMT","end":"Fri, 04 Sep 2026 10:46:15 GMT"},"fingerprint":{"sha1":"CC:F0:6A:3C:A0:73:FB:38:61:4B:A3:90:27:C7:79:5A:AE:04:C8:8C","sha256":"EC:9E:A5:DE:AB:EB:B9:76:E6:8D:06:24:DA:89:38:32:72:32:AE:85:4D:54:BD:CF:70:B2:2E:8F:DA:E4:F4:A5"}}},"request":{"raw":"GET /gh HTTP/1.1\r\nHost: ghpostcas.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Thu, 11 Jun 2026 00:43:41 GMT\r\ncontent-type: text/html; charset=utf-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\ncache-control: no-cache, must-revalidate\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Sc04uH%2Fk3aiXk51zN2IYje%2FzPe5%2BrMCFc7Kttq%2BykkSwbsyZgarGtI6RLqcQHyxhUTxx07CENEA7Mtxy7R8QjmG5KE5NIbgw%2FFUjz7u529dmPIztL93oOUmLPqXjVJ3B2qw%3D\"}]}\r\nlast-modified: Fri, 05 Jun 2026 16:21:30 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: zstd\r\nserver: cloudflare\r\ncf-ray: a09c953dfeef56af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":430,"size_decoded":1110,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"6f23926dee53b6b5fe5a2b81e2a9f656","sha1":"11ef701276ae2fc3b2fd85ec30eea3d2f79153cd","sha256":"e23920c86d1d4f69f4774097399b5fd3a6a40ef405be841d7e394da5de11c31f","sha512":"f8ba063994f6aa242886dd5cdf1f78b32fe81d719a725a37350f9795daa04e05f4819e4d1618d5c2f23d3069b26191914779b309e53d0b8d09ef87357fbe9ee9","ssdeep":"","tlshash":"0ee05c4684108509823492047cd0f90c45d7eb188ba55950a6f691bd4988b95cd9f96c","first_seen":"2026-04-01T02:26:42.56795Z","last_seen":"2026-06-14T17:29:39.155004Z","times_seen":41,"resource_available":true,"data":null}},"time_used":7013,"timings":{"blocked":-1,"dns":297,"connect":2,"send":0,"wait":332,"receive":0,"ssl":6383},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/assets/index-6b10ca21.css","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ghpostcas.eu.cc/gh","date":"2026-06-11T00:43:41.674Z","timestamp":1781138621674,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghpostcas.eu.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Jun 2026 09:47:27 GMT","end":"Fri, 04 Sep 2026 10:46:15 GMT"},"fingerprint":{"sha1":"CC:F0:6A:3C:A0:73:FB:38:61:4B:A3:90:27:C7:79:5A:AE:04:C8:8C","sha256":"EC:9E:A5:DE:AB:EB:B9:76:E6:8D:06:24:DA:89:38:32:72:32:AE:85:4D:54:BD:CF:70:B2:2E:8F:DA:E4:F4:A5"}}},"request":{"raw":"GET /assets/index-6b10ca21.css HTTP/1.1\r\nHost: ghpostcas.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ghpostcas.eu.cc/gh\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\npriority: u=2,i=?0\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: text/css; charset=utf-8\r\ndate: Thu, 11 Jun 2026 00:43:42 GMT\r\nserver: cloudflare\r\nlast-modified: Fri, 05 Jun 2026 16:21:30 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncf-cache-status: MISS\r\netag: W/\"21c3a7e6d164faf323a12313ffb84858\"\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LeZvVs87XUyJLBJMtP4YW8BuRKvunWUeAwpBE7IsTkgmPLumIvMaBW6E%2BBZCpNLF1dVP8fKdhT%2BSssKfIgbFAP7tp6QWvFKylrtmTkKXsJZjYOZpLGNiAPQMRZxRe0o1g50%3D\"}]}\r\ncf-ray: a09c9541781256b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":37893,"size_decoded":10288,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (19357)","md5":"d5ba1b7be3defc837296317a2a0f7311","sha1":"98ebfdd6dd9b622fc4d4a2052dd90c0eb4632f5a","sha256":"6b10ca21cda6d2e3b1f386a4e656c90887f00afc77b9899923b3d043e26f867d","sha512":"b1d5689df3b86d889991046aae2ca8172d9e5b9f1baeac2ebdb333827ba8fe81954b7c5eb36bbe0ed1467d751c3ad7006ed17ccca0571fb80bcc2bc3827621c6","ssdeep":"384:qaMykWW4/i9V9Nxn8ecoMo7ng5kvn791DUFUXvHRD68zbBbk:qZWi397n82tuOUFgvHBk","tlshash":"d103d84b9b653124b3978105b9c27ad86229c153f9211ceb7de61b6dc7c21ce32b2b4f","first_seen":"2025-11-08T14:17:46.351647Z","last_seen":"2026-06-14T17:29:39.152156Z","times_seen":72,"resource_available":false,"data":null}},"time_used":524,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":377,"receive":147,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/gha_post/75.png","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ghpostcas.eu.cc/gh","date":"2026-06-11T00:43:43.007Z","timestamp":1781138623007,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghpostcas.eu.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Jun 2026 09:47:27 GMT","end":"Fri, 04 Sep 2026 10:46:15 GMT"},"fingerprint":{"sha1":"CC:F0:6A:3C:A0:73:FB:38:61:4B:A3:90:27:C7:79:5A:AE:04:C8:8C","sha256":"EC:9E:A5:DE:AB:EB:B9:76:E6:8D:06:24:DA:89:38:32:72:32:AE:85:4D:54:BD:CF:70:B2:2E:8F:DA:E4:F4:A5"}}},"request":{"raw":"GET /gha_post/75.png HTTP/1.1\r\nHost: ghpostcas.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ghpostcas.eu.cc/gh\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=D88u2UCGQvOLvdduP%2FOCGU%2B9SypysChjKIjG%2FA2Ls6%2BwN%2F2Cpme8UVHKrA2Nt%2Bk3K5muc0Xg4ng8UpRyuUEAkEDhjY4g9fNSOX1HwVz%2FCSY2F2LWrCQYjP3C99pvmpkkKRk%3D\"}]}\r\ncontent-type: image/png\r\ndate: Thu, 11 Jun 2026 00:43:43 GMT\r\netag: \"370e49dbb2179cc51b35d9c31487bccf\"\r\nlast-modified: Fri, 05 Jun 2026 16:21:30 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncf-cache-status: MISS\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncontent-length: 566\r\ncf-ray: a09c9549d82d56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":566,"size_decoded":1452,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"f10cf29171803f9ed1a9bd65c75455f4","sha1":"b54e43b75520e8c81070913c693113dd31a2ec6d","sha256":"0ec71b6c5ca642b8d29f8328727f8c54ef8eb1262c72a9333fe86b6e4dac809a","sha512":"1aa51225435a1643b0e2642ccf507a410db0a80549a4bf84d5ddb9e622ff37f4a7e13a8fe04a7fd08c340e765d89e4c0d72f62ceb3f0fcbdc981d1618b0fb7f9","ssdeep":"","tlshash":"89f096e167b84828aea62f62023210e6ceff0e45e0532489c863d0563c3262ac8cc3c3","first_seen":"2025-11-08T14:17:46.344384Z","last_seen":"2026-06-14T17:29:39.153791Z","times_seen":72,"resource_available":false,"data":null}},"time_used":12002,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":12001,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/assets/HomeView-a51c1a35.js","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ghpostcas.eu.cc/gh","date":"2026-06-11T00:43:55.436Z","timestamp":1781138635436,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghpostcas.eu.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Jun 2026 09:47:27 GMT","end":"Fri, 04 Sep 2026 10:46:15 GMT"},"fingerprint":{"sha1":"CC:F0:6A:3C:A0:73:FB:38:61:4B:A3:90:27:C7:79:5A:AE:04:C8:8C","sha256":"EC:9E:A5:DE:AB:EB:B9:76:E6:8D:06:24:DA:89:38:32:72:32:AE:85:4D:54:BD:CF:70:B2:2E:8F:DA:E4:F4:A5"}}},"request":{"raw":"GET /assets/HomeView-a51c1a35.js HTTP/1.1\r\nHost: ghpostcas.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ghpostcas.eu.cc/gh\r\nCookie: token=40aaed30-5bec-4e13-b6ec-3a5570e3397d\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xHg8hGgY%2FiNhm3hltxg%2FBIu9cYHiqwaRnY%2Bi3STUD5b1LyAeDjqd65mOc8PrGPP30S50yCDKVxfTtnxLBlKx8s5sSrUBtMVmGWBifEulkLv3PKQ33K5g8AcKOZXp31PDGWo%3D\"}]}\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\nserver: cloudflare\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Thu, 11 Jun 2026 00:43:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 05 Jun 2026 16:21:30 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncf-cache-status: MISS\r\netag: W/\"3811a389649b6b82c8f091102d01d69e\"\r\ncontent-encoding: zstd\r\npriority: u=1,i=?0\r\ncf-ray: a09c95977ac456b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":62772,"size_decoded":23355,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (56837)","md5":"8166889015936294ce264de8c7cfb28e","sha1":"b21a59d39e140dac0693f9cb7fde9fc21edd9766","sha256":"cdb4edb0e608df21d2766eb2f749ffedf868825ddc2dddb1d37cffa273acf3c0","sha512":"16d11cc9631e3e4d0e86620bdd2d85a7ec67956d7a5d45bfaf0c20961eca4d2ffebac61c3dbc08b74b0c737b6f0d039440c4ef689d992ec887981ab4d5e04641","ssdeep":"768:2NkuLC/tUvbT9Dq9WeoVEXe+Opu3ohIaznlXGwrM+lefKDCCDzVOUzkYpzIH2Q6B:2MaT9NILOAo55xeuCCDzYaP1IHdmj5","tlshash":"dd53c5ce3146b212977602b408af4907f33d6ca1684e8d1cf51cd9d97939d6a42bbfb8","first_seen":"2026-04-01T02:26:42.569373Z","last_seen":"2026-06-13T02:07:35.745904Z","times_seen":38,"resource_available":true,"data":null}},"time_used":636,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":325,"receive":311,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/assets/CommonLayout-67c9b953.js","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"172.67.135.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ghpostcas.eu.cc/gh","date":"2026-06-11T00:43:55.439Z","timestamp":1781138635439,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ghpostcas.eu.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Jun 2026 09:47:27 GMT","end":"Fri, 04 Sep 2026 10:46:15 GMT"},"fingerprint":{"sha1":"CC:F0:6A:3C:A0:73:FB:38:61:4B:A3:90:27:C7:79:5A:AE:04:C8:8C","sha256":"EC:9E:A5:DE:AB:EB:B9:76:E6:8D:06:24:DA:89:38:32:72:32:AE:85:4D:54:BD:CF:70:B2:2E:8F:DA:E4:F4:A5"}}},"request":{"raw":"GET /assets/CommonLayout-67c9b953.js HTTP/1.1\r\nHost: ghpostcas.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ghpostcas.eu.cc/gh\r\nCookie: token=40aaed30-5bec-4e13-b6ec-3a5570e3397d\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uDnNyiCHvL8NEwQTUJtqjFKSYvwNmj%2FMBv5s1SGx5GPx%2Fcje0pYMZirjFlytBdyyBrpCRYb%2BKJHt45bQq7BSy%2BdY7nhViDrhqL6I9o6UZec1v37fkYRSURKVb0JOSMBOO4Y%3D\"}]}\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\nserver: cloudflare\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Thu, 11 Jun 2026 00:43:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 05 Jun 2026 16:21:30 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncf-cache-status: MISS\r\netag: W/\"e1b0843d4a5855d480b12ab0e0999ba6\"\r\ncontent-encoding: zstd\r\npriority: u=1,i=?0\r\ncf-ray: a09c95978ac656b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26106,"size_decoded":7799,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (26095)","md5":"f5d8144ab9ec33fd26db177201a1c002","sha1":"218d1500c30fdc99b000818826bbf51994e58917","sha256":"378adfb45ba4cc4de5ddb8ee67980e0391dcd880978d4cea70ff68cf78ad2563","sha512":"1f36aa5fd42c26856810c7bd2b5fc617b1183a43da8e5bd7d848a96efb67417e000d6b9eb58e592666455cd9f434dc3b67cb2ae93762e5b4832bad1ae14b6453","ssdeep":"384:ebhEG4eXlmPPPxs1r7siZrw/mDGn6YHfgHsD3ixaj9ED5cikP0DkuHqWeDNiWLKO:ebhRC3+/1loIJa+nE3L","tlshash":"04c241e75e8522bc152776421047bc09fbd229b9cf612c13abfd7729d122bbe756030a","first_seen":"2026-04-01T02:26:42.562369Z","last_seen":"2026-06-13T02:07:35.74734Z","times_seen":37,"resource_available":true,"data":null}},"time_used":517,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":350,"receive":167,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"ghpostcas.eu.cc/layout/stylesheet_1.css","fqdn":"ghpostcas.eu.cc","domain":"ghpostcas.eu.cc","tld":"eu.cc"},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ghpostcas.eu.cc/gh","date":"2026-06-11T00:43:56.111Z","timestamp":1781138636111,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /layout/stylesheet_1.css HTTP/1.1\r\nHost: ghpostcas.eu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://ghpostcas.eu.cc/gh\r\nCookie: token=40aaed30-5bec-4e13-b6ec-3a5570e3397d\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-20T16:29:48.02362Z","times_seen":16584092,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}}]}