{"report_id":"a4081883-2aa2-48c3-9dca-711cbd2955e6","version":6,"status":"done","tags":["posten","logistics","phishing","darcula"],"date":"2026-03-06T12:44:20Z","url":{"schema":"https","addr":"posden.top/index.html","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":0,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"posden.top/index.html","fqdn":"posden.top","domain":"posden.top","tld":"top"},"title":"Posten: Post- og frakttjenester i Norge og utlandet","dom":{"size":152578,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (58325)","md5":"aef4f5ad7fb61f05b8559f3517dc0c0e","sha1":"c346b23f6d65e8f3b5ba0970e2d157fa811b49f5","sha256":"087eead42a6bff7addfc27677c7f807cd198c5ba32965efad9e09a91083bd432","sha512":"60c283056c4d3cf8bd1323b450801345fb219fe2bfc81562f79da82b3b5db1ce76c190407339e3ea2ef83b29931ce00b5407daa0dc8c9b0b03cbc616aa76544f","ssdeep":"3072:v3xQKSN6Lrl71KIl3Nc7xGunXqJ2NL6i7cTWe8oNIRdAD4nwrJbD:v3tiGunaXi7cae8oNIRdAf","tlshash":"d4e3f732f155137f1d1bcbca9b2b616a601bf16ef7b605d8b02d8230a746fadb4e0844","dom_hash":"domhash520ba68c323d7ea9bc774da81d2da653","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"posden.top/index.html","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":0,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"tags":["soteria"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-10T12:44:20Z","useragent":"Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36","referer":"soteria","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]},"summary":[{"fqdn":"posden.top","ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"domain_registered":"2026-03-06","domain_rank":0,"first_seen":"2026-03-06T12:00:00.517605Z","last_seen":"2026-03-06T12:00:00.517605Z","alert_count":51,"request_count":17,"received_data":869553,"sent_data":9427,"comment":"","tags":null,"fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"posden.top/index.html","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1721c4ad9c3ece090db7c40c6760ab50","sha1":"3b5700ee650c570c339b9b6361ccf3b22c985394","sha256":"0cfbd5300363e488a85c4af1a29dc18759dbb15658762f8f603ddb3fc66eed5a","sha512":"1de6a92c044fa79ab74520ecb7c398b3e282915ac43509041ae74a52531d9429e95f6f818ecc9806a46f8ea00c0a539ed70b628d21d9f0a464661704b38da5f2","ssdeep":"","tlshash":"0f111458743562b300bf941e060f14db7903c857834aadc9b9eecda57fa5fa98ca0ca0","size":1020,"data":"","first_seen":"2025-03-28T05:19:04.451883Z","last_seen":"2026-04-01T16:56:11.491563Z","times_seen":3626,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"posden.top/index.html","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c9856413e32fd91a4aedae103e4e03c8","sha1":"f2e718cc34c3eb5272d549f55634245412bb4e99","sha256":"98f59aa28b02ebaf99e8d94fcdd97128c9d329efd3ff9e7d2188d7ebe3550d85","sha512":"2e333899fffdec21aa1f9528b355783d9ce463a44c27b59d6fd87e0a220805b1cc99f4a0abbeb48ef05011af37efc3934e43224db4d4c0f4893b784bb58272e9","ssdeep":"","tlshash":"41512fa8366750b99a77a47d171bb26a3e3d70232009cd113f0d23c90f98b395ce5adb","size":2932,"data":"","first_seen":"2025-03-28T05:19:04.453289Z","last_seen":"2026-04-01T16:56:11.492135Z","times_seen":1602,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"posden.top/assets/index-e0691697.js","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ff464feb32c0d9e67b641b201a15ee53","sha1":"1524e8d23e2d933d2d887612b33e4bb103f9b57a","sha256":"82d91bcdd640b601d3cd2297549105934abd604b25780b96b94d9926a42b650e","sha512":"c8dac7edaaf551118e8925cdcc0c85bdb08afb3a88ecc98e2068708d3f80ed159fa79e335ed216c8e95e957a78eb89bf7d54ae00f68753332f8cb498963c814b","ssdeep":"6144:PZESM7vdJRSHpQfeM+N/FpvDF54SD8LTgeiaq9Na7JU9IVWr:P6SM77RSJOeM+Nnx54SDUseiQMIVWr","tlshash":"1f64f6d83192b06143a615f510bb000bf33d6d15784d8498f26ce9da3f7a95a92bbfbc","size":331617,"data":"","first_seen":"2026-03-06T12:29:17.024465Z","last_seen":"2026-03-06T14:12:53.915109Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"posden.top/assets/IndexView-cdfe1f7f.js","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fa369f86ce99bfe30f4f9b82ea9564ae","sha1":"3a11343338da6af5ba1956ea90415fd83ee646d8","sha256":"d0094060acce3ebd15cdba18dac0a306443ad1351c0cb345d6adc369d6cd05e4","sha512":"35c3a6682b3e3439bef044cf20ccf172cd66d7e2df52e7e7b19c1d64a2bb767a8f239fe4138328c32d4152c72982549470782d2ba566ad6d206dd51ea9a1e8d6","ssdeep":"","tlshash":"3ff05c1e8c41fafad2d3a4942065048827041fd6b6a8c0caf2a9291907a1a3dab6f350","size":456,"data":"","first_seen":"2026-02-05T15:39:33.372633Z","last_seen":"2026-03-06T14:12:53.916762Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"posden.top/assets/CommonLayout-be4c0573.js","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"introduction_type":"importedModule","is_inline":false,"md5":"cad1f2dd72b820a0dc26d4cd1dc4f16c","sha1":"54b99cdafe1397e6fe679627a2a9c83ba7d34673","sha256":"f535e680d7493aafccbcc99ecfb3fd40396633c6c324366a31c719395cff5b06","sha512":"dabeecd150ec1da409b5d19f3924413152d2ca26296a2050626c4f5353e2427bf617686c14926f50adde3574479506f654183bc3d7a08d45fe75143cb2076e5b","ssdeep":"3072:VO1i41fSs65nTie5gntHVJtvCe45OkGAh57:VU/gl7","tlshash":"55c3f92fabd242bc390b8be445132464b45f38bfb7f7166594b98730f143fe8a984568","size":123295,"data":"","first_seen":"2026-02-05T15:39:33.355449Z","last_seen":"2026-03-06T14:12:53.913316Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"posden.top/assets/HomeView-bb2a676b.js","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"322c64166430da4887b52abaf09fad80","sha1":"a25b045fff153a8a09087a8033b90b5b9ec64d19","sha256":"fa8aedb0ab246ac72fda88caee69e3ecdeeffe177317ced2dc9b0f06a3ace675","sha512":"d8f7e12af572f488b02fdc6b8d41bde7d6bac76aa4797004ce54c712959bcf2e32699c7076bf7cafc29ab88f4f9f85dad398d21cfd15e3f8b1574bd1f0286a98","ssdeep":"768:oNkuLC/tUvbT9Dq9WeoVEXe+Opu3ohIaznlXGwrM+lefKDCCDzVOUzkYpzIH2Q6B:oMaT9NILOAo55xeuCCDzYaP1IHdmj5","tlshash":"cf53c5ce3146b212977602b408af4907f33d6ca1684e8d1cf51cd9d97939d6a42bbfb8","size":62772,"data":"","first_seen":"2026-02-05T15:39:33.3648Z","last_seen":"2026-03-06T14:12:53.917276Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"posden.top/assets/HomeView-bb2a676b.js","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:44:01.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /assets/HomeView-bb2a676b.js HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://posden.top/index.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Fri, 06 Mar 2026 12:44:01 GMT\r\netag: \"cf2d9c0a5b0a95bb201455951aff0a64\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 62772\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":62772,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (56837)","md5":"322c64166430da4887b52abaf09fad80","sha1":"a25b045fff153a8a09087a8033b90b5b9ec64d19","sha256":"fa8aedb0ab246ac72fda88caee69e3ecdeeffe177317ced2dc9b0f06a3ace675","sha512":"d8f7e12af572f488b02fdc6b8d41bde7d6bac76aa4797004ce54c712959bcf2e32699c7076bf7cafc29ab88f4f9f85dad398d21cfd15e3f8b1574bd1f0286a98","ssdeep":"768:oNkuLC/tUvbT9Dq9WeoVEXe+Opu3ohIaznlXGwrM+lefKDCCDzVOUzkYpzIH2Q6B:oMaT9NILOAo55xeuCCDzYaP1IHdmj5","tlshash":"cf53c5ce3146b212977602b408af4907f33d6ca1684e8d1cf51cd9d97939d6a42bbfb8","first_seen":"2026-02-05T15:39:33.3648Z","last_seen":"2026-03-06T14:12:53.917276Z","times_seen":7,"resource_available":true,"data":null}},"time_used":164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":162,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/assets/CommonLayout-be4c0573.js","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:44:01.271Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /assets/CommonLayout-be4c0573.js HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://posden.top/index.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Fri, 06 Mar 2026 12:44:01 GMT\r\netag: \"d578b6c7b1046819c8a41870a2c31d3d\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 123296\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":123296,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"cad1f2dd72b820a0dc26d4cd1dc4f16c","sha1":"54b99cdafe1397e6fe679627a2a9c83ba7d34673","sha256":"f535e680d7493aafccbcc99ecfb3fd40396633c6c324366a31c719395cff5b06","sha512":"dabeecd150ec1da409b5d19f3924413152d2ca26296a2050626c4f5353e2427bf617686c14926f50adde3574479506f654183bc3d7a08d45fe75143cb2076e5b","ssdeep":"3072:VO1i41fSs65nTie5gntHVJtvCe45OkGAh57:VU/gl7","tlshash":"55c3f92fabd242bc390b8be445132464b45f38bfb7f7166594b98730f143fe8a984568","first_seen":"2026-02-05T15:39:33.355449Z","last_seen":"2026-03-06T14:12:53.913316Z","times_seen":7,"resource_available":true,"data":null}},"time_used":314,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":163,"receive":151,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/nor_post/assets/882f8e268K8a8.woff2","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:44:01.918Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /nor_post/assets/882f8e268K8a8.woff2 HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://posden.top/assets/index-eca7b48f.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: font/woff2\r\ndate: Fri, 06 Mar 2026 12:44:02 GMT\r\netag: \"b25fb3db8fb9351511f2f157df0a564a\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 28596\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28596,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28596, version 20.7864","md5":"3fe083ad3867e1c0d189a7e803665157","sha1":"684b732a9cc92d2ee8ea6233c8b0e1d272c68adf","sha256":"882f8e26a41744d760948be6d84613b5485f83a9ccaf16aa64401dfc2a99e5a7","sha512":"ba576f83712aa45f94187a948c65b9718103722ff0a744c4c24cca2fb02cb1d6396b2a1d7b7c131c78476586be539c6321806aec400e253df8c3b90ccd4aac20","ssdeep":"768:3wfu91BlUnf/gPnBgzuoyNjYnlPveZmGm3lz3P7:muJlcf/qn2JOjYleZpwzf7","tlshash":"6ed2e0f99ccda182241eecb1f2e0b05a61ad780d4eb907fe701b90c157f7ad1265e60a","first_seen":"2023-06-13T13:38:41Z","last_seen":"2026-03-21T12:45:18.649644Z","times_seen":274,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":159,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/assets/index-e0691697.js","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:43:59.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /assets/index-e0691697.js HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://posden.top/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Fri, 06 Mar 2026 12:43:59 GMT\r\netag: \"10b54a325512f542f2ec6eeeed854f7c\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 331617\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":331617,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (34029)","md5":"ff464feb32c0d9e67b641b201a15ee53","sha1":"1524e8d23e2d933d2d887612b33e4bb103f9b57a","sha256":"82d91bcdd640b601d3cd2297549105934abd604b25780b96b94d9926a42b650e","sha512":"c8dac7edaaf551118e8925cdcc0c85bdb08afb3a88ecc98e2068708d3f80ed159fa79e335ed216c8e95e957a78eb89bf7d54ae00f68753332f8cb498963c814b","ssdeep":"6144:PZESM7vdJRSHpQfeM+N/FpvDF54SD8LTgeiaq9Na7JU9IVWr:P6SM77RSJOeM+Nnx54SDUseiQMIVWr","tlshash":"1f64f6d83192b06143a615f510bb000bf33d6d15784d8498f26ce9da3f7a95a92bbfbc","first_seen":"2026-03-06T12:29:17.024465Z","last_seen":"2026-03-06T14:12:53.915109Z","times_seen":4,"resource_available":true,"data":null}},"time_used":781,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":160,"receive":621,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/nor_post/assets/34ba719e8K8a8.woff2","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:44:00.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /nor_post/assets/34ba719e8K8a8.woff2 HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://posden.top/assets/index-eca7b48f.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: font/woff2\r\ndate: Fri, 06 Mar 2026 12:44:00 GMT\r\netag: \"18c0243306e2fc564bf8a481becda361\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 29396\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":29396,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 29396, version 20.7864","md5":"3623a2d45ce3b3dd95596ec5cdefec3f","sha1":"dd92e48a971fffb2db230258edb0912730ed602e","sha256":"34ba719e7f615b8acccbbb7deff55e38e8d5a71234d7d459ddb816340b2cd970","sha512":"1a43a94632f7fdddc17ae529f57fd71dee88c4a2b7a8289bf0f23894503fb46b6cc398fd16c8ad804c4077732e09d214e6796ead792ce74d3c76762df31bb8c7","ssdeep":"384:uOZWySy07HViz26qleEV0w06OGrCRyWmYGj8mL5gKFb+Dg2QDoFuYkYc7SmPVEq4:QQuViz26qZh06zewYzm9aADTn3qFhT","tlshash":"efd2f2338d2f8488da9b6a12507d5ae78ddb73f78cf2671308d94d80ceae1252518757","first_seen":"2023-05-04T04:57:44Z","last_seen":"2026-03-19T09:18:18.075227Z","times_seen":333,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":159,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/assets/IndexView-cdfe1f7f.js","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:44:00.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /assets/IndexView-cdfe1f7f.js HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://posden.top/index.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Fri, 06 Mar 2026 12:44:00 GMT\r\netag: \"9ca484e3000054ab05389dc2e5030d37\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 456\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":456,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (455)","md5":"fa369f86ce99bfe30f4f9b82ea9564ae","sha1":"3a11343338da6af5ba1956ea90415fd83ee646d8","sha256":"d0094060acce3ebd15cdba18dac0a306443ad1351c0cb345d6adc369d6cd05e4","sha512":"35c3a6682b3e3439bef044cf20ccf172cd66d7e2df52e7e7b19c1d64a2bb767a8f239fe4138328c32d4152c72982549470782d2ba566ad6d206dd51ea9a1e8d6","ssdeep":"","tlshash":"3ff05c1e8c41fafad2d3a4942065048827041fd6b6a8c0caf2a9291907a1a3dab6f350","first_seen":"2026-02-05T15:39:33.372633Z","last_seen":"2026-03-06T14:12:53.916762Z","times_seen":7,"resource_available":true,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/nor_post/148.png","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:44:00.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /nor_post/148.png HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://posden.top/index.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: image/png\r\ndate: Fri, 06 Mar 2026 12:44:00 GMT\r\netag: \"ccd4ff3c26c4edd993d82c9fa68a0735\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 1708\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1708,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"1fa4c9a05aae4399c4ae72eab37a5cd0","sha1":"5e7c4e697be77e9c0351944294005fae96d99471","sha256":"d3f292e1e0313f78382e3b5b5300734fa37a8a98cc774b151e34d85b4bf2057b","sha512":"81c0f7c18311c556bf2812fdedc48aaf07703e48cc2bd4677c5667e90101e034b1bda4122d3be8fc9331b2874b85dc01d9101ac6c09c46ec22e38162a06f1782","ssdeep":"","tlshash":"1b31fad0406ad6fb9c72563faa073c4999b8f0fefb70099f488549804628d7c39ad177","first_seen":"2023-09-22T20:53:10Z","last_seen":"2026-03-17T13:33:16.490582Z","times_seen":183,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/assets/HomeView-bb2a676b.js","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:44:01.440Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /assets/HomeView-bb2a676b.js HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://posden.top/assets/index-e0691697.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Fri, 06 Mar 2026 12:44:01 GMT\r\netag: \"cf2d9c0a5b0a95bb201455951aff0a64\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 62772\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":62772,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (56837)","md5":"322c64166430da4887b52abaf09fad80","sha1":"a25b045fff153a8a09087a8033b90b5b9ec64d19","sha256":"fa8aedb0ab246ac72fda88caee69e3ecdeeffe177317ced2dc9b0f06a3ace675","sha512":"d8f7e12af572f488b02fdc6b8d41bde7d6bac76aa4797004ce54c712959bcf2e32699c7076bf7cafc29ab88f4f9f85dad398d21cfd15e3f8b1574bd1f0286a98","ssdeep":"768:oNkuLC/tUvbT9Dq9WeoVEXe+Opu3ohIaznlXGwrM+lefKDCCDzVOUzkYpzIH2Q6B:oMaT9NILOAo55xeuCCDzYaP1IHdmj5","tlshash":"cf53c5ce3146b212977602b408af4907f33d6ca1684e8d1cf51cd9d97939d6a42bbfb8","first_seen":"2026-02-05T15:39:33.3648Z","last_seen":"2026-03-06T14:12:53.917276Z","times_seen":7,"resource_available":true,"data":null}},"time_used":161,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":159,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/nor_post/assets/1b92491b8K8a8.woff2","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:44:01.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /nor_post/assets/1b92491b8K8a8.woff2 HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://posden.top/assets/index-eca7b48f.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: font/woff2\r\ndate: Fri, 06 Mar 2026 12:44:02 GMT\r\netag: \"e1cb9b1f5395f61ac75169bd8b1296b2\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 29292\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":29292,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 29292, version 20.7864","md5":"17140eaa09aab2cebbc95af47f812a41","sha1":"8b153a7c04dbc2ea7300918a77cce2d9aa366781","sha256":"1b92491bfcbb457aa48f6c9b6adf0f4a6be0fd6594634126b7788919bd3b734d","sha512":"04f994517088d4b8e5b2741edebfb922856b2284cffe8941159d8acb1246077601a48be00455d4400bb7c273e643af370e3a79f30a74197fc3bd940ee1c8381d","ssdeep":"768:IPSfphFu2QsljmQaX0THweIAAkUUNypFM6+MrI0mEqXn1+:8SI2NcXoUUNypFM6+j0mH1+","tlshash":"cbd2e1869dae399df447ce2e414c6a44ec0cf5d3162cc9ef44e2578b11b715878b7388","first_seen":"2023-05-04T11:51:17Z","last_seen":"2026-03-19T09:18:18.088753Z","times_seen":334,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":160,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/index.html","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-06T12:43:58.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /index.html HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: no-cache, must-revalidate\r\ncontent-type: text/html; charset=utf-8\r\ndate: Fri, 06 Mar 2026 12:43:59 GMT\r\netag: \"210f2ea3b5f33955f99f32b89ca2b1fc\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 469\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":469,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"f73b724acfaacd9eb9ebdf30a96f4668","sha1":"03c5a58db76b4f52bc2fcdf6e15a0698880fa397","sha256":"ad88733cee550bd2b557671dc62b391e561db64fe5640ac639f5f3290e2c1e14","sha512":"a7092bf07cd329549e97d1f10b145f86a28ddb34c3ef741717f2069f448daf05db0a722275a523b482f66c093b2da74dc7b950d97d325d52d5476b7a6053996f","ssdeep":"","tlshash":"0cf0dc4ac414880a82349315acd0b10c8587eb98db82ad50a5e7a0ad9e89f8accdf838","first_seen":"2026-02-05T15:39:33.369857Z","last_seen":"2026-03-06T14:12:53.91451Z","times_seen":8,"resource_available":true,"data":null}},"time_used":1744,"timings":{"blocked":790,"dns":475,"connect":153,"send":0,"wait":159,"receive":0,"ssl":163},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/assets/IndexView-cdfe1f7f.js","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:44:00.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /assets/IndexView-cdfe1f7f.js HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://posden.top/assets/index-e0691697.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Fri, 06 Mar 2026 12:44:00 GMT\r\netag: \"9ca484e3000054ab05389dc2e5030d37\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 456\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":456,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (455)","md5":"fa369f86ce99bfe30f4f9b82ea9564ae","sha1":"3a11343338da6af5ba1956ea90415fd83ee646d8","sha256":"d0094060acce3ebd15cdba18dac0a306443ad1351c0cb345d6adc369d6cd05e4","sha512":"35c3a6682b3e3439bef044cf20ccf172cd66d7e2df52e7e7b19c1d64a2bb767a8f239fe4138328c32d4152c72982549470782d2ba566ad6d206dd51ea9a1e8d6","ssdeep":"","tlshash":"3ff05c1e8c41fafad2d3a4942065048827041fd6b6a8c0caf2a9291907a1a3dab6f350","first_seen":"2026-02-05T15:39:33.372633Z","last_seen":"2026-03-06T14:12:53.916762Z","times_seen":7,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/assets/index-eca7b48f.css","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:43:59.726Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /assets/index-eca7b48f.css HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://posden.top/index.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Fri, 06 Mar 2026 12:43:59 GMT\r\netag: \"b3c9dcf5265e34f0dc7d0b4f983ab26e\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 66388\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":66388,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (41172)","md5":"ef187531897fd778b76f9ca89b79e133","sha1":"2fa9d140f6384875c6b08064483e0885dd9d2900","sha256":"eca7b48ffe69b793f2579a420d304bb1de526078325257fcf9f28d67e816433c","sha512":"ba325adf484ed9aab5595b002dc9b14701c2394790d3b1d10fd06e6d58babd9155d5e1f6c52d2ba852bc7384db0b641a102620a7595fbb1a2961546cf168bc6d","ssdeep":"768:l9DDh6ATNJzbU1Td0bu33esEXgheylJ0nlaCTDNV9SyR7bKR5sjDnFPNb+V8U:lRh/4330gUZU","tlshash":"f1539646f790aa7dab279ef9e3d8d37c32249c829a610ffeb91150010ac77f31a51b45","first_seen":"2024-12-27T11:37:59.238647Z","last_seen":"2026-03-17T13:33:16.483531Z","times_seen":51,"resource_available":false,"data":null}},"time_used":771,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":617,"receive":154,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/assets/IndexView-4f4c357d.css","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:44:00.591Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /assets/IndexView-4f4c357d.css HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://posden.top/index.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Fri, 06 Mar 2026 12:44:00 GMT\r\netag: \"624ec4c0b635d489f20ccd4e0309a5c0\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 508\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":508,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (507)","md5":"9ad5a8a34fbd24169993bd7802b60b11","sha1":"3461bdc985f343dee74c1380227e84eef7caaa3c","sha256":"4f4c357dc183add047281009131b05e717f601fbb1f57aa5526691488ee591ec","sha512":"6106aa482669cffa1e6b8b9d4a9dbc37761912aea2642ba7b5bdd529282276e26a8fb34b4c2bc619ab3bc62fc197aefd5a24c3bfcd73049820111108e1900477","ssdeep":"","tlshash":"8ef0507d5509183fa877dd16b4e155c9d5cad337f3078207a5d9191f4c86a451c7068c","first_seen":"2025-06-14T13:00:55.182719Z","last_seen":"2026-04-04T10:45:43.07063Z","times_seen":218,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"wss","addr":"posden.top/ws?token=22f506c8-74c9-4b70-81ac-4be9308a0fd8","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:44:00.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /ws?token=22f506c8-74c9-4b70-81ac-4be9308a0fd8 HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://posden.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: 4EXG/fTUpVJU0nAx52ZPnw==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Origin: *\r\nAlt-Svc: h3=\":443\"; ma=2592000\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: OXxB3wme+YR9/gMjxbSu7hKWUGU=\r\nSec-WebSocket-Extensions: permessage-deflate; server_no_context_takeover; client_no_context_takeover\r\nServer: Caddy\r\nUpgrade: websocket\r\nDate: Fri, 06 Mar 2026 12:44:01 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T14:49:32.922678Z","times_seen":13335470,"resource_available":true,"data":null}},"time_used":478,"timings":{"blocked":0,"dns":1,"connect":155,"send":0,"wait":157,"receive":0,"ssl":165},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/assets/HomeView-7af8113a.css","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:44:01.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /assets/HomeView-7af8113a.css HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://posden.top/index.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Fri, 06 Mar 2026 12:44:01 GMT\r\netag: \"8a0d240f4fcae7f6dc11f39238079ca3\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 323\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":323,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (322)","md5":"0064a2cfae8effd8c8da754ef53ba757","sha1":"b35924c58f702d61de85d48114e4524ac26218b6","sha256":"7af8113af882a0cfb47ae30568eaffaf2234c73fddece030302006b5cea1524a","sha512":"202865f0e752ced3866c5013a2de27549c8a0e051f711fd7e6a3ba304cb5d98b494af5c2a497aa82e7057284768c27c4db634f08680e7003234a129916ba5612","ssdeep":"","tlshash":"67e0cd617cca60752137c46bd0d1a5fcd5c66207499df532552b1635df5e6d23370304","first_seen":"2024-12-19T12:34:40.646713Z","last_seen":"2026-04-04T10:45:43.063001Z","times_seen":309,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/assets/CommonLayout-be4c0573.js","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:44:01.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"GET /assets/CommonLayout-be4c0573.js HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://posden.top/assets/HomeView-bb2a676b.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Fri, 06 Mar 2026 12:44:01 GMT\r\netag: \"d578b6c7b1046819c8a41870a2c31d3d\"\r\nlast-modified: Thu, 19 Feb 2026 02:13:22 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 123296\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":123296,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"cad1f2dd72b820a0dc26d4cd1dc4f16c","sha1":"54b99cdafe1397e6fe679627a2a9c83ba7d34673","sha256":"f535e680d7493aafccbcc99ecfb3fd40396633c6c324366a31c719395cff5b06","sha512":"dabeecd150ec1da409b5d19f3924413152d2ca26296a2050626c4f5353e2427bf617686c14926f50adde3574479506f654183bc3d7a08d45fe75143cb2076e5b","ssdeep":"3072:VO1i41fSs65nTie5gntHVJtvCe45OkGAh57:VU/gl7","tlshash":"55c3f92fabd242bc390b8be445132464b45f38bfb7f7166594b98730f143fe8a984568","first_seen":"2026-02-05T15:39:33.355449Z","last_seen":"2026-03-06T14:12:53.913316Z","times_seen":7,"resource_available":true,"data":null}},"time_used":163,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":159,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"posden.top/XEFnjTRIaZ/api?token=22f506c8-74c9-4b70-81ac-4be9308a0fd8","fqdn":"posden.top","domain":"posden.top","tld":"top"},"ip":{"addr":"43.162.114.28","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://posden.top/index.html","date":"2026-03-06T12:44:00.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"posden.top","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 05:48:16 GMT","end":"Thu, 04 Jun 2026 05:48:15 GMT"},"fingerprint":{"sha1":"5B:0B:87:21:E2:CC:DF:B9:28:86:B9:98:C7:2C:E9:00:57:8A:47:68","sha256":"1F:F9:5D:75:00:CA:C4:E6:41:79:33:59:FB:47:DE:37:9E:95:8C:C7:83:0E:A8:0E:84:E7:9D:94:97:B6:CF:87"}}},"request":{"raw":"POST /XEFnjTRIaZ/api?token=22f506c8-74c9-4b70-81ac-4be9308a0fd8 HTTP/1.1\r\nHost: posden.top\r\nUser-Agent: Mozilla/5.0 (Linux; Android 9; SM-G960F Build/PPR1.180610.011; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.157 Mobile Safari/537.36\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nToken: 22f506c8-74c9-4b70-81ac-4be9308a0fd8\r\nX-Token: 22f506c8-74c9-4b70-81ac-4be9308a0fd8\r\nContent-Length: 2\r\nOrigin: https://posden.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://posden.top/index.html\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-type: application/json\r\ndate: Fri, 06 Mar 2026 12:44:00 GMT\r\nserver: GoFrame HTTP Server\r\ntrace-id: 567d465f27419a181567c078d23e8202\r\nvia: 1.1 Caddy\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":287,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"95076d7a21e458d36480cb8e4b4c1f8f","sha1":"a15a140e386a78a5b5208f2c98568396413adb0e","sha256":"da755791ec383c2aaaeb5687986ce1155bbc25cce55f92bacc9a2eca490f8a79","sha512":"027dde61b256cb7cdef10e4041a3c937878e3a7846d8a4d5eb640c77aa0881e99e7828a2ab62e420853bf8313306b9c01195db617ab593f5a9672086991f81a4","ssdeep":"","tlshash":"c5d0c2c41024c4d489021c1515fe7e0492df4cb0fb7302264884d47dda8c478ff11d10","first_seen":"2026-03-06T12:44:22.461631Z","last_seen":"2026-03-06T12:44:22.461631Z","times_seen":1,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-06","alert":"Phishing Block","trigger":"posden.top","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Posten Norge","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Posten Norge phishing","tags":["posten","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}}]}