{"report_id":"138ba379-dd0e-44b1-9ca6-bedf02eef0ed","version":6,"status":"done","tags":["phishing","suspicious","telegram_bot"],"date":"2025-10-15T10:15:39Z","url":{"schema":"http","addr":"retainpassword.pythonanywhere.com/?email=/","fqdn":"retainpassword.pythonanywhere.com","domain":"retainpassword.pythonanywhere.com","tld":"pythonanywhere.com"},"ip":{"addr":"35.173.69.207","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"retainpassword.pythonanywhere.com/?email=/","fqdn":"retainpassword.pythonanywhere.com","domain":"retainpassword.pythonanywhere.com","tld":"pythonanywhere.com"},"title":"Webmail Login"},"submit":{"url":{"schema":"http","addr":"retainpassword.pythonanywhere.com/?email=/","fqdn":"retainpassword.pythonanywhere.com","domain":"retainpassword.pythonanywhere.com","tld":"pythonanywhere.com"},"ip":{"addr":"35.173.69.207","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-19T10:15:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2025-10-15","alert":"Detects file containing Telegram Bot API","trigger":"retainpassword.pythonanywhere.com/?email=/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2025-10-15","alert":"Detects file containing Telegram Bot API","trigger":"javascript.write.md5:1090b5bc8c84eb1662407ae7ef164d37","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-15","alert":"Phishing - Generic/Spear Phishing","trigger":"retainpassword.pythonanywhere.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"retainpassword.pythonanywhere.com","ip":{"addr":"35.173.69.207","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2011-03-24","domain_rank":0,"first_seen":"2025-10-15T05:18:08.644093Z","last_seen":"2025-10-15T05:18:08.644093Z","alert_count":4,"request_count":1,"received_data":87766,"sent_data":510,"comment":"","tags":null,"fingerprints":[{"name":"PythonAnywhere","description":"PythonAnywhere is an online integrated development environment (IDE) and web hosting service (Platform as a service) based on the Python programming language.","website":"https://www.pythonanywhere.com","common_platform_enumeration":"","icon":"PythonAnywhere.svg","categories":["PaaS","Hosting"]},{"name":"Python","description":"Python is an interpreted and general-purpose programming language.","website":"https://python.org","common_platform_enumeration":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","icon":"Python.png","categories":["Programming languages"]}]},{"fqdn":"webmail.hunaintrading.com","ip":{"addr":"184.154.215.138","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"domain_registered":"2015-01-24","domain_rank":0,"first_seen":"2023-06-29T19:54:32Z","last_seen":"2025-10-13T23:31:36.405669Z","alert_count":0,"request_count":12,"received_data":192113,"sent_data":7112,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2025-10-12T22:16:17.088796Z","alert_count":0,"request_count":1,"received_data":70553,"sent_data":494,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-10-12T22:15:22.841346Z","alert_count":0,"request_count":1,"received_data":21507,"sent_data":519,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"stackpath.bootstrapcdn.com","ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-25","domain_rank":21970,"first_seen":"2018-04-05T04:41:29Z","last_seen":"2025-10-12T22:32:13.410783Z","alert_count":0,"request_count":1,"received_data":51632,"sent_data":516,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ajax.aspnetcdn.com","ip":{"addr":"23.36.77.49","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2010-10-12","domain_rank":21241,"first_seen":"2012-05-24T13:35:31Z","last_seen":"2025-10-12T23:57:37.068239Z","alert_count":0,"request_count":1,"received_data":87411,"sent_data":456,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"retainpassword.pythonanywhere.com/?email=/","fqdn":"retainpassword.pythonanywhere.com","domain":"retainpassword.pythonanywhere.com","tld":"pythonanywhere.com"},"ip":{"addr":"35.173.69.207","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"md5":"994ee228a01f9ccfefade6a3efe4a1af","sha1":"0e7d52e795ec2cb2c56674f277fe0abe086dcaa4","sha256":"ed44cdb4eec8c48875c81519782e98e0c643a9dc5e967865a11db328e18a6c58","sha512":"2696a19545844891d7348c045b250b50f2a704afd39a4f3d797f65825ae44bef7f8bac1b5ceb9c489c4e06a5450e48c92558709b1038310d00ec17566cd63c02","size":5617,"token":"7937548617:AAF10MaDaMAEW-RZ2GPh7xTkV5bgZXbbA7M","is_revoked":false,"bot":{"token":"7937548617:AAF10MaDaMAEW-RZ2GPh7xTkV5bgZXbbA7M","user_id":"7937548617","username":"akpunwa_bot","first_name":"akpunwa","last_name":"","chat":{"chat_id":"7498698362","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}},{"md5":"1090b5bc8c84eb1662407ae7ef164d37","sha1":"1eb8104e574134b1de1a18791b4d2d773a5c893f","sha256":"c70ced629bde6e7f7716c3f12e1e7adc9705a060d0be3bc06c050e1dada8b70c","sha512":"4ea89f29c145f38886b414fafbf6361deef7c87109b7a6e9c4703239e86710a1ec7d885f112722df01d563b8ddfb084abb92927b0226cbb0fb22a70ce02322b8","size":38793,"token":"7937548617:AAF10MaDaMAEW-RZ2GPh7xTkV5bgZXbbA7M","is_revoked":false,"bot":{"token":"7937548617:AAF10MaDaMAEW-RZ2GPh7xTkV5bgZXbbA7M","user_id":"7937548617","username":"akpunwa_bot","first_name":"akpunwa","last_name":"","chat":{"chat_id":"7498698362","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"retainpassword.pythonanywhere.com/?email=/","fqdn":"retainpassword.pythonanywhere.com","domain":"retainpassword.pythonanywhere.com","tld":"pythonanywhere.com"},"ip":{"addr":"35.173.69.207","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fb0adbc7e2cda8f27391a587be2e572","sha1":"d692c19c779f240efe25892943581d491da9c09d","sha256":"56619d7ba731aa33059c80dc6c3b9c80c01fd789929648d4b03a2bf539e95d20","sha512":"4a14dc1116b0ef5587c0cd3b9ce46054aeb506c7060465d419088e87e99d25265922805065c0fb065e6b52bfddf0a9a4f71148fbeb9e2eb885bcbd35320d0be7","ssdeep":"","tlshash":"7cd0924ee4f320200057b8ba125b9248b0390443c9085c007e4c4a20ef3095640626c8","size":213,"data":"","first_seen":"2025-10-08T07:07:25.634796Z","last_seen":"2026-03-04T06:03:01.699821Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"retainpassword.pythonanywhere.com/?email=/","fqdn":"retainpassword.pythonanywhere.com","domain":"retainpassword.pythonanywhere.com","tld":"pythonanywhere.com"},"ip":{"addr":"35.173.69.207","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"337964c5640c70c7968a25fa93f34d56","sha1":"a4e604c2a0e05dd33021acbfbf0e39c5b1cd839c","sha256":"0e6d240cbf6f84187ee889025a8c8fa6db700972cd9526f13d3aef1f4e587d39","sha512":"5fad34b0da9e52b8efd2d61db343e65ade252d9e89b4a301e9fa974f6c865751f00ea33d8d199deef73cfa9908269effa97878b40a3efe37ce2400d4f1dca76a","ssdeep":"1536:DEQZmXZ7ZGljP2L3/JnaAnHFtJsHvLtF3KOMbEyNKGTI1U6hfU:cZdGljP2L3/JnaAnHFtJsHvLtF3KOMb3","tlshash":"b383fcac75330cefdc66a26bd05c730dc140ee57f48e549882aa11857fa4a9df8de368","size":87490,"data":"","first_seen":"2025-10-15T05:18:15.08625Z","last_seen":"2025-11-03T12:39:04.219533Z","times_seen":23,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2025-10-15","alert":"Detects file containing Telegram Bot API","trigger":"retainpassword.pythonanywhere.com/?email=/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"retainpassword.pythonanywhere.com/?email=/","fqdn":"retainpassword.pythonanywhere.com","domain":"retainpassword.pythonanywhere.com","tld":"pythonanywhere.com"},"ip":{"addr":"35.173.69.207","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"994ee228a01f9ccfefade6a3efe4a1af","sha1":"0e7d52e795ec2cb2c56674f277fe0abe086dcaa4","sha256":"ed44cdb4eec8c48875c81519782e98e0c643a9dc5e967865a11db328e18a6c58","sha512":"2696a19545844891d7348c045b250b50f2a704afd39a4f3d797f65825ae44bef7f8bac1b5ceb9c489c4e06a5450e48c92558709b1038310d00ec17566cd63c02","ssdeep":"48:I2T5aLlqdVfrYAew/2hYYFrYiTIksoGlkf0tY1gtiozfYcSu:9ULsdVfrYQYFrYcsMczPSu","tlshash":"69c14149f8eb22e215b360b86f4fa1057761494f0d48de047d9d7a88af1cd2bb47a1c6","size":5617,"data":"","first_seen":"2025-10-15T05:18:15.093454Z","last_seen":"2025-12-15T03:26:14.326646Z","times_seen":40,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2025-10-15","alert":"Detects file containing Telegram Bot API","trigger":"retainpassword.pythonanywhere.com/?email=/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"retainpassword.pythonanywhere.com/?email=/","fqdn":"retainpassword.pythonanywhere.com","domain":"retainpassword.pythonanywhere.com","tld":"pythonanywhere.com"},"ip":{"addr":"35.173.69.207","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"260b78f5f6da2cf9a41dfde1b4a19655","sha1":"93b5c825bf6b9b693a8eb3b839750e678e1877e6","sha256":"52bf75b5cea341614f9e5b5792b57b1db337b0bcd886ae41c45fc31d76f4a6ee","sha512":"221547cad8fd48206b696b4e0257710a84e1a344bf6e06df3477e5f3d44f8559c176f0f7180b84cb06129c224a670c936f322a0ceba68dda33ae34c0ae2365d2","ssdeep":"","tlshash":"3261cd49d9d75ce8a423607c27df602c34a5a903dc18ea003e5c6aadaf54c5e7afc5d8","size":3258,"data":"","first_seen":"2025-10-08T07:07:25.642904Z","last_seen":"2026-03-04T06:03:01.698755Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.3.1.slim.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"99b0a83cf1b0b1e2cb16041520e87641","sha1":"bc5836992c0b260496ba520fe1336d499bf06eb7","sha256":"dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1","sha512":"33ea8c2353c745c61c3a927378995a59b555c76249c8f23065ab3ca2bedd73decb64ea248ef6e97d1c729a156d9492f28e2177c06cabd0524e0380cb38d2d52f","ssdeep":"1536:hLiMgk2gULYoXUmZx6+VWNL0kC8W90qU9JR7hDqEDqWSNB1gZFy/HG+FP:I8w0qU9JTtH3aP","tlshash":"9b6309dd72c6b06257ab71b900bf510bf23608997c4d8410f129e8e9bc75a4a827bf7d","size":69917,"data":"","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-07T04:41:58.444976Z","times_seen":11532,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6b08ddc901000d51fa1f06a35518f302","sha1":"bafe987c18cbe0587de3e6360e7da40a2885614b","sha256":"02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5","sha512":"7a97fa1cf4a12d0f338090f8a4ffad48d91843d6955304de5f6208de394642b0b412d6fd30d7a880cad92200a8f7f2005c40324bcce3cfeda7b14a57dff098ca","ssdeep":"384:f5LFrVVVnCQvIR/CFU4hHPV4kdxXvYqo2D75zCx+vI2am3MxGpGTgd/9jt9+Db9A:hNVVVnyiU41xXvlD7wx+v0xyGTgnZO9A","tlshash":"3a92a2cc3294b06647e791a7a07f960eb2339875650e9410f299f2e97c30ef9913bc79","size":20495,"data":"","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-06T22:05:58.683204Z","times_seen":6104,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js","fqdn":"stackpath.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ce6e785579ae4cb555c9de311d1b9271","sha1":"5ef2c15b47d7290698c737676ba9c3056b45f2e8","sha256":"0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339","sha512":"a601871568c1b5b2874d30d6e5bb8667d994d2719fc4d6af7f99162bf39ddae800ffff45b8c1c0ba790088c7b98de2ffe565b5af4531c0a8ba0f92e930e243df","ssdeep":"768:D2Ybgh0GBxTHVmcmjWSLsynS/zZ/AcyUenY8yiKKdHPPm26Ro1FH4nx46:D2jh02Lh+SbZ/AbYqdm2mx46","tlshash":"b033b94a725478a201df9466513f450bb73b389eaa0b816cf95d98ed1e7cd88312bf3c","size":50676,"data":"","first_seen":"2023-03-07T01:02:37Z","last_seen":"2026-06-06T22:05:58.628774Z","times_seen":6938,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js","fqdn":"ajax.aspnetcdn.com","domain":"aspnetcdn.com","tld":"com"},"ip":{"addr":"23.36.77.49","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-06-07T05:16:49.074405Z","times_seen":133695,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"1090b5bc8c84eb1662407ae7ef164d37","sha1":"1eb8104e574134b1de1a18791b4d2d773a5c893f","sha256":"c70ced629bde6e7f7716c3f12e1e7adc9705a060d0be3bc06c050e1dada8b70c","sha512":"4ea89f29c145f38886b414fafbf6361deef7c87109b7a6e9c4703239e86710a1ec7d885f112722df01d563b8ddfb084abb92927b0226cbb0fb22a70ce02322b8","ssdeep":"384:GiF7z/ZmXg89Zw0rIgVlSIullkY/bMlMtSTP0d:9JjZmXg8E0rqlkYeT2","tlshash":"2e03b80598fa04e300ab50d97fea191d1e94e2039a0acd0875ad4fe55fa3f5eec971dc","size":38793,"data":"","first_seen":"2025-10-15T05:18:15.101061Z","last_seen":"2025-11-03T12:39:04.224683Z","times_seen":23,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2025-10-15","alert":"Detects file containing Telegram Bot API","trigger":"javascript.write.md5:1090b5bc8c84eb1662407ae7ef164d37","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"webmail.hunaintrading.com/cPanel_magic_revision_1730741447/unprotected/cpanel/images/icon-password.png","fqdn":"webmail.hunaintrading.com","domain":"hunaintrading.com","tld":"com"},"ip":{"addr":"184.154.215.138","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:15.307Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daishizen.ae","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 Aug 2025 17:51:19 GMT","end":"Thu, 20 Nov 2025 17:51:18 GMT"},"fingerprint":{"sha1":"51:59:86:A3:56:47:97:0E:31:A9:1E:3D:85:D3:27:2A:FE:26:98:EC","sha256":"BD:54:B0:EC:F1:15:AC:AE:19:A8:F1:31:3A:CA:7A:CB:C5:35:85:AE:55:B3:EC:32:75:F1:7E:97:B9:61:C5:76"}}},"request":{"raw":"GET /cPanel_magic_revision_1730741447/unprotected/cpanel/images/icon-password.png HTTP/1.1\r\nHost: webmail.hunaintrading.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.hunaintrading.com/cPanel_magic_revision_1679634615/unprotected/cpanel/style_v2_optimized.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: image/png\r\nlast-modified: Mon, 04 Nov 2024 17:30:47 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Sun, 14 Dec 2025 10:15:14 GMT\r\ncontent-length: 450\r\ndate: Wed, 15 Oct 2025 10:15:14 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":450,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"7ac1cefcb7eab93c6d6981ecde6c1635","sha1":"1523f8cb80ab19108549d0b7db31a58b71c05d39","sha256":"a02998df88a6efb0baa526796b2b682ce9fdd6471ceb19170b326320f22f7053","sha512":"0005559a3edf6aa149f47c0d2c7c6c385257ac5168fd57951497cfa244b155eeff3955538db93fc40f6622b9b216f030b27ad73df53dbe8bcc9874148a383d3a","ssdeep":"","tlshash":"65f023d3fa981c3cdae91473933b1018b426284a4203273e055dc42612e8dd801251a5","first_seen":"2023-04-08T05:54:15Z","last_seen":"2026-06-07T02:25:56.298951Z","times_seen":10659,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.hunaintrading.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.ttf","fqdn":"webmail.hunaintrading.com","domain":"hunaintrading.com","tld":"com"},"ip":{"addr":"184.154.215.138","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:15.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daishizen.ae","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 Aug 2025 17:51:19 GMT","end":"Thu, 20 Nov 2025 17:51:18 GMT"},"fingerprint":{"sha1":"51:59:86:A3:56:47:97:0E:31:A9:1E:3D:85:D3:27:2A:FE:26:98:EC","sha256":"BD:54:B0:EC:F1:15:AC:AE:19:A8:F1:31:3A:CA:7A:CB:C5:35:85:AE:55:B3:EC:32:75:F1:7E:97:B9:61:C5:76"}}},"request":{"raw":"GET /cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.ttf HTTP/1.1\r\nHost: webmail.hunaintrading.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://retainpassword.pythonanywhere.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.hunaintrading.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/octet-stream\r\nlast-modified: Wed, 30 Mar 2022 03:16:35 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Sun, 14 Dec 2025 10:15:15 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 15 Oct 2025 10:15:15 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6756,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 19 tables, 1st \"FFTM\"","md5":"ab1aed9d7d902ebf910e19f695a0cee0","sha1":"c6aa002a395d9dc6969fdd5ea3d7bbba5d6981cc","sha256":"d8c40cfeb49c1824a9d76aa775192e3279ed1f476ddbb99a958e0a84f971cf2f","sha512":"a59684fd98ab599ad877085f06f0e0b1e6729e1ba1affcae4aebf2adafbdf126de34adaf0f75cd32521647e9cddc14babfa31560a15a47b2cacd7c9637c8131c","ssdeep":"192:E7MJrcccwD2tCbaP9b1lxGnD5l7KzxgBm+bf7:EUcccw6gbaZ1lxwLmYf7","tlshash":"01d1e65863270a4ef55a3d38029df6d6cd3c24840eb990179cfec89a58514ff9e32ae9","first_seen":"2023-08-11T00:41:26Z","last_seen":"2026-05-26T03:39:05.266856Z","times_seen":42,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":112,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.hunaintrading.com/cPanel_magic_revision_1679634615/unprotected/cpanel/style_v2_optimized.css","fqdn":"webmail.hunaintrading.com","domain":"hunaintrading.com","tld":"com"},"ip":{"addr":"184.154.215.138","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:14.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daishizen.ae","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 Aug 2025 17:51:19 GMT","end":"Thu, 20 Nov 2025 17:51:18 GMT"},"fingerprint":{"sha1":"51:59:86:A3:56:47:97:0E:31:A9:1E:3D:85:D3:27:2A:FE:26:98:EC","sha256":"BD:54:B0:EC:F1:15:AC:AE:19:A8:F1:31:3A:CA:7A:CB:C5:35:85:AE:55:B3:EC:32:75:F1:7E:97:B9:61:C5:76"}}},"request":{"raw":"GET /cPanel_magic_revision_1679634615/unprotected/cpanel/style_v2_optimized.css HTTP/1.1\r\nHost: webmail.hunaintrading.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://retainpassword.pythonanywhere.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nlast-modified: Tue, 03 Jun 2025 23:58:53 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Sun, 14 Dec 2025 10:15:14 GMT\r\ncontent-length: 33194\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ndate: Wed, 15 Oct 2025 10:15:14 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":144951,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (35968)","md5":"027c75dedc5ce1bbc5c2e44e8fc359b4","sha1":"3c989447b4e4a605c602907c1fdb5d3adb8772f7","sha256":"cab4d10555382c6c776fbce2bb8f11f10668414f76d57caa12edda7e632c8e2e","sha512":"d8c8a11968f2809eadbb30ebf27f4dc7073a1a54cea9227561869154e5c267b1fcff8554202ae50aa7f71ec6b434c9fb422e1e83245bc7705314c5a87ef4cfd2","ssdeep":"1536:DKmrmUmF0PxXE4YXJgndFTfy9lQQ3xFixF+xFYWxFIuojS6DZB:Dd/Px04YXGdFTyHQqYsNmNB","tlshash":"08e31cb0d50c10d9b376c21fff81b2bca1b9f73ee5664d9af41e991c8ac16980191f68","first_seen":"2025-06-18T11:37:18.603553Z","last_seen":"2026-02-23T09:43:20.683156Z","times_seen":254,"resource_available":false,"data":null}},"time_used":712,"timings":{"blocked":243,"dns":29,"connect":102,"send":0,"wait":214,"receive":2,"ssl":118},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.hunaintrading.com/cPanel_magic_revision_1626882728/unprotected/cpanel/images/webmail-logo.svg","fqdn":"webmail.hunaintrading.com","domain":"hunaintrading.com","tld":"com"},"ip":{"addr":"184.154.215.138","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:14.794Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daishizen.ae","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 Aug 2025 17:51:19 GMT","end":"Thu, 20 Nov 2025 17:51:18 GMT"},"fingerprint":{"sha1":"51:59:86:A3:56:47:97:0E:31:A9:1E:3D:85:D3:27:2A:FE:26:98:EC","sha256":"BD:54:B0:EC:F1:15:AC:AE:19:A8:F1:31:3A:CA:7A:CB:C5:35:85:AE:55:B3:EC:32:75:F1:7E:97:B9:61:C5:76"}}},"request":{"raw":"GET /cPanel_magic_revision_1626882728/unprotected/cpanel/images/webmail-logo.svg HTTP/1.1\r\nHost: webmail.hunaintrading.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://retainpassword.pythonanywhere.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/svg+xml\r\nlast-modified: Mon, 04 Nov 2024 17:30:47 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Sun, 14 Dec 2025 10:15:14 GMT\r\ncontent-length: 2399\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ndate: Wed, 15 Oct 2025 10:15:14 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5360,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bc0c956653325b9e694d4dd1dfb78020","sha1":"e1196e4db68ed573355ade966152a084581b40ec","sha256":"998cd48cdc0414f694d0a3a299dd2beb1134769d5666c7e5567e7d20b4174ef8","sha512":"7c283e8723f01f57c7258ea05aa5d7a72a886246ede76136f2d4dc489061d8400aa4b5f8e61f23f2388dd95fea7307faa2670af09b309fab6678de16e547ae4e","ssdeep":"96:adP/9O0DSiREkC9u8S0CKMEJPSeIWF/1BPHyg6tzzP2943Y8s/kTcUazSTTD9:gO02AlAu8/CKFdSe//zx6ZzP2Wot8TcM","tlshash":"d0b167f5d3b053f47ec34f6cd625a6d0f19bbdfd4aa0838091b48358a8c4ac9e948878","first_seen":"2023-04-08T05:54:15Z","last_seen":"2026-06-06T23:47:56.11436Z","times_seen":9226,"resource_available":false,"data":null}},"time_used":355,"timings":{"blocked":243,"dns":0,"connect":0,"send":0,"wait":112,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.3.1.slim.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:14.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.3.1.slim.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://retainpassword.pythonanywhere.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://retainpassword.pythonanywhere.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-1111d\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Wed, 15 Oct 2025 10:15:14 GMT\r\nage: 3107100\r\nx-served-by: cache-lga21982-LGA, cache-hel1410032-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 46, 105238\r\nx-timer: S1760523315.841069,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 24038\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":69917,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65247)","md5":"99b0a83cf1b0b1e2cb16041520e87641","sha1":"bc5836992c0b260496ba520fe1336d499bf06eb7","sha256":"dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1","sha512":"33ea8c2353c745c61c3a927378995a59b555c76249c8f23065ab3ca2bedd73decb64ea248ef6e97d1c729a156d9492f28e2177c06cabd0524e0380cb38d2d52f","ssdeep":"1536:hLiMgk2gULYoXUmZx6+VWNL0kC8W90qU9JR7hDqEDqWSNB1gZFy/HG+FP:I8w0qU9JTtH3aP","tlshash":"9b6309dd72c6b06257ab71b900bf510bf23608997c4d8410f129e8e9bc75a4a827bf7d","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-07T04:41:58.444976Z","times_seen":11532,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":41,"dns":1,"connect":14,"send":0,"wait":14,"receive":6,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:14.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/popper.js/1.14.0/umd/popper.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://retainpassword.pythonanywhere.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://retainpassword.pythonanywhere.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Oct 2025 10:15:14 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 6458\r\ncf-ray: 98ee8ddd9e32783d-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03fa9-500f\"\r\nlast-modified: Mon, 04 May 2020 16:15:37 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 976669\r\nexpires: Mon, 05 Oct 2026 10:15:14 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=8djEWxayfxOBZirPCXz4rNu9J405VcvddDuWIMxAgys1pKqMNxL2H1g90JqGbnV6Tom3kqoG2huzq5rGnWNUYBShFKUcO1khUVaS6ltOcc2v4reKkE1bvBw7k19hAv%2BAtkC4Dy7Z\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20495,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (20322)","md5":"6b08ddc901000d51fa1f06a35518f302","sha1":"bafe987c18cbe0587de3e6360e7da40a2885614b","sha256":"02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5","sha512":"7a97fa1cf4a12d0f338090f8a4ffad48d91843d6955304de5f6208de394642b0b412d6fd30d7a880cad92200a8f7f2005c40324bcce3cfeda7b14a57dff098ca","ssdeep":"384:f5LFrVVVnCQvIR/CFU4hHPV4kdxXvYqo2D75zCx+vI2am3MxGpGTgd/9jt9+Db9A:hNVVVnyiU41xXvlD7wx+v0xyGTgnZO9A","tlshash":"3a92a2cc3294b06647e791a7a07f960eb2339875650e9410f299f2e97c30ef9913bc79","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-06T22:05:58.683204Z","times_seen":6104,"resource_available":true,"data":null}},"time_used":62,"timings":{"blocked":19,"dns":0,"connect":1,"send":0,"wait":11,"receive":1,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js","fqdn":"stackpath.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:14.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 03:23:24 GMT","end":"Mon, 08 Dec 2025 04:23:14 GMT"},"fingerprint":{"sha1":"2D:94:96:D6:08:54:E8:A2:4A:A9:D7:90:E4:75:91:6B:AC:CB:AA:24","sha256":"24:50:0C:86:73:A4:E6:6C:AD:20:57:80:86:4E:19:B1:E9:76:7F:2A:BE:CC:E9:75:B2:07:67:62:FA:9B:E7:8D"}}},"request":{"raw":"GET /bootstrap/4.1.0/js/bootstrap.min.js HTTP/1.1\r\nHost: stackpath.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://retainpassword.pythonanywhere.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://retainpassword.pythonanywhere.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Oct 2025 10:15:14 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncf-ray: 98ee8dde187b4e4c-OSL\r\ncdn-pullzone: 252412\r\ncdn-uid: b1941f61-b576-4f40-80de-5677acb38f74\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"ce6e785579ae4cb555c9de311d1b9271\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:05 GMT\r\ncdn-cachedat: 08/01/2025 15:37:48\r\ncdn-proxyver: 1.33\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1077\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 328b3da68dfafee02ce3a83f6b7ff847\r\ncdn-cache: HIT\r\ncf-cache-status: HIT\r\nage: 17851\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":50676,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (50395)","md5":"ce6e785579ae4cb555c9de311d1b9271","sha1":"5ef2c15b47d7290698c737676ba9c3056b45f2e8","sha256":"0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339","sha512":"a601871568c1b5b2874d30d6e5bb8667d994d2719fc4d6af7f99162bf39ddae800ffff45b8c1c0ba790088c7b98de2ffe565b5af4531c0a8ba0f92e930e243df","ssdeep":"768:D2Ybgh0GBxTHVmcmjWSLsynS/zZ/AcyUenY8yiKKdHPPm26Ro1FH4nx46:D2jh02Lh+SbZ/AbYqdm2mx46","tlshash":"b033b94a725478a201df9466513f450bb73b389eaa0b816cf95d98ed1e7cd88312bf3c","first_seen":"2023-03-07T01:02:37Z","last_seen":"2026-06-06T22:05:58.628774Z","times_seen":6938,"resource_available":true,"data":null}},"time_used":227,"timings":{"blocked":101,"dns":3,"connect":1,"send":0,"wait":11,"receive":0,"ssl":108},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.hunaintrading.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.ttf","fqdn":"webmail.hunaintrading.com","domain":"hunaintrading.com","tld":"com"},"ip":{"addr":"184.154.215.138","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:15.438Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daishizen.ae","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 Aug 2025 17:51:19 GMT","end":"Thu, 20 Nov 2025 17:51:18 GMT"},"fingerprint":{"sha1":"51:59:86:A3:56:47:97:0E:31:A9:1E:3D:85:D3:27:2A:FE:26:98:EC","sha256":"BD:54:B0:EC:F1:15:AC:AE:19:A8:F1:31:3A:CA:7A:CB:C5:35:85:AE:55:B3:EC:32:75:F1:7E:97:B9:61:C5:76"}}},"request":{"raw":"GET /cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.ttf HTTP/1.1\r\nHost: webmail.hunaintrading.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://retainpassword.pythonanywhere.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.hunaintrading.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/octet-stream\r\nlast-modified: Wed, 30 Mar 2022 03:16:35 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Sun, 14 Dec 2025 10:15:15 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 15 Oct 2025 10:15:15 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5776,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 19 tables, 1st \"FFTM\"","md5":"42e0990afab67fe3708c5cdc436f7e51","sha1":"8955d6ee0a34828e8e16e5b302ecca4d772f5737","sha256":"e20ef4ed0cda56688d0ee99399ea4700b19b149893d4fb736da97b4694b020eb","sha512":"529662b8c16115a7fcd388125749378258d3b63155b3382100067fa3fe911ce63d595570e1398e98bfbb1964781d228ea22a56d645bbd57eb2b5471930d0a0ed","ssdeep":"96:JIkx+rhOhOhOwHjyrL/se7UpxUwN4tsPyUfjpxUfPGab13qBkjFf33PHHNfwQK4z:JFx+rcccwD2tCbaP9b1aShnHHl7Kzxg9","tlshash":"e7c1d72822120a49f55e3c3805ddfadace6c24940eba9057adfec4891c510ff9e72ad9","first_seen":"2025-09-08T07:13:50.957282Z","last_seen":"2026-02-26T07:19:06.132354Z","times_seen":4,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":112,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.hunaintrading.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.ttf","fqdn":"webmail.hunaintrading.com","domain":"hunaintrading.com","tld":"com"},"ip":{"addr":"184.154.215.138","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:15.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daishizen.ae","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 Aug 2025 17:51:19 GMT","end":"Thu, 20 Nov 2025 17:51:18 GMT"},"fingerprint":{"sha1":"51:59:86:A3:56:47:97:0E:31:A9:1E:3D:85:D3:27:2A:FE:26:98:EC","sha256":"BD:54:B0:EC:F1:15:AC:AE:19:A8:F1:31:3A:CA:7A:CB:C5:35:85:AE:55:B3:EC:32:75:F1:7E:97:B9:61:C5:76"}}},"request":{"raw":"GET /cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.ttf HTTP/1.1\r\nHost: webmail.hunaintrading.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://retainpassword.pythonanywhere.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.hunaintrading.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/octet-stream\r\nlast-modified: Wed, 30 Mar 2022 03:16:35 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Sun, 14 Dec 2025 10:15:15 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 15 Oct 2025 10:15:15 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5902,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 19 tables, 1st \"FFTM\"","md5":"bb66f46217763e7e0b6524c80f6a2f8d","sha1":"c362b006671750c8113640aedfb8d9a5e9fb4e21","sha256":"846e57955ca5a531a7178a011554883794964603cc35c18d94b394881e4d3aa3","sha512":"2298409b06221988f31962ff154eaca87049faa30706a755bc3aa935d92b0739cf2cb57b4445c5a87404da29d37e0db7dd9c79c3fc610fbc12a0812f134a03e0","ssdeep":"96:THXaAA7hOhOhOwHjyrL/se7UpxUwN4tsPyUfjpxUfPGab139EkjKf33PPNfwQK4B:TKAocccwD2tCbaP9b1NNGnPl7KzxgBm+","tlshash":"2ac1e66823230a4ef54e3c38019dfad6ce6c25810fb980179dfec49a18114ff9e729e9","first_seen":"2025-10-15T10:15:44.093232Z","last_seen":"2025-10-15T10:15:44.093232Z","times_seen":1,"resource_available":false,"data":null}},"time_used":120,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":115,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.hunaintrading.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff","fqdn":"webmail.hunaintrading.com","domain":"hunaintrading.com","tld":"com"},"ip":{"addr":"184.154.215.138","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:15.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daishizen.ae","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 Aug 2025 17:51:19 GMT","end":"Thu, 20 Nov 2025 17:51:18 GMT"},"fingerprint":{"sha1":"51:59:86:A3:56:47:97:0E:31:A9:1E:3D:85:D3:27:2A:FE:26:98:EC","sha256":"BD:54:B0:EC:F1:15:AC:AE:19:A8:F1:31:3A:CA:7A:CB:C5:35:85:AE:55:B3:EC:32:75:F1:7E:97:B9:61:C5:76"}}},"request":{"raw":"GET /cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Semibold-webfont.woff HTTP/1.1\r\nHost: webmail.hunaintrading.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://retainpassword.pythonanywhere.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.hunaintrading.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/font-woff\r\nlast-modified: Wed, 30 Mar 2022 03:16:35 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Sun, 14 Dec 2025 10:15:14 GMT\r\ncontent-length: 22908\r\ndate: Wed, 15 Oct 2025 10:15:14 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4153,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 22908, version 1.0","md5":"3b5b99983eac9a891b7682a1341d0a1f","sha1":"bb185b1db7b12b36752d8c28c1aac58aa4c51bca","sha256":"1dc0505497bac97a116c7003baaf6b30519014f7192b07f1c435f3880c313619","sha512":"e91d6dfe7deed3d2e669876d672dfc3ddd681019589fbd924f084e88bafa849a85a5558cbcb22473b55311145e93b65a1c62450d5b88fbc65f6495adbf7946c3","ssdeep":"96:X4v6Ub65Qs/bpdN48sQHGYyJTCP0a4VcpifNFQmrB5X/buFUd8:Iv6Uu5hpdbsQHGd1Gj4PdV5s","tlshash":"ff815c252d4d5e0fc9bdda3662b6723dd76fb8366016bbc7486a905066d037a46a0430","first_seen":"2024-08-20T06:58:11.350272Z","last_seen":"2026-05-11T03:32:14.791648Z","times_seen":19,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":126,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js","fqdn":"ajax.aspnetcdn.com","domain":"aspnetcdn.com","tld":"com"},"ip":{"addr":"23.36.77.49","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:14.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ajax.microsoft.com","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft Azure ECC TLS Issuing CA 04","organization":"Microsoft Corporation"},"validity":{"start":"Wed, 15 Jan 2025 17:50:49 GMT","end":"Sat, 10 Jan 2026 17:50:49 GMT"},"fingerprint":{"sha1":"67:7D:DB:2D:BB:27:07:2D:C9:20:48:81:00:BE:4D:DC:81:08:A9:2D","sha256":"59:BC:DE:80:EE:F9:3D:BA:D9:06:0B:44:03:DF:2E:89:FC:64:EF:D9:5B:25:01:51:86:C6:B1:37:63:A1:7D:30"}}},"request":{"raw":"GET /ajax/jQuery/jquery-3.3.1.min.js HTTP/1.1\r\nHost: ajax.aspnetcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://retainpassword.pythonanywhere.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 30394\r\ncontent-type: application/javascript\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\netag: \"80288516b793d31:0\"\r\nlast-modified: Mon, 22 Jan 2018 19:27:49 GMT\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: public, max-age=31131117\r\ndate: Wed, 15 Oct 2025 10:15:14 GMT\r\nvary: Accept-Encoding\r\nakamai-grn: 0.2d4d2417.1760523314.10a6b450\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":86927,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-06-07T05:16:49.074405Z","times_seen":133695,"resource_available":true,"data":null}},"time_used":196,"timings":{"blocked":85,"dns":62,"connect":1,"send":0,"wait":13,"receive":1,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.hunaintrading.com/cPanel_magic_revision_1730741447/unprotected/cpanel/images/notice-error.png","fqdn":"webmail.hunaintrading.com","domain":"hunaintrading.com","tld":"com"},"ip":{"addr":"184.154.215.138","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:15.296Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daishizen.ae","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 Aug 2025 17:51:19 GMT","end":"Thu, 20 Nov 2025 17:51:18 GMT"},"fingerprint":{"sha1":"51:59:86:A3:56:47:97:0E:31:A9:1E:3D:85:D3:27:2A:FE:26:98:EC","sha256":"BD:54:B0:EC:F1:15:AC:AE:19:A8:F1:31:3A:CA:7A:CB:C5:35:85:AE:55:B3:EC:32:75:F1:7E:97:B9:61:C5:76"}}},"request":{"raw":"GET /cPanel_magic_revision_1730741447/unprotected/cpanel/images/notice-error.png HTTP/1.1\r\nHost: webmail.hunaintrading.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.hunaintrading.com/cPanel_magic_revision_1679634615/unprotected/cpanel/style_v2_optimized.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: image/png\r\nlast-modified: Mon, 04 Nov 2024 17:30:47 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Sun, 14 Dec 2025 10:15:14 GMT\r\ncontent-length: 1026\r\ndate: Wed, 15 Oct 2025 10:15:14 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1026,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 28 x 28, 8-bit/color RGBA, non-interlaced","md5":"a3265cc598ae28633c060889e790f80c","sha1":"57530d6996c8f36711ef05681474b8f63d4184b3","sha256":"bcaf01928e5c7246ab0bb7e83f609b485a67a5e442d3dd94539a883c11fb70cd","sha512":"41c2a7085b287d3f3cf6afaaf7bba0c2c42eed1a28f4fbebf2a3e5628e41aaea2c929697de97b939df18221dcd83a477ce3c8b1cdbf499ab64a5fbcbd3689b3e","ssdeep":"","tlshash":"bb11a5c7f3d3e8e8c9846c77c062210cecba32826264869d8a091c82de86c487306d13","first_seen":"2023-04-08T05:54:15Z","last_seen":"2026-06-07T02:25:56.297992Z","times_seen":10623,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":112,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.hunaintrading.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff","fqdn":"webmail.hunaintrading.com","domain":"hunaintrading.com","tld":"com"},"ip":{"addr":"184.154.215.138","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:15.317Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daishizen.ae","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 Aug 2025 17:51:19 GMT","end":"Thu, 20 Nov 2025 17:51:18 GMT"},"fingerprint":{"sha1":"51:59:86:A3:56:47:97:0E:31:A9:1E:3D:85:D3:27:2A:FE:26:98:EC","sha256":"BD:54:B0:EC:F1:15:AC:AE:19:A8:F1:31:3A:CA:7A:CB:C5:35:85:AE:55:B3:EC:32:75:F1:7E:97:B9:61:C5:76"}}},"request":{"raw":"GET /cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Regular-webfont.woff HTTP/1.1\r\nHost: webmail.hunaintrading.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://retainpassword.pythonanywhere.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.hunaintrading.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/font-woff\r\nlast-modified: Wed, 30 Mar 2022 03:16:35 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Sun, 14 Dec 2025 10:15:14 GMT\r\ncontent-length: 22660\r\ndate: Wed, 15 Oct 2025 10:15:14 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4844,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 22660, version 1.0","md5":"e2d23b32199e8be7b7b94c1f76774384","sha1":"c8a488322ebeeef013fe89f508e0005ef9da8608","sha256":"ad01410c61d5a1325cf2fde3c1c608bc6160161962320657ef6d06fdd8779413","sha512":"c5482aea66274badd424386cc5ca09e48eef468eea249cf9210501473c14d9dff0ef441456625fffad2d08f703356ca215fb2aa1c992821362e2ec95301e5cb7","ssdeep":"96:gTZE6Ub65Qs/bpdNga/TYyJTCP0a4VcpifNFQmrB5X0IW46ST7PmeZ3SxQEcV:4ZE6Uu5hpd9/Td1Gj4PdV5EIWf+rmHQj","tlshash":"a4a15d4a9d1aa90fddedb631b3f33666835b293ad0427a83ce39901121c636b5d70478","first_seen":"2024-08-20T08:11:15.629843Z","last_seen":"2026-04-21T13:54:44.54106Z","times_seen":32,"resource_available":false,"data":null}},"time_used":114,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.hunaintrading.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff","fqdn":"webmail.hunaintrading.com","domain":"hunaintrading.com","tld":"com"},"ip":{"addr":"184.154.215.138","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:15.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daishizen.ae","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 Aug 2025 17:51:19 GMT","end":"Thu, 20 Nov 2025 17:51:18 GMT"},"fingerprint":{"sha1":"51:59:86:A3:56:47:97:0E:31:A9:1E:3D:85:D3:27:2A:FE:26:98:EC","sha256":"BD:54:B0:EC:F1:15:AC:AE:19:A8:F1:31:3A:CA:7A:CB:C5:35:85:AE:55:B3:EC:32:75:F1:7E:97:B9:61:C5:76"}}},"request":{"raw":"GET /cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/OpenSans-Bold-webfont.woff HTTP/1.1\r\nHost: webmail.hunaintrading.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://retainpassword.pythonanywhere.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.hunaintrading.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/font-woff\r\nlast-modified: Wed, 30 Mar 2022 03:16:35 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Sun, 14 Dec 2025 10:15:14 GMT\r\ncontent-length: 22432\r\ndate: Wed, 15 Oct 2025 10:15:14 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":807,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 22432, version 1.0","md5":"2d15a7d88a34130c631fd09c2e898431","sha1":"7f11ada75d797fdfe855b6af112cfceae24c54e4","sha256":"cdc1dc321bf0aa77af6b01842fa213145a05a4fa44ebf6ef3ecca28c206923f4","sha512":"7d862c2937acdde69226d321052493f872f9e2c85ce77cebd445fcc81c414b6e2c183e33f00ec6354f4d37a0e7750cd64c2e2b635f05ba3eede6c2250f08e557","ssdeep":"","tlshash":"e50165352bad3a1af079e93543a1031797f3bd34a161afcf966c9184fd5436c35801b9","first_seen":"2023-12-02T04:08:51Z","last_seen":"2026-05-09T21:07:14.682757Z","times_seen":17,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":188,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"retainpassword.pythonanywhere.com/?email=/","fqdn":"retainpassword.pythonanywhere.com","domain":"retainpassword.pythonanywhere.com","tld":"pythonanywhere.com"},"ip":{"addr":"35.173.69.207","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-15T10:15:14.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.pythonanywhere.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 08:25:26 GMT","end":"Mon, 05 Jan 2026 08:25:25 GMT"},"fingerprint":{"sha1":"5D:C0:EC:28:CD:3A:0E:8A:F1:A7:33:45:90:E8:EF:1C:2A:07:21:7F","sha256":"9E:44:E9:20:6F:A0:BB:2F:76:1F:6E:CD:84:DC:6A:67:ED:3E:11:A1:72:93:82:15:2A:0C:36:EA:4D:ED:C7:7C"}}},"request":{"raw":"GET /?email=/ HTTP/1.1\r\nHost: retainpassword.pythonanywhere.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 15 Oct 2025 10:15:14 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Clacks-Overhead: GNU Terry Pratchett\r\nContent-Encoding: gzip\r\nServer: PythonAnywhere\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PythonAnywhere","description":"PythonAnywhere is an online integrated development environment (IDE) and web hosting service (Platform as a service) based on the Python programming language.","website":"https://www.pythonanywhere.com","common_platform_enumeration":"","icon":"PythonAnywhere.svg","categories":["PaaS","Hosting"]},{"name":"Python","description":"Python is an interpreted and general-purpose programming language.","website":"https://python.org","common_platform_enumeration":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","icon":"Python.png","categories":["Programming languages"]}],"data":{"size":87507,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (65527)","md5":"5f0f305646dd9435de9878845f18e203","sha1":"4450c8949268923dfa7fffca548e519e9e4a2494","sha256":"caa795bdaa0a97f880f5fd5b7b74d567d7f6995c0ebe365b4734abd377d985e6","sha512":"8d6479ed52c5cab122c90fa4c76595cd177b742b98233b27ebb88d5929c313180c52a1f2d676413f9447b552dfc806092a6f0dcc0d22315d8d37a122447d2580","ssdeep":"1536:AEQZmXZ7ZGljP2L3/JnaAnHFtJsHvLtF3KOMbEyNKGTI1U6hfs:bZdGljP2L3/JnaAnHFtJsHvLtF3KOMbJ","tlshash":"8c83fcac75330cefdc66a26bd05c730dc140ee57f48e549882aa11857fa4a9df8de368","first_seen":"2025-10-15T05:18:15.04564Z","last_seen":"2025-11-03T12:39:04.193322Z","times_seen":23,"resource_available":false,"data":null}},"time_used":523,"timings":{"blocked":210,"dns":11,"connect":93,"send":0,"wait":102,"receive":1,"ssl":103},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2025-10-15","alert":"Detects file containing Telegram Bot API","trigger":"retainpassword.pythonanywhere.com/?email=/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-15","alert":"Phishing - Generic/Spear Phishing","trigger":"retainpassword.pythonanywhere.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"webmail.hunaintrading.com/cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/open_sans.min.css","fqdn":"webmail.hunaintrading.com","domain":"hunaintrading.com","tld":"com"},"ip":{"addr":"184.154.215.138","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:14.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daishizen.ae","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 Aug 2025 17:51:19 GMT","end":"Thu, 20 Nov 2025 17:51:18 GMT"},"fingerprint":{"sha1":"51:59:86:A3:56:47:97:0E:31:A9:1E:3D:85:D3:27:2A:FE:26:98:EC","sha256":"BD:54:B0:EC:F1:15:AC:AE:19:A8:F1:31:3A:CA:7A:CB:C5:35:85:AE:55:B3:EC:32:75:F1:7E:97:B9:61:C5:76"}}},"request":{"raw":"GET /cPanel_magic_revision_1648610195/unprotected/cpanel/fonts/open_sans/open_sans.min.css HTTP/1.1\r\nHost: webmail.hunaintrading.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://retainpassword.pythonanywhere.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nlast-modified: Wed, 30 Mar 2022 03:16:35 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Sun, 14 Dec 2025 10:15:14 GMT\r\ncontent-length: 522\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ndate: Wed, 15 Oct 2025 10:15:14 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6358,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (6358), with no line terminators","md5":"952b5c93a75a89c458fe5093480dd1bc","sha1":"564d17e569cb59cf7043d7f777727c19a3cbda3a","sha256":"17781767b9edf1ebdde3529494d5cb3d8403702893db10258bedd3f9b8002f20","sha512":"d9485a620f3d8220d505e8d2cfd8d1ea30dcc09dbde5631dc1a43335d26394da48ecbe1f9a560856373ef82d0a2cf1865b38209c999a82d40e5ba41285945478","ssdeep":"96:pKAQU+A9nUAAW08A5x0KAE2GAYrYyABrmAo9uAk9v+Awqa:pNBp1L70Db0NzhYUFtBQZkNpwV","tlshash":"b9d1a752c6a8b5db49c7aec239d71472e96d251b901181d3a394c3c8daf338df168f2b","first_seen":"2023-04-06T15:25:07Z","last_seen":"2026-06-07T02:25:56.302298Z","times_seen":8426,"resource_available":false,"data":null}},"time_used":721,"timings":{"blocked":249,"dns":30,"connect":103,"send":0,"wait":215,"receive":0,"ssl":116},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"webmail.hunaintrading.com/cPanel_magic_revision_1730741447/unprotected/cpanel/images/icon-username.png","fqdn":"webmail.hunaintrading.com","domain":"hunaintrading.com","tld":"com"},"ip":{"addr":"184.154.215.138","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://retainpassword.pythonanywhere.com/?email=/","date":"2025-10-15T10:15:15.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daishizen.ae","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 Aug 2025 17:51:19 GMT","end":"Thu, 20 Nov 2025 17:51:18 GMT"},"fingerprint":{"sha1":"51:59:86:A3:56:47:97:0E:31:A9:1E:3D:85:D3:27:2A:FE:26:98:EC","sha256":"BD:54:B0:EC:F1:15:AC:AE:19:A8:F1:31:3A:CA:7A:CB:C5:35:85:AE:55:B3:EC:32:75:F1:7E:97:B9:61:C5:76"}}},"request":{"raw":"GET /cPanel_magic_revision_1730741447/unprotected/cpanel/images/icon-username.png HTTP/1.1\r\nHost: webmail.hunaintrading.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://webmail.hunaintrading.com/cPanel_magic_revision_1679634615/unprotected/cpanel/style_v2_optimized.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: image/png\r\nlast-modified: Mon, 04 Nov 2024 17:30:47 GMT\r\ncache-control: max-age=5184000, public\r\nexpires: Sun, 14 Dec 2025 10:15:14 GMT\r\ncontent-length: 320\r\ndate: Wed, 15 Oct 2025 10:15:14 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":320,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced","md5":"07ff84f8c855e5fe9d510ff5c9a4b1e4","sha1":"11c262053e2b9be57d1dba7cb3d916ef041a0e50","sha256":"05ce0f813e6236158fa1d115faba62cd2041aab1878cac0960a0f45575cece1e","sha512":"4cee86a25e66e5a4ff1e8135e12d47ce697b86598a5e47d63777dc14536472944b64ca859fedee2c53b2830374cb4932efaf51d6e493e61cb8c9535680320580","ssdeep":"","tlshash":"89e07dd273a48da5e689087917961000783c075da3012bd91c09d1e61999edc22e25ab","first_seen":"2023-04-08T05:54:15Z","last_seen":"2026-06-07T02:25:56.28059Z","times_seen":10674,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":112,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}