{"report_id":"e5e19f57-e0fc-419b-baf2-447eea6b665c","version":6,"status":"done","tags":[],"date":"2025-10-16T06:04:09Z","url":{"schema":"http","addr":"rakuten-sec.hbtpvdf.com/","fqdn":"rakuten-sec.hbtpvdf.com","domain":"hbtpvdf.com","tld":"com"},"ip":{"addr":"172.67.185.47","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"rakuten-sec.hbtpvdf.com/","fqdn":"rakuten-sec.hbtpvdf.com","domain":"hbtpvdf.com","tld":"com"},"title":"総合口座ログイン | 楽天証券"},"submit":{"url":{"schema":"http","addr":"rakuten-sec.hbtpvdf.com/","fqdn":"rakuten-sec.hbtpvdf.com","domain":"hbtpvdf.com","tld":"com"},"ip":{"addr":"172.67.185.47","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-20T06:04:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-16","alert":"Phishing Block","trigger":"rakuten-sec.hbtpvdf.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"www-rakuten.yunyamy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"www-rakuten.yunyamy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"rakuten-sec.hbtpvdf.com","ip":{"addr":"172.67.185.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":16,"request_count":4,"received_data":8334,"sent_data":1972,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www-rakuten.yunyamy.com","ip":{"addr":"104.21.64.97","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-12-26","domain_rank":0,"first_seen":"2025-10-16T06:04:09.90288Z","last_seen":"2025-10-16T06:04:09.902881Z","alert_count":12,"request_count":6,"received_data":299785,"sent_data":3168,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fanghongapi.ios18.cc","ip":{"addr":"45.135.237.112","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-04-28","domain_rank":0,"first_seen":"2025-09-10T23:53:40.402928Z","last_seen":"2025-10-13T00:58:49.713472Z","alert_count":0,"request_count":2,"received_data":362,"sent_data":1148,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www-rakuten.yunyamy.com/ITS/","fqdn":"www-rakuten.yunyamy.com","domain":"yunyamy.com","tld":"com"},"ip":{"addr":"104.21.64.97","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-05T11:49:51.14375Z","times_seen":204922,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www-rakuten.yunyamy.com/ITS/","fqdn":"www-rakuten.yunyamy.com","domain":"yunyamy.com","tld":"com"},"ip":{"addr":"104.21.64.97","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-05T11:47:39.077337Z","times_seen":596228,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www-rakuten.yunyamy.com/ITS/assets/js/YLa8RmA5.js","fqdn":"www-rakuten.yunyamy.com","domain":"yunyamy.com","tld":"com"},"ip":{"addr":"104.21.64.97","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6a7bf4413f93d199e951d0c6385b4f5f","sha1":"1bd5c8b33e466ead3c6ef1961611d22e90232647","sha256":"025b72d1702ca9074e93162c15bff4a52424192bc17afdd29df0e75e82d323cc","sha512":"e0393a513dd455816fa4a93e543b0c3107017ee452e7b12ba67613f9b3d900343069ae373c38c63aab8c7f40e86742bcd139e007a5e1ac169daeca2843eaa95b","ssdeep":"3072:sh9YoMCRts2cF3e8eccrnKtZ5i1grHx++jRe1dQ7Wd57Z/ePtVB+:aRtsLF3Re5rnKtZ5i71dQ7Wd5ZePtj+","tlshash":"5f3449d97286b06153f328f1013f240af23a296a3449d4d8f19dd8ca3db9589d1bbe7d","size":234145,"data":"","first_seen":"2025-10-16T04:58:00.758019Z","last_seen":"2025-10-16T06:04:13.815105Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www-rakuten.yunyamy.com/ITS/assets/js/Bu3CG8uA.js","fqdn":"www-rakuten.yunyamy.com","domain":"yunyamy.com","tld":"com"},"ip":{"addr":"104.21.64.97","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"00fd39c8d32a8280dc0c5dc34f1597fb","sha1":"4fe310eff01e0bdcefdec9fede5a182e39da033e","sha256":"93e928cdb63c2b38adc4c1b8320a1bc9a5515f006384e27ee441935efa88cce5","sha512":"41110481f1561de0f4784dbe602f0f96a22eaa18cc3478c0f1710d3f383718d979f771109dbf9326fffafcd9ca95b8e01966a0b300b68bdabf79c97ba6308aea","ssdeep":"768:YzJENSox0h6wlGVpUQJaFJCy+K7WE+0cGzksqfz1Bc7DxnywTM95JhKS6DSBiU28:HePQ9c3wMQ","tlshash":"2303fac8b261546683e2a1a380750203f33899157408865cbb2ceef7ad7eeca7173f75","size":41114,"data":"","first_seen":"2025-07-03T13:35:13.902597Z","last_seen":"2026-04-04T13:21:26.035544Z","times_seen":8244,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rakuten-sec.hbtpvdf.com/","fqdn":"rakuten-sec.hbtpvdf.com","domain":"hbtpvdf.com","tld":"com"},"ip":{"addr":"172.67.185.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"332b0cafbf1970e369747417fa4e473b","sha1":"7c2bda0096a33855c6acb85149296057d7a37c10","sha256":"a4969cc322a37d0549130e1da75adc023376d56b0c7df99bc1de8ea72fa8937a","sha512":"648eba21db856c98b726462337a6f0a28abd5f01da137ca63cf935f1678ebd1672e7cfbf1c769980b6fdaac67dcf2b9a3226fc8edc17e35513adc69c95a53b03","ssdeep":"","tlshash":"e521c0bd38337ceed8139227d42c320dd440ed0bf50a285806de9688bf91625f8d9758","size":1328,"data":"","first_seen":"2025-10-13T00:58:55.591049Z","last_seen":"2025-12-07T21:23:01.42607Z","times_seen":98,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rakuten-sec.hbtpvdf.com/script.js","fqdn":"rakuten-sec.hbtpvdf.com","domain":"hbtpvdf.com","tld":"com"},"ip":{"addr":"172.67.185.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0672dc1f26e5130d7863f3e74c5c36de","sha1":"bde3ac84d7f3f7c67d95fa6717a5ed5adc10b2e7","sha256":"f999811ee75ed7677a88d0b69935e93bc9bc886ad1982aaa7e8dc27307be7279","sha512":"d7621fb83b1047776223b6800dbeb81b44a4f1c5b0892a484c4654f2330a24bdd566d6083d49b1672fefb0c74aa3f912b2f96d7e62699d6359724c9e533d7802","ssdeep":"","tlshash":"2631862d06b25572a2377129868fd38571b4805fbc0149787a6c8f88aff0c64e7d6bdd","size":1665,"data":"","first_seen":"2025-10-14T04:38:41.836424Z","last_seen":"2025-11-01T21:40:48.442767Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www-rakuten.yunyamy.com/ITS/","fqdn":"www-rakuten.yunyamy.com","domain":"yunyamy.com","tld":"com"},"ip":{"addr":"104.21.64.97","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-05T11:49:51.14375Z","times_seen":204922,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www-rakuten.yunyamy.com/ITS/","fqdn":"www-rakuten.yunyamy.com","domain":"yunyamy.com","tld":"com"},"ip":{"addr":"104.21.64.97","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-05T11:47:39.077337Z","times_seen":596228,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"7eb6bff54079a4ce3af4bc7859c20a7a","sha1":"4d7d178141294a5e242107816283063ace896cbe","sha256":"636a7347312daf2adf19dfaf066b5c8d16def74376fa0a56e038a4299005c3f7","sha512":"301b36c6946e5a8919a6f0facda59e48b216f1f1995ca11590e0094a39ac7f90799cf58268b28b06649816ee65ffc3c6ac2e9ef71b639043c318a857d01a4543","ssdeep":"","tlshash":"84014e539ce1c42e019185a438b47b0f5ec69c079a0a899039ed52c8dfc5dc5ccd729c","size":732,"data":"","first_seen":"2025-10-13T00:58:55.605612Z","last_seen":"2025-12-07T21:23:01.427934Z","times_seen":101,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"rakuten-sec.hbtpvdf.com/","fqdn":"rakuten-sec.hbtpvdf.com","domain":"hbtpvdf.com","tld":"com"},"ip":{"addr":"172.67.185.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-16T06:03:47.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hbtpvdf.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 21:33:17 GMT","end":"Tue, 13 Jan 2026 22:32:11 GMT"},"fingerprint":{"sha1":"51:C0:94:6A:E1:74:C7:BA:83:C4:CA:F9:9A:EB:8B:4F:80:5E:81:02","sha256":"1A:31:45:0D:44:8E:11:A6:83:04:91:5A:E8:23:D0:89:48:66:53:91:B4:7D:B6:69:1F:96:B7:BF:8B:8E:ED:F4"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: rakuten-sec.hbtpvdf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 16 Oct 2025 06:03:47 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nvary: Cookie,Accept-Encoding\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 10 Oct 2025 03:10:35 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MRWLlnbH%2B1Mpa09Bp4TdrvEoTVNASJJmqo3gQ70yEhg1%2Fce7gHMjGCbNoP17sLx1BMFOZUzu3U1BcFAEXJrKaZtJ9R6G4xVRbWH29JHacbxoBRMlNQ%3D%3D\"}]}\r\ncontent-encoding: br\r\nset-cookie: SITE_TOTAL_ID=aPCKw9w_4RredqMJlp6VuwAAAAk; HttpOnly; Path=/; Max-Age=31536000\r\ncf-ray: 98f55ae47c225697-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1554,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1322), with CRLF line terminators","md5":"b62fb902c1df63481d08670737d8fe7e","sha1":"4ed7957b79559472989ebce75e59e7c935c5937c","sha256":"b95e2150cd87dcb0c5aff3afd8c9d8b28be7ee04c85cd046c3181bdb38d8e5d4","sha512":"1edd0d2d312730dd2c04283587b1319ab5f5580e46adb11a356e3b41edfb558703a07379a5912f51114d8a268a7b7bb7ef1b05d756d5702aafe24b973df54973","ssdeep":"","tlshash":"5a3137bd38327ceec862d237d86c720cd441ed0bf10a294415de964a7fe1625e8da798","first_seen":"2025-10-13T00:58:55.516519Z","last_seen":"2025-12-07T21:23:01.421166Z","times_seen":101,"resource_available":false,"data":null}},"time_used":608,"timings":{"blocked":20,"dns":1,"connect":1,"send":0,"wait":567,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-16","alert":"Phishing Block","trigger":"rakuten-sec.hbtpvdf.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rakuten-sec.hbtpvdf.com/style.css","fqdn":"rakuten-sec.hbtpvdf.com","domain":"hbtpvdf.com","tld":"com"},"ip":{"addr":"172.67.185.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rakuten-sec.hbtpvdf.com/","date":"2025-10-16T06:03:48.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hbtpvdf.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 21:33:17 GMT","end":"Tue, 13 Jan 2026 22:32:11 GMT"},"fingerprint":{"sha1":"51:C0:94:6A:E1:74:C7:BA:83:C4:CA:F9:9A:EB:8B:4F:80:5E:81:02","sha256":"1A:31:45:0D:44:8E:11:A6:83:04:91:5A:E8:23:D0:89:48:66:53:91:B4:7D:B6:69:1F:96:B7:BF:8B:8E:ED:F4"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: rakuten-sec.hbtpvdf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rakuten-sec.hbtpvdf.com/\r\nCookie: SITE_TOTAL_ID=aPCKw9w_4RredqMJlp6VuwAAAAk\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 16 Oct 2025 06:03:48 GMT\r\nserver: cloudflare\r\nvary: Cookie,Accept-Encoding\r\ncf-cache-status: MISS\r\ncontent-length: 666\r\nlast-modified: Fri, 10 Oct 2025 03:10:35 GMT\r\netag: \"7dc-640c542e657ae-gzip\"\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fB2HQRUe6KD26OtH0UT5YObz7rG3tyLUkZ3dfZA1%2Fj6Iy6sgEYPRA%2FUJUf7WqYEG1w8ar8xuct3nqKl%2ByKlpMKjxq9LyudcUBUNUonWRyvxRAdwHuA%3D%3D\"}]}\r\ncontent-type: text/css\r\ncache-control: max-age=14400\r\npriority: u=2,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98f55ae94e8e5695-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2012,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"94f99d7f2b6a2596756a417e3ccfc3f4","sha1":"4b87a7c9ecabe6e968dfa8d4337b9cb92a955849","sha256":"39d52fa2d8e857bec1311f09f3760136425676f28f4b811baec1fdcc63a5e2ea","sha512":"3a3683723bd5e59fcef9aeb516d96a797deb71b27ba34a0a08413a80b87da89464f558368e4848c3e45902ac9be09913ed5b5aa877d00b4be15e94fb0ec86b20","ssdeep":"","tlshash":"f841cd465c424042ca3b97612fb80a2ceb5690636e0312bd7bdb31498ff977c5299fed","first_seen":"2025-10-13T00:58:55.559211Z","last_seen":"2025-12-07T21:23:01.424551Z","times_seen":134,"resource_available":false,"data":null}},"time_used":583,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":583,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-16","alert":"Phishing Block","trigger":"rakuten-sec.hbtpvdf.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rakuten-sec.hbtpvdf.com/script.js","fqdn":"rakuten-sec.hbtpvdf.com","domain":"hbtpvdf.com","tld":"com"},"ip":{"addr":"172.67.185.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rakuten-sec.hbtpvdf.com/","date":"2025-10-16T06:03:48.048Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hbtpvdf.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 21:33:17 GMT","end":"Tue, 13 Jan 2026 22:32:11 GMT"},"fingerprint":{"sha1":"51:C0:94:6A:E1:74:C7:BA:83:C4:CA:F9:9A:EB:8B:4F:80:5E:81:02","sha256":"1A:31:45:0D:44:8E:11:A6:83:04:91:5A:E8:23:D0:89:48:66:53:91:B4:7D:B6:69:1F:96:B7:BF:8B:8E:ED:F4"}}},"request":{"raw":"GET /script.js HTTP/1.1\r\nHost: rakuten-sec.hbtpvdf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rakuten-sec.hbtpvdf.com/\r\nCookie: SITE_TOTAL_ID=aPCKw9w_4RredqMJlp6VuwAAAAk\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 16 Oct 2025 06:03:48 GMT\r\nserver: cloudflare\r\nvary: Cookie,Accept-Encoding\r\ncf-cache-status: MISS\r\ncontent-length: 726\r\nlast-modified: Fri, 10 Oct 2025 03:12:27 GMT\r\netag: \"681-640c5499c7e5e-gzip\"\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gK7cNCKmMTmJZczDOoh%2FNngMM0CXLZ2KVGsPx%2B0c0iEOc%2BzYj8fJfvaWqrkbrpz8JPRi7C9YNyWLKcVb5yIyLKnv44ZVYzJQzVh1EJiGLLGoZ%2Fkh6Q%3D%3D\"}]}\r\ncontent-type: text/javascript\r\ncache-control: max-age=14400\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98f55ae94e8f5695-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1665,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"0672dc1f26e5130d7863f3e74c5c36de","sha1":"bde3ac84d7f3f7c67d95fa6717a5ed5adc10b2e7","sha256":"f999811ee75ed7677a88d0b69935e93bc9bc886ad1982aaa7e8dc27307be7279","sha512":"d7621fb83b1047776223b6800dbeb81b44a4f1c5b0892a484c4654f2330a24bdd566d6083d49b1672fefb0c74aa3f912b2f96d7e62699d6359724c9e533d7802","ssdeep":"","tlshash":"2631862d06b25572a2377129868fd38571b4805fbc0149787a6c8f88aff0c64e7d6bdd","first_seen":"2025-10-14T04:38:41.836424Z","last_seen":"2025-11-01T21:40:48.442767Z","times_seen":13,"resource_available":true,"data":null}},"time_used":580,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":579,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-16","alert":"Phishing Block","trigger":"rakuten-sec.hbtpvdf.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www-rakuten.yunyamy.com/ITS/assets/css/DKb-luYm.css","fqdn":"www-rakuten.yunyamy.com","domain":"yunyamy.com","tld":"com"},"ip":{"addr":"104.21.64.97","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www-rakuten.yunyamy.com/ITS/","date":"2025-10-16T06:03:51.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yunyamy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Oct 2025 16:34:05 GMT","end":"Mon, 12 Jan 2026 17:32:41 GMT"},"fingerprint":{"sha1":"7F:39:38:AA:02:46:91:41:4F:20:0F:8B:F1:13:6D:04:1F:EE:29:52","sha256":"4E:E4:F1:1A:D6:7C:32:FE:34:BB:A5:90:C1:C4:83:2B:9B:BB:14:96:31:64:6F:B0:AB:F6:D6:77:5A:A7:3A:F9"}}},"request":{"raw":"GET /ITS/assets/css/DKb-luYm.css HTTP/1.1\r\nHost: www-rakuten.yunyamy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www-rakuten.yunyamy.com/ITS/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 16 Oct 2025 06:03:52 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 10 Oct 2025 07:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zCJSoQ0qksJNkzZYx3NDYCjnYwJ1vomGFjj%2FaVwFmy1MjSN8c02kNAE32KKNSzF3tdL%2BoLYF%2Bjisb5bIFdOUFxlpDvL9WOLMUrTVE%2BO4HhxRzIP88A%3D%3D\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"68e8b38e-4c08\"\r\nexpires: Sat, 15 Nov 2025 06:03:51 GMT\r\ncache-control: public, max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\ncf-ray: 98f55afeb924b4ee-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19464,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (17888)","md5":"ea8ac94ebd637e56a633420c6024879f","sha1":"e945aefa44f865b4367af93f99702be03fa5cb56","sha256":"31d562d17ce728113d88a206678604512745abc13d233220cf754d0c3c2939af","sha512":"734f036c3604ed1e0014e8799e95812809e9123d8869bb4f8b1b366014858d1d8e684741452e743886e80d7e32a727e2a78f73fe50fba2bc3aa4b0f08690393d","ssdeep":"192:j0VckxwOW9JyW9Jy4pPi7IbX+Gdvmq7RONg4rLKxtAS0eZN5Lb3IV/:QVPwPPi7IbX+Gdvmq8C4qxUeZN8/","tlshash":"6692462e6a14013a7c57c0f6f4e5eb59b226a1c2ef36a6fabc422510d7c73e61d53608","first_seen":"2025-10-16T04:58:00.835658Z","last_seen":"2025-10-16T06:04:13.812839Z","times_seen":3,"resource_available":false,"data":null}},"time_used":620,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":619,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"www-rakuten.yunyamy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"www-rakuten.yunyamy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www-rakuten.yunyamy.com/ITS/assets/js/YLa8RmA5.js","fqdn":"www-rakuten.yunyamy.com","domain":"yunyamy.com","tld":"com"},"ip":{"addr":"104.21.64.97","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www-rakuten.yunyamy.com/ITS/","date":"2025-10-16T06:03:51.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yunyamy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Oct 2025 16:34:05 GMT","end":"Mon, 12 Jan 2026 17:32:41 GMT"},"fingerprint":{"sha1":"7F:39:38:AA:02:46:91:41:4F:20:0F:8B:F1:13:6D:04:1F:EE:29:52","sha256":"4E:E4:F1:1A:D6:7C:32:FE:34:BB:A5:90:C1:C4:83:2B:9B:BB:14:96:31:64:6F:B0:AB:F6:D6:77:5A:A7:3A:F9"}}},"request":{"raw":"GET /ITS/assets/js/YLa8RmA5.js HTTP/1.1\r\nHost: www-rakuten.yunyamy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www-rakuten.yunyamy.com/ITS/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 16 Oct 2025 06:03:52 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 10 Oct 2025 07:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rlVCXsa5CBPek6H70b23aFt6yFM0nQS6kXt7ulqp41PC2rSmdzv1FgUjOXBBGxEy9ymXQqCOdeECQpQgl9ABnu9GRQujYUkt7%2BiCq5gMdyI%2FbNAz8g%3D%3D\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"68e8b38e-392a1\"\r\nexpires: Sat, 15 Nov 2025 06:03:51 GMT\r\ncache-control: public, max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\ncf-ray: 98f55afeb923b4ee-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":234145,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (30458)","md5":"6a7bf4413f93d199e951d0c6385b4f5f","sha1":"1bd5c8b33e466ead3c6ef1961611d22e90232647","sha256":"025b72d1702ca9074e93162c15bff4a52424192bc17afdd29df0e75e82d323cc","sha512":"e0393a513dd455816fa4a93e543b0c3107017ee452e7b12ba67613f9b3d900343069ae373c38c63aab8c7f40e86742bcd139e007a5e1ac169daeca2843eaa95b","ssdeep":"3072:sh9YoMCRts2cF3e8eccrnKtZ5i1grHx++jRe1dQ7Wd57Z/ePtVB+:aRtsLF3Re5rnKtZ5i71dQ7Wd5ZePtj+","tlshash":"5f3449d97286b06153f328f1013f240af23a296a3449d4d8f19dd8ca3db9589d1bbe7d","first_seen":"2025-10-16T04:58:00.758019Z","last_seen":"2025-10-16T06:04:13.815105Z","times_seen":3,"resource_available":true,"data":null}},"time_used":1505,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":622,"receive":883,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"www-rakuten.yunyamy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"www-rakuten.yunyamy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www-rakuten.yunyamy.com/open/?apiName=zUeFUGIYkiqFQImEvBbmXwdgwWqMjTB%2F07BMyJdPh1c8a7xcmwK9dSO7ZNvqR8Sh","fqdn":"www-rakuten.yunyamy.com","domain":"yunyamy.com","tld":"com"},"ip":{"addr":"104.21.64.97","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www-rakuten.yunyamy.com/ITS/","date":"2025-10-16T06:03:53.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yunyamy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Oct 2025 16:34:05 GMT","end":"Mon, 12 Jan 2026 17:32:41 GMT"},"fingerprint":{"sha1":"7F:39:38:AA:02:46:91:41:4F:20:0F:8B:F1:13:6D:04:1F:EE:29:52","sha256":"4E:E4:F1:1A:D6:7C:32:FE:34:BB:A5:90:C1:C4:83:2B:9B:BB:14:96:31:64:6F:B0:AB:F6:D6:77:5A:A7:3A:F9"}}},"request":{"raw":"POST /open/?apiName=zUeFUGIYkiqFQImEvBbmXwdgwWqMjTB%2F07BMyJdPh1c8a7xcmwK9dSO7ZNvqR8Sh HTTP/1.1\r\nHost: www-rakuten.yunyamy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 3645\r\nOrigin: https://www-rakuten.yunyamy.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www-rakuten.yunyamy.com/ITS/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 16 Oct 2025 06:03:54 GMT\r\ncontent-type: application/json; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=w988WJspfqoCW1%2BtPzN4ZcVWgBowaYW9YKX6jNKC%2Fk8IjZK9KB31TH7X0KDhdXj4Xys3v6PuAw%2Fiu9UKqGiS165SrYQqUcg3cqT5%2FwY1v0gXaaIRRQ%3D%3D\"}]}\r\nset-cookie: locale=en-us; Path=/; Max-Age=31557600; Expires=Fri, 16 Oct 2026 12:03:54 GMT\r\nvary: Accept-Encoding, Origin\r\naccess-control-allow-origin: https://www-rakuten.yunyamy.com\r\npriority: u=3,i=?0\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98f55b0d5958b4ee-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e0a4a09f97c732edeabd8580d721e7c2","sha1":"f0e11c0e56128ba246d782c8678a2f88f4e2391b","sha256":"8bc55f760a8ad956e66394c3a32b26711b660c74d20d358b35ec1e3b2ba2c728","sha512":"1eca591203c21924c9b9582a162a01001acf4b5f1449f7842a0d171e99b265a34ca9bc7eb61d77ce4601e20e8d51748cc29b8d6df0072a6b9b91b6c6da0dc41c","ssdeep":"","tlshash":"9b800082020cace823233802320e2a8820e830a0c2802aaaac2c023c8f08c28e083220","first_seen":"2025-06-24T22:10:16.160171Z","last_seen":"2026-04-05T06:43:48.00426Z","times_seen":37570,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":307,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"www-rakuten.yunyamy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"www-rakuten.yunyamy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"fanghongapi.ios18.cc/get_url","fqdn":"fanghongapi.ios18.cc","domain":"ios18.cc","tld":"cc"},"ip":{"addr":"45.135.237.112","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://rakuten-sec.hbtpvdf.com/","date":"2025-10-16T06:03:48.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fanghongapi.ios18.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 01:49:44 GMT","end":"Thu, 18 Dec 2025 01:49:43 GMT"},"fingerprint":{"sha1":"AB:8B:B7:87:B0:D3:86:36:32:C0:BB:DD:CD:F8:3A:A8:80:42:77:E5","sha256":"47:23:E2:DB:C8:A1:9E:07:95:DF:D0:5D:32:A1:10:1A:31:38:FC:79:5D:C3:11:22:32:84:9D:B1:13:D8:8D:28"}}},"request":{"raw":"GET /get_url HTTP/1.1\r\nHost: fanghongapi.ios18.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://rakuten-sec.hbtpvdf.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: a4ulv07ubcuuoLBDoLGYBQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: nginx\r\nDate: Thu, 16 Oct 2025 06:03:50 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: lpxtL15WeAfVhFKkJIyhHLaM9Zo=\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":2640,"timings":{"blocked":0,"dns":867,"connect":1165,"send":0,"wait":302,"receive":0,"ssl":1185},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rakuten-sec.hbtpvdf.com/favicon.ico","fqdn":"rakuten-sec.hbtpvdf.com","domain":"hbtpvdf.com","tld":"com"},"ip":{"addr":"172.67.185.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rakuten-sec.hbtpvdf.com/","date":"2025-10-16T06:03:48.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hbtpvdf.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 21:33:17 GMT","end":"Tue, 13 Jan 2026 22:32:11 GMT"},"fingerprint":{"sha1":"51:C0:94:6A:E1:74:C7:BA:83:C4:CA:F9:9A:EB:8B:4F:80:5E:81:02","sha256":"1A:31:45:0D:44:8E:11:A6:83:04:91:5A:E8:23:D0:89:48:66:53:91:B4:7D:B6:69:1F:96:B7:BF:8B:8E:ED:F4"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rakuten-sec.hbtpvdf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rakuten-sec.hbtpvdf.com/\r\nCookie: SITE_TOTAL_ID=aPCKw9w_4RredqMJlp6VuwAAAAk\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Thu, 16 Oct 2025 06:03:49 GMT\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=474V6ugTVuvqiEf3JdqjqAlkqU2qrnkq%2BSLyaUdLbu0KLIcUzqvN8aVelI6RFt0Fy9N3CYdSZdIc5MB%2F3WUlhPZS6t%2ByfN8KdOum%2FZqAN7o%2B%2F3R6Jw%3D%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=iso-8859-1\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98f55aed1eb55695-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":269,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"c393b357fd1dbcd5dbacf5f019374ba0","sha1":"74bc5889be7b44f8ded225923db73a730e44a5fe","sha256":"f12e3f2e58fd14f9f4725c4ee2367e1c300e1b5337d3cadef457297b52980ae8","sha512":"c16e4f3061beaaaa8c52cafb15afd3ac1e2d52b5d1af225c20c0f2068fa85e9ea282b368408df515c970e499379bfc086bc98724c84f3bc9e4f13b74a059ce9e","ssdeep":"","tlshash":"4bd02b9d5043328b082219a03ac611c6234812f6787981f87d86d4475258a7dcc8a2cd","first_seen":"2025-10-16T06:04:13.82345Z","last_seen":"2025-10-16T06:04:13.82345Z","times_seen":1,"resource_available":false,"data":null}},"time_used":563,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":563,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-16","alert":"Phishing Block","trigger":"rakuten-sec.hbtpvdf.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"rakuten-sec.hbtpvdf.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www-rakuten.yunyamy.com/ITS/","fqdn":"www-rakuten.yunyamy.com","domain":"yunyamy.com","tld":"com"},"ip":{"addr":"104.21.64.97","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://rakuten-sec.hbtpvdf.com/","date":"2025-10-16T06:03:50.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yunyamy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Oct 2025 16:34:05 GMT","end":"Mon, 12 Jan 2026 17:32:41 GMT"},"fingerprint":{"sha1":"7F:39:38:AA:02:46:91:41:4F:20:0F:8B:F1:13:6D:04:1F:EE:29:52","sha256":"4E:E4:F1:1A:D6:7C:32:FE:34:BB:A5:90:C1:C4:83:2B:9B:BB:14:96:31:64:6F:B0:AB:F6:D6:77:5A:A7:3A:F9"}}},"request":{"raw":"GET /ITS/ HTTP/1.1\r\nHost: www-rakuten.yunyamy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rakuten-sec.hbtpvdf.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 16 Oct 2025 06:03:51 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Fri, 10 Oct 2025 07:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q6n%2BAH6%2FdAdfROo5lXpkgihTHH4cqtLGxVWCBNrfUe5nmk8jh%2Biiq8lQxGpQtlWcHSnZ3X5nur5ykowgUuAz67V7ocyBAj4znC65XOSKqAfUseEEcw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 98f55afa787d0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":657,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7f5a850ef1abb4fa4b35ad961579ae3a","sha1":"19b4162e4fd405edc68c7df2defd9f2439ad60fe","sha256":"981ddb3d435b60f5a7ad085253f8facd24f8db5325f8cee0d16efe5ac61fc8bb","sha512":"b093d7a90e5751b2fb13ecea1caada1ecf83a20ad41744f25897ae114e5e90c10864065dc5f2e2b8166c355628b0618de7a3807bc550628c00c4124fa9d2a582","ssdeep":"","tlshash":"3c01f46398004c09e27193255ec1f40853a6fb54d20dac84b4de61ee5dd1fc6cad7a3d","first_seen":"2025-10-16T04:58:00.826658Z","last_seen":"2025-10-16T06:04:13.826851Z","times_seen":3,"resource_available":false,"data":null}},"time_used":656,"timings":{"blocked":25,"dns":8,"connect":1,"send":0,"wait":606,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"www-rakuten.yunyamy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"www-rakuten.yunyamy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www-rakuten.yunyamy.com/ITS/assets/js/Bu3CG8uA.js","fqdn":"www-rakuten.yunyamy.com","domain":"yunyamy.com","tld":"com"},"ip":{"addr":"104.21.64.97","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www-rakuten.yunyamy.com/ITS/","date":"2025-10-16T06:03:54.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yunyamy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Oct 2025 16:34:05 GMT","end":"Mon, 12 Jan 2026 17:32:41 GMT"},"fingerprint":{"sha1":"7F:39:38:AA:02:46:91:41:4F:20:0F:8B:F1:13:6D:04:1F:EE:29:52","sha256":"4E:E4:F1:1A:D6:7C:32:FE:34:BB:A5:90:C1:C4:83:2B:9B:BB:14:96:31:64:6F:B0:AB:F6:D6:77:5A:A7:3A:F9"}}},"request":{"raw":"GET /ITS/assets/js/Bu3CG8uA.js HTTP/1.1\r\nHost: www-rakuten.yunyamy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www-rakuten.yunyamy.com/ITS/assets/js/YLa8RmA5.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 16 Oct 2025 06:03:54 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 10 Oct 2025 07:19:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PqWLZOZYggtEQdusijSlYm4lRNnD%2BgWQkHI%2BchNSuuH7KdyuTTIsvqi8EztvM0D0EYlCHF3bVUEP7cZqT3aM%2FWAU7pjHlvDsKMyvEPZghNAt%2Bsee%2Bg%3D%3D\"}]}\r\nvary: Accept-Encoding\r\netag: W/\"68e8b38e-a09a\"\r\nexpires: Sat, 15 Nov 2025 06:03:54 GMT\r\ncache-control: public, max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\ncf-ray: 98f55b10f965b4ee-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41114,"size_decoded":0,"mime_type":"application/javascript","magic":"data","md5":"00fd39c8d32a8280dc0c5dc34f1597fb","sha1":"4fe310eff01e0bdcefdec9fede5a182e39da033e","sha256":"93e928cdb63c2b38adc4c1b8320a1bc9a5515f006384e27ee441935efa88cce5","sha512":"41110481f1561de0f4784dbe602f0f96a22eaa18cc3478c0f1710d3f383718d979f771109dbf9326fffafcd9ca95b8e01966a0b300b68bdabf79c97ba6308aea","ssdeep":"768:YzJENSox0h6wlGVpUQJaFJCy+K7WE+0cGzksqfz1Bc7DxnywTM95JhKS6DSBiU28:HePQ9c3wMQ","tlshash":"2303fac8b261546683e2a1a380750203f33899157408865cbb2ceef7ad7eeca7173f75","first_seen":"2025-07-03T13:35:13.902597Z","last_seen":"2026-04-04T13:21:26.035544Z","times_seen":8244,"resource_available":true,"data":null}},"time_used":898,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":607,"receive":291,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"www-rakuten.yunyamy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"www-rakuten.yunyamy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www-rakuten.yunyamy.com/open/?apiName=oRuBJq5wHQHRFSEpIQSYcDDn7JYstfnTY%2FWqnBSqIxww3z3MdwjtA7hWxhIyn22L","fqdn":"www-rakuten.yunyamy.com","domain":"yunyamy.com","tld":"com"},"ip":{"addr":"104.21.64.97","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www-rakuten.yunyamy.com/ITS/","date":"2025-10-16T06:03:55.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yunyamy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Oct 2025 16:34:05 GMT","end":"Mon, 12 Jan 2026 17:32:41 GMT"},"fingerprint":{"sha1":"7F:39:38:AA:02:46:91:41:4F:20:0F:8B:F1:13:6D:04:1F:EE:29:52","sha256":"4E:E4:F1:1A:D6:7C:32:FE:34:BB:A5:90:C1:C4:83:2B:9B:BB:14:96:31:64:6F:B0:AB:F6:D6:77:5A:A7:3A:F9"}}},"request":{"raw":"POST /open/?apiName=oRuBJq5wHQHRFSEpIQSYcDDn7JYstfnTY%2FWqnBSqIxww3z3MdwjtA7hWxhIyn22L HTTP/1.1\r\nHost: www-rakuten.yunyamy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 707\r\nOrigin: https://www-rakuten.yunyamy.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www-rakuten.yunyamy.com/ITS/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Thu, 16 Oct 2025 06:03:56 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: locale=en-us; Path=/; Max-Age=31557600; Expires=Fri, 16 Oct 2026 12:03:56 GMT\r\nvary: Origin\r\naccess-control-allow-origin: https://www-rakuten.yunyamy.com\r\npriority: u=3,i=?0\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lJWWRQgVBXAY2z97%2B0jBJbZdEIzqK%2B33zS3V0%2Bu%2FuzQLUdWl8VwHz1vYVQYLmscONLHVYdK1uU5KOWpqCxXlU9nROZD6Zkgu%2FwwFdyDgqyJtRIzMuw%3D%3D\"}]}\r\ncf-ray: 98f55b17d992b4ee-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"9d1ead73e678fa2f51a70a933b0bf017","sha1":"d205cbd6783332a212c5ae92d73c77178c2d2f28","sha256":"0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5","sha512":"935b3d516e996f6d25948ba8a54c1b7f70f7f0e3f517e36481fdf0196c2c5cfc2841f86e891f3df9517746b7fb605db47cdded1b8ff78d9482ddaa621db43a34","ssdeep":"","tlshash":"a250000c0003c3cc0000003030c0000000000300300000300000c000000000000c000c","first_seen":"2023-03-08T03:03:03Z","last_seen":"2026-04-05T09:28:25.611112Z","times_seen":69482,"resource_available":true,"data":null}},"time_used":799,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":799,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"www-rakuten.yunyamy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-16","alert":"Sinkholed","trigger":"www-rakuten.yunyamy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"fanghongapi.ios18.cc/get_url","fqdn":"fanghongapi.ios18.cc","domain":"ios18.cc","tld":"cc"},"ip":{"addr":"45.135.237.112","port":443,"asn":140683,"as":"Starbow Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://rakuten-sec.hbtpvdf.com/","date":"2025-10-16T06:03:55.770Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fanghongapi.ios18.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 01:49:44 GMT","end":"Thu, 18 Dec 2025 01:49:43 GMT"},"fingerprint":{"sha1":"AB:8B:B7:87:B0:D3:86:36:32:C0:BB:DD:CD:F8:3A:A8:80:42:77:E5","sha256":"47:23:E2:DB:C8:A1:9E:07:95:DF:D0:5D:32:A1:10:1A:31:38:FC:79:5D:C3:11:22:32:84:9D:B1:13:D8:8D:28"}}},"request":{"raw":"GET /get_url HTTP/1.1\r\nHost: fanghongapi.ios18.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://rakuten-sec.hbtpvdf.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: TNpJ7nqeYfkN73AUsKUPLA==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: nginx\r\nDate: Thu, 16 Oct 2025 06:03:56 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: b0ToMUpW2g+q30B5CO/Y50O68os=\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":901,"timings":{"blocked":0,"dns":1,"connect":296,"send":0,"wait":299,"receive":0,"ssl":305},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}