{"report_id":"03e4a780-3deb-4f57-89df-bd1aafc2418f","version":6,"status":"done","tags":[],"date":"2026-02-03T21:50:34Z","url":{"schema":"https","addr":"imtoken-wallet.org.cn/","fqdn":"imtoken-wallet.org.cn","domain":"imtoken-wallet.org.cn","tld":"org.cn"},"ip":{"addr":"38.6.207.3","port":0,"asn":400619,"as":"AROSS-AS","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"imtoken-wallet.org.cn/","fqdn":"imtoken-wallet.org.cn","domain":"imtoken-wallet.org.cn","tld":"org.cn"},"title":"imToken Download - imToken Wallet | Leading Digital Asset Wallet","dom":{"size":33714,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (480)","md5":"d429d0e3dc9ca630a5135bfacbeb3a09","sha1":"0b4f68ad7173dd51730fe1d62260327f6d8b2308","sha256":"e4fe6f3995bb4cc4fbe0ad4600efe285eaa9203e8d2f10bbaf6f27b009cab417","sha512":"2c22143c6cad0a284bc977c012fa1f559b548884c9bd0934c9246324782556b89c2a77ddc2f001ef23fe0e5d036ddcca5f725ff56d7a376ea4ecb23cdf0b50bb","ssdeep":"384:FR8vrgvk1mES/BVibvaX2xfKczfg+1HrkBK+:FRHES/BMbvm4fNUarJ+","tlshash":"38e2a52b21f43136049781a2aeb1536b2f21e447c50b464972bd879cafd3ec7cda325e","dom_hash":"domhash7d65d1653c227e67411348fa7b6dbc60","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"imtoken-wallet.org.cn/","fqdn":"imtoken-wallet.org.cn","domain":"imtoken-wallet.org.cn","tld":"org.cn"},"ip":{"addr":"38.6.207.3","port":0,"asn":400619,"as":"AROSS-AS","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-10T21:50:34Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-03","alert":"Sinkholed","trigger":"imtoken-wallet.org.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"imtoken-wallet.org.cn","ip":{"addr":"38.6.207.3","port":443,"asn":400619,"as":"AROSS-AS","country":"United States","country_code":"US"},"domain_registered":"2025-12-07","domain_rank":0,"first_seen":"2026-02-03T21:50:34.745312Z","last_seen":"2026-02-03T21:50:34.745312Z","alert_count":1,"request_count":1,"received_data":34169,"sent_data":490,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"imtoken-wallet.org.cn/","fqdn":"imtoken-wallet.org.cn","domain":"imtoken-wallet.org.cn","tld":"org.cn"},"ip":{"addr":"38.6.207.3","port":443,"asn":400619,"as":"AROSS-AS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"3779f66dc82566b65eb67a9606faade8","sha1":"52c2a3af283233dc7e1daef5ec53cec74ba49e25","sha256":"8010af792b084fd1474c3d10e37658cc1de83ff3b1840a3c6ad7ff81b2f97084","sha512":"33d14f4a3b4747b2dbc4b64652550ead371abca7f772f11459e28b508f6b48959c9c97c0868fa96e76284c3abe2d86dd11e739837937679e41ae6b4a78acba80","ssdeep":"","tlshash":"6f216d2b15b6253500b7a2afa74fa7d0252a30cb6403e44d3f9ccd4d1f8199355b16da","size":1231,"data":"","first_seen":"2026-02-03T21:50:39.480769Z","last_seen":"2026-06-04T10:45:58.517677Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"imtoken-wallet.org.cn/","fqdn":"imtoken-wallet.org.cn","domain":"imtoken-wallet.org.cn","tld":"org.cn"},"ip":{"addr":"38.6.207.3","port":443,"asn":400619,"as":"AROSS-AS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-03T21:50:13.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.imtoken-wallet.org.cn","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Fri, 30 Jan 2026 06:00:00 GMT","end":"Thu, 30 Apr 2026 05:59:59 GMT"},"fingerprint":{"sha1":"9E:7C:4B:49:0B:8F:E1:1A:AD:D0:15:B0:35:57:D7:4A:3B:72:91:0C","sha256":"24:6F:F5:1D:4B:9B:F5:20:72:7C:A2:8A:83:12:C3:71:55:C0:A2:94:95:60:C8:1E:F7:6A:1F:57:84:78:C0:8D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: imtoken-wallet.org.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 03 Feb 2026 21:50:14 GMT\r\ncontent-type: text/html\r\nlast-modified: Fri, 30 Jan 2026 07:46:00 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697c61b8-8359\"\r\nset-cookie: server_name_session=2f3f509b83a356f809c12fd21ea3df3e; Max-Age=86400; httponly; path=/\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33625,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (480)","md5":"37071bd64e28eef3479e6674fddfb90e","sha1":"aa83e1ad6c77333eb6f2ad8fc456a4ce289115a8","sha256":"a8c2dbf514cd4f407338e79d9bf90636f98688ed73ec44f0ab280969a3469507","sha512":"cf179a5896b85d692696c6c110cd888a7a497a63587b9d7b59d02cdb5da037b6d58b89ffac813418812ea6b57288877d0ae0946bff681017f6bcc7c55f6e6a29","ssdeep":"384:gk8vrgvwg1OmS/+ErbvPX2xfmwzfg+1HrkCDW:gk0mS/+obvf4fVUarlW","tlshash":"5be2a62b26f431360493c1a2ae70536b2f21e547d60b464972bd879cafd3e87cd6325e","first_seen":"2026-02-03T21:50:39.47422Z","last_seen":"2026-02-03T21:50:39.47422Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3026,"timings":{"blocked":1338,"dns":988,"connect":173,"send":0,"wait":345,"receive":0,"ssl":179},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-03","alert":"Sinkholed","trigger":"imtoken-wallet.org.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}