{"report_id":"4d76ffd9-e888-41bb-adc8-113fd3678aba","version":6,"status":"done","tags":[],"date":"2026-02-04T16:35:02Z","url":{"schema":"http","addr":"imtokens.co","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"imtokens.co/en.html","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"title":"imToken official website｜Ethereum and Bitcoin blockchain wallet","dom":{"size":21318,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (12837)","md5":"004fccd6d9e553c0efe0895cb3c743de","sha1":"d78b54d0a0edaa82d9aeb2669feb43d76f1f36e6","sha256":"29196ada10361ef3c4b8c752be8377d0f590a37555d7fb259fb693d3d7282680","sha512":"7efaa4bf263fd669a47880919bff5a1a431306659b699df05532ab375d0b95e3c85d19e95770b589b4dcf812f713250411c7d511959a772fa47d6f8d5d4d1d5e","ssdeep":"384:asiZALX6cQ/T4OFOPyN2hSNq415/pu7odEuaMnp2aoQwKwbw:aZA5Q7XmwnNq43OBMn1Zw0","tlshash":"bca25c2598f21927548650a1baf1ab0b7eb0c603d25e490473fc47da9f8af95cc5744e","dom_hash":"domhash04a9e81a4a5e853a7c11260e269aaef7","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"imtokens.co","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-11T16:35:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"imtokens.co","ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-01-08T05:17:08.346438Z","last_seen":"2026-02-03T21:44:50.148431Z","alert_count":114,"request_count":19,"received_data":501804,"sent_data":8409,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ant Design","description":"Ant Design is a UI library that can be used with data flow solutions and application frameworks in any React ecosystem.","website":"https://ant.design","common_platform_enumeration":"","icon":"Ant Design.svg","categories":["UI frameworks"]},{"name":"Clicky","description":"Clicky is web an analytics tool which helps you to get real-time analysis including spy view.","website":"https://getclicky.com","common_platform_enumeration":"","icon":"Clicky.png","categories":["Analytics"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"imtokens.co/js/qrcode.js","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"663ef62276512200b83bd4076a4a039d","sha1":"9caa0d9a9ba4409a3f77540a1b15a7617aeb28e8","sha256":"3ee72de9f69c668f9567363a9358df955960bae9000d9ebd66414670f88e8735","sha512":"e6d35c0b135247e6b87377e233f735c558f211e212869860cf225881f628695b9a62fa55f764a3a00b56aec7a0838dd20c5cbc8300ba9a92dad09ca549bd56da","ssdeep":"384:7eJV0xV6jKC4z//wH2MGeWafAAdTRaysLh18s8wVLaX65YqzHHHsglI2MNURm1O9:6IxT3MRojrkGPG8JXW2uErCCc0uCyU","tlshash":"97e2f9d0ebad1256605ed498280e254efa7ca4335c48487fbe9cd5e15bfcb60a43eb34","size":33168,"data":"","first_seen":"2023-03-07T12:55:35Z","last_seen":"2026-05-24T23:30:43.73613Z","times_seen":6535,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/js/index.js","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fa38d0b5f461118d69d778f372e81ef","sha1":"511f2acd783b2d28f6dedd96afd9a4bb9c0a10d0","sha256":"e0730bd66de4804688e1a949c9df9f4fc8b70188e1f7d97cfebb037219ba8867","sha512":"03b2dbf69eae1276d282e6152cfd6362312b47724272df4b613e2879be61cc8e99a06080cbfdedbfaf3d5c2a46001db37085c02a4ba824367cfb1feefe2acf3f","ssdeep":"","tlshash":"cc11af5b3a9252101b0b64669f5f32486122a0ef1488c02a7a0d8b40df74baeb277bd7","size":894,"data":"","first_seen":"2026-01-04T15:51:44.069209Z","last_seen":"2026-04-03T13:56:35.205436Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"1ae448b195feb0fdef2b99e8e5b7d343","sha1":"9002602d65df408a8fd7a1f1c005eb76d6d0e999","sha256":"2eab72f75bfc82ce8d420bf2d2f4b8b2926cdfccbb4106665cff06df20b2bf01","sha512":"757031c6377684612425a55bba2b73f18a139c186e312294cdb5b9cb916e9fd3b06181404b529bce3e8ba391bee226d65938824812a74fc46b2c36534017b731","ssdeep":"","tlshash":"29d0c78d40f7400521e174613ec73901705350f76508a8853b8ed6107fa775fc263fe9","size":223,"data":"","first_seen":"2026-01-04T15:51:44.108583Z","last_seen":"2026-04-03T13:56:35.253637Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/en.html","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"6e87dd25100c1573f185e60e4d88c9e4","sha1":"81a30755a1f065b07f2aafe016d634ca1a8fe81e","sha256":"0b4e4b14759e6d3529f58160bf6c2b881ff57db60e3e84490f2cee83c8da0bd1","sha512":"648aa1d5e5a6f239afc3bdf7ca7288b2a3ac3b0f745a6efcbae110709611aa4a0a33fcb3d14bb2ccb5ba58b5a1a134e59af7b57cad5ce8bab592db75161ad098","ssdeep":"","tlshash":"efd02b48f3918802467b3c793dca621c217284275c194e01391cca905b358711026925","size":260,"data":"","first_seen":"2026-01-04T15:51:44.110279Z","last_seen":"2026-04-03T13:56:35.248734Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/js/index.js","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fa38d0b5f461118d69d778f372e81ef","sha1":"511f2acd783b2d28f6dedd96afd9a4bb9c0a10d0","sha256":"e0730bd66de4804688e1a949c9df9f4fc8b70188e1f7d97cfebb037219ba8867","sha512":"03b2dbf69eae1276d282e6152cfd6362312b47724272df4b613e2879be61cc8e99a06080cbfdedbfaf3d5c2a46001db37085c02a4ba824367cfb1feefe2acf3f","ssdeep":"","tlshash":"cc11af5b3a9252101b0b64669f5f32486122a0ef1488c02a7a0d8b40df74baeb277bd7","size":894,"data":"","first_seen":"2026-01-04T15:51:44.069209Z","last_seen":"2026-04-03T13:56:35.205436Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"imtokens.co/images/menu.png","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /images/menu.png HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 198\r\nlast-modified: Tue, 07 Feb 2023 02:27:44 GMT\r\netag: \"63e1b720-c6\"\r\nexpires: Sat, 28 Feb 2026 16:47:51 GMT\r\ncache-control: max-age=2592000\r\ngp-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":198,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 26, 4-bit colormap, non-interlaced","md5":"df03453af907f7f1ec8c829dce4377cf","sha1":"89d4bf4a08975cb52c5e7ce4d20b5f0bb199f691","sha256":"d5fdddb1bb1647d84c9a929133dd9402b5ba43fc7139832ef38bae537f8fe21b","sha512":"d8d8adb0099bc0ffda9ce2425dc8c02a7471c39822f42a8297e0a97f97948bfee31462ed272c9d7fe80d14524c080fa774ad5428ae3736eb80f3f2c5cbfe72fa","ssdeep":"","tlshash":"d1d0229a96f01e3282d3293662a14082cc022b9a055bab834998e0ab002320262a852a","first_seen":"2023-07-27T20:54:11Z","last_seen":"2026-04-03T13:56:35.187274Z","times_seen":38,"resource_available":false,"data":null}},"time_used":639,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":583,"receive":56,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/images/app-store.png","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.831Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /images/app-store.png HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 146\r\ngp-cache-status: EXPIRED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-05-24T23:32:08.881079Z","times_seen":515758,"resource_available":true,"data":null}},"time_used":701,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":547,"receive":154,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/images/banner.png","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /images/banner.png HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 46217\r\nlast-modified: Tue, 07 Feb 2023 02:27:42 GMT\r\netag: \"63e1b71e-b489\"\r\nexpires: Sat, 28 Feb 2026 16:47:52 GMT\r\ncache-control: max-age=2592000\r\ngp-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46217,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1000 x 1000, 8-bit colormap, non-interlaced","md5":"3579966b467e818ac4016b4741933fc5","sha1":"249a6cf17ee4e6aac74e7c813a5432e3e746d6db","sha256":"3973a9845520c0caf454514ee16b0c714968ffd11254fd31b42d472900732a61","sha512":"c698dd2c8ab607c34bc9719c983e71c3085c496137b532d3212eccd18a65a5265724d705e290bbdc7777edcf79c5aceb6e4dfd9194c500435fbf6dde4e9749b1","ssdeep":"768:syGVt5SSk+GII7jfi0LOURWhIozDk1RCf9ytwVVuEosk7JAl30TVcEHhISVOS:syCkLpjfV26+Dk7W9Qwvu1s4JYkTVcqT","tlshash":"c42302652d454e77fb7eaab4892c50be0300aa75633abb3690b0572d3dbd40933dc6b0","first_seen":"2023-07-27T20:54:11Z","last_seen":"2026-04-03T13:56:35.188155Z","times_seen":38,"resource_available":false,"data":null}},"time_used":735,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":545,"receive":190,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/js/qrcode.js","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /js/qrcode.js HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Mon, 20 Jun 2022 03:59:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62aff09c-8190\"\r\nexpires: Thu, 05 Feb 2026 03:22:55 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ngp-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33168,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3129)","md5":"663ef62276512200b83bd4076a4a039d","sha1":"9caa0d9a9ba4409a3f77540a1b15a7617aeb28e8","sha256":"3ee72de9f69c668f9567363a9358df955960bae9000d9ebd66414670f88e8735","sha512":"e6d35c0b135247e6b87377e233f735c558f211e212869860cf225881f628695b9a62fa55f764a3a00b56aec7a0838dd20c5cbc8300ba9a92dad09ca549bd56da","ssdeep":"384:7eJV0xV6jKC4z//wH2MGeWafAAdTRaysLh18s8wVLaX65YqzHHHsglI2MNURm1O9:6IxT3MRojrkGPG8JXW2uErCCc0uCyU","tlshash":"97e2f9d0ebad1256605ed498280e254efa7ca4335c48487fbe9cd5e15bfcb60a43eb34","first_seen":"2023-03-07T12:55:35Z","last_seen":"2026-05-24T23:30:43.73613Z","times_seen":6535,"resource_available":true,"data":null}},"time_used":545,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":545,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/js/index.js","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /js/index.js HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 894\r\nlast-modified: Mon, 29 Dec 2025 12:09:27 GMT\r\netag: \"69526f77-37e\"\r\nexpires: Fri, 30 Jan 2026 04:09:29 GMT\r\ncache-control: max-age=43200\r\ngp-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":894,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"9fa38d0b5f461118d69d778f372e81ef","sha1":"511f2acd783b2d28f6dedd96afd9a4bb9c0a10d0","sha256":"e0730bd66de4804688e1a949c9df9f4fc8b70188e1f7d97cfebb037219ba8867","sha512":"03b2dbf69eae1276d282e6152cfd6362312b47724272df4b613e2879be61cc8e99a06080cbfdedbfaf3d5c2a46001db37085c02a4ba824367cfb1feefe2acf3f","ssdeep":"","tlshash":"cc11af5b3a9252101b0b64669f5f32486122a0ef1488c02a7a0d8b40df74baeb277bd7","first_seen":"2026-01-04T15:51:44.069209Z","last_seen":"2026-04-03T13:56:35.205436Z","times_seen":25,"resource_available":true,"data":null}},"time_used":545,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":544,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/en.html","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-04T16:34:40.540Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /en.html HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlast-modified: Wed, 31 Jan 2024 11:22:27 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65ba2d73-2169\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ant Design","description":"Ant Design is a UI library that can be used with data flow solutions and application frameworks in any React ecosystem.","website":"https://ant.design","common_platform_enumeration":"","icon":"Ant Design.svg","categories":["UI frameworks"]},{"name":"Clicky","description":"Clicky is web an analytics tool which helps you to get real-time analysis including spy view.","website":"https://getclicky.com","common_platform_enumeration":"","icon":"Clicky.png","categories":["Analytics"]}],"data":{"size":8553,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"1f959e79e4b926724303310474543c89","sha1":"c9fd84949bb304ea8ab81d5f20a7c89d340628bf","sha256":"40ab7e8e1324865bdd99fbb299e9b95f2ec4c40548d960acd4f7ee92fa9fa44c","sha512":"648112008f900f691990f5b03b697f2b59a4ff5e1ac6498f10f3d794a8b3a426b04747c42919fd66f3e01b23dc4ef9bd7c829a61e872f5072cc1a714eafece82","ssdeep":"96:9Y+bks1lXXi4DJNDiMD/XczOiqiXfoaZjH58KwbdT:+WizOoXfoQDaKwbdT","tlshash":"b402522598f21927504390d5beb19b1faea1c607c72b8a0473fc46e9efc6f99cc13189","first_seen":"2026-01-04T15:51:44.084331Z","last_seen":"2026-04-03T13:56:35.209692Z","times_seen":25,"resource_available":true,"data":null}},"time_used":205,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":205,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/images/alarm.png","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /images/alarm.png HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 574\r\nlast-modified: Tue, 07 Feb 2023 02:27:44 GMT\r\netag: \"63e1b720-23e\"\r\nexpires: Sat, 28 Feb 2026 16:47:52 GMT\r\ncache-control: max-age=2592000\r\ngp-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":574,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit colormap, non-interlaced","md5":"49e1be17d3b67289b03399e0621c7251","sha1":"3bfb09f19d825e0f4781ab466086fb35137b2e2c","sha256":"2a8a954c91e927faa847efe814273dd22d3cca65bf81cd1ee93bd179f9501e6d","sha512":"2be5072a60c102a9eab6ec67ce5f12ea664c41254e19e63bd544012d270c6bdd0c17640485613f244b34a5a2476dad53591b13266b99e4d92d89b77c5e2f67c7","ssdeep":"","tlshash":"0ef024f7d7ceac27197c263ac2ec4103621b1a6557a489e30efd846ce32620781952d5","first_seen":"2023-07-27T20:54:11Z","last_seen":"2026-04-03T13:56:35.197737Z","times_seen":38,"resource_available":false,"data":null}},"time_used":639,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":583,"receive":56,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/images/app-store-en.svg","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /images/app-store-en.svg HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 07 Feb 2023 13:26:22 GMT\r\netag: W/\"63e2517e-3c0e\"\r\ngp-cache-status: HIT\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15374,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"73c01ebb817309577fda320ef883b314","sha1":"8710d9e56382cd3843a325fa6a27291cb4f7b650","sha256":"e46d534b92668b873cdc56c1be524b4036d684b041ee6a0c1a551a0f9c4eacd7","sha512":"3074367dccb809b609a76371dd3f0378d1b220539bd069f307a815855744a988266113cc327e62774f4ff13ccc45103a8b88976084362dc5db96194a153d911d","ssdeep":"384:MSvYloIaCS2ktNLmso+5SCVZvM2s/iuVS/yOeA9uHrAgjT:MuNYC31k1VShnwT","tlshash":"e86295df679863e4e082f3f8ca1251727f4f68fa7a21cb6c83da7d85661205c9448cd5","first_seen":"2023-06-02T21:11:30Z","last_seen":"2026-05-23T18:20:11.047331Z","times_seen":616,"resource_available":false,"data":null}},"time_used":582,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":582,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/images/apk-en.svg","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /images/apk-en.svg HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 07 Feb 2023 13:24:06 GMT\r\netag: W/\"63e250f6-2c3a\"\r\ngp-cache-status: HIT\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11322,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"487eaf3fa3671f4797fe2db370cadbc9","sha1":"463fdf7f68c7170ecc262b75775440ea8788ff01","sha256":"83600fc84800611cb852de1fa0df61228db080c65e1539c5ed3a3c67da710d73","sha512":"a3f508125c1619200744a29460811bd25bb892164e141408cf96e2fea5f4502642785ca63b60c6160f22733d945b9f522e933ec1358bc3b9ecae5b7ccef17193","ssdeep":"192:oXTfvY4wFUYfPTJ1r4uZO1gOdVGBBoymaVg+0aRvN2gDEx/vH+JY/9N/2M2:MfvY7UYfn4uZKgOWxg+0aZE+i/veQ2M2","tlshash":"3f3274d9b7b9e3d4e546f7f8c32210b1371b28f72b12cf58c79a9d58979180c84a58ca","first_seen":"2023-06-10T12:56:46Z","last_seen":"2026-04-12T13:54:14.400258Z","times_seen":97,"resource_available":false,"data":null}},"time_used":549,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":549,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-04T16:34:39.253Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 667\r\nlast-modified: Wed, 31 Jan 2024 11:21:57 GMT\r\netag: \"65ba2d55-29b\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Clicky","description":"Clicky is web an analytics tool which helps you to get real-time analysis including spy view.","website":"https://getclicky.com","common_platform_enumeration":"","icon":"Clicky.png","categories":["Analytics"]}],"data":{"size":667,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"bb316f1106a51434941a091d9740af84","sha1":"8fd245aaad71a14ef06930ee8ffe727ca507512a","sha256":"0a64fbc1036c1b85ed88910a670ca16b6cb65b00954e71e4ad90a7bbdd5466b7","sha512":"70de771917dbe9c2c88e76522f27b7a227f2526c763b5592e5065f7ff14d0d787c199449af21884ca2c86628bbd5530617121b0db0cbb89a20b9352979ff5cf8","ssdeep":"","tlshash":"0201d34e4cf2c00500a059612ae5f504684794a79204c8c07acee1556f9ab9bced3fac","first_seen":"2026-01-04T15:51:44.062101Z","last_seen":"2026-03-28T10:12:50.682926Z","times_seen":16,"resource_available":true,"data":null}},"time_used":1550,"timings":{"blocked":672,"dns":260,"connect":203,"send":0,"wait":205,"receive":0,"ssl":207},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/js/index.js","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://imtokens.co/","date":"2026-02-04T16:34:40.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /js/index.js HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 894\r\nlast-modified: Mon, 29 Dec 2025 12:09:27 GMT\r\netag: \"69526f77-37e\"\r\nexpires: Fri, 30 Jan 2026 04:09:29 GMT\r\ncache-control: max-age=43200\r\ngp-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":894,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"9fa38d0b5f461118d69d778f372e81ef","sha1":"511f2acd783b2d28f6dedd96afd9a4bb9c0a10d0","sha256":"e0730bd66de4804688e1a949c9df9f4fc8b70188e1f7d97cfebb037219ba8867","sha512":"03b2dbf69eae1276d282e6152cfd6362312b47724272df4b613e2879be61cc8e99a06080cbfdedbfaf3d5c2a46001db37085c02a4ba824367cfb1feefe2acf3f","ssdeep":"","tlshash":"cc11af5b3a9252101b0b64669f5f32486122a0ef1488c02a7a0d8b40df74baeb277bd7","first_seen":"2026-01-04T15:51:44.069209Z","last_seen":"2026-04-03T13:56:35.205436Z","times_seen":25,"resource_available":true,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/css/ccc8.css","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.823Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /css/ccc8.css HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 07 Feb 2023 03:02:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63e1bf4a-1c9e3\"\r\nexpires: Thu, 05 Feb 2026 03:22:55 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ngp-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":117219,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1803), with CRLF line terminators","md5":"7197fd53807c4614c96d57ef14abf713","sha1":"e2a99b9c04ce0f58dfef1518de440b62212e1a7d","sha256":"06d0d1e767bf0348793399632048b93e36a60644dbc247dba99dedfd2d615f23","sha512":"9d301ecc691f1eac9b7b39fc6803c0417878eb7e2895a9d6cd23265f9d49ec61f80920f90d1a4f066b3bded9b7a30453823ba27da4ef3bf5382348a6feb441bb","ssdeep":"384:r5xszRV99yLBMSZtYP+r22l3m2VscAGVuzikQRWIHuvOSBwvLle00CvPRvvuyNvT:txYRDiBMSZsngtqhi","tlshash":"97b35d2a2b12010a8732db69bbd17f59eb71a133a52ae456fadd7c40cf76d4584c0f0b","first_seen":"2024-08-20T07:11:24.346391Z","last_seen":"2026-04-03T13:56:35.227472Z","times_seen":26,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":217,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/images/irnTokenLogo.png","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /images/irnTokenLogo.png HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 2134\r\nlast-modified: Tue, 07 Feb 2023 02:27:44 GMT\r\netag: \"63e1b720-856\"\r\nexpires: Sat, 28 Feb 2026 16:47:51 GMT\r\ncache-control: max-age=2592000\r\ngp-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2134,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 109 x 18, 8-bit/color RGBA, non-interlaced","md5":"bb58c33ce86e5c6f4dca17f2a8279a60","sha1":"bf3cd421d8572dac5bfe24a86afbef8290be5af1","sha256":"37d4d37bd6118b71d3aab8213c0a438dc819a1690694dd3a730f15d5aad692d2","sha512":"2bdcc2ea6354c8c02285394b150c92415f4cd8ef23a027d602a248da2357bfe229afb8c471d2b094e9ce7332defc43701b1ae9da4501dd88daafde1597393e97","ssdeep":"","tlshash":"e7413c85c44fcad4ebb50992332bf43db63af702d0a1c6dde907318a1af4b079084963","first_seen":"2023-07-27T20:54:11Z","last_seen":"2026-04-03T13:56:35.196764Z","times_seen":38,"resource_available":false,"data":null}},"time_used":639,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":583,"receive":56,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/images/ewm_icon.png","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /images/ewm_icon.png HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 5040\r\nlast-modified: Tue, 07 Feb 2023 02:27:44 GMT\r\netag: \"63e1b720-13b0\"\r\nexpires: Sat, 28 Feb 2026 16:47:52 GMT\r\ncache-control: max-age=2592000\r\ngp-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5040,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"d245f8c2f8fece74e6d988a53d38592e","sha1":"5f22ab4e7d2e3efd4161eb298a48e4ef43c24950","sha256":"c24fb110909ec59277e2950d40775aa80c8623fc33ee4e90fe623f93a5aa4f15","sha512":"6601145da7e3a1414c6f40e58879a8ac6a787c00236828999c601c975f2866abc84c607fbe7cd0bc199cc39191fa804902a891f1f185d6c612093d1aef75d499","ssdeep":"96:mgt5j4Yse4YZeEl+EReUhMc1siEdGf+RqGg5o4vDwwlDS7yJa6:mgt5cY9l+Skc1Sdk6Y5pzAyJa6","tlshash":"85a16cc8c401e1b872434affef284dadf846a45da28917c3229082518daf123fc36b9d","first_seen":"2023-12-28T04:25:29Z","last_seen":"2026-04-03T13:56:35.180346Z","times_seen":35,"resource_available":false,"data":null}},"time_used":639,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":548,"receive":91,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/images/apk-zh.png","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.833Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /images/apk-zh.png HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 146\r\ngp-cache-status: EXPIRED\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-05-24T23:32:08.881079Z","times_seen":515758,"resource_available":true,"data":null}},"time_used":700,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":546,"receive":154,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/css/swiper.min.css","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /css/swiper.min.css HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 07 Feb 2023 02:27:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63e1b726-4c60\"\r\nexpires: Thu, 05 Feb 2026 03:22:54 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ngp-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19552,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (19551)","md5":"2513fff3786e3b1f93f4d5de93f043ef","sha1":"7bc639e1d284ea9d7e401805926e1bd26168f334","sha256":"1512bc66be89f667f3beb9306a6f1c63831da2eb5b66926a319cf514322b42bb","sha512":"96b77cb25a3a83062bac2f92b850e47a33215d00b4e1cd8200280b088c2c2e52b3a5710d871404d0258afbe219ac1f69f54e68e14fb62ded1b3dea9a3c38861b","ssdeep":"192:TaNv/lSSyJWCh8zfi5o/mXDN3eBxwdJ5v:Ta1/lS0Cifi5o/mXOGJ5v","tlshash":"9c92512c17003057e6330f1a87d99778c725c9939e4358ef6250ee48c7bb96a22af766","first_seen":"2023-07-27T20:54:11Z","last_seen":"2026-04-03T13:56:35.195616Z","times_seen":38,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/images/google-play.png","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.834Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /images/google-play.png HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 3103\r\nlast-modified: Tue, 07 Feb 2023 02:27:42 GMT\r\netag: \"63e1b71e-c1f\"\r\nexpires: Sat, 28 Feb 2026 16:47:52 GMT\r\ncache-control: max-age=2592000\r\ngp-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3103,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 136 x 40, 8-bit/color RGBA, non-interlaced","md5":"74cd8345b8262adf108d1dc11ac15a34","sha1":"93541a2659ed74b637dc013e741400a2a8aa128f","sha256":"3053c9114d7e96b0b0723a1b223d70d08dd7602ae78b2daaa2b65a46e4582d6d","sha512":"c1581e8bfed45563fbe80ea5a4093dfc426c693406cb2270448e3b23996c1da3d1a685eafa6d579b98219527bb187b556d3f6047589a2b15e95df7c48ff7771a","ssdeep":"","tlshash":"b8515deb2afd17ecd9b98d178f65c46947f21fde08451ade298339593653c223040f4a","first_seen":"2023-07-27T20:54:11Z","last_seen":"2026-04-03T13:56:35.212161Z","times_seen":38,"resource_available":false,"data":null}},"time_used":637,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":546,"receive":91,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/favicon.ico","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:41.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:41 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 146\r\ngp-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-05-24T23:32:08.881079Z","times_seen":515758,"resource_available":true,"data":null}},"time_used":203,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtokens.co/css/111f.css","fqdn":"imtokens.co","domain":"imtokens.co","tld":"co"},"ip":{"addr":"20.247.100.105","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://imtokens.co/en.html","date":"2026-02-04T16:34:40.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtokens.co","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 09:50:29 GMT","end":"Tue, 07 Apr 2026 09:50:28 GMT"},"fingerprint":{"sha1":"C7:2F:AB:B1:FC:65:F1:06:85:6A:44:7D:22:5B:AC:DA:57:0A:2B:FB","sha256":"8C:81:7E:A6:27:3E:D9:08:F4:39:DE:01:FF:53:D0:ED:7E:24:B0:78:1E:06:BB:C9:92:DA:FD:FF:78:4C:14:B3"}}},"request":{"raw":"GET /css/111f.css HTTP/1.1\r\nHost: imtokens.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtokens.co/en.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 04 Feb 2026 16:34:40 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 07 Feb 2023 02:27:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63e1b726-38672\"\r\nexpires: Wed, 04 Feb 2026 23:21:45 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ngp-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":231026,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"2c6f4d00bea44f2ba3e155a76bd1a13e","sha1":"9eb055b049467fdbeb4669a428b5277b7247b7ab","sha256":"d97f82f0cf8db6d3c47a1a5dfb479024a1379a826ad3f00755abee2247aa2af6","sha512":"de762e3e2c8d6e7607673e1ef53abcdbb79ec9f9ea0c1973067e8c5331ab081960fdc47d9854ca91a5e032fae58bbb2302772f06c01ea2629f099307702c5285","ssdeep":"1536:dZRfkfXfkfuf+fyf+fTXGEEvkJvhIOXCHuNrAvU:VfkfXfkfuf+fyf+f7JLeOX0vU","tlshash":"9434b8d1b5d1312cba5fc726b6e49889a7214523d32f9dfa6131329ecf85287329370e","first_seen":"2024-08-20T07:11:24.348518Z","last_seen":"2026-04-03T13:56:35.226384Z","times_seen":26,"resource_available":false,"data":null}},"time_used":445,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":445,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-04","alert":"Phishing Block","trigger":"imtokens.co","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-04","alert":"Sinkholed","trigger":"imtokens.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}