{"report_id":"5016cc2e-b14c-4b24-9ed1-d41c987a7a6a","version":6,"status":"done","tags":[],"date":"2026-05-21T22:33:57Z","url":{"schema":"https","addr":"imtoken.click","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":0,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"final":{"url":{"schema":"https","addr":"imtoken.click/","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"title":"im钱包下载 imToken 官网 | 以太坊和比特币区块链钱包","dom":{"size":10852,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1296)","md5":"9adda889f987683cf9bc43b8159090ae","sha1":"0447a2c8af902179e9c50b84d4ca8616dd087615","sha256":"5626ed4a1c31d825fa61fef22d62ae0c03a5a0aa82ed6e4f324c948fc812899d","sha512":"10f6cc4e888560b1d2e69e8a4a4cb0e5f078a53743a0762bf6b8ed53c04a107ca269c2a647f4b2e1319df68e05354ae5b13c3d3f323cd4854c21ab25d676eb84","ssdeep":"192:ib7WzT0cO/xybZHEUqak//gdmdZxBcpr4fUKdtIO8e5gMAyrXrz2X/qi5q81a7AS:ib7WzT0tjIO8e9jrXrzUCi5J17Mho+","tlshash":"2f220737b065292b061390f877b6478f74e2ca1bda3b9901b5ecc6da9fd0e814c0358a","dom_hash":"domhash1617a2223efd46569eff7d2aa792e8e5","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"imtoken.click","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":0,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-25T22:33:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-21T22:33:35Z","timestamp":1779402815,"ip_dst":{"addr":"Client IP","port":59438,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 25","source":"{\"timestamp\":\"2026-05-21T22:33:35.834793+0000\",\"flow_id\":1075474981691006,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"134.122.202.214\",\"src_port\":443,\"dest_ip\":\"172.18.0.24\",\"dest_port\":59438,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400024,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 25\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-05-21T22:33:35.564862+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"imtoken.click","ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"domain_registered":"2026-03-10","domain_rank":0,"first_seen":"2026-05-21T05:00:23.946518Z","last_seen":"2026-05-21T05:00:23.946518Z","alert_count":28,"request_count":14,"received_data":625358,"sent_data":6109,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ant Design","description":"Ant Design is a UI library that can be used with data flow solutions and application frameworks in any React ecosystem.","website":"https://ant.design","common_platform_enumeration":"","icon":"Ant Design.svg","categories":["UI frameworks"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"hm.baidu.com","ip":{"addr":"111.45.3.198","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2026-05-18T06:04:11.294427Z","alert_count":0,"request_count":2,"received_data":30880,"sent_data":1256,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"imtoken.click/","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-06-06T19:15:27.160588Z","times_seen":121329,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?89069697211b768db0bee6ef31aa604c","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.3.198","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"22717822a674f38f31dc7bdceb330ee9","sha1":"0b47063b457dff9b325c775451e38c1665add40f","sha256":"87947e395a55e0d6b2b8138afa6f13026e905c98aa510f28a1a79454edb8c6ba","sha512":"a8ba4d83fa63df8e526e45eda63f2fc82ce2416eb7cc9229cd31262d1b2de0e23921e56dfed55e779434f845cb4a2caeaf091a982a9b9c88aa6dc0346a22123d","ssdeep":"768:6T1/4VJfHgMdvussZPIx82Rwvutcto07v:Q1OfHgMdvusanvutt07v","tlshash":"16d2d9e9b282713293a324a5153f324af17b5a54bd4968a4f11894c07d38fbb027bfdd","size":29898,"data":"","first_seen":"2026-05-21T22:33:59.288255Z","last_seen":"2026-05-21T22:33:59.288255Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"Function","is_inline":false,"md5":"2748fc6f2038622867a9f4375c66a4bd","sha1":"4fe33bb1a87a03304f3e4c514f09faa92a62b1be","sha256":"8de6df4816b13a8a0e20ca6274d0b5c068c8288391d440bb2700f1dbfb36734a","sha512":"01e86ee4664eb16ddfaef234b569eac583eef50f0f698350a5a6cefe1cd6eec6dd7d70a5789a414a5859ed957f013cd0ebb351696cb1e7180beac53b64c2e74b","ssdeep":"","tlshash":"c2f055de13828d403eeb3ebaa226114962ea0d3608189c7c9e20744a2cc693341c329f","size":451,"data":"","first_seen":"2026-05-21T22:33:59.29755Z","last_seen":"2026-05-21T22:33:59.29755Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"aa18456ab77d4ea1090f27b9616f4656","sha1":"39e7e241cf38c99ead64c52c8b74db4f87df1bb8","sha256":"7f91a76ca4d64df684fc6dad83142a85940cfa16ee369e028c5565163a79ae84","sha512":"5535843a0e84c3a4b0cda83f0394383fd047fb45c3e5907ddb835407f7c9e5df7642e735cd0d9d5ff0b4f8281640313841a8504640d1a8faa26b365d32efbd55","ssdeep":"","tlshash":"4ad02e1f2c66193423a604f910baea8cb2a3609c507de00485dde8298a61fe1082e7c8","size":254,"data":"","first_seen":"2025-08-26T07:14:37.205942Z","last_seen":"2026-06-05T23:41:08.283651Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"6c3d8fb3d94d6e9e443e61364e3b01b9","sha1":"5b65f870e87b749b38173972fe63a8e36d49b240","sha256":"c3260c0ba23a6566a29cdd92a664bd9e9732dfd4bfb7d684836b339aa688fd59","sha512":"665141a0ad965d14d18ef310a0f1971266d939e80b922dd100628405e21584cac04b4eaec545b207a0f7a56356c47750e4cea5a962d26bc03bfddfbcee61cca3","ssdeep":"","tlshash":"1c511eda92aa05520a2b61a4b34f70893564051728b5c990fd0c42ca7fd0c61a0f6fef","size":2792,"data":"","first_seen":"2025-09-05T06:18:40.376563Z","last_seen":"2026-06-05T23:41:08.287055Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/js/jquery.min.js","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":false,"md5":"4b57cf46dc8cb95c4cca54afc85e9540","sha1":"05e1ad0cc600a057886deaf237ab6e3d4fcdb5ac","sha256":"a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855","sha512":"a6996f5029858c6de6de30eda54f8acc47d9713cb1adc576173ce8f75f79a2b944b9c04bfa55ad62829e705cede4fcb7c7c90785e8cd3e0252d79a186b1760a7","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:5kn6x2xe9NK6nC6N","tlshash":"728319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86926,"data":"","first_seen":"2023-03-07T01:03:01Z","last_seen":"2026-06-06T18:55:41.872103Z","times_seen":20283,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-06-06T19:15:27.160588Z","times_seen":121329,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"imtoken.click/uploads/ios_url.txt","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:37.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtoken.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 17:58:07 GMT","end":"Wed, 19 Aug 2026 17:58:06 GMT"},"fingerprint":{"sha1":"FD:29:70:85:1E:26:20:96:14:D7:FE:55:00:10:15:85:9F:9A:46:47","sha256":"C8:08:33:2C:B5:0D:19:0D:D6:8D:80:E2:27:4B:D5:AE:96:EF:D1:82:E9:39:2E:F2:53:B7:B5:C5:DB:0F:C7:82"}}},"request":{"raw":"GET /uploads/ios_url.txt HTTP/1.1\r\nHost: imtoken.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://imtoken.click/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 21 May 2026 22:33:37 GMT\r\ncontent-type: text/plain\r\ncontent-length: 32\r\nlast-modified: Sat, 20 Sep 2025 13:44:30 GMT\r\netag: \"68ceafbe-20\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"a6fa97a8d59dd51c4b81145a1eacaa94","sha1":"ce5e88acb31482103d4908232183da334eacd4b8","sha256":"fc47996bdad3eba295e57aea0cd4baa3c3775dfb0313c528c46021a9dcf4dbc8","sha512":"ee852a5c5dbc0179911439c6614430d50b31e8c9388b92cbf8bc7e279e479d134f8ec30573602a32cf9a7669a68c6cef05c05ec94e11067c416d00334675d556","ssdeep":"","tlshash":"2380002b0302bb800a880cc38a0a302808820e0eab802808b3a0cac20c003220023200","first_seen":"2025-09-05T06:18:40.346386Z","last_seen":"2026-05-21T22:33:59.277688Z","times_seen":13,"resource_available":false,"data":null}},"time_used":511,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":511,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/uploads/latest_oss_url.txt","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:37.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtoken.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 17:58:07 GMT","end":"Wed, 19 Aug 2026 17:58:06 GMT"},"fingerprint":{"sha1":"FD:29:70:85:1E:26:20:96:14:D7:FE:55:00:10:15:85:9F:9A:46:47","sha256":"C8:08:33:2C:B5:0D:19:0D:D6:8D:80:E2:27:4B:D5:AE:96:EF:D1:82:E9:39:2E:F2:53:B7:B5:C5:DB:0F:C7:82"}}},"request":{"raw":"GET /uploads/latest_oss_url.txt HTTP/1.1\r\nHost: imtoken.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://imtoken.click/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 21 May 2026 22:33:37 GMT\r\ncontent-type: text/plain\r\ncontent-length: 22\r\nlast-modified: Sat, 20 Sep 2025 13:57:56 GMT\r\netag: \"68ceb2e4-16\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"bd578903f9bff824fc9b184ad8f58bad","sha1":"a8c0b577c6b578baaeb2df59e18dde78f478ab52","sha256":"b8e4b3b197e84b427eef7854347076563c87bd0ea9d04114d8b5be57ad233f1e","sha512":"6ee0fcb0be4f750f95bbff412f7437268f802555d3441ef7117459cb330dfd82316f27ff64bff97c96de95ab76f52034ea760eda2c4fe9ea9c8849c67255ac15","ssdeep":"","tlshash":"a3700008228228080038a000208c0000c0038300003b2820000000c0a00000a00ce80e","first_seen":"2026-03-19T12:27:24.580331Z","last_seen":"2026-06-05T23:41:08.269043Z","times_seen":4,"resource_available":false,"data":null}},"time_used":513,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":512,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-21T22:33:35.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtoken.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 17:58:07 GMT","end":"Wed, 19 Aug 2026 17:58:06 GMT"},"fingerprint":{"sha1":"FD:29:70:85:1E:26:20:96:14:D7:FE:55:00:10:15:85:9F:9A:46:47","sha256":"C8:08:33:2C:B5:0D:19:0D:D6:8D:80:E2:27:4B:D5:AE:96:EF:D1:82:E9:39:2E:F2:53:B7:B5:C5:DB:0F:C7:82"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: imtoken.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 21 May 2026 22:33:36 GMT\r\ncontent-type: text/html\r\nlast-modified: Wed, 22 Oct 2025 12:35:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68f8cf80-2aec\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ant Design","description":"Ant Design is a UI library that can be used with data flow solutions and application frameworks in any React ecosystem.","website":"https://ant.design","common_platform_enumeration":"","icon":"Ant Design.svg","categories":["UI frameworks"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10988,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1296), with CRLF line terminators","md5":"a1becb54182b30050359cab9d23d495b","sha1":"b6df752ff3f00283eb5395f0fec23a8731c8149b","sha256":"090c1d3e0c170db1bc1f68ba26af7112182f234e84f273b852908dae355c2bca","sha512":"17862e6f29100e9527c63eb2c6cbc151bb3bf4175f93c29529d45b55806304da770c202afc290d341d70c090dfda1d8fea5296c505da6ab02196c648f2f247ad","ssdeep":"192:d0hUST0O8/xybZHEUqar//gdmdZxBcpr4fX25tyyoVI0qy2G62T/7iLIVZ1S79MV:d0hUST0BHyyoVnN2G6MziLIf1wMMov","tlshash":"fa32e777b0252d2b173381f875a1478ef8a2c207db779a0075ee9ad79ff1e40484398a","first_seen":"2026-03-19T12:27:24.585561Z","last_seen":"2026-06-05T23:41:08.281447Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1541,"timings":{"blocked":634,"dns":89,"connect":270,"send":0,"wait":270,"receive":0,"ssl":275},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/css/7f7f1180.css","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:36.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtoken.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 17:58:07 GMT","end":"Wed, 19 Aug 2026 17:58:06 GMT"},"fingerprint":{"sha1":"FD:29:70:85:1E:26:20:96:14:D7:FE:55:00:10:15:85:9F:9A:46:47","sha256":"C8:08:33:2C:B5:0D:19:0D:D6:8D:80:E2:27:4B:D5:AE:96:EF:D1:82:E9:39:2E:F2:53:B7:B5:C5:DB:0F:C7:82"}}},"request":{"raw":"GET /css/7f7f1180.css HTTP/1.1\r\nHost: imtoken.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtoken.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 21 May 2026 22:33:36 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 20 Sep 2025 13:44:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68ceafbc-3a88a\"\r\nexpires: Fri, 22 May 2026 10:33:36 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":239754,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"e303f7d424696390460991214a9a5101","sha1":"3dcc785dcddecb467ca28935c496bc527b25a2c8","sha256":"0fcf16d25c10be0119f7acc16ea58a5b25de2d927eebe9b974322efefd260add","sha512":"e08a2bd7394479c202bc2124388a1a123852cffc3a124583771976edf7345e409473b721135ccf3313b0d76c52178d7a6ae732a1e3be377491d0b7d66d4ce53d","ssdeep":"1536:ZBzfkfXfkfuf+fyf+f80vj5GSSTO19EOXo/12HF:7fkfXfkfuf+fyf+fxv9vvEOXj","tlshash":"1d34b8d165d1312cba6fc727b6e49889a7204523d36f9dfea131329dcf85287229370e","first_seen":"2026-03-19T12:27:24.58861Z","last_seen":"2026-06-05T23:41:08.275406Z","times_seen":4,"resource_available":false,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":285,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/css/1009f594.css","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:36.726Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtoken.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 17:58:07 GMT","end":"Wed, 19 Aug 2026 17:58:06 GMT"},"fingerprint":{"sha1":"FD:29:70:85:1E:26:20:96:14:D7:FE:55:00:10:15:85:9F:9A:46:47","sha256":"C8:08:33:2C:B5:0D:19:0D:D6:8D:80:E2:27:4B:D5:AE:96:EF:D1:82:E9:39:2E:F2:53:B7:B5:C5:DB:0F:C7:82"}}},"request":{"raw":"GET /css/1009f594.css HTTP/1.1\r\nHost: imtoken.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtoken.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 21 May 2026 22:33:36 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 20 Sep 2025 13:44:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68ceafbc-13c19\"\r\nexpires: Fri, 22 May 2026 10:33:36 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":80921,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"e2cf43676fdcb76d3387302387b86c68","sha1":"46d527d73924db614734ca0a81298bc729d16cda","sha256":"5103af910553d2098248ec65423e2efece241ee420bfc0ea67a0549e8b2c3b55","sha512":"56eff144420afd5c8c82eaf2dbaae3d2791143d247b21d0709d6d07c5f78d05d153c212187134548074bf8a4b524a6bca0041b14c3380220444fa6ef2a375e24","ssdeep":"768:2bfwmgzY0vPCuGZfg3byjQWjNc3Ug/WNm14ZsV9:CfhgkACuGZftQE8P/UeOy","tlshash":"68835a2f2b11211ad2a2df1a66c53b9dd931ea33b179decff6d53c218786e464890d03","first_seen":"2026-03-19T12:27:24.58205Z","last_seen":"2026-06-05T23:41:08.256931Z","times_seen":4,"resource_available":false,"data":null}},"time_used":557,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":557,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/js/jquery.min.js","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:36.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtoken.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 17:58:07 GMT","end":"Wed, 19 Aug 2026 17:58:06 GMT"},"fingerprint":{"sha1":"FD:29:70:85:1E:26:20:96:14:D7:FE:55:00:10:15:85:9F:9A:46:47","sha256":"C8:08:33:2C:B5:0D:19:0D:D6:8D:80:E2:27:4B:D5:AE:96:EF:D1:82:E9:39:2E:F2:53:B7:B5:C5:DB:0F:C7:82"}}},"request":{"raw":"GET /js/jquery.min.js HTTP/1.1\r\nHost: imtoken.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtoken.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 21 May 2026 22:33:36 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 20 Sep 2025 13:44:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68ceafbc-15391\"\r\nexpires: Fri, 22 May 2026 10:33:36 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":86929,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"4b57cf46dc8cb95c4cca54afc85e9540","sha1":"05e1ad0cc600a057886deaf237ab6e3d4fcdb5ac","sha256":"a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855","sha512":"a6996f5029858c6de6de30eda54f8acc47d9713cb1adc576173ce8f75f79a2b944b9c04bfa55ad62829e705cede4fcb7c7c90785e8cd3e0252d79a186b1760a7","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:5kn6x2xe9NK6nC6N","tlshash":"728319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:03:01Z","last_seen":"2026-06-06T18:55:41.872103Z","times_seen":20283,"resource_available":true,"data":null}},"time_used":833,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":833,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/images/banner.png","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:36.731Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtoken.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 17:58:07 GMT","end":"Wed, 19 Aug 2026 17:58:06 GMT"},"fingerprint":{"sha1":"FD:29:70:85:1E:26:20:96:14:D7:FE:55:00:10:15:85:9F:9A:46:47","sha256":"C8:08:33:2C:B5:0D:19:0D:D6:8D:80:E2:27:4B:D5:AE:96:EF:D1:82:E9:39:2E:F2:53:B7:B5:C5:DB:0F:C7:82"}}},"request":{"raw":"GET /images/banner.png HTTP/1.1\r\nHost: imtoken.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtoken.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 21 May 2026 22:33:36 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 20 Sep 2025 13:44:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68ceafbe-228eb\"\r\nexpires: Sat, 20 Jun 2026 22:33:36 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":141547,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1000 x 1000, 8-bit/color RGBA, non-interlaced","md5":"31b2b7726829be089d61a1b3238892f8","sha1":"419ba2f64dd5f7bd35c7f440fe993c6d16f764ee","sha256":"44a360e3f1753981cd79609f2a238f58648d2c132b958647f9bda8922d1c507d","sha512":"7dfd577d2ef15783b23e42442d4c8eeccab8a36ae37ff9aadddc404acb70bd1993369f8c028a845b9e699dcfa2b9c10512fd8c8db42285f0aa3740f487e02eb5","ssdeep":"3072:Bwm2VYh1sYAjd/J9EYPfMb8eM07+TyKwSl7mKLBpWcr2oYXE7nmWJAc:BFf1s5xCbBGwsHLBzr2oZ7mWJz","tlshash":"f9d3019939aba65edc1f147ab5b02edd0fc209a086761efd7433609adf4922cb410f1d","first_seen":"2024-04-19T06:46:35Z","last_seen":"2026-06-05T23:41:08.27673Z","times_seen":2198,"resource_available":false,"data":null}},"time_used":806,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":806,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/img/favicon-16x16.png","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:37.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtoken.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 17:58:07 GMT","end":"Wed, 19 Aug 2026 17:58:06 GMT"},"fingerprint":{"sha1":"FD:29:70:85:1E:26:20:96:14:D7:FE:55:00:10:15:85:9F:9A:46:47","sha256":"C8:08:33:2C:B5:0D:19:0D:D6:8D:80:E2:27:4B:D5:AE:96:EF:D1:82:E9:39:2E:F2:53:B7:B5:C5:DB:0F:C7:82"}}},"request":{"raw":"GET /img/favicon-16x16.png HTTP/1.1\r\nHost: imtoken.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtoken.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 21 May 2026 22:33:38 GMT\r\ncontent-type: image/png\r\ncontent-length: 117\r\nlast-modified: Sat, 20 Sep 2025 13:47:30 GMT\r\netag: \"68ceb072-75\"\r\nexpires: Sat, 20 Jun 2026 22:33:38 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":117,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"452e428226d4c837c46365fcb883df6c","sha1":"cad9f77b350af8b0af36ae785908bf7822f8e39d","sha256":"38349b874be68fe9ffcb2c7942dd8f03e12f35b28ade74785918b8033a1207f2","sha512":"378e0e69d0c037948062389adf3424019b12adfd3641ba7ff74e6cdc42d81e41638e198a25b348fb095757a27846e65d564fdc983bcdfd73a8f944da43766bfe","ssdeep":"","tlshash":"79b012f37215bf75ef2e56f60850543bc93620ae49731aa8c222d0ff529a1b401a1931","first_seen":"2026-05-21T05:00:28.322409Z","last_seen":"2026-05-21T22:33:59.286091Z","times_seen":2,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?89069697211b768db0bee6ef31aa604c","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.3.198","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:36.737Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?89069697211b768db0bee6ef31aa604c HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtoken.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11292\r\nContent-Type: application/javascript\r\nDate: Thu, 21 May 2026 22:33:38 GMT\r\nEtag: 842edf02dacdfb76bb3a8c4bdc2fb988\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=98AA146167C075DB; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29898,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (622)","md5":"22717822a674f38f31dc7bdceb330ee9","sha1":"0b47063b457dff9b325c775451e38c1665add40f","sha256":"87947e395a55e0d6b2b8138afa6f13026e905c98aa510f28a1a79454edb8c6ba","sha512":"a8ba4d83fa63df8e526e45eda63f2fc82ce2416eb7cc9229cd31262d1b2de0e23921e56dfed55e779434f845cb4a2caeaf091a982a9b9c88aa6dc0346a22123d","ssdeep":"768:6T1/4VJfHgMdvussZPIx82Rwvutcto07v:Q1OfHgMdvusanvutt07v","tlshash":"16d2d9e9b282713293a324a5153f324af17b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2026-05-21T22:33:59.288255Z","last_seen":"2026-05-21T22:33:59.288255Z","times_seen":1,"resource_available":true,"data":null}},"time_used":3522,"timings":{"blocked":1612,"dns":699,"connect":474,"send":0,"wait":282,"receive":1,"ssl":451},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/css/faf1427c.css","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:36.727Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtoken.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 17:58:07 GMT","end":"Wed, 19 Aug 2026 17:58:06 GMT"},"fingerprint":{"sha1":"FD:29:70:85:1E:26:20:96:14:D7:FE:55:00:10:15:85:9F:9A:46:47","sha256":"C8:08:33:2C:B5:0D:19:0D:D6:8D:80:E2:27:4B:D5:AE:96:EF:D1:82:E9:39:2E:F2:53:B7:B5:C5:DB:0F:C7:82"}}},"request":{"raw":"GET /css/faf1427c.css HTTP/1.1\r\nHost: imtoken.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtoken.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 21 May 2026 22:33:36 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 20 Sep 2025 13:44:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68ceafbc-38c5\"\r\nexpires: Fri, 22 May 2026 10:33:36 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14533,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (14527), with no line terminators","md5":"a771c49a4fb429b3d916e301718c209d","sha1":"f6b77fa3df76015510ab08a952639edb7ad75319","sha256":"7c8c4195e5c2b1f7d3367818c315f2db73f5147c712e4498d9f4e933a0cf2d58","sha512":"43f1cefdefccd011c01605e78119dfc9653ec2eee63a0652b0d5a2787d21a98862a72b73c97379d6e998a2cce4c266f0441ed2d4286d6ab924645aaf749c4f70","ssdeep":"192:tzxXQzvBhtSu/Vjj9gsb89ZXMGvppByqP5+:YbVyW0NMGvpryqQ","tlshash":"cb6212195234322c61e39335aac87d49f5358912837f45bde4e2b31edff84630ea6b89","first_seen":"2026-03-19T12:27:24.586908Z","last_seen":"2026-06-05T23:41:08.259654Z","times_seen":4,"resource_available":false,"data":null}},"time_used":559,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":559,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/images/alarm.svg","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:36.729Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtoken.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 17:58:07 GMT","end":"Wed, 19 Aug 2026 17:58:06 GMT"},"fingerprint":{"sha1":"FD:29:70:85:1E:26:20:96:14:D7:FE:55:00:10:15:85:9F:9A:46:47","sha256":"C8:08:33:2C:B5:0D:19:0D:D6:8D:80:E2:27:4B:D5:AE:96:EF:D1:82:E9:39:2E:F2:53:B7:B5:C5:DB:0F:C7:82"}}},"request":{"raw":"GET /images/alarm.svg HTTP/1.1\r\nHost: imtoken.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtoken.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 21 May 2026 22:33:36 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 533\r\nlast-modified: Sat, 20 Sep 2025 13:44:28 GMT\r\netag: \"68ceafbc-215\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":533,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b20df3089e50c545541d8ee900863574","sha1":"451b3f7e7fd362deed7642033c480082bcb0674a","sha256":"7c9ca78247b00b98096dc68fc15527fa07e332c5c87c7834e1511786a490af68","sha512":"40eb69a60fe3c221e70659a54d99e80089e6e8ea47994b7460dfb1ca0d03207570de0a7bb03ae32706a2e1c10a9fb791e8216a57bafe0c516f0f48eed0ea6a7f","ssdeep":"","tlshash":"bff05994538c9ebcb6224f24db1172b6207b31373b9d9258d863a43a216411d683f9fc","first_seen":"2023-05-07T16:57:14Z","last_seen":"2026-06-05T23:41:08.263468Z","times_seen":2061,"resource_available":false,"data":null}},"time_used":563,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":563,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/images/im-wallet.svg","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:36.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtoken.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 17:58:07 GMT","end":"Wed, 19 Aug 2026 17:58:06 GMT"},"fingerprint":{"sha1":"FD:29:70:85:1E:26:20:96:14:D7:FE:55:00:10:15:85:9F:9A:46:47","sha256":"C8:08:33:2C:B5:0D:19:0D:D6:8D:80:E2:27:4B:D5:AE:96:EF:D1:82:E9:39:2E:F2:53:B7:B5:C5:DB:0F:C7:82"}}},"request":{"raw":"GET /images/im-wallet.svg HTTP/1.1\r\nHost: imtoken.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtoken.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 21 May 2026 22:33:36 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Sat, 20 Sep 2025 13:44:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68ceafbe-1fd7\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8151,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f4a8d60705c4da90ce91d4f8903c235c","sha1":"6ad45ab8c6cb2a8ea097c79c1eb197d4462a01a4","sha256":"fefe0ac8ca8b6c7a2999e3c7923ab67cced26355f9b5eab0bbc7140d578eff59","sha512":"8cf7c7286a422458b80d6e37bc3970afdbf012f69d7307497e7bd78ab526ce6cc800120d8f150dd54038ee3d60bc35710841c6836edca29085ab767fbcb7f0f6","ssdeep":"96:lXSa2PgQvn0Nn5dpwOOzd+f/Y9rQTBNMazWRtt4qsQm9i8g3eybccDjFYDeSp:1SPgLdWOi+/9lkBF357uDeQ","tlshash":"a3f1a6cc23096ef18d80c3f4ef2aa0f4a51751f99a64506ccb706e6e39155ae1c7b9c7","first_seen":"2024-04-26T06:55:29Z","last_seen":"2026-06-05T23:41:08.278101Z","times_seen":378,"resource_available":false,"data":null}},"time_used":834,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":834,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/images/to-top.png","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:36.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtoken.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 17:58:07 GMT","end":"Wed, 19 Aug 2026 17:58:06 GMT"},"fingerprint":{"sha1":"FD:29:70:85:1E:26:20:96:14:D7:FE:55:00:10:15:85:9F:9A:46:47","sha256":"C8:08:33:2C:B5:0D:19:0D:D6:8D:80:E2:27:4B:D5:AE:96:EF:D1:82:E9:39:2E:F2:53:B7:B5:C5:DB:0F:C7:82"}}},"request":{"raw":"GET /images/to-top.png HTTP/1.1\r\nHost: imtoken.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtoken.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 21 May 2026 22:33:36 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 20 Sep 2025 13:44:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68ceafbe-2084\"\r\nexpires: Sat, 20 Jun 2026 22:33:36 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8324,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 124 x 131, 8-bit/color RGBA, non-interlaced","md5":"13eac2560b1b5d187f0632729627c7eb","sha1":"9d767610734797f5f8dd98c82329d072171b67f8","sha256":"64774fdbbbc520f5748ccf6f48ede71a843d30cb3ce4bbc8da64c7f64d95b3ed","sha512":"ac2f7c596a78b4554e146dcf757f23248f8895189ead847dac8884b4e9b2f02cb3812d03fa4c7821e9073042768b06dd567b6ea078f069b1c2853b04473e2bc4","ssdeep":"192:n64wmsnaCQVU/kld8QRX3ok8arbdUK+H4sWt:nLOaNVU/kVz6K+H4si","tlshash":"7502b08242c004a419cf4da444fbef8c9ff73970caaac5693e7c14c6bf2a6991a4f520","first_seen":"2023-06-10T15:14:48Z","last_seen":"2026-06-05T23:41:08.278903Z","times_seen":286,"resource_available":false,"data":null}},"time_used":834,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":834,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?hca=98AA146167C075DB\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=948423106\u0026si=89069697211b768db0bee6ef31aa604c\u0026v=1.3.2\u0026lv=1\u0026sn=62034\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fimtoken.click%2F\u0026tt=im%E9%92%B1%E5%8C%85%E4%B8%8B%E8%BD%BD%20imToken%20%E5%AE%98%E7%BD%91%20%7C%20%E4%BB%A5%E5%A4%AA%E5%9D%8A%E5%92%8C%E6%AF%94%E7%89%B9%E5%B8%81%E5%8C%BA%E5%9D%97%E9%93%BE%E9%92%B1%E5%8C%85","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.3.198","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:38.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?hca=98AA146167C075DB\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=948423106\u0026si=89069697211b768db0bee6ef31aa604c\u0026v=1.3.2\u0026lv=1\u0026sn=62034\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fimtoken.click%2F\u0026tt=im%E9%92%B1%E5%8C%85%E4%B8%8B%E8%BD%BD%20imToken%20%E5%AE%98%E7%BD%91%20%7C%20%E4%BB%A5%E5%A4%AA%E5%9D%8A%E5%92%8C%E6%AF%94%E7%89%B9%E5%B8%81%E5%8C%BA%E5%9D%97%E9%93%BE%E9%92%B1%E5%8C%85 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtoken.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Thu, 21 May 2026 22:33:38 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=B2EA5AE588A009E7; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-06-06T19:10:59.91626Z","times_seen":366657,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":285,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/css/swiper.min.css","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:36.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtoken.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 17:58:07 GMT","end":"Wed, 19 Aug 2026 17:58:06 GMT"},"fingerprint":{"sha1":"FD:29:70:85:1E:26:20:96:14:D7:FE:55:00:10:15:85:9F:9A:46:47","sha256":"C8:08:33:2C:B5:0D:19:0D:D6:8D:80:E2:27:4B:D5:AE:96:EF:D1:82:E9:39:2E:F2:53:B7:B5:C5:DB:0F:C7:82"}}},"request":{"raw":"GET /css/swiper.min.css HTTP/1.1\r\nHost: imtoken.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtoken.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 21 May 2026 22:33:36 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 20 Sep 2025 13:44:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68ceafba-4d50\"\r\nexpires: Fri, 22 May 2026 10:33:36 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19792,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (19510), with CRLF line terminators","md5":"73ee1f9859edd846090b4068b00a4034","sha1":"48e9382b7fa657c3dfe755bb72c3377243a2657b","sha256":"a0eb42dd78d97f395a6fe2d4bca87dc0c3a7a85cd9639b0dfcd5b7e6cb6fa544","sha512":"552a21a334bb6498afcaf618d5fd835713f19bd6431b5225e521d9e376cbead53be5df8c13632cfc75bf5274126226a41d67e4f2a143fba7ff82a057e66f456a","ssdeep":"192:BpDONv/lSSyJWCh8zfi5o/mXDN3eBxwdJ5c:BdO1/lS0Cifi5o/mXOGJ5c","tlshash":"0392612c17003057e6334f1a87d99778c724c9939e4358ef6250ee48c7bb96a32af766","first_seen":"2026-03-19T12:27:24.578992Z","last_seen":"2026-06-05T23:41:08.249023Z","times_seen":4,"resource_available":false,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imtoken.click/images/imTokenLogo.svg","fqdn":"imtoken.click","domain":"imtoken.click","tld":"click"},"ip":{"addr":"134.122.202.214","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://imtoken.click/","date":"2026-05-21T22:33:36.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"imtoken.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 21 May 2026 17:58:07 GMT","end":"Wed, 19 Aug 2026 17:58:06 GMT"},"fingerprint":{"sha1":"FD:29:70:85:1E:26:20:96:14:D7:FE:55:00:10:15:85:9F:9A:46:47","sha256":"C8:08:33:2C:B5:0D:19:0D:D6:8D:80:E2:27:4B:D5:AE:96:EF:D1:82:E9:39:2E:F2:53:B7:B5:C5:DB:0F:C7:82"}}},"request":{"raw":"GET /images/imTokenLogo.svg HTTP/1.1\r\nHost: imtoken.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://imtoken.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 21 May 2026 22:33:36 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Sat, 20 Sep 2025 13:44:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68ceafbc-243d\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9277,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4894539667b4efc7bbb1b71858aede4f","sha1":"ab383f9a8e80f0395040697292161db2d4d4ec9c","sha256":"017a2546180fc0544fa71508481ca4bd46287a0c79eed70321b6e3ac09d2f491","sha512":"d7be85308737a738a579957a2e4ff7eaf059ebf6faae61b3aa02aa834904047898443ead2ad4fe26543caf3d2a842fb2c1505de0bea4f35b40d9576adf700dba","ssdeep":"192:vRuLY9xVSRlu7BJsLEmmD4ikXjRJl2MQwJjyDtsLa:vRhxNBKoRkTIMQwJjyDtsLa","tlshash":"5812a4f07674a2fce50be745cd365865b11e2cf9ef0246a8c194ee4525294a6cdcccd1","first_seen":"2023-05-17T05:57:54Z","last_seen":"2026-06-05T23:41:08.25105Z","times_seen":998,"resource_available":false,"data":null}},"time_used":563,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":563,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-21","alert":"Sinkholed","trigger":"imtoken.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}